Is it possible to execute logon credentialing to access the Internet? In my organization, our logon credentialing occurs at the application level, and our workstations are connected by generic access. For financial reasons, biometrics isn't an option.
The spectrum of authentication tools is broad, ranging from simple user ID and password systems to biometrics. For Internet access from a company, the same is true. Don't think that biometrics is the only option -- it's not..
There are several options depending on the size of the company, the type of access needed and the security level needed.
If corporate workstations are connected by generic access and logon is at the application level, some sort of authentication to the gateway that connects the company to the Internet is needed. If this is a proxy server, it could be configured to require logon credentials. Every user needing access would have to get a unique account on this gateway.
That means any time a user with an account tried to access the Web, they would be asked for a user ID and password by the proxy at the beginning of the browsing session. When the user closed the browser, he or she would be logged out.
Setting up a proxy server requiring authentication as an Internet gateway is a simple way to restrict Internet access. Besides, the proxy, just like any other server, can log and monitor user access to the Web. Filtering software, such as Blue Coat or WebSense, can also be installed to block inappropriate sites.
Other options -- again, depending on the mobility of an organization's workforce and business needs -- may include going through Citrix or an SSL VPN. These two options provide secure VPN access over the Web, but they should only be considered for remote access, as from laptops for traveling or telecommuting employees. They entail some overhead for setup and may require additional hardware besides a simple proxy gateway.
This was first published in February 2008