Case Study: Leveraging TPM for Authentication and Key Security
|
|
- Ruby Wells
- 8 years ago
- Views:
Transcription
1 Case Study: Leveraging TPM for Authentication and Key Security 09/20/2011 Gautam Muralidharan Manager, Advisory Services PwC
2 Speaker Introduction Gautam is a manager in the Advisory Technology practice at PwC. Gautam has 8 years of experience designing, developing, and implementing complex Identity and Access Management (IAM) systems. Gautam brings in-depth knowledge and experience in security architecture, development tools, and IAM software packages. He has combined those experiences with the latest technologies to design and implement scalable Sign-On solutions, user management and authentication/ authorization systems across mixed platform environments. He is currently serving as the chief-of-staff to the US Advisory Security Leader for PwC. gautam.muralidharan@us.pwc.com
3 PwC Advisory Security Services Our Information Security Solutions help IT leaders and decision-makers integrate information security into strategic decision-making processes across the enterprise in order to better drive business performance, manage risk, and increase shareholder value. 4,700 professionals in North America 8,000 professionals in EMEA 3,900 professionals in Asia Pacific 850 professionals providing services in matters related to security and risk to geographies outside of North American, EMEA, and Asia Pac PwC s professional services are delivered to clients by a workforce of over 150,000 employees and partners in 850 locations spread across 142 countries. Primary Lines of Service include Audit, Assurance and Business Advisory Services, Global Tax Services, Business Process Outsourcing, Corporate Finance and Recovery Services, and Human Resource Services. Also composing PwC are Internal Firm Services organizations, which include Finance, internal Human Resources, Infrastructure and Information Technology (IT). The PwC IT organization provides internal IT services to the Firm. For further information visit our web site at: 3
4 Agenda Our Journey Considerations and Lessons learned Questions 4
5 Our Journey 5
6 What do we use PKI for WiFi access (PKI based authentication and tunneling) VPN access (identification and authentication) LAN access (IEEE802.1x pre-authentication) Aura (P2P sync, data transport encryption, authentication). Code signing (trusted applications). Internet Explorer webpages working with Digital Certificates Any other usage when you need more security than a simple Global ID+password. 6
7 Risks we considered with our current solution You have created the key pair. You have fulfilled a process to convince others that it is you they are communicating with (Identity Proofing). All this, only because you are the owner of the Private Key and the accompanying Digital Certificate. But what happens if you are not the sole owner of the Private Key anymore, e.g. your Private Key is stolen or copied by me? Then I can impersonate you! So what? E.g. your colleague wants to exchange an Aura client file and searches on the network for You to setup a peer-to-peer connection. Your name pops up (actually it is me with your Private Key). He trust this and start sending me the sensitive client file. 7
8 Risks we considered with our current solution The Private Key is stored on hard disk and is protected by the CSP. Jailbreak is software that can steal a Private Key. The Public Key is already public so the key pair can be used by others! E.g. a stolen Private Key and certificate on a Debian (Linux) PC running a VPN to PwC and having a Remote Desktop Connection to a PwC Windows server : 8
9 We wanted to move to a more secure alternative This is not what we want to read in the morning papers. So, the Private Key must be protected at all times! But, in the current situation the Private Key cannot be protected because it is stored by software (on the hard disk). Even when the Jaibreak exploit is repaired it could be possible that there will be other exploits. The solution preventing the theft of Private Keys? Store Private Keys in tamper resistant hardware! But, cryptographic hardware is expensive and hard to maintain. And, usually you have to buy proprietary (expensive) hardware which does comply to certain standards only. 9
10 Solutions we considered and challenges USB dongles: Additional hardware costs No open software standard Lost/Stolen management overhead Reluctance of business to have additional device Smartcard (SIM, USB or proximity): Additional Hardware required Expensive No open standard Additional provisioning requirements Additional management costs Lost/Stolen management overhead Reluctance of business to have additional device Not centrally managed Trusted Platform Module (TPM): Possible changes to PwC certificate management application required depending on architecture design. Requires additional laptop/desktop provisioning/lifecycle management processes Tied to single machine 10
11 Why we picked TPM Already in 95+% of our laptops Is based on open standards Gives FIPS protection Can be centrally or locally managed Cheap (no hardware costs) Protects against Jailbreak and similar tools Delivers additional secure cryptographic functions (trusted startup, random number generator, digital signature etc.) Minor changes in PC Lifecycle Management. TPM setup in a few minutes Our applications worked well with TPM often with minimal to no code change 11
12 TPM implementation Example: VPN Multifactor Authentication with TPM When you want to connect to the PwC network through VPN, you need a: 1. Digital Certificate and Private Key (1 st factor, have ) 2. GUID and GUID password (2 nd factor, know ) No changes to the infrastructure when using the TPM and no Jailbreak vulnerability anymore! 12
13 Considerations and Lessons Learned 13
14 Phased approach to implement multifactor authentication solutions Collect Requirements Develop detailed business and technical requirements Solution & Vendor Selection Develop RFP based on requirements and select vendor Execute Pilot Facilitate pilot with a small subset of users to determine solution suitability Design & Implementation Integrate of the solution into environment Solution Rollout & Ongoing Operations Solution roll-out across enterprise and knowledge transfer to operational resources 14
15 Key steps in a Multi Factor Authentication deployment Determine requirements for two-factor authentication from key stakeholders Conduct a current state ("as-is") analysis of two-factor authentication and supporting processes Design future state of multi-factor authentication along with supporting processes. Solution design will take into account multiple user communities including service accounts, administrators, contractors etc. Select a flexible and scalable vendor solution that supports requirements Integrate solution management with existing Identity management system Ensure that the selected solution is compliant with relevant legal and regulatory requirements Develop end user deployment strategy, including change management and communication. Provide detailed and comprehensive framework to support operational process components (i.e. issuing cards, lost cards, training, policy and procedures, etc) Develop documentation to support rapid solution integration at other businesses 15
16 Ask these questions Business Technology Is the solution currently supported in organizations operating in multiple countries/regions? Are other large conglomerates/industry peers using this vendor? Is the solution scalable? What are the impacts to user experience if this solution is deployed? Is the registration process implicit, transparent, history based or explicit/formal? What are the additional hardware/software (smart card readers/gina modifications/csp additions) requirements for a functioning solution in your environment (Windows/Unix)? What is lost/stolen cards/token process? How is the authenticating information stored on the token/smart card (plain text/encrypted)? How are the end-user private keys protected (pin/password/biometric)? Has the solution been integrated for provisioning with an Identity management solution? What is the extent of integration (automated, notification based) What application integration methods (e.g. API, redirect/filter, agent, etc.) are supported? 16
17 Lessons Learned Project/ Program Structure and Approach Organization and People Process and Data Areas of Concern Project led by technology group without high-level partnership with the business No business executive sponsorship Failure to understand enterprise nature of multi-factor authentication solutions Boil the ocean scope and approach big losses vs. quick wins Failure to set realistic expectations The processes, technology and people span across multiple geographies, business units and functional areas priorities, objectives and agendas aren t always aligned Lack of resources and experience to adequately build and maintain solution Operational impact is not fully contemplated during planning and design phases technical and end user Lack of documented understanding of current and future state processes Regulatory and compliance risks over or under controlled Data management challenges what to protect? How much to protect? Technology Product selection is the strategy Rushing to implement product before business requirements are defined Buying into vendor rhetoric it s not simple Poor understanding of the scale and impact of the technology Critical Success Factors Active high-level business executive sponsorship Clear project/program charter defined Clear definition of roles and responsibilities Agreed upon guiding principles and objectives Short-term, mid-term and long-term milestones Dependencies and inter-dependencies well understood Broadly accepted success criteria Business and IT ownership/sponsorship Communications and change management integration within program Define roles and responsibilities entire lifecycle Training technical, functional and end users Document and maintain current process workflows Develop new process use cases before project requirements Address data issues first Select solutions after business requirement and processes are defined and accepted Form strong, open relationships with implementer and vendor(s) Test, and pilot and test again! 17
18 Summary With 400 million TPMs already deployed it is the best kept secret in information security It is a well defined Open Standard and has low costs to deploy The only universal security device in different brands of PCs that worked for us Key lessons learned Use a phased approach to deploy your solution Get business/senior management to support Understand impact to your users Product selection is the strategy work closely with vendors Pilot, test and document 18
19 Questions Gautam Muralidharan PwC
20 This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and to the extent permitted by law, PricewaterhouseCoopers does not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it PwC. All rights reserved. "PwC" refers to PricewaterhouseCoopers LLP, a Delaware limited liability partnership, which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a separate legal entity. This document is for general information purposes only, and should not be used as a substitute for consultation with professional advisors 20
Hardening Private Keys with Less Hassle, Less Cost and More Security: A Case Study in Authentication. An InformationWeek Webcast Sponsored by
Hardening Private Keys with Less Hassle, Less Cost and More Security: A Case Study in Authentication An InformationWeek Webcast Sponsored by Featured Speakers Kirk Laughlin, Contributing Editor, InformationWeek
More informationCard Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006
Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates September 2006 Copyright 2006 Entrust. All rights reserved. www.entrust.com Entrust is a registered trademark
More informationEnhancing Organizational Security Through the Use of Virtual Smart Cards
Enhancing Organizational Security Through the Use of Virtual Smart Cards Today s organizations, both large and small, are faced with the challenging task of securing a seemingly borderless domain of company
More informationFactory-Installed, Standards-Based Hardware Security. Steven K. Sprague President & CEO, Wave Systems Corp.
Factory-Installed, Standards-Based Hardware Security Steven K. Sprague President & CEO, Wave Systems Corp. The challenge We are having a little problem with identity and data theft. It is time to reduce
More informationEnterprise Data Protection
PGP White Paper June 2007 Enterprise Data Protection Version 1.0 PGP White Paper Enterprise Data Protection 2 Table of Contents EXECUTIVE SUMMARY...3 PROTECTING DATA EVERYWHERE IT GOES...4 THE EVOLUTION
More informationData Protection: From PKI to Virtualization & Cloud
Data Protection: From PKI to Virtualization & Cloud Raymond Yeung CISSP, CISA Senior Regional Director, HK/TW, ASEAN & A/NZ SafeNet Inc. Agenda What is PKI? And Value? Traditional PKI Usage Cloud Security
More informationHow To Manage A Password Protected Digital Id On A Microsoft Pc Or Macbook (Windows) With A Password Safehouse (Windows 7) On A Pc Or Ipad (Windows 8) On An Ipad Or Macintosh (Windows 9)
Overview November, 2006 Copyright 2006 Entrust. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. All other Entrust product names and service names are
More informationMobile OTPK Technology for Online Digital Signatures. Dec 15, 2015
Mobile OTPK Technology for Online Digital Signatures Dec 15, 2015 Presentation Agenda The presentation will cover Background Traditional PKI What are the issued faced? Alternative technology Introduction
More informationSoftware License Compliance Review
SoftSummit 2009 Preparing for a Software Vendor Compliance Review: Improving Response and Realizing Cost Savings Through SAM Presented by: Bruce Vanderbush Partner Christopher Ruhl Director October 21,
More informationManaging BitLocker Encryption
Managing BitLocker Encryption WWW.CREDANT.COM Introduction Organizations are facing a data security crisis. Despite decades of investment in security, breaches of sensitive information continue to dominate
More informationWhite paper December 2008. IBM Tivoli Access Manager for Enterprise Single Sign-On: An overview
White paper December 2008 IBM Tivoli Access Manager for Enterprise Single Sign-On: An overview Page 2 Contents 2 Executive summary 2 The enterprise access challenge 3 Seamless access to applications 4
More informationUsing BroadSAFE TM Technology 07/18/05
Using BroadSAFE TM Technology 07/18/05 Layers of a Security System Security System Data Encryption Key Negotiation Authentication Identity Root Key Once root is compromised, all subsequent layers of security
More informationPKI Deployment Business Issues
An OASIS PKI White Paper PKI Deployment Business Issues By Amir Jafri and June Leung (FundSERV Inc.) For the Oasis PKI Member Section OASIS PKI White Paper OASIS (Organization for the Advancement of Structured
More informationHow To Write A Mobile Device Policy
BYOD Policy Implementation Guide BYOD Three simple steps to legally secure and manage employee-owned devices within a corporate environment We won t bore you with the typical overview that speaks to the
More informationADDING STRONGER AUTHENTICATION for VPN Access Control
ADDING STRONGER AUTHENTICATION for VPN Access Control Adding Stronger Authentication for VPN Access Control 1 ADDING STRONGER AUTHENTICATION for VPN Access Control A VIRTUAL PRIVATE NETWORK (VPN) allows
More informationDid security go out the door with your mobile workforce? Help protect your data and brand, and maintain compliance from the outside
Help protect your data and brand, and maintain compliance from the outside September 2006 Copyright 2006 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States
More informationAvaya G700 Media Gateway Security - Issue 1.0
Avaya G700 Media Gateway Security - Issue 1.0 Avaya G700 Media Gateway Security With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional Enterprise
More informationBitLocker Drive Encryption Hardware Enhanced Data Protection. Shon Eizenhoefer, Program Manager Microsoft Corporation
BitLocker Drive Encryption Hardware Enhanced Data Protection Shon Eizenhoefer, Program Manager Microsoft Corporation Agenda Security Background BitLocker Drive Encryption TPM Overview Building a BitLocker
More informationPortWise Access Management Suite
Create secure virtual access for your employees, partners and customers from any location and any device. With todays global and homogenous economy, the accuracy and responsiveness of an organization s
More informationSTRONGER AUTHENTICATION for CA SiteMinder
STRONGER AUTHENTICATION for CA SiteMinder Adding Stronger Authentication for CA SiteMinder Access Control 1 STRONGER AUTHENTICATION for CA SiteMinder Access Control CA SITEMINDER provides a comprehensive
More informationCertification Report
Certification Report EAL 4 Evaluation of SecureDoc Disk Encryption Version 4.3C Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification
More informationTechnical Brief: Virtualization
Technical Brief: Virtualization Technology Overview Tempered Networks automates connectivity and network security for distributed devices over trusted and untrusted network infrastructure. The Tempered
More informationMulti-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access
Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access CONTENTS What is Authentication? Implementing Multi-Factor Authentication Token and Smart Card Technologies
More informationPortWise Access Management Suite
Create secure virtual access for your employees, partners and customers from any location and any device. With todays global and homogenous economy, the accuracy and responsiveness of an organization s
More informationTNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is
1 2 This slide shows the areas where TCG is developing standards. Each image corresponds to a TCG work group. In order to understand Trusted Network Connect, it s best to look at it in context with the
More informationTwo-Factor Authentication
Chen Arbel Vice President, Strategic Development Authentication Unit & Software DRM Aladdin Knowledge Systems Two-Factor Authentication The key to compliance for secure online banking Legal Notice Copyright
More informationMobile Application Security Sharing Session May 2013
Mobile Application Security Sharing Session Agenda Introduction of speakers Mobile Application Security Trends and Challenges 5 Key Focus Areas for an mobile application assessment 2 Introduction of speakers
More informationGOVERNMENT USE OF MOBILE TECHNOLOGY
GOVERNMENT USE OF MOBILE TECHNOLOGY Barriers, Opportunities, and Gap Analysis DECEMBER 2012 Product of the Digital Services Advisory Group and Federal Chief Information Officers Council Contents Introduction...
More informationRequest for Proposal to
Request for Proposal to ( 2016 /ح ك/ 3 ) No. Tender General Response for All Raised Questions Taking into consideration the requirements outlined in the RFP and this Q&A document, bidders need to respond
More informationEnterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February 2010 www.alvandsolutions.
Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH White Paper February 2010 www.alvandsolutions.com Overview Today s increasing security threats and regulatory
More informationMobile Medical Devices and BYOD: Latest Legal Threat for Providers
Presenting a live 90-minute webinar with interactive Q&A Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Developing a Comprehensive Usage Strategy to Safeguard Health Information and
More informationMcAfee Enterprise Mobility Management Versus Microsoft Exchange ActiveSync
McAfee Enterprise Mobility Management Versus Microsoft Secure, easy, and scalable mobile device management Table of Contents What Can Do? 3 The smartphone revolution is sweeping the enterprise 3 Can enterprises
More informationCommercially Proven Trusted Computing Solutions RSA 2010
Commercially Proven Trusted Computing Solutions RSA 2010 Hardware Self-Encrypting Drives (SEDs) Unique Security Features Encryption below the file system Hardware root-of-trust for encryption Tamper resistant
More informationCoSign by ARX for PIV Cards
The Digital Signature Company CoSign by ARX for PIV Cards Seamless and affordable digital signature processes across FIPS 201-compliant systems Introduction to Personal Identity Verification (PIV) In response
More informationIntroducing etoken. What is etoken?
Introducing etoken Nirit Bear September 2002 What is etoken? Small & portable reader-less Smartcard Standard USB connectivity Logical and physical protection Tamper evident (vs. tamper proof) Water resistant
More informationDeliver Secure, User-Friendly Access to Mobile Business Apps
SAP Brief Extensions SAP Mobile App Protection by Mocana Objectives Deliver Secure, User-Friendly Access to Mobile Business Apps Promote app security for enterprise safety Promote app security for enterprise
More informationApplying Cryptography as a Service to Mobile Applications
Applying Cryptography as a Service to Mobile Applications SESSION ID: CSV-F02 Peter Robinson Senior Engineering Manager RSA, The Security Division of EMC Introduction This presentation proposes a Cryptography
More informationKlickstart Business Solutions & Services
About us With an Engineering background & vast experience spanning across two decades with an expertise in Technology Marketing, Branding, Business development & Sales we set out to create a platform every
More informationIBM Data Security Services for endpoint data protection endpoint data loss prevention solution
Automating policy enforcement to prevent endpoint data loss IBM Data Security Services for endpoint data protection endpoint data loss prevention solution Highlights Facilitate policy-based expertise and
More informationUsing BitLocker As Part Of A Customer Data Protection Program: Part 1
Using BitLocker As Part Of A Customer Data Protection Program: Part 1 Tech Tip by Philip Cox Source: searchsecuritychannel.com As an information security consultant, one of my jobs is to help my clients
More informationStrong Authentication. Securing Identities and Enabling Business
Strong Authentication Securing Identities and Enabling Business Contents Contents...2 Abstract...3 Passwords Are Not Enough!...3 It s All About Strong Authentication...4 Strong Authentication Solutions
More informationAvaya TM G700 Media Gateway Security. White Paper
Avaya TM G700 Media Gateway Security White Paper March 2002 G700 Media Gateway Security Summary With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional
More informationPlain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75
Plain English Guide To Common Criteria Requirements In The Field Device Protection Profile Version 0.75 Prepared For: Process Control Security Requirements Forum (PCSRF) Prepared By: Digital Bond, Inc.
More information"Secure insight, anytime, anywhere."
"Secure insight, anytime, anywhere." THE MOBILE PARADIGM Mobile technology is revolutionizing the way information is accessed, distributed and consumed. This 5th way of computing will dwarf all others
More informationWindows 7. Qing Liu Qing.Liu@chi.frb.org Michael Stevens Michael.Stevens@chi.frb.org
Windows 7 Qing Liu Qing.Liu@chi.frb.org Michael Stevens Michael.Stevens@chi.frb.org 1 Overview 1. Financial Institution s Preliminary Steps 2. User Interface 3. Data Protection 4. User and Group Changes
More informationBlackBerry Enterprise Solution and RSA SecurID
Technology Overview BlackBerry Enterprise Solution and RSA SecurID Leveraging Two-Factor Authentication to Provide Secure Access to Corporate Resources Table of Contents Executive Summary 3 Empowering
More informationVirtual Private Networks (VPN) Connectivity and Management Policy
Connectivity and Management Policy VPN Policy for Connectivity into the State of Idaho s Wide Area Network (WAN) 02 September 2005, v1.9 (Previous revision: 14 December, v1.8) Applicability: All VPN connections
More informationIDENTITY MANAGEMENT AND WEB SECURITY. A Customer s Pragmatic Approach
IDENTITY MANAGEMENT AND WEB SECURITY A Customer s Pragmatic Approach AGENDA What is Identity Management (IDM) or Identity and Access Management (IAM)? Benefits of IDM IDM Best Practices Challenges to Implement
More informationGlobal network of innovation. Svein Arne Lindøe Arnfinn Strand Security Competence Center Scandic Siemens Business Services (Norway)
Svein Arne Lindøe Arnfinn Strand Security Competence Center Scandic Siemens Business Services (Norway) Agenda Security Portfolio intro Why SmartCard? SmartCard Applications SmartCard Solution Components
More informationIBM Data Security Services for endpoint data protection endpoint data loss prevention solution
Automating policy enforcement to prevent endpoint data loss IBM Data Security Services for endpoint data protection endpoint data loss prevention solution Highlights Protecting your business value from
More informationIBM Data Security Services for endpoint data protection endpoint encryption solution
Protecting data on endpoint devices and removable media IBM Data Security Services for endpoint data protection endpoint encryption solution Highlights Secure data on endpoint devices Reap benefits such
More informationInnovations in Digital Signature. Rethinking Digital Signatures
Innovations in Digital Signature Rethinking Digital Signatures Agenda 2 Rethinking the Digital Signature Benefits Implementation & cost issues A New Implementation Models Network-attached signature appliance
More informationDriving Company Security is Challenging. Centralized Management Makes it Simple.
Driving Company Security is Challenging. Centralized Management Makes it Simple. Overview - P3 Security Threats, Downtime and High Costs - P3 Threats to Company Security and Profitability - P4 A Revolutionary
More informationBest Practices for Protecting Laptop Data
Laptop Backup, Recovery, and Data Security: Protecting the Modern Mobile Workforce Today s fast-growing highly mobile workforce is placing new demands on IT. As data growth increases, and that data increasingly
More informationManaged Portable Security Devices
Managed Portable Security Devices www.mxisecurity.com MXI Security leads the way in providing superior managed portable security solutions designed to meet the highest security and privacy standards of
More informationINSTANT MESSAGING SECURITY
INSTANT MESSAGING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part
More informationAudio: This overview module contains an introduction, five lessons, and a conclusion.
Homeland Security Presidential Directive 12 (HSPD 12) Overview Audio: Welcome to the Homeland Security Presidential Directive 12 (HSPD 12) overview module, the first in a series of informational modules
More information19/10/2012. How do you monitor. (...And why should you?) CAS Annual Meeting - Henry Jupe
www.pwc.com How do you monitor data quality? (...And why should you?) CAS Annual Meeting - November 2012 Henry Jupe Antitrust notice The Casualty Actuarial Society is committed to adhering strictly to
More informationSymantec Mobile Management 7.2
Scalable, secure, and integrated device management Data Sheet: Endpoint Management and Mobility Overview The rapid proliferation of mobile devices in the workplace is outpacing that of any previous technology
More informationProtect sensitive data on laptops even for disconnected users
WHITE PAPER A Citrix XenClient technical paper focusing on the security benefits of local virtual desktop technology for laptops Protect sensitive data on laptops even for disconnected users Use local
More informationIndustry Trends An Introduction to Security Breach Prevention, BYOD, & ERP System Implementation
Industry Trends An Introduction to Security Breach Prevention, BYOD, & ERP System Implementation The Central Florida Chapter of The Florida Government Finance Officers Association 2/7/2014 K. Adam Glover,
More informationCybersecurity and Secure Authentication with SAP Single Sign-On
Solution in Detail SAP NetWeaver SAP Single Sign-On Cybersecurity and Secure Authentication with SAP Single Sign-On Table of Contents 3 Quick Facts 4 Remember One Password Only 6 Log In Once to Handle
More informationPSN compliant remote access Whitepaper
PSN compliant remote access Whitepaper March 2015 www.celestix.com/directaccess DirectAccess and IPsec connectivity in the public sector Mobile working in the public sector is nothing new but in recent
More informationHow much do you pay for your PKI solution?
Information Paper Understand the total cost of your PKI How much do you pay for your PKI? A closer look into the real costs associated with building and running your own Public Key Infrastructure and 3SKey.
More informationStrong authentication of GUI sessions over Dedicated Links. ipmg Workshop on Connectivity 25 May 2012
Strong authentication of GUI sessions over Dedicated Links ipmg Workshop on Connectivity 25 May 2012 Agenda Security requirements The T2S U2A 2 Factor Authentication solution Additional investigation Terminal
More informationWindows 2000 Security Architecture. Peter Brundrett Program Manager Windows 2000 Security Microsoft Corporation
Windows 2000 Security Architecture Peter Brundrett Program Manager Windows 2000 Security Microsoft Corporation Topics Single Sign-on Kerberos v5 integration Active Directory security Delegation of authentication
More informationHard vs. Soft Tokens Making the Right Choice for Security
Hard vs. Soft Tokens Making the Right Choice for Security HSTE-NB0012-RV 1.0 Hypersecu Information Systems, Inc. #200-6191 Westminster Hwy Richmond BC V7C 4V4 Canada 1 (855) 497-3700 www.hypersecu.com
More informationExcerpt of Cyber Security Policy/Standard S05-001. Information Security Standards
Excerpt of Cyber Security Policy/Standard S05-001 Information Security Standards Issue Date: April 4, 2005 Publication Date: April 4, 2005 Revision Date: March 30, 2007 William F. Pelgrin Director New
More informationCRESCENDO SERIES Smart Cards. Smart Card Solutions
CRESCENDO SERIES Smart Cards Smart Card Solutions Crescendo offers the lowest total cost of ownership (TCO) for a combined logical and physical access control solution. Crescendo smart cards allow me to
More informationMobile Data Security Essentials for Your Changing, Growing Workforce
Mobile Data Security Essentials for Your Changing, Growing Workforce White Paper February 2007 CREDANT Technologies Security Solutions White Paper YOUR DYNAMIC MOBILE ENVIRONMENT As the number and diversity
More informationInteragency Advisory Board Meeting Agenda, Wednesday, February 22, 2012
Interagency Advisory Board Meeting Agenda, Wednesday, February 22, 2012 1. Opening Remarks (Mr. Tim Baldridge, IAB Chair) 2. Generic Identity Command Set (GICS): Leveraging PIV to Build a Standard Platform
More informationVidder PrecisionAccess
Vidder PrecisionAccess Security Architecture February 2016 910 E HAMILTON AVENUE. SUITE 410 CAMPBELL, CA 95008 P: 408.418.0440 F: 408.706.5590 WWW.VIDDER.COM Table of Contents I. Overview... 3 II. Components...
More informationHow To Protect Your Mobile Devices From Security Threats
Back to the Future: Securing your Unwired Enterprise By Manoj Kumar Kunta, Global Practice Leader - Security Back to the Future: Securing your Unwired Enterprise The advent of smartphones and tablets has
More informationACER ProShield. Table of Contents
ACER ProShield Table of Contents Revision History... 3 Legal Notices... 4 Executive Summary... 5 Introduction... 5 Protection against unauthorized access... 6 Why ACER ProShield... 7 ACER ProShield...
More informationSmart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi
Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public
More informationAberdeen City Council IT Asset Management
Aberdeen City Council IT Asset Management Internal Audit Report 2014/2015 for Aberdeen City Council January 2015 Terms or reference agreed 4 weeks prior to fieldwork Target Dates per agreed Actual Dates
More informationIQS Identity and Access Management
IQS Identity and Access Management Identity Management Authentication Authorization Administration www.-center.com The next generation security solution 2003 RSA Security Conference IAM is a combination
More informationEnterprise Single Sign-On SOS. The Critical Questions Every Company Needs to Ask
Enterprise Single Sign-On SOS The Critical Questions Every Company Needs to Ask Enterprise Single Sign-On: The Critical Questions Every Company Needs to Ask 1 Table of Contents Introduction 2 Application
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationWeb application security Executive brief Managing a growing threat: an executive s guide to Web application security.
Web application security Executive brief Managing a growing threat: an executive s guide to Web application security. Danny Allan, strategic research analyst, IBM Software Group Contents 2 Introduction
More informationDATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0
DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS
More informationSolving the Online File-Sharing Problem Replacing Rogue Tools with the Right Tools
White Paper Solving the Online File-Sharing Problem Replacing Rogue Tools with the Right Tools Introduction The modern workforce is on the hunt for tools that help them get stuff done. When the technology
More informationArcot Systems, Inc. Securing Digital Identities. FPKI-TWG Mobility Solutions Today s Speaker Tom Wu Principal Software Engineer
Arcot Systems, Inc. Securing Digital Identities FPKI-TWG Mobility Solutions Today s Speaker Tom Wu Principal Software Engineer Today s Agenda Background Who is Arcot Systems? What is an ArcotID? Why use
More informationBest Practices for Implementing Software Asset Management
Best Practices for Implementing Software Asset Management Table of Contents I. The Case for Software Asset Management (SAM)............................ 2 II. Laying the Groundwork for SAM............................................
More informationRemote Access Securing Your Employees Out of the Office
Remote Access Securing Your Employees Out of the Office HSTE-NB0011-RV 1.0 Hypersecu Information Systems, Inc. #200-6191 Westminster Hwy Richmond BC V7C 4V4 Canada 1 (855) 497-3700 www.hypersecu.com Introduction
More informationContents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008
Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Contents Authentication and Identity Assurance The Identity Assurance continuum Plain Password Authentication
More informationApplication Note Gemalto.NET 2.0 Smart Card Certificate Enrollment using Microsoft Certificate Services on Windows 2008
7 Application Note Gemalto.NET 2.0 Smart Card Certificate Enrollment using Microsoft Certificate Services on Windows 2008 All information herein is either public information or is the property of and owned
More informationSecureD Technical Overview
WHITEPAPER: SecureD Technical Overview WHITEPAPER: SecureD Technical Overview CONTENTS section page 1 The Challenge to Protect Data at Rest 3 2 Hardware Data Encryption Provides Maximum Security 3 3 SecureD
More informationThe Value of Vulnerability Management*
The Value of Vulnerability Management* *ISACA/IIA Dallas Presented by: Robert Buchheit, Director Advisory Practice, Dallas Ricky Allen, Manager Advisory Practice, Houston *connectedthinking PwC Agenda
More informationCHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device
CHOOSING THE RIGHT PORTABLE SECURITY DEVICE A guideline to help your organization chose the Best Secure USB device Introduction USB devices are widely used and convenient because of their small size, huge
More informationICT Professional Optional Programmes
ICT Professional Optional Programmes Skills Team are a Microsoft Academy with new training rooms and IT labs in our purpose built training centre in Ealing, West London. We offer a range of year-long qualifications
More informationGuidelines on use of encryption to protect person identifiable and sensitive information
Guidelines on use of encryption to protect person identifiable and sensitive information 1. Introduction David Nicholson, NHS Chief Executive, has directed that there should be no transfers of unencrypted
More informationGain Complete Data Protection with SanDisk Self-Encrypting SSDs and Wave Systems
Gain Complete Data Protection with SanDisk Self-Encrypting SSDs and Wave Systems Built-in Security to Protect Sensitive Data without Sacrificing Performance What is an SED? A self-encrypting drive performs
More informationDell s Five Best Practices for Maximizing Mobility Benefits while Maintaining Compliance with Data Security and Privacy Regulations
Dell s Five Best Practices for Maximizing Mobility Benefits while Maintaining Compliance with Data Security and Privacy Regulations Inside ü Tips for deploying or expanding BYOD programs while remaining
More informationFile Management Suite. Novell. Intelligently Manage File Storage for Maximum Business Benefit. Sophia Germanides Sophia.germanides@novell.
File Management Suite Novell Intelligently Manage File Storage for Maximum Business Benefit Sophia Germanides Sophia.germanides@novell.com David Condrey dcondrey@novell.comcom Agenda Customer Challenges
More informationHow to Implement Imprivata OneSign Single Sign-On and Authentication Management Successfully
How to Implement Imprivata OneSign Single Sign-On and Authentication Management Successfully Table of Contents Introduction 1 The Methodology 1 Project Management 2 Project Phases 2 Certification Training
More informationConverged Smart Card for Identity Assurance Solutions. Crescendo Series Smart Cards
Converged Smart Card for Identity Assurance Solutions Crescendo Series Smart Cards Crescendo is the proven smart card solution for a combined logical and physical access control solution. Crescendo smart
More informationChapter 1: Introduction
Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure
More informationConCERTO Secure Solutions for Converged Systems
ConCERTO Secure Solutions for Converged Systems Distribution for Switzerland: insinova ag www.insinova.ch Jens Albrecht Email: jens.albrecht@insinova.ch Phone: +41 41 748 72 05 September 2011 SCM Microsystems
More informationUnderstanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions
A Fundamental Requirement for Internet Transactions May 2007 Copyright 2007 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries.
More information