Upload
authshield
View
60
Download
2
Embed Size (px)
DESCRIPTION
AuthShield- OTP Solution For Uninor - PowerPoint PPT Presentation
Citation preview
Proposed Solution End User Authentication Workflow in SSL VPN
A generic user authentication workflow after integrating with SSL VPN appliance is as follows:
User accesses the VPN login URL. The user request is intercepted by the SSL VPN appliance, which, in turn, redirects the
user request for authentication.
Authentication could be in two ways based on the configuration.....
User Name + (LDAP password*OTP) User Name + (LDAP Password and then on second page provide the OTP) OTP could have multiple form factors as shows in diagram.
User will provide the user name and LDAP password, LDAP is integrated with SSL VPN device and ID Confirm.
For second authentication SSL VPN is integrated with Radius server and Radius sever is integrated with ID Confirm (Formally known as SA server) and ID confirm is integrated with SMS gateway through SMSC/HTTPS.
OTP request will follow the sequence---Radius Server---ID Confirm Sever---SMS Gateway---End User Mobile.
SSL VPN appliance validates the OTP . After successful user authentication, SSL VPN appliance will provides access to the
network.
Note- we are using Microsoft NPS as a Radius server.
High-availability and performances
4
As IDConfirm 1000 Server is based on a traditional J2EE application link to a database, standard web-based high-availability and scalability scheme can be applied
Active / Passive• No session stickiness to manage• Limited performances
• Physical or software solution
Active / Active• Session stickiness to manage• Highly scalable
• Physical or software solution
6
IDConfirm 1000 6.2 - compatibility
Windows 2012, 2012 R2,
Windows 2008 R2 (64 bits)
Redhat 5.8 and 6.4
Supported OS
User Repository
Microsoft Active Directory 2003, 2008 and 2012
Novell eDirectory
Open LDAP
Apache Tomcat 7 on Windows and Linux
Web Sphere on AIX/Windows 8.5.5
Data Base
Web servers
Thales PShield 9000, NetHSM 500
Java Key Store software moduleOracle: 10, 11g
MSSQL 2008, 2012
MySQL 5.1, 5.5
Firebird 2.1
Web Browsers
IE 9, 10, 11
Firefox 24 ESR
Chrome 33
Security Modules
Java
Oracle Java 7
IBM Java 6
IDConfirm – Ease of use
• Whatever your performance needs are,IDConfirm Server can be configured to answer them:
• Requested performances can be achieved with• a single inexpensive server or • multiple powerful machines sharing a powerful database
configuration via a powerful network
• Requested performances can be achieve via a high availability configuration:
• Fail Over configuration using a third party products – Safekit (Evidian), BigIP (F5)…
• Monitoring, logs– Admin Log: Rolling File (default), NT Event, Syslog, SNMP
• Load Balancing configuration using a third party load balancer
– BigIP (F5), …
• Back-up and restore: based on solutions attached to Database environment and application file backup
7
• Whatever your IT configuration is, You can probably add IDConfirm Solution without changing your practices:
• Agnostic to hardware configuration: OS, DB, LDAP, Application server, Web Browsers
• Easy integration via standard protocol:• XML over HTTP Web API for any application
compatible with those standards• RADIUS (NPS and Free Radius)
• Support for main browsers via a dedicated Plug-In (SConnect technology)
• Deployment scenarios are documented for typical configurations.
SMS OTP option
• SMS is used for the delivery of OTPs • Easy to use – simple user experience with no client software to install
and maintain and no impact on customer phone• No additional hardware to carry• Customer need to subscribe to Mobile Messaging Operator that offers
an SMSC- or HTTP-compatible API SMS Provider • only MMOs with an appropriate service level agreement and coverage area
should be considered.• Simple SMS profiles configuration in IDConfirm
• MMO connections• the format for the message that is sent to the user with the one-time password.
8
OTP: 256987
SMS OTP: How it works
• Request OTP by SMS (User ID, Password)
• Receive OTP by SMS9
OTP code is: 255025
11
Based on Vision and Ability to Execute
Recognized Industry Leadership again by Gartner
Market understanding and very strong innovation
World leader in digital security with a true vision for mobile
Customers are well-dispersed geographically
Best value for money: TCO + 100% satisfaction
Joint third most frequently shortlisted vendor
Best trajecto
ry on Gartner U
ser Authentication M
Q In 2 years
Thank You !
The Safe++ team can perform an on-site / off-site assessment of your security set-up and help you build and drive a cost effective and business risk driven organizational security strategy.
To set up a discussion do write in to us at [email protected]
www.safeplusplus.com
Safe ++ Global Technology Services Pvt. Ltd.
Corporate Office: 002 & 003, BPTP Park Centra, Sec-30, NH-8, Gurgaon-122001, Haryana, India