Two Factor Authentication


Multi Factor Authentication


Multi Factor Authentication



Stronger Authentication: username and passwords are no long enough


Single factor authentication such as password authentication is in many cases no longer considered as secure, as users like to use "easy-to-remember" and hence "easy-to-guess" passwords.

Cyber attackers use countless techniques to get the information they need to hack into your enterprise applications. But nearly all of them ultimately break in using the same method – they take over legitimate user accounts using stolen or cracked user IDs and passwords.

Provide transparent two / multi factor authentication to keep hackers out while granting easy, friction-less access to legitimate users.



Multi-factor authentication ensures that a user is who they claim to be

“Two or Multi Factor Authentication” is :
  • Something that they know, such as a password or a PIN number.
  • Something that they have, such as a mobile phone, a token, a pager, or PDA. 

‘Two Factor’ or ‘Multi-Factor’ Authentication is used to enhance the security for log-on and payment validation - minimising the risk of man-in-the middle attacks.


Background
Key factors why you need two factor authentication
Organisations are deploying core business applications and sensitive resources across a greater number of web-based, cloud-based and on premise servers.

In the current de-centralised IT environment, the organisation’s Virtual Private Network (VPN) is just one of several ways to access confidential network resources and critical business applications (this system creates an encrypt tunnel between the client endpoint device and the network edge / VPN appliance).

As employees become increasingly mobile and expect greater access, organisations are looking to ensure secure VPN access. Administrators need to create consistent and granular authentication policies for secure access to all corporate resources and keep their authentication solution flexible, cost-effective, and easy to-deploy.

Solution platforms from Securenet Consulting provide organisations with the flexibility to deploy a wide range of form factors side-by-side: Depending on employee usability requirements and privileges within the organisation, you can select the authentication methods most suitable to them, including: software, hardware, smart cards, USB, one-time password (OTP), and OOB authenticators.



In the early days of authentication (and in many systems still today) authentication is based upon just a single factor of authentication, specifically a combination of a username and a password (UNP). There is an increasing awareness that this is not sufficient for many systems. This realisation is showing itself not only in the increasing number of organisations that are moving to multi-factor authentication but also in more regulations and legislation that are mandating multi-factor authentication.

There are three driving forces are behind this. Firstly the increasing value of the systems being protected by authentication systems, secondly the increasing availability and variety of tools that can be used effectively against simple UNP authentication, and thirdly the increase in cybercrime.

Static passwords are susceptible to keyboard sniffers, password guessing bots and shoulder surfing, and a network that relies on this one-factor authentication method is very vulnerable to replay attacks.

The corporate perimeter has changed; users no longer access applications and data from their corporate network alone. Company resources are accessed with smartphones, tablets and other on-the-go devices. In addition, many businesses are required to employ authentication solutions, as mandated by the Payment Card Industry Data Security Standard (PCI DSS), FFIEC Authentication Guidance and other regulations.


Where to use Authentication

  • Remote access to internal networks via SSL / VPN and browser-based applications
  • Intranets and extranets
  • Web applications
  • Webmail access

> Flexible and Friction-less Multi Factor Authentication Management

Comprehensive identity access and management solutions administer, monitor, and manage strong authentication deployments across the organisation.


> Integrate with Directory Platforms: Microsoft (Active Directory), LDAP, Radius, Kerberos, 802.1x, Oracle, Sun, Novell, SafeNet, RSA.

 

Types of Authentication Methods

> Software


> Hardware


> Smart Card


> USB


> Tokenless


> Certificate management


> Single Sign-on


> Voice Recognition


> Biometric

> One-Time Password (OTP)


> OOB authenticators


> Phone Call


> Text Message


> Integrated mobile app notification


> 802.1X Wireless Authentication





> Protect customer data, validate trusted access and transactions with proven solutions for the banking and financial services industry


> Hassle free way to secure remote and external network and data access


For user logins outside the corporate network, you can enforce multi-factor authentication for security stronger than a user name and password.


> Protection of your sensitive data when accessed by remote applications

  • Remote Desktop Protocol
  • VMware Horizon View
  • Citrix XenApp
  • Mobile Device Web Access
 

> Authentication for compliance


Compliance: PCI DSS requirement 8.3  

Implement two-factor authentication for remote access to the network by employees, administrators, and third parties. Use technologies such as remote authentication and dial-in service or terminal access controller access control system with tokens; or virtual private network with individual certificates.


> Deploy multi factor authentication on-premises or in the cloud

 


> Works with cloud services like Office 365, Salesforce, Dropbox, and other popular services

 


> 802.1x wireless user on-boarding / authentication

Certificate-based network access ensures safe, encrypted wireless access.


> SAML

Integration with identity verification services via common standards such as SAML

Authentication solution options
  • Mobile Device Based – Software Token Authentication 
  • Certificate Checking: private key that corresponds to a public certificate 
  • Flexible Authentication (such as One-Time Password (OTP) and token support) 
  • Cloud-Based Service


Software Tokens 
Many organisations remain dissatisfied with traditional hardware-based authentication, which can be costly and cumbersome for administrators and users alike.

With the increasing popularity of smart phones, users expect not to carry a dedicated device for generating OTPs. Fortunately, smart phones can be leveraged to generate the OTP. 



Tokenless Two-Factor Authentication
Instead of having to invest, distribute and carry a spare token device, Tokenless utilises something a user already has, e.g. a mobile phone.



Mobile Device - Software-Based Authentication  
Leverage your users' mobile devices for strong authentication to on-premise and cloud managed services, for example, Office 365.

Save on hardware and deployment costs, while users benefit by not having to carry an additional hardware token around with them. 


Utilise your MDM (Mobile Device Management) programme 

for secure BYOD, mobile and wireless network access for authentication.



One Time Password (OTP)

Automatic Key / Password Generation

  • One time password (OTP) systems avoid most of the shortcomings of static passwords. 

  • OTP can be sent to the user by SMS or email, or it can be self-generated by using a physical or soft token. 

  • Randomly generated, so they can’t be predicted or reused. 

  • OTP password process for acess control.














Compatible with all major mobile device brands






Certificate-Based Authentication
Leverages your current VPN authentication infrastructure, including your corporate directory system and VPN hardware. 

  • Deploy a trusted root certificate to your VPN hardware devices to provide a point from which administrators can control user access. 
  • Users access a simple co-branded Web portal, download the certificate and install it on their remote system. 
  • When a user logs into the VPN, they are prompted to use the certificate and password for authentication.



USB Tokens & Smart Cards
Certificate-Based Token Solutions 
  • USB Tokens
  • Smart Cards (credit card size)
  • Hybrid Tokens: Authenticators that combine one-time password, encrypted flash memory or certificate-based technology on the same strong authentication device.
 
1.

2.


3.

Biometric  

Authenticate individuals, not something they carry or something they know.










Two-factor authentication as a managed service offers an operationally more cost-effective option than token-based.

Traditional authentication practices that depend on hardware tokens are especially complex and costly for a growing organisation.
 

Hosting your certificate issuing from a service provider for authentication purposes is a flexible solution for any organisation and can easily scale to tens of thousands or more employees.


SecureNet offers organisations a single integrated platform to extend their users’ on-premise identities to cloud applications (private or hosted platforms like SaaS-based cloud applications such as Google Apps and Salesforce.com). 

By so doing, organisations are able to centrally manage and control their strong authentication and security needs, as well as provide a complete single sign-on experience to applications residing in the corporate data center and the cloud






Diagram for two factor authentication to cloud-based Microsoft applications
Authentication to cloud-based Microsoft applications













 

Diagram below: vCloud Air authentication

vCloud Air authentication













Contact SecureNet Consulting today for solutions advise, professional services, engineering and proof of concept resources for two factor authentication solutions.


SecureNet Consulting Professional Services
SecureNet Consulting Technical Engineering
http://www.securenetconsulting.co.uk/p/contact-us.html
SecureNet Consulting Managed Services
SecureNet Consulting IT Support Services
http://www.securenetconsulting.co.uk/p/training_7.html


















+44(0)7714 209927

info@securenetconsulting.co.uk

http://eepurl.com/GKx25https://www.linkedin.com/in/paul-rummery-0b89535http://www.fhttps/www.facebook.com/pages/SecureNet-Consulting/188102854572105https://plus.google.com/116898209106255177774