Strong Authentication for Secure VPN Access

Similar documents
Protecting Online Customers from Man-inthe-Browser and Man-in-the-Middle Attacks

STRONGER AUTHENTICATION for CA SiteMinder

How CA Arcot Solutions Protect Against Internet Threats

Advanced Authentication Methods: Software vs. Hardware

How To Comply With Ffiec

Authentication Solutions. Versatile And Innovative Authentication Solutions To Secure And Enable Your Business

ADDING STRONGER AUTHENTICATION for VPN Access Control

etoken Single Sign-On 3.0

Using Entrust certificates with VPN

Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access

Enhancing Organizational Security Through the Use of Virtual Smart Cards

Guide to Evaluating Multi-Factor Authentication Solutions

Authentication Solutions VERSATILE AND INNOVATIVE AUTHENTICATION SOLUTIONS TO SECURE AND ENABLE YOUR BUSINESS

solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service?

SOLUTION BRIEF CA ADVANCED AUTHENTICATION. How can I provide effective authentication for employees in a convenient and cost-effective manner?

RSA SecurID Two-factor Authentication

Entrust IdentityGuard

Multi-factor authentication

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

Authentication Solutions Buyer's Guide

CA ArcotOTP Versatile Authentication Solution for Mobile Phones

A brief on Two-Factor Authentication

Entrust IdentityGuard Versatile Authentication Platform for Enterprise Deployments. Sam Linford Senior Technical Consultant

Arcot Systems, Inc. Securing Digital Identities. FPKI-TWG Mobility Solutions Today s Speaker Tom Wu Principal Software Engineer

Adding Stronger Authentication to your Portal and Cloud Apps

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009

Two-Factor Authentication

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment

TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION

Securing Virtual Desktop Infrastructures with Strong Authentication

Securing the Connection with Remote Users Leveraging Strong Authentication and VPNs to Secure Access to the Enterprise

XYPRO Technology Brief: Stronger User Security with Device-centric Authentication

Why MobilityGuard OneGate?

KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS

The Convergence of IT Security and Physical Access Control

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

PortWise Access Management Suite

Security Architecture Whitepaper

SSL VPN vs. IPSec VPN

MODERN THREATS DRIVE DEMAND FOR NEW GENERATION MULTI-FACTOR AUTHENTICATION

Creating Trust Online TM. Comodo Mutual Authentication Solution Overview: Comodo Two Factor Authentication Comodo Content Verification Certificates

ADAPTIVE USER AUTHENTICATION

Remote Access Securing Your Employees Out of the Office

Entrust Managed Services PKI. Getting an end-user Entrust certificate using Entrust Authority Administration Services. Document issue: 2.

Frequently Asked Questions (FAQs) SIPRNet Hardware Token

AUTHENTIFIERS. Authentify Authentication Factors for Constructing Flexible Multi-Factor Authentication Processes

Modern two-factor authentication: Easy. Affordable. Secure.

WHITE PAPER AUGUST Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords

HOTPin Integration Guide: DirectAccess

Executive Summary P 1. ActivIdentity

Secure Web Access Solution

White Paper Preventing Man in the Middle Phishing Attacks with Multi-Factor Authentication

Longmai Mobile PKI Solution

Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard

SOLUTION BRIEF ADVANCED AUTHENTICATION. How do I increase trust and security with my online customers in a convenient and cost effective manner?

Simplifying Security with Datakey Axis Single Sign-On. White Paper

DriveLock and Windows 7

The Authentication Revolution: Phones Become the Leading Multi-Factor Authentication Device

Best Practices for Secure Remote Access. Aventail Technical White Paper

VMware Horizon View for SMS PASSCODE SMS PASSCODE 2014

How Secure is your Authentication Technology?

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER

TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION

Improving Online Security with Strong, Personalized User Authentication

2003, Rainbow Technologies, Inc.

The Convergence of IT Security and Physical Access Control

CA Arcot RiskFort. Overview. Benefits

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief

Information Technology Branch Access Control Technical Standard

Authentication Strategy: Balancing Security and Convenience

CA Adapter. Installation and Configuration Guide for Windows. r2.2.9

Contextual Authentication: A Multi-factor Approach

IDENTITY & ACCESS. Privileged Identity Management. controlling access without compromising convenience

Using GhostPorts Multi-Factor Authentication

Endpoint Security VPN for Mac

Whitepaper MODERN THREATS DRIVE DEMAND FOR NEW GENERATION TWO-FACTOR AUTHENTICATION

DriveLock and Windows 8

nexus Hybrid Access Gateway

Secure your business DIGIPASS BY VASCO. The world s leading software company specializing in Internet Security

PortWise Access Management Suite

White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services. Table of Contents. 1. Two Factor and CJIS

MIGRATION GUIDE. Authentication Server

Securing corporate assets with two factor authentication

SCB Access Single Sign-On PC Secure Logon

White Paper: Managing Security on Mobile Phones

SecureAuth Authentication: How SecureAuth performs what was previously impossible using X.509 certificates

Transcription:

Strong Authentication for Secure VPN Access Solving the Challenge of Simple and Secure Remote Access W H I T E P A P E R EXECUTIVE SUMMARY In today s competitive and efficiency-driven climate, organizations must provide their employees, contractors, and business partners with secure remote access. Many organizations provide access via a Virtual Private Network (VPN) over existing internet connections. However, VPNs solve only part of the security equation for remote access. VPNs ensure the privacy of data transmission, but do not strongly defend against unauthorized access to the organization s electronic assets. Today, simple username and passwords protect access to most VPNs. Security experts recommend strong, two-factor authentication to protect remote access. However, strong authentication historically has been expensive, difficult to use, and complex to administer. This has left organizations with a dilemma take on the added expense and burden of two-factor authentication or leave the organization s remote access inadequately protected. Arcot Systems Inc., a leader in software-based strong authentication and digital signing solutions, provides a third option for secure remote access: strong two-factor authentication for VPNs that retains the ease-of-use and deployment simplicity of username/password authentication. Remote Access Is Vital To Business Today Doing business today means doing business over the internet. Employees, contractors, and business partners want access to the information they need, where and when they need it. Many organizations use virtual Private Networks (VPNs) to provide secure access to their electronic resources. VPNs create a private tunnel through the public internet between a remote user and the organization s internal network. The VPN encrypts the data in the tunnel, preventing anyone who intercepts the data from being able to understand the contents. VPNs enable users to gain access to a company s internal network from anywhere in the world, through a range of methods: Simple web-based interfaces that allow secure, authenticated access to web applications such as a partner portal Full client deployments that provide a virtual office with file sharing, print sharing, and legacy application access for remote users Dedicated links that connect branch offices to corporate headquarters First Mile Insecurity Leaves Data At Risk Although the tunnel created by the VPN keeps information that flows through it private, it does not prevent unauthorized access to the organization s network. Often, there is nothing more than a simple username and password protecting the first mile of a VPN, the connection to the client PC. Attacks such as Man-In-The-Middle (MITM), brute force and Spyware can compromise passwords.1 Once they compromise login credentials, attackers can gain access to the organization s internal network. To reduce the risk of compromise, most security experts recommend the replacement of simple username/password combinations for online access authentication with stronger authentication methods. Multi-factor authentication (also known as Strong authentication ) requires users to employ more than one factor to prove their identity before they receive online access. Factors can include: Something you know (such as a PIN or password); Something you have (such as a smart card, digital ID, or One Time Password generator); 1

Something you are (a biometric factor such as fingerprint or voiceprint). Traditional Two-Factor Security Is Costly And Complex Moving to strong authentication can be both costly and complex. Deploying a strong second factor, (e.g., something you have ), typically involves security hardware such as USB tokens, smart cards, or one-time password (OTP) tokens. These hardware solutions can be costprohibitive for an organization due to the following reasons: Direct and indirect costs to manage and distribute security hardware Periodic replacement of OTP tokens due to battery failure IT configuration changes to install drivers on PC desktops with locked, standardized configurations Replacing and distributing lost or broken security hardware In addition to the costs described above, traditional twofactor solutions introduce additional complexity to both the user and the IT infrastructure, especially when provisioning security hardware for business partners. This complexity consists of two major issues: Users managing multiple security tokens with different user interfaces. Studies have shown that users will attempt to subvert any security deployments they believe impedes their productivity. This can translate into actions as simple as placing passwords on sticky notes or as serious as sharing tokens. Business partners juggling multiple tokens from multiple partners. Organizations must successfully deploy and support a VPN client plus an authentication solution to a business partner who may already be struggling with conflicting login processes from other organizations. Another challenge to successful deployment of two-factor authentication for VPNs is that a strong authentication solution must meet the security needs of a full spectrum of applications. The applications range from those requiring very high levels of security, such as financial data, customer information, and product development plans, to others that may need less security, such as an internal news portal or other information site. IT organizations faced with this dilemma must choose between the painful and risky options of leaving assets insufficiently protected or beginning a complex, expensive, multiyear project to provide multiple levels of authentication for the organization. Arcot Two-Factor Simplicity And Security Arcot has the solution to address these challenges: the ArcotID, a 100% software, strong authentication software smart card. This solution has the same functionality and interoperability as a hardware smart card, yet is significantly easier and less expensive to deploy, manage, and use. Arcot provides strong, two-factor security in the ArcotID through its patented Cryptographic Camouflage technology. ARCOT SECURES VPN AUTHENTICATION FOR ALL TYPES OF USERS Traveling Users firewall Business s The Internet firewall VPN Server Arcot WebFort Corporate Electronic s Remote Employees Arcot RiskFort Remote/Branch Office A Man-in-the-Middle attack occurs when an attacker inserts himself in the middle of a session between a client and server, such as a remote user and a web portal. Masquerading as both the legitimate client and server, the attacker intercepts all communications including log-on credentials and one-time-password tokens. A brute force attack occurs when an attacker exhaustively attempts every possible password to break into a system. This type of attack is more feasible as computing hardware becomes cheaper and faster. 2

THE BUSINESS PARTNER S DILEMMA MANAGING MULTIPLE IDS AND TOKENS Security Security Security Business The ArcotID is not vulnerable to MITM attacks or brute force attacks that attackers can mount against other software tokens and credential containers. The ArcotID adds security without adding complexity. Organizations can configure the user experience to look identical to existing username/password authentication. The underlying patented Arcot technology delivers strong authentication for secure access invisibly and reliably. The ArcotID is easy to integrate with existing authentication solutions. It supports applications enabled for hardware smart cards or USB security tokens without any application changes. It also supports applications that enable OTPs without modification using the included RADIUS interface. In short, ArcotID allows organizations to exercise control over electronic access with no requirement for new hardware, readers, or drivers. Arcot s software-based approach eliminates the burden of deploying and supporting hardware tokens. With its simple user interface, the ArcotID keeps support and training costs low and user adoption rates high. FEATURE COMPARISON OF STRONG AUTHENTICATION SOLUTIONS USERNAME/ OTP HARDWARE SMARTCARD O/S KEY STORAGE ARCOTID PASSWORD Multi-factor authentication (strong) 3 3 3 Digital signature capable 3 3 3 File encryption capable 3 3 3 Man-in-middle attack resistant 3 3 3 Familiar user interface 3 3 Brute-force resistant 3 3 3 Client-less software option 3 3 3 Unlimited life (no battery) 3 3 3 3 3

ArcotID DELIVERS THE STRENGTH OF HARDWARE WITH THE EASE OF SOFTWARE high Hardware ArcotID low SECURITY low EASE OF USE User Name & Password high Organizations can deploy the ArcotID more quickly than hardware smart cards and OTP tokens. Arcot s fully selfservice web provisioning system can provision ArcotID software smart cards to employees and partners with zero administrator assistance. Existing desktops do not need additional software nor do they need any new hardware to deploy an ArcotID. These features enable substantial cost savings for the organization: Online self-enrollment Lost credential recovery Fast temporary credentials issuance Location-dependent access controls No end-user software install Support for roaming access Take Control Over The Authentication Lifecycle Arcot VPN authentication solutions are part of Arcot s family of authentication products that address the needs of the entire authentication lifecycle, from issuing credentials, to risk management and revocation. Arcot RegFort enables organizations to choose from a range of options for distributing authentication credentials. They can allow full self-service or IT-directed operation with multiple registration capabilities for additional control. RegFort also supports loading digital IDs into ArcotIDs or hardware smart cards to provide additional flexibility for IPSec-based VPNs, client SSL certificates and other digital ID-enabled applications. Arcot WebFort is a high performance authentication server that supports both password and strong two-factor A simple, consistent user experience Arcot delivers a comprehensive, strong authentication solution for all the major enterprise VPN technologies including SSL, Hybrid or Tunneling SSL and IPSec-based VPNs. Arcot s patented Cryptographic Camouflage technology protects all remote users. Regardless of the VPN technology used, authentication using an ArcotID is a simple and intuitive process. A user with an ArcotID initiates a connection to the organization s VPN and performs one of two familiar tasks when prompted: 1. Enter a username 2. Enter a PIN/password Ease of use and a consistent login experience are critical to the success of a secure authentication deployment. ArcotID provides both. authentication using the ArcotID to provide a fully softwarebased strong authentication solution. WebFort even supports a mixture of strong authentication and username/password infrastructures mode deployments. To enhance the authentication process further, Arcot RiskFort offers sophisticated real-time risk management. RiskFort derives a risk score by evaluating aspects of each online transaction. It examines data points such as the originating device, the geographic location of the user and the nature of the authentication event, and then correlates these aspects with user behaviors. RiskFort uses this to detect and block potential malicious activity automatically before it can do any damage. 4

RELATIVE COSTS OF STRONG AUTHENTICATION SOLUTIONS OTP HARDWARE SMARTCARD ARCOTID Direct cost (including reader) $ $ $ $ $ $ $ $ $ $ $ Shipping cost $ $ $ $ Replacement cost $ $ $ $ Training cost $ $ $ $ $ Conclusion Organizations must provide secure remote access to their employees, contractors and partners in order to remain competitive in the marketplace. VPNs provide a reliable way to secure the data transmission for remote access, but do not address the security of the login process itself. This insecurity leaves the entire network at risk. In the past, organizations have faced a difficult choice between deploying complex, expensive, difficult-to-use but secure authentication technology and authentication technology that was easy, inexpensive and insecure. Fortunately, Arcot has the solution to satisfy the need for two-way authentication for VPN users: the ArcotID, a 100% software, strong authentication software smart card. This solution has the same functionality and interoperability as a hardware smart card, yet is significantly easier and less expensive to deploy, manage, and use. Arcot s proven, secure authentication solutions scale to meet the size and complexity of any organization, extending the reach of organizational extranets to remote employees and business partners. Arcot protects over 11 million users while maintaining the performance and responsiveness demanded by today s authentication infrastructures. About Arcot Arcot is the cloud authentication leader. Our fraud prevention, strong authentication, and e-document security solutions make Web transactions and online access safe for millions of consumer, enterprise, and e-commerce users. Organizations can transparently deploy stronger authentication and allow users to conveniently authenticate from any computer or mobile device. Arcot solutions deliver the right balance of cost, convenience and strength. For more information, please visit www.arcot.com, email sales@arcot.com, or contact your nearest sales office: Corporate Headquarters, U.S. Arcot Systems, Inc. Ph: +1 408 969 6100 United Kingdom Arcot International Ph: +44 118 965 7998 Germany Arcot Deutschland GmbH Ph: +49 8157 997793 India Arcot R&D Software Private Ltd Ph: +91 80 6660 2745 www.arcot.com Copyright 2010 Arcot Systems, Inc. All rights reserved. Arcot, Arcot WebFort and ArcotID are registered trademarks of Arcot Systems, Inc. All other trademarks are the property of Arcot Systems, Inc. or their respective owners. 10-85 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information