1 ADVANCE AUTHENTICATION TECHNIQUES Introduction 1. Computer systems and the information they store and process are valuable resources which need to be protected. With the current trend toward networking, compromise of one computer on a network can often affect a significant number of other machines connected to the network. 2. The first step toward securing a computer system is the ability to verify the identity of users. The process of verifying a user's identity is typically referred to as user authentication. Passwords are the method used most often for authenticating computer users, but this approach has often proven inadequate in preventing unauthorized access to computer resources when used as the sole means of authentication. We will now discuss advanced authentication technology which can be used to increase the security of computer systems and provides guidance in the selection and use of this technology. What is authentication? 3. Authentication is the process of determining if a user or identity is who they claim to be. Authentication is accomplished using something the user knows (e.g. password), something the user has (e.g. security token) or something of the user (e.g. biometric). 4. The authentication process is based on a measure of risk. High risk systems, applications and information require different forms of authentication that more accurately confirm the user's digital identity as being who they claim to be than would a low risk application, where the confirmation of the digital identity is not as important from a risk perspective. This is commonly referred to as "stronger authentication". 5. Authentication technology provides the basis for access control in computer systems. If the identity of a user can be correctly verified, legitimate users can be granted access to system resources. Conversely, those attempting to gain access without proper authorization can be denied. As used in this bulletin, authentication is defined as the act of verifying the identity of a user. Once a user's identity is verified, access control techniques may be used to mediate the user's access to data. Authentication processes are dependant upon identity verification and registration processes. Why Authentication is required? 6. Networks, both internet and intranet, provides amazing opportunities, but not without some risk. Without the proper controls, your data is subject to several types of attacks. These problem areas are discussed in the sections that follow.
2 2 Loss of Privacy 7. A perpetrator may observe confidential data as it traverses the Internet. This ability is probably the largest inhibitor of business-to-business communications today. Without encryption, every message sent may be read by an unauthorized party. Loss of Data Integrity:- 8. Even for data that is not confidential, one must still take measures to ensure data integrity. For example, you may not care if anyone sees your routine business transaction, but you would certainly care if the transaction were modified. For example, if you were able to securely identify yourself to your bank using digital certificates, you would still want to ensure that the transaction itself is not modified in some way, such as changing the amount of the deposit.
3 3 Identity Spoofing: 9. Moving beyond the protection of data itself, you must also be careful to protect your identity on the Internet. A crafty intruder may be able to impersonate you and have access to confidential information. Many security systems today rely on IP addresses to uniquely identify users. Unfortunately this system is quite easy to fool and has led to numerous break-ins. Authentication 10. Authentication technology provides the basis for access control in computer systems. If the identity of a user can be correctly verified, legitimate users can be granted access to system resources. Conversely, those attempting to gain access without proper authorization can be denied. As used in this bulletin, authentication is defined as the act of verifying the identity of a user. Once a user's identity is verified, access control techniques may be used to mediate the user's access to data. A variety of methods are available for performing user authentication. 11. The traditional method for authenticating users has been to provide them with a secret password, which they must use when requesting access to a particular system. Password systems can be effective if managed properly (Federal Information Processing Standard [FIPS] 112), but they seldom are. Authentication which relies solely on passwords has often failed to provide adequate protection for computer systems for a number of reasons. If users are allowed to make up their own passwords, they tend to choose ones that are easy to remember and therefore easy to guess. If passwords are generated from a random combination of characters, users often write them down because they are difficult to remember. 12. Where password-only authentication is not adequate for an application, a number of alternative methods can be used alone or in combination to increase the security of the authentication process. The three generally accepted methods for verifying the identity of a user are based on something the user knows, such as a password;
4 4 something the user possesses, such as an authentication token; and some physical characteristic of the user, such as a fingerprint or voice pattern. A variety of methods are available for performing authentication. (a) (b) (c) (d) (e) (f) (g) Password Authentication Lightweight Directory Access Protocol (LDAP) Authentication Biometric Authentication PKI Authentication Security Token Authentication Smart Card Authentication Wireless Authentication Password Authentication 14. In most enterprises, the use of passwords is the primary means of authenticating a user. Unfortunately, it is also the weakest form of authentication. In today's digital world, the ways to bypass this form of security are trivial. While many enterprises focus on strengthening passwords, these efforts are by and large meaningless in the face of the tools that attackers can use. The tools provide criminals with easy ability to hack, trap, or crack most passwords easily. 15. The first attack tool against password authentication is a hardware keyboard logger. Legally available online for $40, these devices plug into the connection between the keyboard and the computer. They record every keystroke, with some models able to do time and date stamps against the data. A hardware keyboard logger looks like a small hardware piece of computer connections, takes only 10 seconds to install and is not detectable by any means of commercially available software. 16. The use of password authentication is further weakened by software attacks. This year alone, it is estimated that there will be several thousand different malware password logging attack programs will be created. Some of these are very sophisticated and can be ordered by the internet to attack certain types of firewalls. These password authentication logging software programs are embedded in that are activated by clicking on the links in the or by visiting a fake site that looks like the normal commercial site (phishing attack). 17. Some of the password authentication attacks are so sophisticated that there embed themselves on the core root operating systems kernel (rootkit attacks). Rootkit attacks are now acknowledged by Microsoft to be so insidious that the only way to remove them is to re-image every computer on the infected enterprise network! 18. Does this mean that passwords shouldn't be used in your enterprise? 19. No. The use of passwords can be used in a layered identity defense strategy. What this means is that your enterprise will allow the use of user id and password to gain general access to low risk enterprise applications and information e.g. the enterprise portal. However, when the user tries to access applications or information that is higher risk, the enterprise single sign on system will require stronger
5 5 authentication. This may include the use of security tokens, digital certificates, biometrics, smartcards or combinations thereof in addition to the password. LDAP Authentication 20. Lightweight Directory Access Protocol (LDAP) directories and LDAP authentication have become one of the enterprise user infrastructure cornerstones. As the enterprise has digitized and opened itself up to customer, business partner, vendor and wide-spread employee access to pieces of most enterprise applications, the need to know who the user is has significantly increased from a security perspective. Who is the user trying to access an application? What is the strength of authentication by which the application can trust the user trying to access the application? What are the user's authorization privileges? 21. The frequency with which to authenticate who a user is has also increased. Thus in medium to large enterprise it is not uncommon to have several thousand to several hundred of thousand identity look-ups per second. 22. The above are the reasons why LDAP directories and authentication have taken on such a dominant role in enterprise authentication. LDAP directories offer the following features: (a) (b) (c) (d) (e) (f) They are very quick for doing identity reads against as compared to traditional databases. They are low cost - in fact some LDAP directories are available for free Virtual LDAP directories enable quick linkage between multiple databases and multiple LDAP directories. LDAP directories are excellent for doing rapid LDAP authentication against for any digitized authentication. LDAP directories have a universal protocol enabling quick interaction and exchange of identity information between enterprises. LDAP directories can be easily partitioned to place the directory close to the end user, thus improving performance and reducing network load. Underlying Key Points in LDAP Authentication Authoritative Identity Sources 23. In most medium to large enterprises, the authoritative source for employee information is usually the Human Resource Management System (HRMS). Figuring out what system is authoritative for customers, contractors, temps, business partners and vendors is usually much more complicated. It is very important before LDAP authentication is implemented the enterprise first determines which system or application will be authoritative for the identity data. This also means cleaning up the associated business processes dealing with identity creation, role changes and terminations. Often the authoritative identity source will have many identities in their data stores listed as active who are no longer active. This can create security holes in any LDAP authentication.
6 6 Unique Enterprise ID 24. Next it's important that in cases where multiple data sources have the same identity information that a universal identity id be deployed. For example, if a user named John Jones is in the HRMS as J Jones, in the payroll system as John Jones, in the shipping system as JJONES etc, then it becomes important to know at the enterprise level a common id for John Jones. This usually means creation of a unique alphanumeric id for each user. Without this, the enterprise LDAP authentication won't work since John Jones won't know which id to use in authentication. Further, the handoff to the applications after LDAP authentication won't work since the LDAP directory has to communicate with the application that John Jones has successfully authenticated. Linkage of Authoritative Sources with the LDAP Directory 25. LDAP authentication relies upon the LDAP directory having the most up to date identity information with which to do an authentication against. This requires that the authoritative source be linked, at a minimum, on a nightly batch basis, and in many cases, on a identity event basis. In the old days, of a few years ago, interfacing LDAP directories with authoritative source data bases was expensive and time consuming to do. The synchronization of the LDAP directories with the databases was critical and costly. Today however, LDAP virtual directories are now mainstream tools. A LDAP virtual directory is one which sits in a virtual environment and has its sources of identity information derived from pointers to specific tables in data stores or, in other LDAP directories. LDAP virtual directories can usually be created in several hours or a few days and put into operation very quickly. LDAP Authentication in Practice 26. LDAP authentication is now very common in network operating systems. Microsoft uses this in Win2003 with its Active Directory. All network operating systems today support the integration of LDAP Authentication including Solaris, Novell, AIX, Linux and HPUX. In each of these cases, the user usually enters in their id and password. The information may be presented as an online form or simply have an entry point for the id and password. This information is then sent to the LDAP directory (make sure the information is sent encrypted and not in open text).the directory takes this information and compares it to the id and password stored in the LDAP directory. If it is the same, the LDAP authentication is successful. In network operating systems, the network then takes over and proceeds with user authorization and allows them to use the network. LDAP Authentication and Single Sign On 27. Single Sign On (SSO) systems mostly use LDAP authentication. The enterprise user logs on in the morning and sees normally a form based enterprise login screen. The user enters in their id and password. The SSO software then takes the information and sends it to the security server using an encrypted connection. The security server in turn then logs on to the LDAP server on behalf of the user by providing the LDAP server with the user's id and password. If successful, the security server then proceeds with
7 7 any authorization and/or lets the user proceed to the application or resource they require. Authentication - Biometrics 28. Biometrics used for authentication is currently in fashion in the authentication industry. The UK and US governments are rapidly deploying them in their visas, passports and personal identification cards. Many other industries are adopting biometrics as authentication mechanisms for accessing bank machines, doorway access control and time card reporting and general computer desktop access. Authentication is the process of determining if a user or identity is who they claim to be. The authentication process is based on risk. Higher risk situations require more identity verification certainty. Biometrics can play a useful role in verifying the identity along with other factors. What is biometric authentication? 29. Biometric authentication is the process of verifying if a user or identity is who they claim to be using digitized biological pieces of the user. This can include finger scans, finger prints, iris scans, face scans, voice recognition and signature scans. Other biometrics in research for authentication includes vein scans and DNA. Are all biometrics equal? 30. No. The type of biometric used and the way it is used results in different authentication results. The table below lists current estimates for common biometric authentication systems: Finger Voice Iris Face Type Physical Behavioral Physical Physical Method Active Active Active Passive Equal Error Rate 2-3.3% <1% % 4.1% Failure to Enroll 4% 2% 7% 1% Nominal False Accept Rate 2.5% <1% 6% 4% Nominal False Reject Rate 0.1% <1% 0.001% 10% Liveness Aware No Yes Bo Possible System Cost High Low Very High High Why Biometrics Will Not Solve Identity Theft 31. Biometrics is very useful, in certain situations, as an authentication device. It is useful when someone is watching the user use a biometric authentication device. This way the enterprise can be relatively certain that there is no malfecance being done
8 8 between the user, the biometric hardware reader and the enterprise security system. However, when biometrics are done remotely, with the enterprise not able to see and control the authentication hardware, the chances increase that the identity presenting their biometric may not be the person who is registered with the biometric. Therefore, the use of mutli-factor authentication mechanisms is used. 32. The use of biometrics as a deterrent against identity theft is being much touted at the moment. However, the use of biometrics alone will not likely deter criminals from finding ways around the use of biometrics. Remember that what is being presented are a set of computer bits that represent the biometric to the authentication server. Therefore, it is extremely likely that criminals will adjust their attack vectors and try to capture the biometric from the person, and then replay these on the enterprise. Authentication - PKI (Public Key Infrastructure) 33. A public key infrastructure is a system that provides for trusted third party user identity inspection and assurance. Normally, this is done by a Certificate Authority (CA) and uses cryptography involving public and private keys. A typical PKI system consists of: (a) Client software (b) A Certificate Authority server (c) May involve smartcards (d) Operational procedures How PKI infrastructure works: 34. The Certificate Authority checks the user. Different CA's have different identity validation procedures. Some may grant the user a digital certificate with only a name and address, while others may involve personal interviews, background checks etc. The user is granted a digital certificate. Often there are two components to these private and public keys. 35. The user wishes to send an to a business associate. The user digitally signs the with their private key. The is sent to the business associate. The business associate uses the sending user's public key to decrypt the message. The use of digital certificates in this example provides confidentiality, message integrity and user authentication without having to exchange secrets in advance. 36. PKI was oversold on its capabilities when it was originally introduced several years ago. There were serious problems with browser incompatibilities, costs associated with issuing and managing digital certificates and a business environment that had not yet widely adopted the internet to rethink business processes between enterprises. Authentication - Security Tokens 37. Authentication is achieved by asking something you know, something you have or, providing something you are or combinations thereof. Something you have, like a physical token, is used often in real life e.g. a driver's license. In the digital world
9 9 security tokens are now commonly used. They are often one time password security tokens and/or smart cards. One Time Passwords 38. One time password security tokens, like secureid by RSA, are one way of significantly reducing the risk of using passwords. Unlike passwords which are changed every days or longer, a secureid token works differently. On the small screen of the key fob the user carries with them are numbers that change every 60 seconds. The numbers displayed on the screen change randomly to the end user. They are generated by a mathematical algorithm that is only known to the enterprise security server. 39. The user logs on to the enterprise network. During the logon sequence the user is requested to enter in their id and then the number displayed on the screen. This information is sent via encryption to the enterprise security server. If the number on the screen matches the mathematical algorithm and the id, then the user is authenticated. 40. The devices are tamper proof/resistant. They are pre-programmed from the factory and ready for immediate use. By combining a secret that the user knows (their id) with the one-time password, the authentication is much stronger than that from a traditional password. Authentication Weaknesses with Security Tokens 41. There are weaknesses with using only this approach. For instance, is someone is able to steal or fraudulently obtain the key fob and, they also know the user's id, then they will be able to successfully masquerade as the identity. Additionally, there are significant management costs with the key fobs or credit card size tokens. Recent announcements in February 2007 by Entrust selling one-time password tokens at $5 means that the price points are now much lower and more affordable. Users need to be issued them physically, they need to be replaced when lost (which is common) and recovered or terminated when an identity leaves the enterprise. Poor de-provisioning processes may result in security holes being created by the identity still having access to the network using their secureid token and id. Access Control Cards - Contact less Smart Card 42. The contact less smart card has a microchip embedded in the card with internal memory. This enables the card to: (a) (b) (c) Securely manage, store and offer data access to the card Perform complex functions and calculations (e.g. encryption) Interact with an RF device in an intelligent manner Common applications of contact less smart cards include:
10 10 Mutual authentication: 43. The contactless smart card can verify that the card reader is authentic and then verify itself to the card reader before starting a secure transaction Strong information security: 44. The ability of the microchip and memory enable the card to encrypt any identity information contained in the card as well as encrypting the RF connection between the contact less smart card and the card reader. Tamper resistant security: 45. There are a number of hardware and software capabilities that is built into contact less smart cards to detect and react to tamper methods and help counter attacks on the card. Authentication and Authorization Information Access Control: 46. The contact less smart card can protect the information contained within the card by authenticating the information requestor and then allowing only the release of information the requestor is authorized for. The card owner may have additional methods such as a PIN number or a biometric to approve release of the information. This is an example of strong authentication. 47. Selection of the access control cards should be done in context of the enterprise access control and identity management systems. For example, will the cards and readers integrate with the enterprise Lightweight Directory Access Protocol (LDAP)? Can the access control provisioning system create, modify or terminate an identity on the access control card identity server? What is the strength of authentication required for the access control card? Is it easy to tamper with? Authentication - Wireless 48. Most modern wireless networks do user authentication using Remote Authentication Dial-In User Service (RADIUS) protocol. RADIUS handles the overall authentication process of the user's session on the wireless device as well as also handling the authorization and auditing. 49. Typically, when you logon to your ISP using a wireless device, you are required to provide authentication information. Often, this uses Extensible Authentication Protocol (EAP). The type of authentication you use is determined by the EAP authentication method. There are many different EAP methods. This can range from the use of an id and password (very insecure), to digital certificates, security tokens and even biometrics. 50. The RADIUS system takes the EAP Authentication Method, challenges the user with the appropriate authentication method, receives the authentication response and then verifies it, often against an enterprise LDAP directory. If the authentication is successful, the RADIUS server will then authorize IP addresses, the tunnelling protocol used to create virtual private networks, etc. Further, the RADIUS server keeps tracks of when a user session begins and ends.
11 11 Wireless Authentication Challenges 51. Many wireless deployments continue to use the least secure authentication methods - id and password. The use of this results in very insecure communications between the enterprise and the wireless device. If you are forced to use this, then my advice is to lock down what the user can access and severely restrict the information the user can obtain. Use a network security appliance like Caymas to check the wireless device platform and ensure it is up to date re software updates and then restrict access to network and applications. 52. For senior executives, who do require fairly open access to the applications and information systems via their wireless device, issue them with something like a secureid from RSA one time password generator and have the executives be required to enter this in order to authenticate their wireless device to the network. This reduces the risk that the user on the end of the wireless device is not the identity you issued the id and password to. Conclusion 53. As the enterprise risk rises for networks, applications and information access, so too must the layers of authentication strength. The financial system, payroll and payables are all higher risk. So too are users who hold super-user privileges like senior network administrators. For all of the medium and higher risk applications, your enterprise should be using a graded series of stronger authentication. For instance, low to medium risk might be addressed by the user providing their id, password and a digital certificate. Medium risk should be addressed by the user providing things like a secureid token along with their id and a password. Medium to high risk should be addressed by the user providing something like a smart card, a secure id token, a biometric and a second unique password. 54. Password-based authentication is the most widely used method for verifying the identity of persons requesting access to computer resources. However, authentication based only on passwords often does not provide adequate protection. The use of authentication tokens, biometrics, and other alternative methods for verifying the identity of system users can substantially increase the security of an authentication system. The proliferation of networked computer systems and the corresponding increase in the potential for security violations makes it even more critical those who design and operate computer systems to understand and implement effective authentication schemes. There are many ways of authenticating a user. These range from the id and password (commonly referred to as "basic authentication"), digital certificates, security tokens, smart cards and biometrics. There are different reasons to use each type of authentication.
Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public
RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards January 2007 Developed by: Smart Card Alliance Identity Council RF-Enabled Applications and Technology:
KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS Plurilock Security Solutions Inc. www.plurilock.com email@example.com 2 H IGHLIGHTS: PluriPass is Plurilock static keystroke dynamic biometric
WHITE PAPER Usher Mobile Identity Platform Security Architecture For more information, visit Usher.com firstname.lastname@example.org Toll Free (US ONLY): 1 888.656.4464 Direct Dial: 703.848.8710 Table of contents Introduction
White Paper Advanced Authentication Introduction In this paper: Introduction 1 User Authentication 2 Device Authentication 3 Message Authentication 4 Advanced Authentication 5 Advanced Authentication is
White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services Over the past decade, the demands on government agencies to share information across the federal, state and local levels
101 Things to Know About Single Sign On IDENTITY: 1. Single sign on requires authoritative sources for identity. 2. Identity authoritative sources needs to contain all the enterprise identity data required.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication Objectives Define authentication Describe the different types of authentication credentials List and explain the
Identify yourself securely. True Identity solution True Identity authentication and authorization for groundbreaking security across multiple applications including all online transactions Biogy Inc. Copyright
CYBER SECURITY OPERATIONS CENTRE (UPDATED) 201 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL
E-Commerce Security and Fraud Protection CHAPTER 9 LEARNING OBJECTIVES 1. Understand the importance and scope of security of information systems for EC. 2. Describe the major concepts and terminology of
Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions July, 2006 Developed by: Smart Card Alliance Identity Council Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked
+1-888-437-9783 email@example.com IdentiSys.com Distributed by: Entrust IdentityGuard is an award-winning software-based authentication enterprises and governments. The solution serves as an organization's
FFIEC CONSUMER GUIDANCE Important Facts About Your Account Authentication Online Banking & Multi-factor authentication and layered security are helping assure safe Internet transactions for banks and their
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 10 Authentication and Account Management Objectives Describe the three types of authentication credentials Explain what single sign-on
E-Commerce Security Learning Objectives 1. Document the trends in computer and network security attacks. 2. Describe the common security practices of businesses of all sizes. 3. Understand the basic elements
IDENTITY MANAGEMENT February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
Guide to Evaluating Multi-Factor Authentication Solutions PhoneFactor, Inc. 7301 West 129th Street Overland Park, KS 66213 1-877-No-Token / 1-877-668-6536 www.phonefactor.com Guide to Evaluating Multi-Factor
Available online www.jocpr.com Journal of Chemical and Pharmaceutical Research, 2014, 6(7):437-441 Research Article ISSN : 0975-7384 CODEN(USA) : JCPRC5 Research of network payment system based on multi-factor
Improving Online Security with Strong, Personalized User Authentication July 2014 Secure and simplify your digital life. Table of Contents Online Security -- Safe or Easy, But Not Both?... 3 The Traitware
Application Note A brief on Two-Factor Authentication Summary This document provides a technology brief on two-factor authentication and how it is used on Netgear SSL312, VPN Firewall, and other UTM products.
Part I Contents Part I Introduction to Information Security Definition of Crypto Cryptographic Objectives Security Threats and Attacks The process Security Security Services Cryptography Cryptography (code
Your personal information and account security is important to us. This product employs a Secure Sign On process that includes layers of protection at time of product log in to mitigate risk, and thwart
W.A.R.N. Passive Biometric ID Card Solution Updated November, 2007 Biometric technology has advanced so quickly in the last decade that questions and facts about its cost, use, and accuracy are often confused
Here are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online. FFIEC BUSINESS ACCOUNT GUIDANCE New financial standards will assist credit
Air Force Public Key Infrastructure System Program Office (ESC/HNCDP) Phone: 210-925-2562 / DSN: 945-2562 Web: https://afpki.lackland.af.mil Frequently Asked Questions (FAQs) SIPRNet Hardware Token Updated:
White Paper SECURING YOUR REMOTE DESKTOP CONNECTION HOW TO PROPERLY SECURE REMOTE ACCESS 2015 SecurityMetrics SECURING YOUR REMOTE DESKTOP CONNECTION 1 SECURING YOUR REMOTE DESKTOP CONNECTION HOW TO PROPERLY
Entrust Managed Services PKI Using Entrust certificates with VPN Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust is a trademark or a registered trademark
The Essentials Series IT Compliance Volume II sponsored by by Rebecca Herold Addressing Web-Based Access and Authentication Challenges by Rebecca Herold, CISSP, CISM, CISA, FLMI February 2007 Incidents
PASSWORD MANAGEMENT February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
Your identity is one of the most valuable things you own. It s important to keep your identity from being stolen by someone who can potentially harm your good name and financial well-being. Identity theft
IDRBT Working Paper No. 11 Authentication factors for Internet banking M V N K Prasad and S Ganesh Kumar ABSTRACT The all pervasive and continued growth being provided by technology coupled with the increased
Secure Web Access Solution I. CONTENTS II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. E-CODE SECURE WEB ACCESS SOLUTION... 3 OVERVIEW... 3 PKI SECURE WEB ACCESS... 4 Description...
The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which
Enhancing Organizational Security Through the Use of Virtual Smart Cards Today s organizations, both large and small, are faced with the challenging task of securing a seemingly borderless domain of company
Multi-Factor Authentication of Online Transactions Shelli Wobken-Plagge May 7, 2009 Agenda How are economic and fraud trends evolving? What tools are available to secure online transactions? What are best
N Stage Authentication with Biometric Devices Presented by: Nate Rotschafer Sophomore Peter Kiewit Institute Revised: July 8, 2002 N Stage Authentication Outline Background on Authentication General Network
Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access CONTENTS What is Authentication? Implementing Multi-Factor Authentication Token and Smart Card Technologies
Whitepaper on AuthShield Two Factor Authentication with ERP Applications By INNEFU Labs Pvt. Ltd Table of Contents 1. Overview... 3 2. Threats to account passwords... 4 2.1 Social Engineering or Password
White Paper Authentication and Access Control - The Cornerstone of Information Security Vinay Purohit September 2007 Trianz 2008 White Paper Page 1 Table of Contents 1 Scope and Objective --------------------------------------------------------------------------------------------------------
Vidder PrecisionAccess Security Architecture February 2016 910 E HAMILTON AVENUE. SUITE 410 CAMPBELL, CA 95008 P: 408.418.0440 F: 408.706.5590 WWW.VIDDER.COM Table of Contents I. Overview... 3 II. Components...
Fraud Detection and Prevention Timothy P. Minahan Vice President Government Banking TD Bank Prevention vs. Detection Prevention controls are designed to keep fraud from occurring Detection controls are
How Secure is your Authentication Technology? Compare the merits and vulnerabilities of 1.5 Factor Authentication technologies available on the market today White Paper Introduction A key feature of any
IBM i Security Digital Certificate Manager 7.1 IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in Notices,
Cent ralized Out -Of-Band Aut hent ic at ion Syst em Security for the 21 st Century Presented by: Southeast Europe Cybersecurity Conference Sophia, Bulgaria September 8-9, 2003 Introduction Organizations
White Paper Options for Two Factor Authentication Authors: Andrew Kemshall Phil Underwood Date: July 2007 Page 1 Table of Contents 1. Problems with passwords 2 2. Issues with Certificates (without Smartcards)
Glen Doss Towson University Center for Applied Information Technology Remote Access Security I. Introduction Providing remote access to a network over the Internet has added an entirely new dimension to
FernUniversität in Hagen: Certification Authority (CA) Certification Practice Statement VERSION 1.1 Ralph Knoche 18.12.2009 Contents 1. Introduction... 4 1.1. Overview... 4 1.2. Scope of the Certification
The Essentials Series: Enterprise Identity and Access Management Authentication sponsored by by Richard Siddaway Authentication...1 Issues in Authentication...1 Passwords The Weakest Link?...2 Privileged
WHITE PAPER WP Converging Access of IT and Building Resources P 1 Executive Summary To get business done, users must have quick, simple access to the resources they need, when they need them, whether they
System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure
Retail/Consumer Client Internet Banking Awareness and Education Program Table of Contents Securing Your Environment... 3 Unsolicited Client Contact... 3 Protecting Your Identity... 3 E-mail Risk... 3 Internet
The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which
Incorporated 3/7/06; Rev 9/18/09 PaperClip Compliant Email Service Whitepaper Overview The FTC Safeguard Rules require Financial, Insurance and Medical providers to protect their customer s private information
AUTHENTIFIERS Authentify Authentication Factors for Constructing Flexible Multi-Factor Authentication Processes Authentify delivers intuitive and consistent authentication technology for use with smartphones,
Pointsec Enterprise Encryption and Access Control for Laptops and Workstations Overview of PC Security Since computer security has become increasingly important, almost all of the focus has been on securing
Lenovo Corporation March 2009 security white paper Management of Hardware Passwords in Think PCs. Ideas from Lenovo Notebooks and Desktops Workstations and Servers Service and Support Accessories Introduction
Strong Authentication for Secure VPN Access Solving the Challenge of Simple and Secure Remote Access W H I T E P A P E R EXECUTIVE SUMMARY In today s competitive and efficiency-driven climate, organizations
DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication Certificate Based 2010 Integration VASCO Data Security. Guideline All rights reserved. Page 1 of 31 Disclaimer Disclaimer of
Cunsheng Ding, HKUST Lecture 06: Public-Key Infrastructure Main Topics of this Lecture 1. Digital certificate 2. Certificate authority (CA) 3. Public key infrastructure (PKI) Page 1 Part I: Digital Certificates
61-04-69 Getting a Secure Intranet Stewart S. Miller The Internet and World Wide Web are storehouses of information for many new and legitimate purposes. Unfortunately, they also appeal to people who like
Summary White Paper April 23, 2014 This document describes levels of authentication that can be utilized for users known and unknown to gain access to applications and solutions. Summary... 1 Description...
IS TEST 3 - TIPS FOUR (4) levels of detective controls offered by intrusion detection system (IDS) methodologies. First layer is typically responsible for monitoring the network and network devices. NIDS
Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.
Single Sign On Underneath the Hood - What Senior Managers Need To Know Copyright, 2006. Guy Huntington, AuthenticationWorld.com. This briefing is designed for senior managers wanting to know the implications
TECHNICAL NOTE Secure VidyoConferencing SM Protecting your communications 2012 Vidyo, Inc. All rights reserved. Vidyo, VidyoTechnology, VidyoConferencing, VidyoLine, VidyoRouter, VidyoPortal,, VidyoRouter,
RSA SecurID Two-factor Authentication Today, we live in an era where data is the lifeblood of a company. Now, security risks are more pressing as attackers have broadened their targets beyond financial
Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application
Sponsored by Netop Compliance and Security Challenges with Remote Administration A SANS Whitepaper January 2011 Written by Dave Shackleford Compliance Control Points Encryption Access Roles and Privileges
MAXIMUM DATA SECURITY with ideals TM Virtual Data Room WWW.IDEALSCORP.COM ISO 27001 Certified Account Settings and Controls Administrators control users settings and can easily configure privileges for
Whitepaper MODERN THREATS DRIVE DEMAND FOR NEW GENERATION TWO-FACTOR AUTHENTICATION A RECENT SURVEY SHOWS THAT 90% OF ALL COMPANIES HAD BEEN BREACHED IN THE LAST 12 MONTHS. THIS PARED WITH THE FACT THAT
Windows Operating Systems Basic Security Objectives Explain Windows Operating System (OS) common configurations Recognize OS related threats Apply major steps in securing the OS Windows Operating System
$ ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS Boston Private Bank & Trust Company takes great care to safeguard the security of your Online Banking transactions. In addition to our robust security
Remote Access Securing Your Employees Out of the Office HSTE-NB0011-RV 1.0 Hypersecu Information Systems, Inc. #200-6191 Westminster Hwy Richmond BC V7C 4V4 Canada 1 (855) 497-3700 www.hypersecu.com Introduction
and s Branch Glossary of Key Terms The terms and definitions listed in this glossary are used throughout the s Package to define key terms in the context of. Access Control Access The processes by which
472 Hitachi Review Vol. 64 (2015), No. 8 Featured Articles Platform for a Safe, Secure, and Convenient Society Public s Infrastructure Yosuke Kaga Yusuke Matsuda Kenta Takahashi, Ph.D. Akio Nagasaka, Ph.D.
Entrust Managed Services Entrust Managed Services PKI Configuring secure LDAP with Domain Controller digital certificates Document issue: 1.0 Date of issue: October 2009 Copyright 2009 Entrust. All rights
Secure Mobile Access From everywhere... From any device... From user......to applications Page 3...without compromising on security and usability... and to my PC in the office: Secure Virtual Access Contrary
Trends in cloud computing, workforce mobility, and BYOD policies have introduced serious new vulnerabilities for enterprise networks. Every few weeks, we learn about a new instance of compromised security.
Whitepaper MODERN THREATS DRIVE DEMAND FOR NEW GENERATION MULTI-FACTOR AUTHENTICATION A SURVEY SHOWS THAT 90% OF ALL COMPANIES HAD BEEN BREACHED IN THE LAST 12 MONTHS. THIS PAIRED WITH THE FACT THAT THREATS
Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical