My recommendations would be the following for multi factor authentication. Google Authenticator (works from mobile phones) RSA SecureID (http://www.emc.com/security/rsa-securid/index.htm) eToken PRO Smart Card (http://www.safenet-inc.com/multi-factor-authentication/authenticators/pki-smart-cards/etoken-pro-smart-card-security/)
Hope this helps. Rob. From: [email protected] [mailto:[email protected]] On Behalf Of Jon Harris Sent: Friday, June 05, 2015 9:12 PM To: [email protected] Subject: RE: [NTSysADM] Law Enforcement IT query The built in finger print reader is the POS on both the 6520 and 6530. I would guess they use the same on yours. To really get it to do anything I needed to put in ControlVault software. It worked kind of but over all I thought it was a POS. I would go with the smartcard next time or the upgraded finger print scanner. Sorry I haven't even thought about smartcards yet so I hope someone else can help. I too would be interested in hearing others about smartcard recommendations. We use them for access to the building I work in as well as the data centers. Jon ________________________________ From: [email protected]<mailto:[email protected]> To: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] Law Enforcement IT query Date: Fri, 5 Jun 2015 16:25:17 +0000 The laptop units are dell Latitude E6400 XFR (armored) with the builtin fingerprint swipe sensor and the builtin contactless smartcard reader. Since my original post and based on feedback I've received, I am now considering the smartcard option. Knowing absolutely zip about smartcards, I'm somewhat overwhelmed by the choices. Any recommendations for a basic user-authentication smartcard provider that any of you have done business with? Gordon From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Jon Harris Sent: Thursday, June 04, 2015 8:53 PM To: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] Law Enforcement IT query Which finger print reader are you using in the Dell. One of them is a POS period. The software works as it was intended but the finger print reader is just not worth the money spent. I have not tried the more expensive of the two readers that were available. The software may be different for that one. Jon ________________________________ From: [email protected]<mailto:[email protected]> To: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] Law Enforcement IT query Date: Tue, 2 Jun 2015 17:59:14 +0000 OK.... My question to those that might support a law enforcement agency is do you have mobile laptops in your police cars that access the FBI NCIC system? I have a small fleet (6 units) of Dell Latitude XFR armored laptops that I'm trying to get deployed (my first laptop deployment project) and I'm having difficulties with the fingerprint reader hardware / software in the unit. The Dell software is, quite frankly, a POS, so I was wondering if your mobile units use the fingerprint reader to provide multi-factor authentication in addition to a user name / password combination and if so, what fingerprint software you might be using. More specifically, my units are using a sprint mobile card and once an officer is authenticated locally, I have a script that runs at logon that launches the mobile connection software, fires up the VPN connection software, authenticates the VPN tunnel to my perimeter firewall / VPN endpoint and launches the Mobile application software (what the officer uses to do his/her job). Because of the way this all works (and it works very well) and because of university IT policy, I am not able to authenticate against the university AD. Hence, each officer has a local user account setup on the laptop. This is where I run into difficulties with the Dell fingerprint software. FBI security policy delineates - if I am correct in my interpretation of the policy - that a mobile laptop contained in a police conveyance has to have multi-factor authentication implemented. I have chosen "password and fingerprint swipe" as the logon method because fingerprints are a lot harder to lose than a smartcard. Anyhow, the Dell fingerprint software is not smart enough to sense when a new user (for example when a new officer is hired) is logging onto the laptop for the first time and allow the enrollment of a fingerprint before completing the authentication. What this means is that I then have to manually setup each and every officer on each and every laptop before I can enable the "password and fingerprint swipe" logon and deploy the unit. If you are using a similar system, would you have advice or suggestions on how you got yours to work, especially if your using a third-party fingerprint software system? If you're using a smartcard system, how do you minimize the possibility of your officers losing or misplacing their smartcard and thus not being able to complete their laptop logon? TIA Gordon From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Micheal Espinola Jr Sent: Tuesday, June 02, 2015 11:09 AM To: [email protected]<mailto:[email protected]> Subject: Re: [NTSysADM] Law Enforcement IT query It sounds like it would be an interesting conversation to keep on-list. No "IT support", but I have coordinated with local and federal on a few occasions. -- Espi On Tue, Jun 2, 2015 at 9:07 AM, Gordon Pegue <[email protected]<mailto:[email protected]>> wrote: I am curious if any of the folks subscribed to this list provide IT support to a law enforcement or police agency and would be willing to engage in an off-list correspondence. Thanks in advance Gordon IMPORTANT NOTICE: Without the use of secure encryption, the Internet is not a secure medium and privacy cannot be ensured. Internet e-mail is vulnerable to interception, misuse and forging. Equitable cannot ensure the privacy and authenticity of any information sent by way of the public Internet. Equitable will not be responsible for any damages you may incur if you communicate confidential and personal information to us over the Internet or if we communicate such information to you at your request. This e-mail and any attachments are confidential, may be covered by legal professional privilege or exempt from disclosure under applicable law, and are intended for the addressee only. If you are not the intended recipient, you are not authorized to and must not disclose, copy, distribute or retain any or part of this e-mail and any attachments without written permission of The Equitable Life Insurance Company of Canada.
