Two Factor Authentication

Views:
 
     
 

Presentation Description

PortalGuard’s Flexible Two-factor Authentication options are designed as strong authentication methods for securing web applications. PortalGuard leverages a one-time password (OTP) as a factor to further prove a user's identity. The OTP can be delivered via SMS, email, printer, and transparent token. Configurable by user, group or application this is a cost effective approach to stronger authentication security. - Tutorial: http://pg.portalguard.com/flexible_two-factor_tutorial

Comments

Presentation Transcript

PowerPoint Presentation:

Two-factor Authentication: Highlighting the Multi-factor Authentication Layer of the PortalGuard Platform A Tokenless Approach Understanding PortalGuard’s

PowerPoint Presentation:

Define PortalGuard Understand the need for two-factor authentication Learn about PortalGuard’s Two-factor Authentication Options See the step-by-step Authentication Process Know the technical r equirements By the end of this tutorial you will be able to…

The PortalGuard software is a Contextual Authentication platform which is focused on enhancing usability, while maintaining a balance between security, auditing and compliance for your web, desktop and mobile applications. :

The PortalGuard software is a Contextual Authentication platform which is focused on enhancing usability, while maintaining a balance between security, auditing and compliance for your web, desktop and mobile applications. Single Sign-on Password Management Password Synchronization Self-service Password Reset Knowledge-based Two-factor Authentication Contextual Authentication Real-time Reports/Alerts Usability Security

PowerPoint Presentation:

Before going into the details… Configurable by user, group or application Configure One-time Password (OTP) length, expiration and format Send OTP via SMS, email, transparent token and printer No SMS gateway required Cost effective and competitively priced Tailored Authentication for an exact fit Enforced for direct access to applications, VPN using RADIUS and during a self-service password reset, recovery, or account unlock

PowerPoint Presentation:

APPLICATIONS

PowerPoint Presentation:

Two-factor Authentication is… Used to increase security by requiring: “Something you know” “Something you have” AND

PowerPoint Presentation:

Aren’t all Two-factor Authentication Solutions the Same? They will increase your security however… Inflexible Low usability High total cost of ownership Tokens are expensive, forgotten and need replacement/repair

PowerPoint Presentation:

ONE-TIME PASSWORD (OTP) Transparent Tokens Web/cloud application directly VPN connection using RADIUS Self-service password reset, recovery, or account unlock

PowerPoint Presentation:

How do I choose? SMS Attack Prevention – both passive and active Total Cost of Ownership Support/Maintenance Requirements Client-side Software Ease of Use Portability

PowerPoint Presentation:

Increased security - add an extra layer of authentication to application access, VPN access, or during a self-service password reset Reduce Risk - prevent attacks by leveraging credentials which expire after one use Usability - leverage hardware a user already has for increased user adoption Eliminate forgotten passwords - leverage a username and OTP only as credentials Configurable - to the user, group or application levels Flexible - multiple OTP delivery methods available

PowerPoint Presentation:

HOW IT WORKS

PowerPoint Presentation:

PortalGuard provides flexibility… Allows you to configure whether the enrollment will be forced or able to be postponed “x” number of times by the user.

PowerPoint Presentation:

Step 1: PortalGuard’s login screen is presented when a user visits the web-application. Step 2: The user enters their username and clicks continue. Step 3: The PortalGuard server sends the OTP to the user’s mobile phone within 5-10 seconds, in the form of an SMS. Step 4: The user is prompted for a password and OTP. Step 5: The user enters in the OTP they received and clicks “Log On”. Step 6: The user gains access to the web-application and data. Step 7: This is an example of a user attempting to use an expired OTP that was never used. Once the expired OTP is entered, the user is denied access and prompted to cancel the process or request a valid OTP.

PowerPoint Presentation:

Step 1: PortalGuard’s login screen is presented when a user visits the web-application.

PowerPoint Presentation:

Step 2: The user enters their username and clicks continue.

PowerPoint Presentation:

The PortalGuard server sends the OTP to the user’s mobile phone within 5-10 seconds, in the form of an SMS. Step 3:

PowerPoint Presentation:

Step 4: The user is prompted for a password and OTP.

PowerPoint Presentation:

Step 5: The user enters in the OTP they received and clicks “Log On”.

PowerPoint Presentation:

Step 6: The user gains access to the web-application and data.

PowerPoint Presentation:

Step 6: This is an example of a user attempting to use an expired OTP that was never used. Once the expired OTP is entered, the user is denied access and prompted to cancel the process or request a valid OTP.

PowerPoint Presentation:

RADIUS Support: An internet standard that was designed primarily to authenticate remote users Cisco Juniper Network Access Server (NAS) = “RADIUS Client” PortalGuard = “RADIUS Server” Citrix Checkpoint User accounts defined locally LDAP Authentication X.509 certificates RADIUS

PowerPoint Presentation:

Step 1: The user attempts to connect to the NAS/firewall using either a browser or VPN client software and is prompted for username and password.

PowerPoint Presentation:

Step 2: The NAS communicates the credentials to the PortalGuard server using the RADIUS protocol. The PortalGuard server validates the user’s credentials against its configured user repository (e.g. Active Directory). Step 3:

PowerPoint Presentation:

PortalGuard replies to the RADIUS request with an Access-Challenge response that includes a custom message that should be displayed to the user and a random identifier (the “state”) that the NAS will send back to PortalGuard to identify the same user session. Step 4: The user attempts to connect to the NAS/firewall using either a browser or VPN client software and is prompted for username and password. Step 5:

PowerPoint Presentation:

The NAS displays the custom message requesting the user to enter the OTP that was sent to their mobile device. Step 6:

PowerPoint Presentation:

Step 7: The user enters the OTP from their mobile device and submits it to the NAS.

PowerPoint Presentation:

The NAS communicates the credentials to the PortalGuard server using the RADIUS protocol. Step 8: Step 9: The PortalGuard server replies to the RADIUS 2nd request with an Access-Accept response.

PowerPoint Presentation:

The NAS accepts the user’s authentication and the VPN tunnel/session is established. The user is then able to access internal resources (e.g. “crm.acme.com”). Step 10:

PowerPoint Presentation:

Configurable through the PortalGuard Configuration Utility: Expiration , aka “time-to-live” (TTL) Length Format Numeric characters only Upper/lowercase characters Upper/lowercase & numeric characters Upper/lowercase , numeric and symbol characters Delivery format, including From, Subject and Body fields

PowerPoint Presentation:

TECHNICAL REQUIREMENTS

PowerPoint Presentation:

A MSI is used to install PortalGuard on IIS 6 or 7.x. This version of PortalGuard supports direct access and authentication to cloud/browser-based applications, only. .NET 2.0 framework or later must be installed (64-bit OS only) Microsoft Visual C++ 2005 SP1 Redistributable Package ( x64) IBM WebSphere / WebSphere Portal v5.1 or higher Microsoft IIS 6.0 or higher Microsoft Windows SharePoint Services 3.0 or higher Microsoft Office SharePoint Server 2007 or later Microsoft Windows Server 2000 Microsoft Windows Server 2003 (32 or 64-bit) Microsoft Windows Server 2008 (32 or 64-bit) Microsoft Windows Server 2008 R2 The network appliance must support RADIUS as an authentication option The network appliance must support the Access-Challenge response type as well as the State and Reply-Message attributes PortalGuard must be licensed for RADIUS support End-user enrollment of mobile devices or challenge answers must be performed external to the RADIUS protocol

PowerPoint Presentation:

THANK YOU For more information visit PortalGuard.com or Contact Us

authorStream Live Help