Goverlan offers full support for PIV / CAC smart card authentication and redirection
Secure and regulated environments or government agencies under the stringent effects of HSPD-12 and FIPS201 compliances may be required use multi-factor authentication to access network infrastructure. For most, that means providing a form of physical authentication such as a Common Access Card (CAC) or Public Identity Verification (PIV) card for logging into computers and accessing network resources.
This presents a challenge to challenge to IT support staff needing to access to support remote machines as it may require a desk-side visit.
The use of alternate credentials within a remote administration tool is also lost if the solution does not support smart cards and smart card redirection
Remote administration via smart card with Goverlan
Remote management tasks such as Active Directory account management, software distribution or computer power management actions can be executed with smart card credentials using Goverlan.
- Authenticate to Active Directory via a smart card
- Execute Remote Management Tasks on remote computers using smart card credentials
- RSA and ECC Certificates
Remote control and smart card remote authentication with Goverlan
Remote control solutions are commonly used tools to assist a remote user or to remote administer a server. Without the ability to remotely authenticate on a computer, a remote control solution becomes inoperable. Microsoft RDP provides basic smart card redirection support, however, it forces exclusive access to the client session making it more challenging to support your end users.
Goverlan Remote Control Full Edition allows you to redirect your local smart card credentials onto remote systems during a live remote control sessions.
Goverlan Remote Control allows you to redirect your locally inserted PIV / CAC card to the remote machine providing proper credentials to the remote system.
What are HSPD-12 and FIPS201?
HSPD-12 is a common identification standard for federal employees and contractors Homeland Security Presidential Directive 12 (HSPD-12) is a policy for a common identification standard for federal employees and contractors. It was written with a goal of creating secure and reliable forms of identification.
Federal Information Processing Standard 201 (FIPS 201) In response to HSPD-12, the National Institute of Standards and Technology (NIST) Computer Security Division initiated a new program for improving the identification and authentication of Federal employees and contractors for access to Federal facilities and information systems. Federal Information Processing Standard 201 (FIPS 201) was developed to satisfy the technical requirements of HSPD- 12, approved by the Secretary of Commerce, and issued on February 25, 2005. FIPS 201 specifies Personal Identity Verification (PIV) requirements for Federal employees and contractors.
Smart card VS CAC vs PIV
Smart Card - A smart card is a credit card sized card that has an embedded microchip and one or more certificates. The information on the card identifies the user and includes the user’s private key used for asymmetric cryptography.
Users are often required to enter a personal identification number (PIN) along with the smart card. Using a smart card (something you have) and a PIN (something you know) provides multifactor authentication. Combining two or more factors of authentication is more secure than using only a single factor.
Both a CAC and PIV provide the same benefits of a smart card, but also include photo identification.
CAC - A common access card (CAC) is a smart card used by employees and other personnel in the United States Department of Defense (DoD). A CAC includes a picture of the user along with other information such as their name. DoD employees wear the CAC as a badge and can show it to guards to prove their identity. They can also use it as a smart card to log onto systems. PIV - A personal identity verification (PIV) card is also a specialized type of smart card used by personnel in United States federal agencies. Just as a CAC does, the PIV card includes a picture of the user along with their name. A PIV can be used for visual verification of users, and then as a smart card when users log onto their computer.
Supports both RSA and ECC Certificates
Encryption with RSA has been the industry standard for decades, and although RSA certificates offer more than sufficient security, experts predict that Elliptic Curve Cryptography (ECC) will eventually replace it as the new standard, offering faster encryption speed with smaller certificate size. Goverlan Remote Control is compatible with both.