CRYPTOCard. Strong Two Factor Authentication

Transcription

1 CRYPTOCard Strong Two Factor Authentication

2 CRYPTOCard Solutions Overview Cybercrime is a serious, real, and all-to-prevalent threat to networked assests. With the abundance of deployed workers requiring network access from a variety of devices, and the sheer value and volume of online assets, the need for strong reliable network protection has never been greater. The CRYPTOCard Solution CRYPTOCard provides an authentication solution that can offer peace of mind when it comes to the protection of your organizations valuable materials. Two-factor authentication is a critical element in successful identity management. It allows you to let in the good and keep out the bad. CRYPTOCard s authentication options provide the most flexible two-factor authentication solution on the market to eliminate password theft and protect your organization. The following outlines the flexibility of the CRYPTOCard solution for use in conjunction with today s leading technology. VPN and SSL VPN In today s deployed workforce employees need the ability to keep in contact with networked resources and services away from the office. Relying on SSL VPN when protected by only typical username and password leaves your Virtual Private Network vulnerable and easily compromised by outsiders. CRYPTOCard s award winning technology can easily protect your online assets by utilizing two-factor authentication: a user combines their security Personal Identification Number, something only they know, with a one-time password, newly generated by their unique token for each logon. Outlook Web Access is regarded as the most important component of business. The value and volume of information that travels back and forth on the internet is staggering. This is an appealing target and your communications may be at risk. CRYPTO-Logon for windows OWA 2003 agent delivers strong two-factor authentication for the Microsoft OWA 2003 Logon form to ensure Outlook resources are protected. Once implemented CRYPTO-Logon replaces static passwords with a one-time password and the user enjoys a simple and consistent logon procedure with no need to worry about remembering passwords. Citrix All of the enterprise capabilities that the Citrix Access Platform brings to an organization require a strong authentication solution. CRYPTO-Shield can provide strong two-factor authentication for Citrix that uses one-time passwords to identify users attempting logon and authenticate them. The ease of use and flexibility of Citrix solutions make them more vulnerable to password theft. Authentication Solutions Two-Factor Authentication using One-Time Passwords adds a layer of security that makes a system near foolproof. CRYPTO-Shield is an all-in-one, end to end solution. It includes everything you need to secure every access point to your network. CRYPTO-Shield protects VPNs, SSL VPNs, Apache, LANs and IIS.

3 CRYPTOCard s Citrix Access Suite (protecting Presentation Server, Web Interface, Access Gateway, MetaFrame Secure Access Manager, MetaFrame Password Manager) provides strong two-factor authentication to secure confidential corporate applications. share a common password. CRYPTOCard s CRYPTO-Shield product suite eliminates static passwords and offers a comprehensive authentication solution for securing valuable corporate resources against intentional and unintentional compromise. Apache and IIS Web Portals Web servers and portals may be at the hub of your organizations communications strategy. These are used to provide access to information for customers, vendors, business partners and employees. To provide strong security for the information located on these servers CRYPTOCard has developed a unique and effective authentication solution that provides the capability to maintain granular control over access to restricted areas and content on web sites powered by Apache or IIS. CRYPTO-Web is an Apache module or ISAPI filter (on IIS) for Web servers that sits in the data stream between the user s browser and the Web application residing on the Web server where it intercepts all resource requests. When a user requests access to a resource CRYPTO-Web checks if the resource is protected and access is granted only after the user is authenticated and access is verified. It can be configured to protect domain namebased and IP address-based virtual hosts. Administrator Access If a system administrator s password is compromised the consequences to an organization could be huge. Every user could be locked out if the password is changed and important data could be stolen or destroyed. In order to protect each individual administrator s account passwords must be changed immediately after they leave an organization. This constant changing of passwords will create notification/logon problems for all the other administrators. It also makes it difficult to track security breaches as multiple users Managed Authentication Service-CRYPTO- MAS Many companies recognize the need for strong authentication to protect their data and other digital assets but lack the requisite manpower, infrastructure, skills or budget to implement the needed twofactor authentication solution. CRYPTOCard s Managed Authentication Service offers the benefits of strong two-factor authentication without the need to implement the infrastructure in house. CRYPTO-MAS requires no additional investment in infrastructure nor does it require employees to have technical skill in two-factor authentication. It provides all the security benefits of CRYPTOCard s strong authentication solution in an easy to implement manner. CRYPTOCard North America 340 March Road Suite 600 Ottawa, Ontario K2K 2E4 Canada Toll Free: Tel: Fax: CRYPTOCard Europe Eden Park, Ham Green Bristol BS20 0EB, United Kingdom Tel: Fax: CRYPTOCard and CRYPTO-Server are registered trademarks or trademarks of CRYPTOCard Inc. in Canada, the U.S.A. and/ or other countries. Microsoft and Windows are registered trademarks or trademarks of Microsoft Corporation in the U.S. and/or other countries. All other trademarks mentioned herein are the property of their respective owners CRYPTOCard Inc. All rights reserved

4 Introducing CRYPTO-Shield 6.4 Smaller. More flexible. More powerful. More options. The new upgrade to CRYPTOCard s award winning two-factor authentication (2FA) suite is now shipping! An upgrade for users of CRYPTO-Shield 6.x (with active support contract), our new solution extends our reach with Disconnected Authentication, enhances existing services and delivers new tokens to make it easier than ever to take full advantage of our powerful and adaptable authentication and ID management tool. Faster, smaller, better... Faster, smaller and less of a drain on system resources, the newest release features M2M (Machine to Machine) architecture that uses only a tiny fraction of the client side resources of previous versions. With a footprint of just a few K and using minimal RAM, 6.4 is a greatly streamlined authentication solution. NEW ST-1 Token for BlackBerry The newest member of our software token family allows BlackBerry users to access their two-factor authentication protected network without carrying an extra device! A new home screen icon will, when selected, launch the password generating token application. You supply your PIN and away you go. Disconnected Authentication On the road? Unable to connect to the network (where the CRYPTO-Server resides)? You can still protect your laptop with a local or disconnected authentication. Up to 100 logons (configureable) are possible until you must reconnect to the network to replenish your bank of one-time passwords. (The supply of passwords for disconnected authentication is, of course, safely encrypted!) Enhanced CRYPTO-Logon When logging on to your OS Domain, a static password may still be required (by the OS). You now can configure CRYPTO-Logon to automatically manage the OS logon (in one of two ways) after you are authenticated by the CRYPTO-Server. Or you can choose to enforce that users manually enter their static password following a successful CRYPTO-Logon. Enhanced CRYPTO-Web Improvements to CRYPTO-Web provide a Standalone Mode for protecting single web servers and a Web Farm Mode for customers who wish to implement CRYPTOCard technology amongst a group of web servers. PAM 64-bit support on Linux Speed daemons beware! Keeping pace with advancements on the Linux front. Support for Intel-based Macintoshes Our Universal Binary solution will run natively on either Intel or Power PC macs running OS X Tiger. New Getting Started Documentation Light reading to get you up and running QUICKLY! CRYPTO-Shield 6.4 Includes: Full CRYPTO-Server software CRYPTO-VPN CRYPTO-Logon CRYPTO-Web CRYPTO-Console CRYPTO-Kit It s a Heterogeneous World! CRYPTO-Shield 6.4 is the only two-factor authentication solution that will operate seamlessly in a real-world mixed OS network. Any Mac, Linux or WIndows server can serve any Mac, Linux or Windows clients. (See systems specifications for supported versions.)

5 Server Platform Coverage Windows 2000 Server SP4 Windows 2003 Server SP1 RedHat Linux Enterprise Server 3/4 SuSe Linux Enterprise Server 9 Mac OS X Tiger Scalability The solution encompasses internal users, standalone computers, Web servers, VPNs, and virtually every other form of network access. It is scalable up to 255 realms and hundreds of thousands of users. CRYPTO- Shield is designed for high availability to respond to peak demands as well as network outages through RADIUS load balancing, mirrored servers, and an authentication process that is not sensitive to timesynchronization or network transit delays. CRYPTO-Shield can be implemented as a stand-alone system or installed on existing RADIUS servers. It is designed for high availability to respond to peak demands, as well as network outages, with: RADIUS load balancing Mirrored servers Authentication process is not sensitive to time synchronization or network transit delays Up to 250,000 users per system Replication Supports local and remote replica servers for hot standby/failover Directory Support (user data storage) CRYPTO-Server internal Active Directory Open LDAP Open Directory Database Support (token data storage) Native MySQL External MySQL MS-SQL Oracle Reporting and Logging All activity is stored in logs and database tables Data is accessible via management consoles and external reporting tools Multiple logging options, including output to HTML Authentication Protocols PAP MSCHAPv2 RADIUS CAP Interoperability CRYPTO-Shield includes a RADIUS server for maximum interoperability Compatible with leading remote access servers, wireless access points, Web servers, firewalls, and VPNs (e.g. Microsoft, Nortel, Check Point, Cisco, Apache, Citrix) RSA token migration (DES tokens only) CRYPTOCard North America 340 March Road Suite 600 Ottawa, Ontario K2K 2E4 Canada Toll Free: Tel: Fax: CRYPTOCard Europe Eden Park, Ham Green Bristol BS20 0EB, United Kingdom Tel: Fax: Encryption Algorithms DES 3DES AES 128-bit, 192-bit, 256-bit Application Developer API CRYPTO-Kit enables development of interfaces/authentication agents for specific environments or integration with existing applications/workflows. CRYPTOCard and CRYPTO-Shield are registered trademarks or trademarks of CRYPTOCard Inc. in Canada, the U.S.A. and/ or other countries. Microsoft and Windows are registered trademarks or trademarks of Microsoft Corporation in the U.S. and/or other countries. All other trademarks mentioned herein are the property of their respective owners CRYPTOCard Inc. All rights reserved

6 One-time Password Tokens CRYPTOCard Tokens are an effective and economical solution for organizations that want to eliminate the risks presented by static, shared, stolen or easily guessed passwords. With two-factor authentication, protected resources can only be accessed when a user combines their security Personal Identification Number (PIN), something only they know, with a one-time password generated by their unique authenticator for each logon. TOKEN TYPES: Key Chain Hardware Token (KT-1) Calculator-style Hardware Token (RB-1) The RB-1 PIN Pad token is a highly configurable, multi-function device and is the most versatile of the hardware tokens. It is ideally suited to users that require the freedom to logon from any computer, running any operating system, in any location, or generate digital signatures for web-based forms. It is also ideal for applications that require the use of challenge/response mode. The RB-1 Key PIN Pad Token generates a new password each time the token is activated. The token is activated by entering a PIN using the keypad. The KT-1 Key Chain token provides unparalleled convenience in a portable, independent computing environment. It s simplicity makes it the ideal authentication token for users of virtually any skill level. The KT-1 Key Chain token generates a new password each time the token is activated. Key Chain Hardware Token (KT-2) The KT-2 Key Chain token is an economical alternative to the KT-1. It combines the same simplicity and durability with a lower price point when purchased in quantity. As with the KT-1, this token is ideal for users of any skill level and is particularly easy to use. End Users: Only need a PIN and a token Never need password changes Eliminate the use of static passwords Security Administrators: Control access of users Configurable tokens add security Web-based deployment of ST Tokens Budgets: Tokens never expire Reduced Help-Desk calls One-time licensing fees Flexibility: Wide range of tokens depending on what an organization requires

7 Smart Card Token (SC-1) (with USB or PCMCIA Reader) The SC-1 Smart Card Token is a software implementation of the RB-1 hardware token installed on a 64K Java smart card. It is the ideal multi-function token card for organizations that want the advantages of hardware tokens, the convenience and integration of software tokens and the additional security of photo ID and proximity door access. Software Token for PC, WinCE or BlackBerry The ST-1 Token is a software implementation of the RB-1 hardware token for installation on computers and PDAs. It is the ideal token for organizations that want the strength of two-factor authentication without the overhead and cost of hardware distribution. For PC implementations, CRYPTOCard s M2M functionality provides an interface between the token and various authentication mechanisms, providing One-PIN-And-You re- In service. ST-1 tokens can be installed on a PC hard drive, on a USB mass storage device, on a BlackBerry, or on a WinCE PDA. CRYPTOCard North America 340 March Road Suite 600 Ottawa, Ontario K2K 2E4 Canada Toll Free: Tel: Fax: USB Hardware/Smart Card Token (SC-3) The SC-3 USB token is a software implementation of the RB-1 hardware token installed on a USB packaged smart card. Ideal for organizations that want the advantages and flexibility of hardware tokens with the convenience and integration of software tokens. The SC-3 can also store digital certificates for PKI applications. CRYPTOCard Europe Eden Park, Ham Green Bristol BS20 0EB, United Kingdom Tel: Fax: CRYPTOCard and CRYPTO-Server are registered trademarks or trademarks of CRYPTOCard Inc. in Canada, the U.S.A. and/ or other countries. Microsoft and Windows are registered trademarks or trademarks of Microsoft Corporation in the U.S. and/or other countries. All other trademarks mentioned herein are the property of their respective owners CRYPTOCard Inc. All rights reserved

8