Mobile Security. Policies, Standards, Frameworks, Guidelines

Size: px
Start display at page:

Download "Mobile Security. Policies, Standards, Frameworks, Guidelines"

Transcription

1 Mobile Security Policies, Standards, Frameworks, Guidelines Guidelines for Managing and Securing Mobile Devices in the Enterprise (SP Rev. 1) 1

2 APPLE ios 6 TECHNOLOGY OVERVIEW Version 1, Release 0.1, 31 October 2012 Developed by DISA for the DoD MOBILE DEVICE MANAGEMENT (MDM) SECURITY REQUIREMENTS GUIDE (SRG), Version 1, Release 0.2, Developed by DISA for the DoD, OVERVIEW, 26 October 2012 OpenID OpenID is just one type of Federated Identity system. OpenID is focused more on the consumer market, whereas FID-proper is focused on the enterprise. OpenID offers the ability for users to log into one website (Facebook, for example) using credentials from another website, such as Google (who is now an OpenID identity provider). 2

3 OAuth OAuth s main goal is to eliminate the need to give website A your username and password for website B, and determines what website B can get from website A once it s been allowed access. OpenID is about authentication OAuth is about authorization Security Assertion Markup Language (SAML) The SAML standard defines a framework for exchanging security information between online business partners. SAML defines a common XML framework for exchanging security assertions between Entities. 3

4 Security Assertion Markup Language (SAML) Identity Provider (IdP) The system, or administrative domain, that asserts information about a subject. For instance, the Identity Provider asserts that this user has been authenticated and has given associated attributes. Service Provider (SP) The system, or administrative domain, that relies on information supplied to it by the Identity Provider. It is up to the Service Provider as to whether it trusts the assertions provided to it. SAML defines a number of mechanisms that enable the Service Provider to trust the assertions provided to it. Security Assertion Markup Language (SAML) 1. How does the relying party trust what is being asserted to it? 2. What prevents a man-in-the-middle attack that grabs assertions to be illicitly replayed at a later date? The primary mechanism to mitigate or detect such attacks is for the relying party and asserting party to have a pre-existing trust relationship, typically involving a Public Key Infrastructure (PKI). 4

5 Mobile Device Security Standards Required to cover each type of device: Laptop Windows Mobile Blackberry Client iphone; ipad (ios5/6) Required to cover each type of technology Wireless LAN Bluetooth 1 Mobile Security Standard ISO 17799:2005 Example Section 11.7 covers Mobile Computing and Teleworking A formal policy should be in place, and appropriate security measures should be adopted to protect against the risks of using mobile computing and communication facilities A policy, operational plans and procedures should be developed and implemented for teleworking activities. 1 5

6 ISO/IEC 29176:2011 Information technology -- Mobile item identification and management -- Consumer privacy-protection protocol for Mobile RFID services ISO/IEC :2006 Information technology -- Security techniques -- IT network security -- Part 5: Securing communications across networks using virtual private networks ISO/IEC 27002:2005 Information technology -- Security techniques -- Code of practice for information security management ISO/IEC & Security Policy Organizational Security Infrastructure Asset Classification and Control Human Resource Security Physical and Environmental Security Communications and Operations Management Access Control Incident Management Systems Development and Maintenance Business Continuity Management Compliance 6

7 OWASP Mobile Security Project This list was initially released on September 23, 2011 A call for volunteers was released in the July 2012 for an annual refresh of the Top 10 Mobile Risks. OWASP Top 10 Mobile Controls 1. Identify and protect sensitive data on the mobile device 2. Handle password credentials securely on the device 3. Ensure sensitive data is protected in transit 4. Implement user authentication/authorization and session management correctly 5. Keep the backend APIs (services) and the platform (server) secure. 1 7

8 OWASP Top 10 Mobile Controls 6. Perform data integration with third party services/applications securely 7. Pay specific attention to the collection and storage of consent for the collection and use of the user s data 8. Implement controls to prevent unauthorised access to paid-for resources (wallet, SMS, phone calls etc...) 9. Ensure secure distribution/provisioning of mobile applications 10. Carefully check any runtime interpretation of code for errors OWASP Mobile Controls I. Establish coding practices for mobile coding II. Enforce higher security posture on the device for sensitive apps used in an enterprise context III. Protect your application from other malicious applications on the device IV. Provide or use an existing reporting channel for phishing from apps. 8

9 The user's authentication and authorization experience should be consistent across both web and native mobile applications. Users will become confused when they're expected to use different credentials and/or a different login ceremony for mobile application models, especially if accessing the same application. Phishing is becoming a major problem for cloud services and is not diminished when using mobile applications. The user should be given the chance to recognize and trust the authentication service. This means a mobile browser should be used to authenticate the user, the address bar should be visible, and user passwords should not be collected within the native application itself. 9

10 What happens when an employee loses their phone? If passwords are left cached on the phone, an organization's data is put at risk. The use of OAuth in combination with SSO allows for seamless access without the risk of caching passwords. Additional Resources 1. For more information about the Common Criteria, including links to download the complete official criteria, see the Common Criteria portal at and the website of the Common Criteria Evaluation and Validation Scheme (CCEVS) (www.niap-ccevs.org/cc-scheme/). 2. The authentication model for HTTP is described in RFC 2617, HTTP Authentication: Basic and Digest Access Authentication, which you can find at 3. For information on the SSL protocol for secure networking, see For the TLS protocol, see and RFC 5246 at 4. Documentation of the AES encryption algorithm used for FileVault is available on the National Institute of Standards and Technology (NIST) website at 5. For information on Kerberos authentication, see For information on MIT s Kerberos for Macintosh, see n/documentation/kerberosframework.html. 6. See OS X Server Open Directory Administration available at for details on the services that support Kerberos and on how to implement a Kerberos KDC on your OS X server. 10

SECURING MOBILE APPLICATIONS

SECURING MOBILE APPLICATIONS SECURING MOBILE APPLICATIONS Ulf Larson Göteborg ulf.larson@owasp.org ulf.larson@adecco.se A REAL WORLD EXAMPLE TO GET US STARTED Google ClientLogin Authentication Protocol https un/pw auth token... Google

More information

The increasing popularity of mobile devices is rapidly changing how and where we

The increasing popularity of mobile devices is rapidly changing how and where we Mobile Security BACKGROUND The increasing popularity of mobile devices is rapidly changing how and where we consume business related content. Mobile workforce expectations are forcing organizations to

More information

Mid-Project Report August 14 th, 2012. Nils Dussart 0961540

Mid-Project Report August 14 th, 2012. Nils Dussart 0961540 Mid-Project Report August 14 th, 2012 Nils Dussart 0961540 CONTENTS Project Proposal... 3 Project title... 3 Faculty Advisor... 3 Project Scope and Individual Student Learning Goals... 3 Proposed Product

More information

SAML-Based SSO Solution

SAML-Based SSO Solution About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,

More information

Final Project Report December 9, 2012. Cloud-based Authentication with Native Client Server Applications. Nils Dussart 0961540

Final Project Report December 9, 2012. Cloud-based Authentication with Native Client Server Applications. Nils Dussart 0961540 Final Project Report December 9, 2012 Cloud-based Authentication with Native Client Server Applications. Nils Dussart 0961540 CONTENTS Project Proposal... 4 Project title... 4 Faculty Advisor... 4 Introduction...

More information

A Standards-based Mobile Application IdM Architecture

A Standards-based Mobile Application IdM Architecture A Standards-based Mobile Application IdM Architecture Abstract Mobile clients are an increasingly important channel for consumers accessing Web 2.0 and enterprise employees accessing on-premise and cloud-hosted

More information

NCSU SSO. Case Study

NCSU SSO. Case Study NCSU SSO Case Study 2 2 NCSU Project Requirements and Goals NCSU Operating Environment Provide support for a number Apps and Programs Different vendors have their authentication databases End users must

More information

Flexible Identity Federation

Flexible Identity Federation Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services

More information

Google Identity Services for work

Google Identity Services for work INTRODUCING Google Identity Services for work One account. All of Google Enter your email Next Online safety made easy We all care about keeping our data safe and private. Google Identity brings a new

More information

Cloud Computing. Chapter 5 Identity as a Service (IDaaS)

Cloud Computing. Chapter 5 Identity as a Service (IDaaS) Cloud Computing Chapter 5 Identity as a Service (IDaaS) Learning Objectives Describe challenges related to ID management. Describe and discuss single sign-on (SSO) capabilities. List the advantages of

More information

Workday Mobile Security FAQ

Workday Mobile Security FAQ Workday Mobile Security FAQ Workday Mobile Security FAQ Contents The Workday Approach 2 Authentication 3 Session 3 Mobile Device Management (MDM) 3 Workday Applications 4 Web 4 Transport Security 5 Privacy

More information

Samsung KNOX EMM Authentication Services. SDK Quick Start Guide

Samsung KNOX EMM Authentication Services. SDK Quick Start Guide Samsung KNOX EMM Authentication Services SDK Quick Start Guide June 2014 Legal notice This document and the software described in this document are furnished under and are subject to the terms of a license

More information

Security Challenges. in Moving to Externalized Datacenters. (Focusing on SaaS) Eran Birk, Spring 2014. Business. Intelligence

Security Challenges. in Moving to Externalized Datacenters. (Focusing on SaaS) Eran Birk, Spring 2014. Business. Intelligence Business Intelligence Security Challenges in Moving to Externalized Datacenters (Focusing on SaaS) Eran Birk, Spring 2014 Grid Computing Cloud Computing Compute Networks Storage Information provided in

More information

Introduction to SAML

Introduction to SAML Introduction to THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY Introduction to Introduction In today s world of rapidly expanding and growing software development; organizations, enterprises and governments

More information

Building Secure Applications. James Tedrick

Building Secure Applications. James Tedrick Building Secure Applications James Tedrick What We re Covering Today: Accessing ArcGIS Resources ArcGIS Web App Topics covered: Using Token endpoints Using OAuth/SAML User login App login Portal ArcGIS

More information

managing SSO with shared credentials

managing SSO with shared credentials managing SSO with shared credentials Introduction to Single Sign On (SSO) All organizations, small and big alike, today have a bunch of applications that must be accessed by different employees throughout

More information

OpenLogin: PTA, SAML, and OAuth/OpenID

OpenLogin: PTA, SAML, and OAuth/OpenID OpenLogin: PTA, SAML, and OAuth/OpenID Ernie Turner Chris Fellows RightNow Technologies, Inc. Why should you care about these features? Why should you care about these features? Because users hate creating

More information

WHITEPAPER. NAPPS: A Game-Changer for Mobile Single Sign-On (SSO)

WHITEPAPER. NAPPS: A Game-Changer for Mobile Single Sign-On (SSO) WHITEPAPER NAPPS: A Game-Changer for Mobile Single Sign-On (SSO) INTRODUCTION The proliferation of mobile applications, including mobile apps custom to an organization, makes the need for an SSO solution

More information

Implementing two-factor authentication: Google s experiences. Cem Paya (cemp@google.com) Information Security Team Google Inc.

Implementing two-factor authentication: Google s experiences. Cem Paya (cemp@google.com) Information Security Team Google Inc. Implementing two-factor authentication: Google s experiences Cem Paya (cemp@google.com) Information Security Team Google Inc. Google services and personalization Identity management at Google 1. Internal

More information

Mobile First Government

Mobile First Government Mobile First Government An analysis of NIST and DISA requirements for the adoption of commercially available mobility platforms by government agencies August 2013 415 East Middlefield Road Mountain View,

More information

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise

More information

Agenda. How to configure

Agenda. How to configure dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services

More information

Centrify Mobile Authentication Services

Centrify Mobile Authentication Services Centrify Mobile Authentication Services SDK Quick Start Guide 7 November 2013 Centrify Corporation Legal notice This document and the software described in this document are furnished under and are subject

More information

Identity Federation: Bridging the Identity Gap. Michael Koyfman, Senior Global Security Solutions Architect

Identity Federation: Bridging the Identity Gap. Michael Koyfman, Senior Global Security Solutions Architect Identity Federation: Bridging the Identity Gap Michael Koyfman, Senior Global Security Solutions Architect The Need for Federation 5 key patterns that drive Federation evolution - Mary E. Ruddy, Gartner

More information

SAP Single Sign-On 2.0 Overview Presentation

SAP Single Sign-On 2.0 Overview Presentation SAP Single Sign-On 2.0 Overview Presentation March 2016 Public Agenda SAP security portfolio Overview SAP Single Sign-On Single sign-on main scenarios Capabilities Summary 2016 SAP SE or an SAP affiliate

More information

Secure Your Enterprise with Usher Mobile Identity

Secure Your Enterprise with Usher Mobile Identity Secure Your Enterprise with Usher Mobile Identity Yong Qiao, Vice President of Software Engineering & Chief Security Architect, MicroStrategy Agenda Introduction to Usher Unlock the enterprise Dematerialize

More information

FileCloud Security FAQ

FileCloud Security FAQ is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file

More information

Password Power 8 Plug-In for Lotus Domino Single Sign-On via Kerberos

Password Power 8 Plug-In for Lotus Domino Single Sign-On via Kerberos Password Power 8 Plug-In for Lotus Domino Single Sign-On via Kerberos PistolStar, Inc. PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 603.546.2309 E-mail: salesteam@pistolstar.com Website:

More information

Manual for Android 1.5

Manual for Android 1.5 Manual for Android 1.5 1 Table of Content 1. Scope of Service... 3 1.1 About Boxcryptor Classic... 3 1.2 About this manual... 3 2. Installation... 4 3. Basic functionality... 5 3.1. Setting up Boxcryptor

More information

Lecture Notes for Advanced Web Security 2015

Lecture Notes for Advanced Web Security 2015 Lecture Notes for Advanced Web Security 2015 Part 6 Web Based Single Sign-On and Access Control Martin Hell 1 Introduction Letting users use information from one website on another website can in many

More information

Identity. Provide. ...to Office 365 & Beyond

Identity. Provide. ...to Office 365 & Beyond Provide Identity...to Office 365 & Beyond Sponsored by shops around the world are increasingly turning to Office 365 Microsoft s cloud-based offering for email, instant messaging, and collaboration. A

More information

New Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation

New Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation New Single Sign-on Options for IBM Lotus Notes & Domino 2012 IBM Corporation IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole

More information

Adding Stronger Authentication to your Portal and Cloud Apps

Adding Stronger Authentication to your Portal and Cloud Apps SOLUTION BRIEF Cyphercor Inc. Adding Stronger Authentication to your Portal and Cloud Apps Using the logintc April 2012 Adding Stronger Authentication to Portals Corporate and consumer portals, as well

More information

WHITE PAPER Usher Mobile Identity Platform

WHITE PAPER Usher Mobile Identity Platform WHITE PAPER Usher Mobile Identity Platform Security Architecture For more information, visit Usher.com info@usher.com Toll Free (US ONLY): 1 888.656.4464 Direct Dial: 703.848.8710 Table of contents Introduction

More information

SAML-Based SSO Solution

SAML-Based SSO Solution About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,

More information

CBIO Security White Paper

CBIO Security White Paper One Canon Plaza Lake Success, NY 11042 www.ciis.canon.com CBIO Security White Paper Introduction to Canon Business Imaging Online Canon Business Imaging Online ( CBIO ) is a cloud platform for Canon s

More information

TrustedX - PKI Authentication. Whitepaper

TrustedX - PKI Authentication. Whitepaper TrustedX - PKI Authentication Whitepaper CONTENTS Introduction... 3 1... 4 Use Scenarios... 5 Operation... 5 Architecture and Integration... 6 SAML and OAuth 7 RESTful Web Services 8 Monitoring and Auditing...

More information

APIs The Next Hacker Target Or a Business and Security Opportunity?

APIs The Next Hacker Target Or a Business and Security Opportunity? APIs The Next Hacker Target Or a Business and Security Opportunity? SESSION ID: SEC-T07 Tim Mather VP, CISO Cadence Design Systems @mather_tim Why Should You Care About APIs? Amazon Web Services EC2 alone

More information

Secure Identity in Cloud Computing

Secure Identity in Cloud Computing Secure Identity in Cloud Computing Michelle Carter The Aerospace Corporation March 20, 2013 The Aerospace Corporation 2013 All trademarks, service marks, and trade names are the property of their respective

More information

A Survey on Cloud Security Issues and Techniques

A Survey on Cloud Security Issues and Techniques A Survey on Cloud Security Issues and Techniques Garima Gupta 1, P.R.Laxmi 2 and Shubhanjali Sharma 3 1 Department of Computer Engineering, Government Engineering College, Ajmer Guptagarima09@gmail.com

More information

ArcGIS Server and Portal for ArcGIS An Introduction to Security

ArcGIS Server and Portal for ArcGIS An Introduction to Security FedGIS Conference February 24 25, 2016 Washington, DC ArcGIS Server and Portal for ArcGIS An Introduction to Security Michael Sarhan & Bill Major Using Portal with ArcGIS Server Portal Server Portal and

More information

An Overview of Samsung KNOX Active Directory and Group Policy Features

An Overview of Samsung KNOX Active Directory and Group Policy Features C E N T R I F Y W H I T E P A P E R. N O V E M B E R 2013 An Overview of Samsung KNOX Active Directory and Group Policy Features Abstract Samsung KNOX is a set of business-focused enhancements to the Android

More information

TrustedX: eidas Platform

TrustedX: eidas Platform TrustedX: eidas Platform Identification, authentication and electronic signature platform for Web environments. Guarantees identity via adaptive authentication and the recognition of either corporate,

More information

Frequently asked questions

Frequently asked questions Frequently asked questions For more information, visit Usher.com info@ Toll Free (US ONLY): 888.656.4464 Direct Dial: 703.848.8710 1 What is Usher? Usher is a mobile identity platform designed to provide

More information

Sophos Mobile Control Technical guide

Sophos Mobile Control Technical guide Sophos Mobile Control Technical guide Product version: 2 Document date: December 2011 Contents 1. About Sophos Mobile Control... 3 2. Integration... 4 3. Architecture... 6 4. Workflow... 12 5. Directory

More information

Salesforce1 Mobile Security Guide

Salesforce1 Mobile Security Guide Salesforce1 Mobile Security Guide Version 1, 1 @salesforcedocs Last updated: December 8, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of salesforce.com,

More information

SAML Security Option White Paper

SAML Security Option White Paper Fujitsu mpollux SAML Security Option White Paper Fujitsu mpollux Version 2.1 February 2009 First Edition February 2009 The programs described in this document may only be used in accordance with the conditions

More information

Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access

Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access Vikas Jain Director, Product Management Intel Corporation Jesper Tohmo CTO, Nordic Edge (an Intel company) Session ID:

More information

Administering Jive Mobile Apps

Administering Jive Mobile Apps Administering Jive Mobile Apps Contents 2 Contents Administering Jive Mobile Apps...3 Configuring Jive for Android and ios... 3 Native Apps and Push Notifications...4 Custom App Wrapping for ios... 5 Native

More information

Ensuring Enterprise Data Security with Secure Mobile File Sharing.

Ensuring Enterprise Data Security with Secure Mobile File Sharing. A c c e l l i o n S e c u r i t y O v e r v i e w Ensuring Enterprise Data Security with Secure Mobile File Sharing. Accellion, Inc. Tel +1 650 485-4300 1804 Embarcadero Road Fax +1 650 485-4308 Suite

More information

Single Sign On. SSO & ID Management for Web and Mobile Applications

Single Sign On. SSO & ID Management for Web and Mobile Applications Single Sign On and ID Management Single Sign On SSO & ID Management for Web and Mobile Applications Presenter: Manish Harsh Program Manager for Developer Marketing Platforms of NVIDIA (Visual Computing

More information

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0 Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features

More information

API-Security Gateway Dirk Krafzig

API-Security Gateway Dirk Krafzig API-Security Gateway Dirk Krafzig Intro Digital transformation accelerates application integration needs Dramatically increasing number of integration points Speed Security Industrial robustness Increasing

More information

nexus Hybrid Access Gateway

nexus Hybrid Access Gateway Product Sheet nexus Hybrid Access Gateway nexus Hybrid Access Gateway nexus Hybrid Access Gateway uses the inherent simplicity of virtual appliances to create matchless security, even beyond the boundaries

More information

Security Overview Enterprise-Class Secure Mobile File Sharing

Security Overview Enterprise-Class Secure Mobile File Sharing Security Overview Enterprise-Class Secure Mobile File Sharing Accellion, Inc. 1 Overview 3 End to End Security 4 File Sharing Security Features 5 Storage 7 Encryption 8 Audit Trail 9 Accellion Public Cloud

More information

Mobile Identity and Edge Security Forum Sentry Security Gateway. Jason Macy CTO, Forum Systems jmacy@forumsys.com

Mobile Identity and Edge Security Forum Sentry Security Gateway. Jason Macy CTO, Forum Systems jmacy@forumsys.com Mobile Identity and Edge Security Forum Sentry Security Gateway Jason Macy CTO, Forum Systems jmacy@forumsys.com Evolution Evolution of Enterprise Identities Cloud Computing Iaas Infrastructure as a Service

More information

Computer Systems Security 2013/2014. Single Sign-On. Bruno Maia ei09095@fe.up.pt. Pedro Borges ei09063@fe.up.pt

Computer Systems Security 2013/2014. Single Sign-On. Bruno Maia ei09095@fe.up.pt. Pedro Borges ei09063@fe.up.pt Computer Systems Security 2013/2014 Single Sign-On Bruno Maia ei09095@fe.up.pt Pedro Borges ei09063@fe.up.pt December 13, 2013 Contents 1 Introduction 2 2 Explanation of SSO systems 2 2.1 OpenID.................................

More information

Centrify Mobile Authentication Services for Samsung KNOX

Centrify Mobile Authentication Services for Samsung KNOX Centrify Mobile Authentication Services for Samsung KNOX SDK Quick Start Guide 3 October 2013 Centrify Corporation Legal notice This document and the software described in this document are furnished under

More information

MOBILITY. Transforming the mobile device from a security liability into a business asset. pingidentity.com

MOBILITY. Transforming the mobile device from a security liability into a business asset. pingidentity.com MOBILITY Transforming the mobile device from a security liability into a business asset. pingidentity.com Table of Contents Introduction 3 Three Technologies That Securely Unleash Mobile and BYOD 4 Three

More information

SECURITY AND PRIVACY IN AN ENTERPRISE SEARCH INFRASTRUCTURE FOR MOBILE DEVICES

SECURITY AND PRIVACY IN AN ENTERPRISE SEARCH INFRASTRUCTURE FOR MOBILE DEVICES SECURITY AND PRIVACY IN AN ENTERPRISE SEARCH INFRASTRUCTURE FOR MOBILE DEVICES Christian P. Praher Institute for Information Processing and Microprocessor Technology (FIM) Johannes Kepler University Linz

More information

ABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES

ABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES CONTENTS About Tools4ever... 3 About Deloitte Risk Services... 3 HelloID... 4 Microsoft Azure... 5 HelloID Security Architecture... 6 Scenarios... 8 SAML Identity Provider (IDP)... 8 Service Provider SAML

More information

Addressing NIST and DOD Requirements for Mobile Device Management

Addressing NIST and DOD Requirements for Mobile Device Management Addressing NIST and DOD Requirements for Mobile Device Management Whitepaper 2013 ForeScout Technologies, Inc. All rights reserved. Call Toll-Free: 1.866.377.8771 www.forescout.com Contents 1. OVERVIEW

More information

E-Mail: SupportCenter@uhcl.edu Phone: 281-283-2828 Fax: 281-283-2969 Box: 230 http://www.uhcl.edu/uct

E-Mail: SupportCenter@uhcl.edu Phone: 281-283-2828 Fax: 281-283-2969 Box: 230 http://www.uhcl.edu/uct A VPN (Virtual Private Network) provides a secure, encrypted tunnel from your computer to UHCL's network when off campus. UHCL offers VPN software to allow authenticated, secure access to many UHCL resources

More information

JVA-122. Secure Java Web Development

JVA-122. Secure Java Web Development JVA-122. Secure Java Web Development Version 7.0 This comprehensive course shows experienced developers of Java EE applications how to secure those applications and to apply best practices with regard

More information

The Top 5 Federated Single Sign-On Scenarios

The Top 5 Federated Single Sign-On Scenarios The Top 5 Federated Single Sign-On Scenarios Table of Contents Executive Summary... 1 The Solution: Standards-Based Federation... 2 Service Provider Initiated SSO...3 Identity Provider Initiated SSO...3

More information

BlackBerry Universal Device Service. Demo Access. AUTHOR: System4u

BlackBerry Universal Device Service. Demo Access. AUTHOR: System4u Demo Access AUTHOR: System4u BlackBerry Universal Device Service Revisions Date Version Description Author June 26 th 2012 1.0 Roman Přikryl September 25 th 2012 1.5 Revision Roman Přikryl October 5 th

More information

SEC100 Secure Authentication and Data Transfer with SAP Single Sign-On. Public

SEC100 Secure Authentication and Data Transfer with SAP Single Sign-On. Public SEC100 Secure Authentication and Data Transfer with SAP Single Sign-On Public Speakers Las Vegas, Oct 19-23 Christian Cohrs, Area Product Owner Barcelona, Nov 10-12 Regine Schimmer, Product Management

More information

Flexible Identity Federation

Flexible Identity Federation Flexible Identity Federation Administration guide version 1.0.1 Publication history Date Description Revision 2015.09.24 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services

More information

IVOA Single-Sign-On Profile: Authentication Mechanisms Version 2.0

IVOA Single-Sign-On Profile: Authentication Mechanisms Version 2.0 International Virtual Observatory Alliance IVOA Single-Sign-On Profile: Authentication Mechanisms Version 2.0 IVOA Proposed Recommendation 20151029 Working group http://www.ivoa.net/twiki/bin/view/ivoa/ivoagridandwebservices

More information

Copyright Pivotal Software Inc, 2013-2015 1 of 10

Copyright Pivotal Software Inc, 2013-2015 1 of 10 Table of Contents Table of Contents Getting Started with Pivotal Single Sign-On Adding Users to a Single Sign-On Service Plan Administering Pivotal Single Sign-On Choosing an Application Type 1 2 5 7 10

More information

Division of Information Technology Lehman College CUNY

Division of Information Technology Lehman College CUNY Division of Information Technology Lehman College CUNY Using Lehman s Secure Outgoing (SMTP) Server Updated April 16, 2013 Are you able to receive your Lehman email on your smart phone, laptop or tablet

More information

Egnyte Single Sign-On (SSO) Installation for OneLogin

Egnyte Single Sign-On (SSO) Installation for OneLogin Egnyte Single Sign-On (SSO) Installation for OneLogin To set up Egnyte so employees can log in using SSO, follow the steps below to configure OneLogin and Egnyte to work with each other. 1. Set up OneLogin

More information

HOL9449 Access Management: Secure web, mobile and cloud access

HOL9449 Access Management: Secure web, mobile and cloud access HOL9449 Access Management: Secure web, mobile and cloud access Kanishk Mahajan Principal Product Manager, Oracle September, 2014 Copyright 2014, Oracle and/or its affiliates. All rights reserved. Oracle

More information

Mobile Mobile Security COPYRIGHT 2014 INTUITION ALL RIGHTS RESERVED. Copyright 2014 Intuition

Mobile Mobile Security COPYRIGHT 2014 INTUITION ALL RIGHTS RESERVED. Copyright 2014 Intuition Mobile Mobile Security COPYRIGHT 2014 INTUITION ALL RIGHTS RESERVED 1 Background Traditionally, security has not been a high priority for e-learning; as such content was hosted and only accessible at the

More information

Mac OS X. Staff members using NEIU issued laptops and computers on Active Directory can access NEIU resources that are available on the wired network.

Mac OS X. Staff members using NEIU issued laptops and computers on Active Directory can access NEIU resources that are available on the wired network. Mac OS X The University Technology Services is privileged to offer a secure wifi network to the university community. Connecting to this network will provide you with benefits in security and improved

More information

AVG Business SSO Partner Getting Started Guide

AVG Business SSO Partner Getting Started Guide AVG Business SSO Partner Getting Started Guide Table of Contents Overview... 2 Getting Started... 3 Web and OS requirements... 3 Supported web and device browsers... 3 Initial Login... 4 Navigation in

More information

SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)

SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) A RSACCESS WHITE PAPER 1 Microsoft Forefront Unified Access Gateway Overview 2 Safe-T RSAccess Secure Front-end Overview

More information

Integrating WebPCM Applications into Single Sign On (SSO) Tom Schaefer Better Software Solutions, Inc. UN 4023 V

Integrating WebPCM Applications into Single Sign On (SSO) Tom Schaefer Better Software Solutions, Inc. UN 4023 V Integrating WebPCM Applications into Single Sign On (SSO) Tom Schaefer Better Software Solutions, Inc. UN 4023 V Agenda What is SSO? How does it work? Tools for SSO on ClearPath Integrating Active Directory

More information

White Paper. McAfee Cloud Single Sign On Reviewer s Guide

White Paper. McAfee Cloud Single Sign On Reviewer s Guide White Paper McAfee Cloud Single Sign On Reviewer s Guide Table of Contents Introducing McAfee Cloud Single Sign On 3 Use Cases 3 Key Features 3 Provisioning and De-Provisioning 4 Single Sign On and Authentication

More information

Product Manual. MDM On Premise Installation Version 8.1. Last Updated: 06/07/15

Product Manual. MDM On Premise Installation Version 8.1. Last Updated: 06/07/15 Product Manual MDM On Premise Installation Version 8.1 Last Updated: 06/07/15 Parallels IP Holdings GmbH Vordergasse 59 8200 Schaffhausen Switzerland Tel: + 41 52 632 0411 Fax: + 41 52 672 2010 www.parallels.com

More information

How to create a SP and a IDP which are visible across tenant space via Config files in IS

How to create a SP and a IDP which are visible across tenant space via Config files in IS How to create a SP and a IDP which are visible across tenant space via Config files in IS This Documentation is explaining the way to create a SP and IDP which works are visible to all the tenant domains.

More information

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES pingidentity.com EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES Best practices for identity federation in AWS Table of Contents Executive Overview 3 Introduction: Identity and Access Management in Amazon

More information

Tenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved.

Tenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved. Tenrox Single Sign-On (SSO) Setup Guide January, 2012 2012 Tenrox. All rights reserved. About this Guide This guide provides a high-level technical overview of the Tenrox Single Sign-On (SSO) architecture,

More information

Out-of-Band Multi-Factor Authentication Cloud Services Whitepaper

Out-of-Band Multi-Factor Authentication Cloud Services Whitepaper Out-of-Band Multi-Factor Authentication Cloud Services Whitepaper StrikeForce Technologies, Inc. 1090 King Georges Post Rd. Edison, NJ 08837, USA Tel: 732 661-9641 Fax: 732 661-9647 http://www.sftnj.com

More information

Mobile Device Management Version 8. Last updated: 17-10-14

Mobile Device Management Version 8. Last updated: 17-10-14 Mobile Device Management Version 8 Last updated: 17-10-14 Copyright 2013, 2X Ltd. http://www.2x.com E mail: info@2x.com Information in this document is subject to change without notice. Companies names

More information

An Overview of Samsung KNOX Active Directory-based Single Sign-On

An Overview of Samsung KNOX Active Directory-based Single Sign-On C E N T R I F Y W H I T E P A P E R. S E P T E M B E R 2013 An Overview of Samsung KNOX Active Directory-based Single Sign-On Abstract Samsung KNOX is a set of business-focused enhancements to the Android

More information

Identity Implementation Guide

Identity Implementation Guide Identity Implementation Guide Version 37.0, Summer 16 @salesforcedocs Last updated: May 26, 2016 Copyright 2000 2016 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of salesforce.com,

More information

Leveraging SAML for Federated Single Sign-on:

Leveraging SAML for Federated Single Sign-on: Leveraging SAML for Federated Single Sign-on: Seamless Integration with Web-based Applications whether cloudbased, private, on-premise, or behind a firewall Single Sign-on Layer v.3.2-006 PistolStar, Inc.

More information

Authentication Integration

Authentication Integration Authentication Integration VoiceThread provides multiple authentication frameworks allowing your organization to choose the optimal method to implement. This document details the various available authentication

More information

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications SOLUTION BRIEF: PROTECTING ACCESS TO THE CLOUD........................................ How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications Who should read this

More information

Airnet-Student is a new and improved wireless network that is being made available to all Staffordshire University students.

Airnet-Student is a new and improved wireless network that is being made available to all Staffordshire University students. Airnet-Student Airnet-Student is a new and improved wireless network that is being made available to all Staffordshire University students. Airnet-Student has two key advantages over the current Airnet

More information

SAML Authentication Quick Start Guide

SAML Authentication Quick Start Guide SAML Authentication Quick Start Guide Powerful Authentication Management for Service Providers and Enterprises Authentication Service Delivery Made EASY Copyright 2013 SafeNet, Inc. All rights reserved.

More information

Identity Implementation Guide

Identity Implementation Guide Identity Implementation Guide Version 35.0, Winter 16 @salesforcedocs Last updated: October 27, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of

More information

Manage and Secure the Mobile Data, Not Just the Device. Stijn Paumen VP Business Development, Wandera

Manage and Secure the Mobile Data, Not Just the Device. Stijn Paumen VP Business Development, Wandera Manage and Secure the Mobile Data, Not Just the Device Stijn Paumen VP Business Development, Wandera The Great Platform Shift 60,000,000 iphone BlackBerry 50,000,000 40,000,000 30,000,000 20,000,000 10,000,000

More information

Enhancing Web Application Security

Enhancing Web Application Security Enhancing Web Application Security Using Another Authentication Factor Karen Lu and Asad Ali Gemalto, Inc. Technology & Innovations Austin, TX, USA Overview Introduction Current Statet Smart Cards Two-Factor

More information

Mobile Portal for Parents and Students

Mobile Portal for Parents and Students Mobile Portal for Parents and Students September 2013 This document is intended for restricted use only. Infinite Campus asserts that this document contains proprietary information that would give our

More information

Swivel Secure and the Cloud

Swivel Secure and the Cloud Swivel Secure and the Cloud Authentication for Cloud Application Abstract This document describes the issues relating to authenticating to cloud applications and how the Swivel authentication platform

More information