Multi-Factor Authentication



Similar documents
Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access

Case for Strong User Authentication By Mark Lobel, Manager, TRS, PricewaterhouseCoopers

RSA SecurID Software Token Security Best Practices Guide

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief

SCB Access Single Sign-On PC Secure Logon

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and

RSA SecurID Two-factor Authentication

Interlink Networks RAD-Series AAA Server and RSA Security Two-Factor Authentication

Securing corporate assets with two factor authentication

Enhancing Organizational Security Through the Use of Virtual Smart Cards

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Issue 1. Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation

CHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device

Moving to Multi-factor Authentication. Kevin Unthank

Two-Factor Authentication Making Sense of all the Options

Multi-factor authentication

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment

Strong Authentication for Secure VPN Access

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 10 Authentication and Account Management

Two-Factor Authentication and Swivel

Enhancing Web Application Security

Securing end-user mobile devices in the enterprise

BlackBerry Enterprise Solution and RSA SecurID

Choosing an SSO Solution Ten Smart Questions

White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services. Table of Contents. 1. Two Factor and CJIS

DigitalPersona, Inc. Creating the authentication infrastructure for a digital world.

Entrust IdentityGuard

CSC Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity

addressed. Specifically, a multi-biometric cryptosystem based on the fuzzy commitment scheme, in which a crypto-biometric key is derived from

True Identity solution

RSA SecurID Software Token 1.0 for Android Administrator s Guide

Multifactor authentication systems Jiří Sobotka, Radek Doležel

Longmai Mobile PKI Solution

The Essentials Series: Enterprise Identity and Access Management. Authentication. sponsored by. by Richard Siddaway

KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS

Authentication Tokens

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

The Benefits of an Industry Standard Platform for Enterprise Sign-On

Digital Signatures on iqmis User Access Request Form

XYPRO Technology Brief: Stronger User Security with Device-centric Authentication

An Oracle White Paper December Integrating Oracle Enterprise Single Sign-On Suite Plus with Strong Authentication

Advanced Authentication

How Secure is your Authentication Technology?

Research Article. Research of network payment system based on multi-factor authentication

WHITE PAPER. Let s do BI (Biometric Identification)

Remote Access Securing Your Employees Out of the Office

Authentication Solutions. Versatile And Innovative Authentication Solutions To Secure And Enable Your Business

Multi-Factor Authentication of Online Transactions

A Security Survey of Strong Authentication Technologies

HARDENED MULTI-FACTOR AUTHENTICATION INCREASES ENTERPRISE PC SECURITY

IDENTITY MANAGEMENT. February The Government of the Hong Kong Special Administrative Region

Guide to Evaluating Multi-Factor Authentication Solutions

Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard

Software Token Security & Provisioning: Innovation Galore!

ADVANCE AUTHENTICATION TECHNIQUES

Glossary of Key Terms

Why SMS for 2FA? MessageMedia Industry Intelligence

MODERN THREATS DRIVE DEMAND FOR NEW GENERATION MULTI-FACTOR AUTHENTICATION

IDENTITY & ACCESS. Providing Cost-Effective Strong Authentication in the Cloud. a brief for cloud service providers

Vidder PrecisionAccess

IDRBT Working Paper No. 11 Authentication factors for Internet banking

Guidance on Multi-factor Authentication

Tranform Multi-Factor Authentication from "Something You Have" to "Something You Already Have"

VoiceTrust Whitepaper. Employee Password Reset for the Enterprise IT Helpdesk

Using Remote Desktop Clients

Novell. Modular. Authentication Service (NMAS ª ) Security Services. WHITE PAPER

Entrust Managed Services PKI. Getting an end-user Entrust certificate using Entrust Authority Administration Services. Document issue: 2.

Secure Web Access Solution

WHITE PAPER Usher Mobile Identity Platform

Modern two-factor authentication: Easy. Affordable. Secure.

API-Security Gateway Dirk Krafzig

Beyond passwords: Protect the mobile enterprise with smarter security solutions

Simplifying Security with Datakey Axis Single Sign-On. White Paper

Hard vs. Soft Tokens Making the Right Choice for Security

Hang Seng HSBCnet Security. May 2016

Online Cash Management Security: Beyond the User Login

Top 5 Reasons to Choose User-Friendly Strong Authentication

CA ArcotOTP Versatile Authentication Solution for Mobile Phones

Electronic Prescribing of Controlled Substances: Establishing a Secure, Auditable Chain of Trust

HIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics

French Justice Portal. Authentication methods and technologies. Page n 1

A Guide to Managing Microsoft BitLocker in the Enterprise

VPN Client User s Guide Issue 2

Two-Factor Authentication

Transcription:

Enhancing network security through the authentication process Multi-Factor Authentication Passwords, Smart Cards, and Biometrics

INTRODUCTION Corporations today are investing more time and resources on the security of data residing on their enterprise networks and systems. Companies instituting business processes and models are required to store critical corporate data and intellectual assets on interconnected corporate networks. As the rate of network break-ins, data thefts, and malicious attacks has escalated, network and data security issues have become leading priorities for businesses. Executives and investors have joined IT and security managers in their concerns about enterprise security processes and policies. Companies face significant challenges in the development and management of comprehensive corporate security solutions. Users have become increasingly complacent with information that could be used to obtain passwords or access codes, proof of which is provided by the number of sticky notes containing passwords stuck to the side of monitors for all to see (and use). As the number of missioncritical systems and networks has expanded within businesses, so have the number of user passwords, system entry points, and credential management requirements. Managing access to these systems and the large password base has created significant administrative demands on IT. Multi-factor authentication, also termed strong authentication, is one key approach corporations can employ to safeguard their data, prevent unauthorized access, and manage security for users. Authentication is the process by which individuals prove their identities, which are verified against information already established. Based upon authentication, the system allows access and use of resources, be it data, information, or systems. Although password-only systems can be secure, they can be compromised by careless users or through brute force attacks. Multi-factor solutions increase the security of the authentication process by utilizing a combination of methods to authenticate the identity of users. By using a combination of methods, such as a biometric plus smart card, security and control over access to resources in significantly increased. Multi-factor authentication uses a combination of methods to authenticate users. These methods can be broadly defined into three categories: through something they know (such as a PIN or password), something they have (such as a smart card, token, or a certificate), or something they are (biometric identification such as fingerprint or voice). Utilizing a combination of the above three methods increases security and reduces the risk of unauthorized individuals gaining access to corporate data or resources. Multi-factor authentication is better than single-factor authentication and provides several benefits. These include: The ability to secure your network with password, token, smart card, and biometric authentication methods Use of multiple authentication methods for individual login Reducing the ability of anyone to breach security, thereby increasing management comfort in network security Stopping unauthorized users from performing unauthorized acts and Reducing authorized users from unintentionally gaining access to others resources. P a s s a g e 3 0 a n d M u l t i F a c t o r A u t h e n t i c a t i o n 1

METHODS OF AUTHENTICATION The ways in which users can authenticate themselves to the corporate network can be broken down into three broad categories of information and objects: something they know (such as a password), something they have (such as a smart card, token, or a certificate), or something they are (biometric identification). Utilizing a combination of methods enhances security and reduces unauthorized access. Each method has advantages and disadvantages. The decision on the best combination of authentication methods to use for network access depends on the security and convenience requirements for authenticating users. Passwords Passwords are the most common method of authentication. Password systems provide a minimal level of security, relying on the integrity of the password in the authentication process. Maintaining the integrity of passwords, meaning that only authorized users know their passwords, is critical to preserving security in passwordprotected environments. Unauthorized individuals can gain access to an authorized user password using a variety of methods. Some of these methods include keystroke monitoring, manipulating people for information that can be used to guess a password, shoulder surfing, brute force attacks, and network monitoring. Another weakness of password systems emerges from the reusability of passwords. Users rarely change passwords, using the same password to authenticate to a system over long periods of time and sometimes using the same password across multiple systems. To prevent such use, many companies enforce minimum character size password requirements and force users to change passwords frequently. This increases the instances of forgotten passwords and increases calls to the help desk. Many times passwords are recycled on networks that require password changes at a set interval. As a result, a compromised password can potentially provide access to multiple systems for an extended period of time without the user s knowledge. Additionally, determining if a password has been compromised is extremely difficult. Passwords, when used in combination with other authentication methods, can increase security, but when used alone, even the best password only system offers only minimal authentication security. Smart Cards and SecurID TM Smart Cards and RSA SecurID TM both fall under the category of something users have as a method of authentication in a multi-factor authentication process. Used in combination with another method of authentication, such as a password or biometric, these items greatly increase security of the authentication process. By depending upon possession of an item in addition to a password, the opportunity for unauthorized access is decreased. Smart Cards are plastic cards about the size of a credit card that contain a computer chip. This embedded microprocessor allows smart cards to store data, software, or encryption keys. By requiring possession of a smart card, the likelihood of an unauthorized user being authenticated to the network is significantly reduced, enhancing security. Smart cards are also able to store information used by other authentication processes, such as a biometric template. Use of smart cards to store this type of information reduces the opportunity for such information to be compromised, thereby increasing the security of the overall authentication process. Cryptographic keys can also be stored on the smart card, and P a s s a g e 3 0 a n d M u l t i F a c t o r A u t h e n t i c a t i o n 2

smart cards can be used in digital certificate encryption/decryption processes. RSA s SecurID authenticator can also be used in a multi-factor authentication scheme. Through the use of a password (something a user knows) and a RSA SecurID authenticator (something a user has), network managers can be more confident in their authentication process. The RSA SecurID security system is based upon the use of SecurID authenticators and the RSA ACE/Server. These authenticators generate a one-time passcode every sixty seconds. The combination of a user PIN and the current authenticator code is valid only for that particular user at that moment in time. RSA ACE/Server is then able to verify the code and grant access in mere seconds. RSA SecurID authenticators are now available in various types of hardware and software tokens. Biometrics The International Biometric Industry Association defines biometric technologies as an automated method of identifying or authenticating the identity of a person based upon physiological or behavioral characteristics. Use of biometrics is an effective way to protect against unauthorized access to network resources because biometric information is based upon unique personal characteristics of a user (or something the user is). Biometric devices are devices that create electronic digital templates of physical characteristics that are stored and compared to live images when there is a need to verify the identity of an individual. These templates are images that are highly compressed and represent a fingerprint, iris, or other physical characteristic. These templates use proprietary and carefully guarded algorithms to secure the templates and protect them from disclosure. A combination of one or more of the above token and knowledge methods of authentication and biometric technology provide a high level of security and reliability in the authentication of users. PASSAGE 3.0 Passage 3.0 was conceived to bring strong, multi-factor authentication to the enterprise information security market. Passage supports user authentication via one or a combination of password, smart card, biometric, or SecurID token. Competing products typically focus on a limited number of authentication technologies and are tied to a specific piece of hardware. Most often, these products focus on only one authentication methodology. Typically, companies that manufacture their own hardware devices provide solution tied to their device. Biometric companies typically provide biometric-only solutions and smart card manufactures provide smart card-only solutions. In contrast, Passage instead combines biometric and smart card authentication in a proven product and even incorporates password-only and SecurID authentication, thereby creating a true multifactor authentication solution that can greatly increase the security of your network. Passsage also makes it easier to manage compelx security. Single Sign-on capabilities are integrated in Passage, providing a way for end-user credentials to be managed and eliminating the need for multiple passwords to be maintained. Some of the platforms supplied with credentials after a user has been authenticated to Passage include operating systems such as Windows 95/98/NT/2000 and Novell, PKIs including Entrust and applications such as Lotus Notes. Using Passage Assist, a P a s s a g e 3 0 a n d M u l t i F a c t o r A u t h e n t i c a t i o n 3

feature of Passage 3.0, the list of supported applications can be expanded to include virtually any Windows-based dialogue or Web form. Platform credentials are stored in the Credential Bank, which can be located either remotely on the Passage Authentication Server or locally on the user s smart card. By storing credentials locally and remotely, Passage provides unparalleled security to both networked and mobile users. Another hallmark of Passage 3.0 is its unparalleled flexibility. Passage allows administrators to choose the method of authentication for each user and offers a choice between storing the credentials locally, remotely, or both. By allowing administrators to choose the method and combination of authentication schemes, Passage gives administrators tremendous flexibly to determine how and when they will deploy Passage. Corporate Headquarters: 6564 Loisdale Court, Suite 100, Springfield, VA, 22150, USA Tel +1 703 922 4600 Fax +1 703 922 4603 Sales Headquarters: 40 Wall Street, 46th Floor, New York, NY, 10005, USA Tel +1 212 514 8300 Fax +1 212 514-5676 Technical Headquarters: 3909 Midlands Road, Williamsburg, VA, 23185, USA Tel +1 757 941 2500 Fax +1 757 941 2539 www.3gi.com info@3gi.com 2000 3-G International, Inc. (3GI) All rights reserved. ACE/Server TM and SecurID TM are registered trademarks of RSA Security Inc. All other trademarks are the property of their respective owners P a s s a g e 3 0 a n d M u l t i F a c t o r A u t h e n t i c a t i o n 4

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information