Contextual Authentication: A Multi-factor Approach



Similar documents
Server-based Password Synchronization: Managing Multiple Passwords

Centralized Self-service Password Reset: From the Web and Windows Desktop

Leveraging SAML for Federated Single Sign-on:

Two-factor Authentication: A Tokenless Approach

Password Power 8 Plug-In for Lotus Domino Single Sign-On via Kerberos

Safewhere*Identify 3.4. Release Notes

Critical Issues with Lotus Notes and Domino 8.5 Password Authentication, Security and Management

PortWise Access Management Suite

Leverage Active Directory with Kerberos to Eliminate HTTP Password

The PortalGuard All-In-One Authentication Solution-set: A Comparison Guide of Two-Factor Capabilities vs. the Competition

Choosing an SSO Solution Ten Smart Questions

Flexible Identity. OTP software tokens guide. Multi-Factor Authentication. version 1.0

BlackShield ID Agent for Remote Web Workplace

TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION

BlackShield ID Agent for Terminal Services Web and Remote Desktop Web

White paper December IBM Tivoli Access Manager for Enterprise Single Sign-On: An overview

PortWise Access Management Suite

STRONGER AUTHENTICATION for CA SiteMinder

Flexible Identity. Tokenless authenticators guide. Multi-Factor Authentication. version 1.0

expanding web single sign-on to cloud and mobile environments agility made possible

nexus Hybrid Access Gateway

CA Adapter. Installation and Configuration Guide for Windows. r2.2.9

Allianz Global Investors Remote Access Guide

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

ABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES

KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS

BlackShield ID Best Practice

The Role of Password Management in Achieving Compliance

Copyright

INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER

FileCloud Security FAQ

Securing your Juniper SSL VPN with two-factor authentication.

DualShield Authentication Platform

Flexible Identity Federation

Administering Jive for Outlook

EVALUATION GUIDE. Evaluating a Self-Service Password Reset Tool. Usability. The password reality

Agent Configuration Guide

Identity & Access Management in the Cloud: Fewer passwords, more productivity

Step-by-Step Guide to Setup Instant Messaging (IM) Workspace Datasheet

External Authentication with Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

Welcome Guide for MP-1 Token for Microsoft Windows

Key Authentication Considerations for Your Mobile Strategy

ADVANCED TWO-FACTOR AUTHENTICATION VIA YOUR MOBILE PHONE

WHITEPAPER SECUREAUTH AND CAC HSPD-12 AUTHENTICATION TO WEB, NETWORK, AND CLOUD RESOURCES

Strong Authentication for Secure VPN Access

Strong Authentication for Microsoft SharePoint

Step by step guide to implement SMS authentication to Cisco ASA Clientless SSL VPN and Cisco VPN

Advanced Configuration Steps

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Internet Information Services (IIS)

External Authentication with Citrix Secure Gateway - Presentation server Authenticating Users Using SecurAccess Server by SecurEnvoy

Securing access to Citrix applications using Citrix Secure Gateway and SafeWord. PremierAccess. App Note. December 2001

Employee Active Directory Self-Service Quick Setup Guide

A Guide to New Features in Propalms OneGate 4.0

TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION

The Top 5 Federated Single Sign-On Scenarios

WatchGuard SSL 2.0 New Features

1 Summary. Step by Step Guide to implement SMS authentication to Bluecoat ProxySG

Symantec VIP Integration with ISE

ipad or iphone with Junos Pulse and Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

How To Comply With Ffiec

Application Note. Intelligent Application Gateway with SA server using AD password and OTP

Network device management solution

Strong Authentication for Microsoft TS Web / RD Web

Mashup Sites for SharePoint 2007 Authentication Guide. Version 3.1.1

ADAPTIVE USER AUTHENTICATION

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery

Mashup Sites for SharePoint 2007 Authentication Guide. Version 3.2.1

Symantec Client Management Suite 7.6 powered by Altiris technology

Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief

Defender Token Deployment System Quick Start Guide

SECUREAUTH IDP AND OFFICE 365

Security Overview Enterprise-Class Secure Mobile File Sharing

GTS Software Pty Ltd. Remote Desktop Services

How to Scale out SharePoint Server 2007 from a single server farm to a 3 server farm with Microsoft Network Load Balancing on the Web servers.

Alexander De Houwer Technology Advisor Devices Win 10 Vincent Dal Technology Advisor Business Productivity

Client Security Guide

Ensuring Enterprise Data Security with Secure Mobile File Sharing.

Swivel Multi-factor Authentication

AD Self-Service Suite for Active Directory

Microsoft Enterprise Mobility Suite

How to reduce the cost and complexity of two factor authentication

Full disk encryption with Sophos Safeguard Enterprise With Two-Factor authentication of Users Using SecurAccess by SecurEnvoy

Beyond passwords: Protect the mobile enterprise with smarter security solutions

Deltek Vision 7.0 LA. Technical Readiness Guide

IBM Business Process Manager Version IBM Business Process Manager for Microsoft SharePoint Add-On Installation Guide

Microsoft Enterprise Mobility Suite

NCSU SSO. Case Study

White paper December Addressing single sign-on inside, outside, and between organizations

Where are Organizations Today? The Cloud. The Current and Future State of IT When, Where, and How To Leverage the Cloud. The Cloud and the Players

and the software then detects and automates all password-related events for the employee, including:

DriveLock and Windows 7

Host Access Management and Security Server

Secure Messaging Server Console... 2

Contents Release Notes System Requirements Administering Jive for Office

Mod 2: User Management

PortWise 4.7. PortWise Sales FAQ. Sales FAQ & Licensing Guide

Guide to Evaluating Multi-Factor Authentication Solutions

Citrix Ready Solutions Brief. CA Single Sign-On and Citrix NetScaler: Quickly Adapt to Your Dynamic Authentication Demands. citrix.

WorkEngine Pre-Deployment Checklist

Service Updates and Enhancements

Transcription:

Contextual Authentication: A Multi-factor Approach Multi-factor Authentication Layer v.3.2-003 PortalGuard dba PistolStar, Inc. PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 617.674.2727 E-mail: sales@portalguard.com Website: www.portalguard.com 2012, PistolStar, Inc. dba PortalGuard All Rights Reserved.

PortalGuard Contextual Authentication A Multi-factor Approach Table of Contents Summary... 2 The Basics... 2 PortalGuard Contextual Authentication (CBA)... 2 Contextual Authentication vs. Static Authentication... 3 Features... 3 Benefits... 4 CBA Terminology... 4 How it Works... 6 Analysis Mode... 6 Client-side Browser Add-on... 6 CBA Process... 6 Configuration... 8 Deployment... 8 IIS Install... 8 System Requirements... 9 Supporting Videos... 9 Platform Layers... 9 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 1

Summary Increases in roaming user populations and remote access to organizations confidential data is becoming a larger security concern, leaving organizations with choices to make about how to secure these resources. A conflict of interest between business groups and IT security can create a struggle to maintain usability while increasing security. Although instituting better password policies is a preliminary option, organizations are often over steering towards rigid two-factor authentication solutions. Although these solutions are desirable for security, the barriers to entry for many organizations are overwhelming. By applying stringent two-factor authentication to all users, it is not possible for the organization to adapt to all the different user access scenarios, usually resulting in poor user adoption and increased frustrations. Due to the size and structure of these solutions, integration usually requires dedicated IT resources and training, along with the potential of additional hardware. However, the biggest barrier is high total cost of ownership. The organization has the intention of increasing security but cannot handle the costs associated with the initial purchase and maintenance of a two-factor solution, ranging from hardware replacements to increased Help Desk calls. So you have to make a tough decision, do you institute better password policies? Or should you implement two-factor authentication across the whole company? Which makes you wonder is there a midpoint between the two? The Basics The midpoint is referred to as contextual authentication which is focused on providing dynamic security to enhance usability for users and strengthen security to match your organization s policies and compliance standards. Contextual authentication works behind-the-scenes to prevent unauthorized access and applies the appropriate level of authentication based on the expected impact of the context around a user s access request, including location, time, device, network and application. For example, users within your company s four walls may only need to provide strong passwords whereas a traveling salesperson or roaming user must provide two-factors. However, a traveling salesperson now in the office only needs to provide a password to prove his identity due to his new situation when requesting access. PortalGuard Contextual Authentication (CBA) As an alternative to static authentication solutions, PortalGuard understands the midpoint and handles the challenges of remote user access scenarios. By taking a cost effective, flexible approach to authentication PortalGuard offers five methods of authentication (single sign-on, password-based, knowledge-based, two-factor authentication, and block a request) with the primary focus of the software platform being CBA. Using PortalGuard s CBA, organizations can now gain insight into user access scenarios allowing them to make security and usability adjustments transparently to the user and dynamically adjust the authentication method to what is appropriate based on the user s situation. 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 2

Obtaining the user s contextual data is optional with PortalGuard and all options can be configured down to the individual user, group or application levels. Features Provides five different authentication methods single sign-on, password-based, knowledge-based, two-factor, and blocking a request Contextual Authentication (CBA) applies the appropriate authentication method for each access request depending on the user s context Client-side browser add-on optionally obtain users contextual data such as location, time, network, and type of device used Provides two-factor authentication by delivering a one-time password (OTP) to a user via SMS, email, printer, or to their laptop in the form of a transparent token (i.e. the client -side browser add-on producing a cookie) SAML single sign-on: can create a SAML token and enable SAML single sign-on to Cloud/Web-based applications to accept SAML tokens Real-time Activity Alerts alerting the admin or user to malicious activity or did you know information Notifications including emails to a user of access with their account from a new device Reporting Tool contextual data reports allow you to take real-time action on meaningful situations All events are stored in a SQL database for easy auditing and reporting 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 3

Benefits Increase Security without impacting the end-user experience Increase Usability for authorized users while creating barriers for unauthorized users Configurable to the user, group or application levels Lower Total Cost of ownership than token-based two-factor authentication alternatives Proactive approach to reducing threats - block suspicious users in real-time before a login attempt is made Gather Insight analyze the contextual data reports PortalGuard provides CBA Terminology Authentication Methods: the type of authentication the user will be presented with: Single Sign-on: username and password (single password for multiple systems) Password-based: username and password Knowledge-based: username, password and challenge question One-time Password (OTP): username and OTP Two-factor: username, password and OTP Credibility Score: the numeric value that is used to determine the appropriate authentication method based on a set of ranges - determined from credibility policies Credibility Policy: configurable policies based on categories and identifiers to which you assign a score. A credibility policy can have multiple categories. Category - collection of related identifiers (context); currently includes device, time, location, and network. A category can have multiple identifiers. Identifier - individual attributes that are assigned scores based on their importance (Ex. Time: off hours, office hours, and weekend hours) Weight (%) - an optional percentage for each category that adjusts the category s impact on the credibility score versus other categories Application Realms: identifies an application and assigns a weight (%) to that application that adjusts the overall credibility score (Ex. The application realm is 50% and the current score is 100, after the realm is enforced, the user has a score of 50). 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 4

Credibility Policy Application Realms 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 5

NOTE: Steps 2-4 happen behind the scenes, transparently to the user and within milliseconds. Step 2: Contextual data is sent from the client-side browser add-on to the PortalGuard server. Step 3: The PortalGuard server identifies a user s credibility policy and computes the following: Gross score for each category Any category weight impact to the score Net score from the policy and weights Modification due to sensitivity of requested application Step 4: The PortalGuard server looks up the appropriate authentication method using the final credibility score and previously set ranges which the administrator configured. Step 5: PortalGuard enforced the appropriate authentication method for the user s current access attempt. The user provides the required credentials to successfully complete their access request and login. Ex. Two-factor Authentication 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 7

Configuration NOTE: All the following settings are policy specific, so you can have different values for different users/group/hierarchies. Configurable through the PortalGuard Configuration Utility: Enable or Disable CBA Assign users or groups to individual credibility policies Credibility Policies: Client Type Use Category Weighting Enforce Application Realms Display Scoring UI Categories Weight Identifiers Credibility Score Default Ranges Start and End Scores Authentication Type Alert On or Off Application Realms Application Name and URL Modifier % Servers Deployment Implementation of the PortalGuard platform is seamless and requires no changes to Active Directory/LDAP schema. A server-side software installation is required on at least one IIS server on the network. Additional client-side software is required with contextual authentication in the form of the browser add-on which is installed using a standard MSI and can be pushed out silently. IIS Install A MSI is used to install PortalGuard on IIS 6 or 7.x. If installing PortalGuard on IIS 7.x/ Windows Server 2008, make sure to have installed the following feature roles prior to launching the MSI: 1. All the Web Server Management Tools role services 2. All the Application Development role services 3. All IIS 6 Management Compatibility role services The MSI is a wizard-based install which will quickly guide you through the installation. 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 8

System Requirements This version of PortalGuard supports direct access and authentication to cloud/browserbased applications, only. PortalGuard can be installed directly on the following web servers: IBM WebSphere/WebSphere Portal v5.1 or higher Microsoft IIS 6.0 or higher Microsoft Windows SharePoint Services 3.0 or higher Microsoft Office SharePoint Server 2007 or later The PortalGuard Web server also has the following requirements on Windows operating systems:.net 2.0 framework or later must be installed (64-bit OS only) Microsoft Visual C++ 2005 SP1 Redistributable Package (x64) PortalGuard is fully supported for installation on virtual machines. Furthermore, Portal- Guard can currently be installed on the following platforms: Microsoft Windows Server 2000 Microsoft Windows Server 2003 (32 or 64-bit) Microsoft Windows Server 2008 (32 or 64-bit) Microsoft Windows Server 2008 R2 PortalGuard works with Windows Terminal Services on Win2003 servers and Remote Desktop Services on Win2008 servers. If you have a platform not listed here, please contact us at sales@portalguard.com to see if we have recently added support for your platform. Supporting Videos Please view the following videos to watch a demo of PortalGuard s CBA Offerings: Welcome to the Platform: Discussing Contextual Authentication Consumerization Challenges: Discussing Device Management Platform Layers Beyond contextual authentication, PortalGuard is a flexible authentication platform with multiple layers of available functionality to help you achieve your authentication goals: Tokenless Two-factor Authentication Self-service Password Reset Real-time Reports / Alerts Knowledge-based Password Management Single Sign-on 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 9

### 2012, PistolStar, Inc. dba PortalGuard All rights reserved. Page 10

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information