SafeNet Authentication Service — management system one-time passwords
About a year ago, in the article "lived eToken, eToken alive, eToken will to live" I mentioned a product like Gemalto Safenet Authentcation Service, it's time to talk about it in more detail. This article is introductory, but there are other, more technical, and I think even with real business cases.
IT professionals are often faced with the question of strengthening the security of a service. And the question of identification of the user authentication plays a key role in the security of the service.
What to choose:
the
Because the use of the decision should not complicate access to the service, otherwise it will lead to resistance from the end user. According to statistics, most cases, compromise of a user occurs at the stage of authentication. Before you figure out what to use in practice, IT managers are subjected to a serious evaluation of various methods. Special attention is paid when users work from the so-called "an untrusted environment."
For example, in the work of the user from an untrusted environment enters their user identification data and password to authenticate, being at someone else's computer, say in an Internet cafe. Meanwhile, a hacker can intercept network packets or input data from the keyboard that will allow them to continue to use user data. All user-entered information to an untrusted environment may be cached locally on the computer that he used.
Of course, the removable media in the form of a smart card or USB token is much safer than using passwords. But what to do when it's a special case, when the user needs at the moment to use a smart card or USB token outside of the office. Not to mention the fact that for each type of smart cards and USB-tokens you must have specialized software (software) on your computer. What in the public area, the hope does not have and is not likely will be able to install it. As it is impossible to exclude the need for a free USB port, which can be blocked for the connection of USB tokens or hardware a PC with a reader to operate a smart card. And given the increased popularity of users to work for mobile devices, the possibility of using them alienated media is significantly lower.
Much easier to use one-time passwords — OTP — One-Time Password for a single authentication procedure of the user. Such a password is easier and more convenient to use. The one-time password makes no sense to intercept with the help of Keylogger or fear that it will be cached on the computer. It is useless to pry the one-time password or think that it can intercept in a network packet. At the moment this is the only tokens that do not require any connection to a personal computer or the availability of specialized software working with any platform in any environment. A large choice of lineup in the form of one-time password generators allow enterprises to provide enhanced security to grant access to corporate resources, the portal (s) or the user's personal account, to which now the business is a separate requirement for security.
What to do when we have determined with the method of the user authentication? Share role responsible for the management and support service? How to manage the lifecycle of OTP-tokens that are distributed to users? How to keep track of their status? How to improve the support service users? These and many more questions can arise to IT managers.
A key role in addressing these issues is the choice of solution that will cope with the task life-cycle management of OTP tokens. As the main objective, after you enter the token into operation and transfer them into the hands of users, providing in the shortest possible time timely service to the users token. Of course the market has a sufficient number of control systems, but first and foremost it is worth paying attention to mono-vendornet solutions. Nobody is better as a vendor your tokens doesn't know.
You can not go past the company's solutions Gemalto-SafeNet – SafeNet Authentication Service, which is annually nominated for "Best solution for multi-factor authentication" number of respected publications and research companies.
the
Choosing the right solution for authentication is of great importance in reducing the business risks. Of course, the best solutions have the largest number of supported models of tokens and can protect both cloud and on-premises applications and services and any network access from any device. But it's not just about security, it is also about how easy you can deploy, manage and scale the authentication solution.
What is the SafeNet Authentication Service.
SafeNet Authentication Service is a fully automated service multi-factor authentication, which aims to serve users with tokens. SafeNet Authentication Service extends to 2 types of revisions. The local version that you can deploy your own infrastructure enterprise. And also as the cloud version — this service is already deployed and do not need to ask the question: "where to find resources for its unfolding?". Management of SafeNet Authentication Service is implemented in a browser-based admin console. In the console, the optimal control conditions of processes: automated user provisioning and repository users, for example, if you have the basis of a user does an LDAP directory or a DBMS; configure self-service user; the widest configuration of authentication mechanisms and protection for all of your most valuable corporate resources, both local and web resources or resources in the cloud.
SafeNet Authentication Service supports the following authentication methods and form factors:
the
Software tokens SafeNet Authentication Service supports a large number of platforms, including: Windows OS, MS Windows, Windows Mobile, MAC OS X, iOS, Android and BlackBerry. SafeNet Authentication Service supports a different combination of user profiles, which allow you to combine different methods of passing authentication with the requirements of the enterprise security policy.
Hardware OTP tokens are used to generate highly secure one-time passwords. Large selection of model number of hardware tokens eToken PASS eToken GOLD, KT-4, RB-1 allows you to authenticate users to critical applications and data.
SafeNet Authentication Service uses Enterprise - standard RADIUS and SAML protocols, which essentially means that the service can be integrated into any network and the application, including solutions from all the leading vendors. With SafeNet Authentication Service can be to protect any access to any application.
the
SafeNet Authentication Service out of the box supports VPN with enhanced authentication, such as IPSec and SSL VPN, in other words, there is compatibility vendors manufacturers such as Cisco, Checkpoint, Juniper, F5, Palo Alto, SonicWall, WatchGuard and Citrix. The extension of the enhanced authentication in the virtualization infrastructure (VDI) will ensure the reliability of the authentication to "thin clients", mobile terminals and personal devices of employees (BYOD), virtualization environments from Citrix, VMware, and AWS (Amazon Web Services).
the
Not so long ago, the official distributor of solutions Gemalto-SafeNet in Russia TESSIS (Technologies, Systems and Solutions for Information Security) has announced that it has been renewed the certificate of conformity FSTEK №3070 till 27 Jan 2020. The solution can be used in information systems and systems processing personal data for the 3 and 4 class of security with the current threat of absence of not declared possibilities of the 3 types.
Case studies, when and where to use SAS?
Financial institutions and online banking
the
Telekom and Telecom operators:
the
Medical and pharmaceutical organizations:
the
Corporate security:
the
In conclusion, I would like to note that the choice in favor of enhanced authentication and use of passwords does protect user authentication. One-time passwords convenient and easy to use for access to corporate resources, portals and cloud services. The user does not have to remember passwords as a one-time password entered and forgotten. But it is also important that regardless of the workplace, for which the user is working, it does not need to install the driver for the token. And using SafeNet Authentication Service, we get the complete solution on organization of access to different services and life-cycle management of OTP-tokens. The concept of SafeNet Authentication Service is to make multi-factor authentication available to the public. And the use of SafeNet Authentication Service proves that high security doesn't mean high cost and expensive maintenance of the service.
Article based on information from habrahabr.ru
IT professionals are often faced with the question of strengthening the security of a service. And the question of identification of the user authentication plays a key role in the security of the service.
What to choose:
the
-
the
- Use the Login & Password? the
- to Deploy a PKI infrastructure, and to hand over the certificates? the
- to Strengthen the authentication one-time passwords?
Because the use of the decision should not complicate access to the service, otherwise it will lead to resistance from the end user. According to statistics, most cases, compromise of a user occurs at the stage of authentication. Before you figure out what to use in practice, IT managers are subjected to a serious evaluation of various methods. Special attention is paid when users work from the so-called "an untrusted environment."
For example, in the work of the user from an untrusted environment enters their user identification data and password to authenticate, being at someone else's computer, say in an Internet cafe. Meanwhile, a hacker can intercept network packets or input data from the keyboard that will allow them to continue to use user data. All user-entered information to an untrusted environment may be cached locally on the computer that he used.
Of course, the removable media in the form of a smart card or USB token is much safer than using passwords. But what to do when it's a special case, when the user needs at the moment to use a smart card or USB token outside of the office. Not to mention the fact that for each type of smart cards and USB-tokens you must have specialized software (software) on your computer. What in the public area, the hope does not have and is not likely will be able to install it. As it is impossible to exclude the need for a free USB port, which can be blocked for the connection of USB tokens or hardware a PC with a reader to operate a smart card. And given the increased popularity of users to work for mobile devices, the possibility of using them alienated media is significantly lower.
Much easier to use one-time passwords — OTP — One-Time Password for a single authentication procedure of the user. Such a password is easier and more convenient to use. The one-time password makes no sense to intercept with the help of Keylogger or fear that it will be cached on the computer. It is useless to pry the one-time password or think that it can intercept in a network packet. At the moment this is the only tokens that do not require any connection to a personal computer or the availability of specialized software working with any platform in any environment. A large choice of lineup in the form of one-time password generators allow enterprises to provide enhanced security to grant access to corporate resources, the portal (s) or the user's personal account, to which now the business is a separate requirement for security.
What to do when we have determined with the method of the user authentication? Share role responsible for the management and support service? How to manage the lifecycle of OTP-tokens that are distributed to users? How to keep track of their status? How to improve the support service users? These and many more questions can arise to IT managers.
A key role in addressing these issues is the choice of solution that will cope with the task life-cycle management of OTP tokens. As the main objective, after you enter the token into operation and transfer them into the hands of users, providing in the shortest possible time timely service to the users token. Of course the market has a sufficient number of control systems, but first and foremost it is worth paying attention to mono-vendornet solutions. Nobody is better as a vendor your tokens doesn't know.
You can not go past the company's solutions Gemalto-SafeNet – SafeNet Authentication Service, which is annually nominated for "Best solution for multi-factor authentication" number of respected publications and research companies.
 |
 |
 |
Choosing the right solution for authentication is of great importance in reducing the business risks. Of course, the best solutions have the largest number of supported models of tokens and can protect both cloud and on-premises applications and services and any network access from any device. But it's not just about security, it is also about how easy you can deploy, manage and scale the authentication solution.
What is the SafeNet Authentication Service.
SafeNet Authentication Service is a fully automated service multi-factor authentication, which aims to serve users with tokens. SafeNet Authentication Service extends to 2 types of revisions. The local version that you can deploy your own infrastructure enterprise. And also as the cloud version — this service is already deployed and do not need to ask the question: "where to find resources for its unfolding?". Management of SafeNet Authentication Service is implemented in a browser-based admin console. In the console, the optimal control conditions of processes: automated user provisioning and repository users, for example, if you have the basis of a user does an LDAP directory or a DBMS; configure self-service user; the widest configuration of authentication mechanisms and protection for all of your most valuable corporate resources, both local and web resources or resources in the cloud.
SafeNet Authentication Service supports the following authentication methods and form factors:
the
-
the
- authentication Methods
the-
the
- one-time password (OTP) the
- OOB receiving notifications by SMS and/or e-mail the
- Authentication on the basis of the matrix patterns (GrIDsure)
the - Available form factors:
the-
the
- Hardware tokens (OTP-token) the
- Software tokens (OTP application) the
- Phone-as-token
Software tokens SafeNet Authentication Service supports a large number of platforms, including: Windows OS, MS Windows, Windows Mobile, MAC OS X, iOS, Android and BlackBerry. SafeNet Authentication Service supports a different combination of user profiles, which allow you to combine different methods of passing authentication with the requirements of the enterprise security policy.
Hardware OTP tokens are used to generate highly secure one-time passwords. Large selection of model number of hardware tokens eToken PASS eToken GOLD, KT-4, RB-1 allows you to authenticate users to critical applications and data.
SafeNet Authentication Service uses Enterprise - standard RADIUS and SAML protocols, which essentially means that the service can be integrated into any network and the application, including solutions from all the leading vendors. With SafeNet Authentication Service can be to protect any access to any application.
 |
SafeNet Authentication Service out of the box supports VPN with enhanced authentication, such as IPSec and SSL VPN, in other words, there is compatibility vendors manufacturers such as Cisco, Checkpoint, Juniper, F5, Palo Alto, SonicWall, WatchGuard and Citrix. The extension of the enhanced authentication in the virtualization infrastructure (VDI) will ensure the reliability of the authentication to "thin clients", mobile terminals and personal devices of employees (BYOD), virtualization environments from Citrix, VMware, and AWS (Amazon Web Services).
 |
Not so long ago, the official distributor of solutions Gemalto-SafeNet in Russia TESSIS (Technologies, Systems and Solutions for Information Security) has announced that it has been renewed the certificate of conformity FSTEK №3070 till 27 Jan 2020. The solution can be used in information systems and systems processing personal data for the 3 and 4 class of security with the current threat of absence of not declared possibilities of the 3 types.
Case studies, when and where to use SAS?
Financial institutions and online banking
the
-
the
- Use enhanced authentication when verifying an authorized user; the
- ensuring the integrity of the transaction; the
- Mechanisms for coordinating security in each case use to confirm user action.
Telekom and Telecom operators:
the
-
the
- Use enhanced authentication when verifying an authorized user; the
- ensuring the necessary level of efficiency and availability without compromising security; the
- Control access of authorized users to the billing system; the
- Enhanced access security for a wide range of services for customers;
Medical and pharmaceutical organizations:
the
-
the
- Use enhanced authentication when verifying an authorized user; the
- to ensure the necessary level of security when access to the electronic patients file/ database system, stock medications, etc.; the
- Integration with their own software environments;
Corporate security:
the
-
the
- to ensure the protection, enhanced security of the entire environment, covering remote access services, virtual private networks, web-portals, corporate networks and cloud applications; the
- centralized management of authenticators and authorized users;
In conclusion, I would like to note that the choice in favor of enhanced authentication and use of passwords does protect user authentication. One-time passwords convenient and easy to use for access to corporate resources, portals and cloud services. The user does not have to remember passwords as a one-time password entered and forgotten. But it is also important that regardless of the workplace, for which the user is working, it does not need to install the driver for the token. And using SafeNet Authentication Service, we get the complete solution on organization of access to different services and life-cycle management of OTP-tokens. The concept of SafeNet Authentication Service is to make multi-factor authentication available to the public. And the use of SafeNet Authentication Service proves that high security doesn't mean high cost and expensive maintenance of the service.
Комментарии
Отправить комментарий