Overview of Smart Card Deployment
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Most organizations use passwords to manage access to computer networks and resources. However, some users set weak passwords, write passwords down in insecure locations, or forget their passwords and require help desk assistance for password reset. For this reason, passwords alone might not provide the level of security and manageability that your organization requires.
Smart card support in Microsoft® Windows® Server 2003, Standard Edition; Windows® Server 2003, Enterprise Edition; and Windows® Server 2003, Datacenter Edition operating systems provides users with stronger credentials than even the most complex passwords. If you use, manage, and deploy smart cards properly, you can enhance the security of your organization and reduce your support costs.
Smart cards offer the following benefits:
Protection. Smart cards provide tamper-resistant storage for private keys and other data. If a smart card is lost or stolen, it is difficult for anyone except the intended user to use the credentials that it stores.
Isolation. Cryptographic operations are performed on the smart card itself rather than on the client or on a network server. This isolates security-sensitive data and processes from other parts of the system.
Portability. Credentials and other private information stored on smart cards can easily be transported between computers at work, home, or other remote locations.
The number and variety of smart card–enabled applications is growing to meet the needs of organizations that want to rely on smart cards to enable secure authentication and to facilitate services.
Before you can deploy smart cards in your organization, you must have a public key infrastructure (PKI) in place. Next, you need to identify applications to enable for use with smart cards, and plan how to implement and support a smart card infrastructure before you can take advantage of the security benefits of smart cards.
Note
- For a list of the job aids that are available to assist you in deploying smart cards, see "Additional Resources for Smart Card Deployment" later in this chapter.