O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.
Two-factor Authentication:Highlighting the Multi-factor Authentication Layer of thePortalGuard PlatformA Tokenless Approac...
• Define PortalGuard• Understand the need for two-factor authentication• Learn about PortalGuard’s Two-factor Authenticati...
The PortalGuard software is a Contextual Authentication platformwhich is focused on enhancing usability, while maintaining...
Before going into the details…• Configurable by user, group or application• Configure One-time Password (OTP) length, expi...
A P P L I C AT I O N S
Two-factor Authentication is…Used to increase security by requiring:“Something you know”“Something you have”AND
Aren’t all Two-factor Authentication Solutions the Same?They will increase your security however…• Inflexible• Low usabili...
ONE-TIME PASSWORD (OTP)Transparent Tokens• Web/cloud application directly• VPN connection using RADIUS• Self-service passw...
How do I choose?SMS• Attack Prevention – both passive and active• Total Cost of Ownership• Support/Maintenance Requirement...
• Increased security - add an extra layer of authentication to applicationaccess, VPN access, or during a self-service pas...
HOW IT WORKS
PortalGuard provides flexibility…Allows you to configure whether the enrollment will be forced or able tobe postponed “x” ...
Step 1:PortalGuard’s login screen is presented when a user visits the web-application.Step 2:The user enters their usernam...
Step 1:PortalGuard’s login screen is presented when a user visits the web-application.
Step 2:The user enters their username and clicks continue.
The PortalGuard server sends the OTP to the user’s mobile phonewithin 5-10 seconds, in the form of an SMS.Step 3:
Step 4:The user is prompted for a password and OTP.
Step 5:The user enters in the OTP they received and clicks “Log On”.
Step 6:The user gains access to the web-application and data.
Step 6:This is an example of a user attempting to use an expired OTP that wasnever used. Once the expired OTP is entered, ...
RADIUS Support:An internet standard that was designed primarily to authenticateremote users• Cisco• JuniperNetwork Access ...
Step 1:The user attempts to connect to the NAS/firewall using either abrowser or VPN client software and is prompted for u...
Step 2:The NAS communicates the credentials to the PortalGuard serverusing the RADIUS protocol.The PortalGuard server vali...
PortalGuard replies to the RADIUS request with an Access-Challengeresponse that includes a custom message that should be d...
The NAS displays the custom message requesting the user to enterthe OTP that was sent to their mobile device.Step 6:
Step 7:The user enters the OTP from their mobile device and submitsit to the NAS.
The NAS communicates the credentials to the PortalGuard serverusing the RADIUS protocol.Step 8:Step 9:The PortalGuard serv...
The NAS accepts the user’s authentication and the VPNtunnel/session is established. The user is then able to accessinterna...
Configurable through the PortalGuard Configuration Utility:• Expiration, aka “time-to-live” (TTL)• Length• Format• Numeric...
TECHNICAL REQUIREMENTS
A MSI is used to install PortalGuard on IIS 6 or 7.x.This version of PortalGuard supports direct access and authentication...
THANK YOUFor more information visit PortalGuard.com or Contact Us
Próximos SlideShares
Carregando em…5
×

0

Compartilhar

Baixar para ler offline

Twofactorauthentication 120625115723-phpapp01

Baixar para ler offline

  • Seja a primeira pessoa a gostar disto

Twofactorauthentication 120625115723-phpapp01

  1. 1. Two-factor Authentication:Highlighting the Multi-factor Authentication Layer of thePortalGuard PlatformA Tokenless ApproachUnderstanding PortalGuard’s
  2. 2. • Define PortalGuard• Understand the need for two-factor authentication• Learn about PortalGuard’s Two-factor Authentication Options• See the step-by-step Authentication Process• Know the technical requirementsBy the end of this tutorial you will be able to…
  3. 3. The PortalGuard software is a Contextual Authentication platformwhich is focused on enhancing usability, while maintaining abalance between security, auditing and compliance for your web,desktop and mobile applications.• Single Sign-on• Password Management• Password Synchronization• Self-service Password Reset• Knowledge-based• Two-factor Authentication• Contextual Authentication• Real-time Reports/AlertsUsability Security
  4. 4. Before going into the details…• Configurable by user, group or application• Configure One-time Password (OTP) length, expiration and format• Send OTP via SMS, email, transparent token and printer• No SMS gateway required• Cost effective and competitively priced• Tailored Authentication for an exact fit• Enforced for direct access to applications, VPN using RADIUS and duringa self-service password reset, recovery, or account unlock
  5. 5. A P P L I C AT I O N S
  6. 6. Two-factor Authentication is…Used to increase security by requiring:“Something you know”“Something you have”AND
  7. 7. Aren’t all Two-factor Authentication Solutions the Same?They will increase your security however…• Inflexible• Low usability• High total cost of ownership• Tokens are expensive, forgotten and need replacement/repair
  8. 8. ONE-TIME PASSWORD (OTP)Transparent Tokens• Web/cloud application directly• VPN connection using RADIUS• Self-service password reset,recovery, or account unlock
  9. 9. How do I choose?SMS• Attack Prevention – both passive and active• Total Cost of Ownership• Support/Maintenance Requirements• Client-side Software• Ease of Use• Portability
  10. 10. • Increased security - add an extra layer of authentication to applicationaccess, VPN access, or during a self-service password reset• Reduce Risk - prevent attacks by leveraging credentials which expireafter one use• Usability - leverage hardware a user already has for increased useradoption• Eliminate forgotten passwords - leverage a username and OTP only ascredentials• Configurable - to the user, group or application levels• Flexible - multiple OTP delivery methods available
  11. 11. HOW IT WORKS
  12. 12. PortalGuard provides flexibility…Allows you to configure whether the enrollment will be forced or able tobe postponed “x” number of times by the user.
  13. 13. Step 1:PortalGuard’s login screen is presented when a user visits the web-application.Step 2:The user enters their username and clicks continue.Step 3:The PortalGuard server sends the OTP to the user’s mobile phonewithin 5-10 seconds, in the form of an SMS.Step 4:The user is prompted for a password and OTP.Step 5:The user enters in the OTP they received and clicks “Log On”.Step 6:The user gains access to the web-application and data.Step 7:This is an example of a user attempting to use an expired OTP that wasnever used. Once the expired OTP is entered, the user is denied accessand prompted to cancel the process or request a valid OTP.
  14. 14. Step 1:PortalGuard’s login screen is presented when a user visits the web-application.
  15. 15. Step 2:The user enters their username and clicks continue.
  16. 16. The PortalGuard server sends the OTP to the user’s mobile phonewithin 5-10 seconds, in the form of an SMS.Step 3:
  17. 17. Step 4:The user is prompted for a password and OTP.
  18. 18. Step 5:The user enters in the OTP they received and clicks “Log On”.
  19. 19. Step 6:The user gains access to the web-application and data.
  20. 20. Step 6:This is an example of a user attempting to use an expired OTP that wasnever used. Once the expired OTP is entered, the user is denied accessand prompted to cancel the process or request a valid OTP.
  21. 21. RADIUS Support:An internet standard that was designed primarily to authenticateremote users• Cisco• JuniperNetwork Access Server (NAS) = “RADIUS Client”PortalGuard = “RADIUS Server”• Citrix• Checkpoint• User accounts defined locally• LDAP Authentication• X.509 certificates• RADIUS
  22. 22. Step 1:The user attempts to connect to the NAS/firewall using either abrowser or VPN client software and is prompted for username andpassword.
  23. 23. Step 2:The NAS communicates the credentials to the PortalGuard serverusing the RADIUS protocol.The PortalGuard server validates the user’s credentials against itsconfigured user repository (e.g. Active Directory).Step 3:
  24. 24. PortalGuard replies to the RADIUS request with an Access-Challengeresponse that includes a custom message that should be displayed tothe user and a random identifier (the “state”) that the NAS will sendback to PortalGuard to identify the same user session.Step 4:The user attempts to connect to the NAS/firewall using either abrowser or VPN client software and is prompted for username andpassword.Step 5:
  25. 25. The NAS displays the custom message requesting the user to enterthe OTP that was sent to their mobile device.Step 6:
  26. 26. Step 7:The user enters the OTP from their mobile device and submitsit to the NAS.
  27. 27. The NAS communicates the credentials to the PortalGuard serverusing the RADIUS protocol.Step 8:Step 9:The PortalGuard server replies to the RADIUS 2nd request with anAccess-Accept response.
  28. 28. The NAS accepts the user’s authentication and the VPNtunnel/session is established. The user is then able to accessinternal resources (e.g. “crm.acme.com”).Step 10:
  29. 29. Configurable through the PortalGuard Configuration Utility:• Expiration, aka “time-to-live” (TTL)• Length• Format• Numeric characters only• Upper/lowercasecharacters• Upper/lowercase &numeric characters• Upper/lowercase,numeric and symbolcharacters• Delivery format, including From, Subject and Body fields
  30. 30. TECHNICAL REQUIREMENTS
  31. 31. A MSI is used to install PortalGuard on IIS 6 or 7.x.This version of PortalGuard supports direct access and authenticationto cloud/browser-based applications, only.• .NET 2.0 framework or later must be installed• (64-bit OS only) Microsoft Visual C++ 2005 SP1 Redistributable Package (x64)• IBM WebSphere/WebSphere Portal v5.1 or higher• Microsoft IIS 6.0 or higher• Microsoft Windows SharePoint Services 3.0 or higher• Microsoft Office SharePoint Server 2007 or later• Microsoft Windows Server 2000• Microsoft Windows Server 2003 (32 or 64-bit)• Microsoft Windows Server 2008 (32 or 64-bit)• Microsoft Windows Server 2008 R2• The network appliance must support RADIUS as an authentication option• The network appliance must support the Access-Challenge response type as well asthe State and Reply-Message attributes• PortalGuard must be licensed for RADIUS support• End-user enrollment of mobile devices or challenge answers must be performedexternal to the RADIUS protocol
  32. 32. THANK YOUFor more information visit PortalGuard.com or Contact Us

Vistos

Vistos totais

225

No Slideshare

0

De incorporações

0

Número de incorporações

1

Ações

Baixados

6

Compartilhados

0

Comentários

0

Curtir

0

×