ViSolve Open Source Solutions

Similar documents
Using Entrust certificates with VPN

CA ArcotOTP Versatile Authentication Solution for Mobile Phones

ADDING STRONGER AUTHENTICATION for VPN Access Control

A brief on Two-Factor Authentication

Out-of-Band Multi-Factor Authentication Cloud Services Whitepaper

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication

Internet Banking Two-Factor Authentication using Smartphones

RSA SecurID Two-factor Authentication

ProtectID. for Financial Services

STRONGER AUTHENTICATION for CA SiteMinder

Authentication. Authentication in FortiOS. Single Sign-On (SSO)

Strong Authentication in details

Secure Web Access Solution

Guide to Evaluating Multi-Factor Authentication Solutions

Building Secure Multi-Factor Authentication

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief

PortWise Access Management Suite

Entrust IdentityGuard

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

Executive Summary P 1. ActivIdentity

Creating One Time Password (OTP) infrastructures using Open Source sofware

Two-Factor Authentication

Information Security Basic Concepts

Is your mainframe less secure than your file server? Malcolm Trigg Solutions Consultant 24 th February 2016

Why SMS for 2FA? MessageMedia Industry Intelligence

Balancing risk, cost and user experience with SMS for 2FA

Secure Login Issues & Solutions

Remote Access Securing Your Employees Out of the Office

Entrust IdentityGuard Versatile Authentication Platform for Enterprise Deployments. Sam Linford Senior Technical Consultant

Security + Certification (ITSY 1076) Syllabus

TABLE OF CONTENTS. Introduction 3 OTP SMS Two-Factor Authentication 5 Technical Overview 9 Features 10 Benefits 11 About MobiWeb 12 Quality 13

WHITE PAPER Usher Mobile Identity Platform

ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief

Where every interaction matters.

Two-Factor Authentication and Swivel

Security Considerations for DirectAccess Deployments. Whitepaper

External authentication with Astaro AG Astaro Security Gateway UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

2 factor + 2. Authentication. way

Authentication Levels. White Paper April 23, 2014

Two-Factor Authentication over Mobile: Simplifying Security and Authentication

EVALUATION GUIDE. Evaluating a Self-Service Password Reset Tool. Usability. The password reality

Cisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia 2006 Cisco Systems, Inc. All rights reserved.

SENSE Security overview 2014

Interlink Networks RAD-Series AAA Server and RSA Security Two-Factor Authentication

The Cloud, Mobile and BYOD Security Opportunity with SurePassID

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

PortWise Access Management Suite

The PortalGuard All-In-One Authentication Solution-set: A Comparison Guide of Two-Factor Capabilities vs. the Competition

How to reduce the cost and complexity of two factor authentication

Multifactor authentication systems Jiří Sobotka, Radek Doležel

Secure Access Link. Table of Contents. Introduction. Background. avaya.com. Introduction Background Secure Access Link...

Swivel Multi-factor Authentication

FileCloud Security FAQ

ACCESS MANAGEMENT UTILITY SERVICE via SECOND FACTOR AUTHENTICATION (2FA)

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

NetIQ Advanced Authentication Framework

DIGIPASS Authentication for Sonicwall Aventail SSL VPN

Keeping your VPN protected

XYPRO Technology Brief: Stronger User Security with Device-centric Authentication

A Guide to New Features in Propalms OneGate 4.0

WHITE PAPER. Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ)

CA Adapter. Installation and Configuration Guide for Windows. r2.2.9

Microsoft Identity Lifecycle Manager & Gemalto.NET Solutions. Jan 23 rd, 2007

Strong Authentication for Secure VPN Access

SSL Overview for Resellers

The Authentication Revolution: Phones Become the Leading Multi-Factor Authentication Device

nexus Hybrid Access Gateway

Industrial Communication. Securing Industrial Wireless

How CA Arcot Solutions Protect Against Internet Threats

Implementing two-factor authentication: Google s experiences. Cem Paya (cemp@google.com) Information Security Team Google Inc.

Securing an IP SAN. Application Brief

How To Integrate Watchguard Xtm With Secur Access With Watchguard And Safepower 2Factor Authentication On A Watchguard 2T (V2) On A 2Tv 2Tm (V1.2) With A 2F

External authentication with Fortinet Fortigate UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

Mobile Admin Security

How To Comply With Ffiec

Data Sheet. NCP Secure Enterprise Management. Next Generation Network Access Technology

Stop Identity Theft. with Transparent Two-Factor Authentication. e-lock Corporation Sdn Bhd

Cisco Secure Access Control Server 4.2 for Windows

Strong Authentication for Cisco ASA 5500 Series

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.

AUTHENTIFIERS. Authentify Authentication Factors for Constructing Flexible Multi-Factor Authentication Processes

Network Security 1 Module 4 Trust and Identity Technology

Remote Access Security

SonicWALL PCI 1.1 Implementation Guide

Ensuring the security of your mobile business intelligence

French Justice Portal. Authentication methods and technologies. Page n 1

Single Sign-On. Security and comfort can be friend. Arnd Langguth. September, 2006

External Authentication with Cisco VPN 3000 Concentrator Authenticating Users Using SecurAccess Server by SecurEnvoy

SafeNet Authentication Service

BlackShield ID MP Token Guide. for Java Enabled Phones

Cisco IOS SSL VPN: Router-Based Remote Access for Employees and Partners

VASCO: Compliant Digital Identity Protection for Healthcare

Jim Bray, Cyber Security Adviser InfoSight, Inc.

Chapter 1: Introduction

NCP Secure Enterprise Management Next Generation Network Access Technology

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

QUICK SELLING GUIDE THE FUTURE OF AUTHENTICATION

I-Lung Kao Internet Security Systems IBM Global Technology Services Group

Information Technology Branch Access Control Technical Standard

Moving Beyond User Names & Passwords

Transcription:

ViSolve Open Source Solutions Best-In-Class Authentication and Authorization Solutions & Services ViSolve Inc.

ViSolve Securing Digital Assets Contents Security Overview Security Concerns Security Needs Technical Overview Two Factor Authentication System OTP One Time Password Solutions OATH Open Standards for OTP 2

Security Layers - Challenges Authentication Ability to Validate Proving Identity Authorization Access to Network Allowing to Transact Accounting Management Auditing Users Profiling Security Policy User Rights Access Levels Security Platform Applications Interface Security Device 3

Security Threats & Business Needs Vulnerabilities Cyber Crime Identity theft and Fraud Phishing & Pharming attacks becoming more sophisticated and malicious Business needs Enhanced Security: Stronger user authentication Two Factor authentication System Cost effective Password & Identity Management Delivery Mechanism Convenience of carrying security devices and ease of use 4

Power of One-Time Password (OTP) OTP deployment makes full life-cycle management easy & cost effective Flexibility and availability of various OTP methods time synchronized, event synchronized or challenge response Password generated valid for single use Enhanced security environment for users to authenticate and transact on web Centralized repository of User profiles and credentials 5

ViSolve Open Standards for OTP Today, with the exception of RADIUS, integration of OTPs can be achieved only through costly proprietary interfaces & protocols Can leverage on existing VPN/Wireless LAN infrastructure Low cost/no vendor lock alternative to proprietary solutions Easily added to existing web server password validation infrastructure Token based solution now inexpensive for wider B2C deployments 6

Technology Overview HP UX AAA Server and OATH: Standard Based Two Factor Authentication 7

Technology - Framework Two Factor Authentication Authentication using two independent method typically something you have (device) and something you know (password) One Time Password Password valid for single use Two-Party Model: Client and Server use OTP software or hardware to generate and validate password Two-Channel Model: High value transaction can be authenticated by requiring an OTP being delivered through secondary channel vis email or SMS OATH Open standards for OTP generation http://openauthentication.org sequence based algorithm Supported by all of the token device vendors 8

Advantages of OATH vs. Proprietary OTP Low Cost Sequence based algorithm allows low manufacturing cost for token device No Royalty Programs Leverage in both price-points and form-factors Wide variety of user deployment models Standalone token device can be built into consumer electronics Secondary channel solutions SMS No Vendor Lock Client, Server, user management components can be purchased separately Multiple OTP clients can be concurrently supported from the same authentication server Easy on Cost Easy to Implement Easy to End Users Easy to Manage 9

OATH/OTP Authentication Opportunities User Tokens Low priced tokens from multiple vendors Soft-tokens that can run on java enabled device-mobile phones SMS delivery of OTP for non java enabled devices Mobile makes ideal OTP device Ubiquitous Leverage applications provisioning to manage OTP softtoken Addressing Consumer issue of handling multiple hard tokens Opportunity for OTP authentication as telecom service Consumer authenticates to bank/retailer Retailer authenticates password locally Forward OTP to Service Provider User Base Enterprise Government Medical Finance Web- Merchants 10

OATH/OTP Vs. Other Major Authentication Technologies LOWER Cost/Complexity/Protection HIGHER Method Password OTP + Password Digital Certificates/PKI Advantages Widely used and supported by the largest number of applications Technology easily understood by users Two-factor authentication compatible with password based infrastructure: zero client footprint option Bi-directional authentication Can provide two-factor. Non-repudiation Disadvantages Relies on human protection and management of the secret. Requires possession of OTP generation software/hardware or access to a secondary channel for OTP transmission Certificate management cost can be prohibitive for large user base. Heavy footprint to manage on client. Not compatible with small devices. Requires distribution of certificate/smart card to client. Key Vulnerabilities Brute force Man-in-the-middle/client insertion Phishing Over the shoulder Keystroke loggers Man-in-themiddle/client insertion Phishing (reduced to one time action) User override of warnings Client insertion (reduced) Applicability Lower risk environments Legacy environments No network usage or protected network usage B2C Commerce Enterprise Security (VPN) Environments not suited for PKI (e.g. password based application infrastructure) Highly secure environments Monetary or legal transactions where non-repudiation is a required feature Environments where mutual authentication is required. 11 Customer slide presentation from HP

OATH Soft Tokens: Three Tier- Service Provider Model 1. Provisioning 2. Local Authentication SMS HTTPS User Key and sequence number are generated by service provider Key and OATH Applet are delivered to user device by client provisioning service. Web based Mgt User connects to web retail presence via browser. Password verified locally 3. OTP Authentication 4. Multiple Retailers HTTPS RADIUS HP UX AAA HP UX AAA User provides OTP from cell phone. Passed to Service provider for verification HTTPS Multiple retailers share the same OTP service, while locally maintaining password authentication 12 Customer slide presentation from HP

OATH: Provisioning Life Cycle: Token Cards 1. New Installation 2. New User Keys User Keys Serial# Key A123 34334343 A124 34555555 Web based Mgt Web based Mgt Supplier delivers tokens and key file. Admin tool imports serial number/key pairs into secure storage Serial number key and sequence number 0 are assigned to user entry. Token device is delivered to user. 3. Help Desk 4. Deactivate User User User Web based Mgt Web based Mgt User entry can be resynchronized with user s token device if needed. User entry locked. Token device may be assigned to another user 13 Customer slide presentation from HP

Basic Password Authentication Sequence Adding Two Factor Authentication Supplicant Authenticators HP UX AAA 123456 1. User name/password entered on client device OTP appended to password field (separate prompt or combined with existing password input) 2. Protocol VPN: L2TP/ IPSec LAN: 802.1x Web: HTTPS Etc. 3. Web Server, VPN Gateway, Firewall, WLAN Acess Point, Unix (login/ssh, ) etc Authenticate password locally or forward to AAA 4. Protocol RADIUS 5. AAA Server Authenticates password Tracks and logs user session OTP validated, token sequence number updated in ) Existing password based single factor authentication infrastructure. Two factor authentication can be added with minimal disruption. Zero client software changes possible. 14 Customer slide presentation from HP

HP-UX AAA Server Overview Purpose: Centralized service to provide authentication and recording of user access to network resources Control access to wireless LANs, VPN gateways, http servers, and other RADIUS enabled devices or applications Provides access and accounting control for greater security and compliance Advantages: Based on widely supported RADIUS and Extensible Authentication Protocol standards High performance/high availability features for enterprise and service provide deployments Supports a wide variety of authentication methods including password, token cards and digital certificates Highly customizable, supports ODBC compliant databases and LDAP compliant directories Included with HP-UX11i HP UX AAA User Web server 15 Customer slide presentation from HP

OATH: Higher level HMAC-based One Time Password Algorithm (HOTP) Generate OTP Shared Secret (20 bytes) Sequence Counter (8 bytes) Run HMAC Algorithm and Truncate HMAC-SHA1 Truncate OTP (6 or 8 Digits) Validate OTP Password + OTP Authenticator Password + OTP AAA Server Shared Secret Sequence Counter +1 Shared Secret Sequence Counter 16 Customer slide presentation from HP

Sample of Clients F1000 companies, Technology Vendors and Healthcare IT Organizations 17

Thank You 4010, Moorpark Avenue, #205, San Jose, California 95117.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information