Embed Size (px)
Citation preview
© 2005-07 NeoAccel, Inc.
TWO FACTOR AUTHENTICATION
Corporate Presentation
© 2005-07 NeoAccel, Inc.
What is Authentication?
• Authentication is the process of identifying a user.
• Authentication is the process of establishing whether or not a real-world subject is who or what its identifier says it is.
• The verification of the identity of a person or process.
© 2005-07 NeoAccel, Inc.
Uneasiness of using strong password
• Long & Complex Passwords
• Limited duration for password validity
• Continuous password change & resets
• password generation
© 2005-07 NeoAccel, Inc.
To the rescue
What’s The Solution?....
TWO FACTOR AUTHENTICATION
© 2005-07 NeoAccel, Inc.
Two Factor Authentication
Two-Factor Authentication:What is it?...
Something you know…
Something you are…
+OR
Something you have...
© 2005-07 NeoAccel, Inc.
Something You Know
“Something You Know…….”
• User Id & Password
• PIN (Personal Identification Number)
• Account Number
• Certificates
© 2005-07 NeoAccel, Inc.
Something You Have
“Something You Have….”
A physical element (Token) which is in
the sole possession of the valid owner,
and of which only one physical copy
exists.
Smart Cards
Multi-Function Devices
USB Token
OTP Token
TokensTokens
© 2005-07 NeoAccel, Inc.
Something You Are
“Something You Are….”
Biometrics
Voice RecognitionRetinal Scan
Finger Print Recognition
© 2005-07 NeoAccel, Inc.
Why Two Factor is Strong
• Identity theft prevention
• Prevention from phishing & replay attacks
• Loss of one of the factors does not compromise security
• Lost token’s or certificates can be revoked
© 2005-07 NeoAccel, Inc.
Two Factor Authentication
• RSA Secure ID• Hardware One Time Password (OTP) Tokens• Software based OTP Tokens• SSL Client Certificate on Tokens
Two Factor authentication in NeoAccel SSL VPN-Plus
© 2005-07 NeoAccel, Inc.
RSA Secure ID
• Admin activates RSA Token for each user and provides to the user
• User provides username and One Time Password code generated by RSA token to login into SSL VPN-Plus
•SSL VPN-Plus Gateway talks to RSA Secure ID RADIUS Server to authenticate the user
•If required RSA Server can ask for Next PIN or Change PIN
© 2005-07 NeoAccel, Inc.
RSA Secure ID User Interface
SSL VPN-Plus Web Access Terminal
No client software required
SecureSimplified
Access
© 2005-07 NeoAccel, Inc.
Hardware OTP Tokens
• Cheap alternative to RSA Secure ID solution
• Admin activates OTP Token for each user and provides to the user
• User provides username and One Time Password code generated by token to login into SSL VPN-Plus
•SSL VPN-Plus Gateway talks to OTP Token Server to authenticate the user
© 2005-07 NeoAccel, Inc.
Hardware OTP Tokens…contd
• Any third party OTP Hardware Token that provides RADIUS or AD interface is supported by SSL VPN-Plus
• Tested with Aladdin, Secure Computing, Vasco tokens
© 2005-07 NeoAccel, Inc.
Software based OTP Tokens
• Cheapest OTP Solution
• OTP is generated by software agent running on PC, mobile, PDA, palmtop, etc.
• User need to carry extra device
• Admin provides PIN and software to user to install on the device used by User
© 2005-07 NeoAccel, Inc.
Software based OTP Tokens…contd
• Any third party Software Token is supported if the server module provides RADIUS or AD interface
• SSL VPN-Plus has been tested with Wikid Software Token solution (User need to carry extra device)
© 2005-07 NeoAccel, Inc.
SSL Client Certificate
• Authenticate users based on the SSL Client Certificate produced by user at the time of login
•Admin creates SSL Client certificates for users and provide to users via email or place it on hardware tokens
• User provides SSL Certificate at the time of login when asked by Gateway
•Gateway uses CA cert specified by Admin to verify the validity of Client Certificate
© 2005-07 NeoAccel, Inc.
SSL Client Certificate…contd
• Easy to deploy and manage
•Based on proven most secure PKI technology
• Client Certificate can be installed on user’s PC or a USB token that can be easily carried by user
• Client Certificate can be easily revoked if device carrying the certificate is lost
© 2005-07 NeoAccel, Inc.
The End
NeoAccel, NAM-Plus, SSL VPN-Plus, Intelligent Connection Acceleration Architecture, ICAA, TSSL, and Secure Everything are trademarks of NeoAccel, Inc. All other names are or may be trademarks of their respective owners.
