Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com Implementing Secure Workstations via Advanced Authentication and Secure Application.

Published byAleesha Waters Modified over 8 years ago

Similar presentations

Presentation on theme: "Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com Implementing Secure Workstations via Advanced Authentication and Secure Application."— Presentation transcript:

1 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com Implementing Secure Workstations via Advanced Authentication and Secure Application Access Roy Lopez Director, Systems Engineering New York District Novell Inc., rlopez@novell.com

2 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 2 : : : : Opening the door to Web services Novell exteNd ™ Securely getting the right information to the right people Novell Nsure ™ The best foundation for your mixed environment Novell Nterprise ™ The experience to solve your business problems Novell Ngage Novell Nsure solutions take identity management to a whole new level. Combining award-winning products, customer-driven services and committed business partnerships, Novell Nsure gives you the power to control access so you can confidently deliver the right resources to the right people — securely, efficiently and, best of all, affordably. Novell one Net vision SM

3 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 3 Summary of the Solution Goal: Implement a Secure Workspace for our Employees, Customers or Partners Solution: 1.Implement Secure Authentication above, or in addition to standard Password Authentication 2.Implement a Single Sign On Solution for the required applications 3.Extend the Single Sign On Solution with Advanced Authentication

4 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 4 Agenda Implement Secure Authentication above, or in addition to standard Password Authentication – Using Novell Modular Authentication Services Implement a Single Sign On Solution for the required applications – Using Novell SecureLogin Extend the Single Sign On Solution with Advanced Authentication Demo

5 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 5 ***** ********* *** jj122 johnnyj294 ******** Password Management Problem Poor end user experience Too many to remember! johnnyjohnjohn jjohnson077 johnnyboy_313 johnny_thegolfer413 johnmeister_192 ****** ******************************************************************************** bigjohn_92 johnnyj294 jjohnson077 ****** johnathan_17 jjj_021 john_Johnson_45 **** st.john_140 johnnyjjohnson_04

6 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 6 What is NMAS? Secure Enterprise Access Management Novell Modular Authentication Services provides a framework in support of alternative authentication, which adds more security support for Workstation Access, while reducing the risk of information compromise within the organization by enabling strong authentication and advanced authorization Currently in its 2.1 version, and shipping since 1999 While focused initially on just the NetWare platform, it has now delivered as a component of Novell’s eDirectory, and by definition is a cross-platform framework available on AIX, Linux, NetWare, Solaris, Windows NT, and Windows 2000. NMAS is included with eDirectory 8.7.1!!!

7 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 7 eDirectory Report Q1 Numbers 6.38 billion This number is the total distributed licenses, counted by same methodology used by Sun and Microsoft. This number is an unrealized (and unrealistic) potential number. 1.4 Billion This number is the number claimed by customers. We saw 100% increase in this number in Q1 due to competitive promotion, actual licensed Novell products and redistribution program. (Average growth at 28 -30%) 20,000+ unique customers This number represents all customers through standalone, product bundling and redistribution program. (18% attributed to our NetWare ® bundling, remaining 82% are attributed to other Novell and partner products and solutions.)

8 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 8 Business benefits of NMAS Security Completely integrated with Novell eDirectory™, offering easy setup for strong authentication and advanced authorization Choice Support of many authentication (login) methods Simplicity Single point of administration for identity management Consistency Consistent, company-wide security policy through eDirectory

9 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 9 Key features of NMAS Multiple identification methods Multi-factor authentication (method chaining) Pre and Post login methods Third-Party method and device support Method signing Access Controls based upon Login Method(s)

10 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 10 NMAS Identification Factors for non-repudiation Something You Are—Biometrics – Fingerprint – Voice – Facial recognition – Etc. Something You Hold – Smart Cards – X.509 Certificates – Challenge/Response Tokens – Proximity Cards Something You Know – Passwords

11 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 11 Characteristics of Identification Factors Easy to use PIN to unlock (optional) PIN to unlock Nothing to remember Password Token Internet Smartcard Biometric Best if long/complex Better ID via Internet Contains user certificate Excellent identifier Good for UsersGood for Security

12 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 12 Deception – Social Engineering Kevin and Company was able to make an end run around all security device by using social engineering. He has book describes how he and others were able to obtain passwords and more.

13 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 13 Multi-Factor Authentication OR Or in the future, something else Password and Biometric and Smart Card Biometric and Smart Card Password or Biometric OR

14 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 14 Third-party Method and Device Support http://www.novell.com/products/nmas/partners/

15 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 15 NMAS Components (ConsoleOne ™ ) Novell User Method Management GUI (ConsoleOne ® ) Novell Cert Serv NICI NDS CA Service 3 rd party services NMAS client LCM NDS PWD LCM Smartcard/ Biometrics NMAS server PWD LSM NDS (MAF protocol) LSM Smartcard/ Biometrics

16 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 16 Login Sequences NMAS allows methods to be “chained” together into login sequences Each method in a sequence is executed in the order specified Methods can be entered into “and” / “or” sequences All methods in an “and” sequences must be passed for authentication to be successful only one method is required to be completed for success in an “or” sequence

17 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 17 Login sequences are stored on a multi-valued attribute of the login policy object

18 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 18 Engineering a Login Sequence multiple method sequence

19 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 19 NMAS Web Client Workstation Browser Plug-in NMAS Agent LCM HTTPLDAP Web App Server NMAS Client LCM XTier J2EE/Servlet Container NMAS Client LCM iManager Auth Gadget IChain ® Saturn LDAP SDK eDirectory LCM Transport NMAS Server

20 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 20 Authentication Grading Use multi-factor authentication for better security Novell Directory Services ® (NDS ® ) password + token = password + token access X.509 cert + skin analysis = password + bio access Fingerprint + smartcard + password = B + T + P access Associate clearance levels depending on how the user authenticates Set security labels on volumes controls visibility to single sign-on applications Currently Authentication Grading is only available for NetWare Volumes, but is targeted to go xPlatform

21 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 21 Access control example biometric Biometric Clearance Biometric & Passwd Research Access PayrollToken SalesPassword DepartmentLabel Read Write Read Research Information

22 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 22 BiometricResearch Access PayrollToken SalesPassword DepartmentLabel Payroll Information Access control example SmartCard and password Token Clearance Read Write

23 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 23 Agenda Implement Secure Authentication above, or in addition to standard Password Authentication – Using Novell Modular Authentication Services Implement a Single Sign On Solution for the required applications – Using Novell SecureLogin Extend the Single Sign On Solution with Advanced Authentication Demo

24 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 24 The Application Authentication Problem Too many interfaces!

25 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 25 Single Sign-On Solution Novell SecureLogin A solution that single sign-on enables Windows, web, Citrix/Terminal Server, and host-based applications Solves 95% of password management problems (IDC) #1 Market Share Leader (IDC) Originally created by Jason Hart at Protocom For the past two years, has been OEMed by Novell

26 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 26 eDirectory Securely Store passwords in eDirectory How does SecureLogin work?

27 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 27 For on-demand submission to applications How does SecureLogin work? eDirectory

28 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 28 How it Works: Login Experience – Before NSL Application Server Provide Credentials Application Starts Launch Application Credential Challenge Client Workstation Login

29 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 29 How it Works: Login Experience – With NSL Application Server Novell eDirectory Launch Application Credential Challenge Authenticate to eDirectory NSL Receives Secret (ID/PWD) from eDirectory, then authenticates to Application Client Workstation NSL Requests Secret from eDirectory

30 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 30 Agenda Implement Secure Authentication above, or in addition to standard Password Authentication – Using Novell Modular Authentication Services Implement a Single Sign On Solution for the required applications – Using Novell SecureLogin Extend the Single Sign On Solution with Advanced Authentication Demo

31 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 31 Scripting Commands AAVerify Add Break Call ChangePassword Class Click Ctrl Delay Dialog / EndDialog DisplayVariables Divide Parent / EndParent PickListAdd PickListDisplay ReadText RegSplit Repeat / EndRepeat RestrictVariable Run SendKey Set SetCursor EndScript GetText GetURL GotoURL GT / LT / EQ If / Else / EndIf Increment / Decrement KillApp Local MessageBox Multiply SetFocus SetPlat SetPrompt Strcat Sub / Endsub Submit Subtract Title Type WaitForFocus WaitForText 46 Easy to remember scripting commands give you all the power you need to control your application!

32 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 32 Integration with Novell Modular Authentication Systems AAVerify - Used with Novell Modular Authentication Service (NMAS) to verify the identity of the user before permitting single sign-on to an application Syntax: AAVerify [-user user object] [-tree tree name] [-method nmas sequence] [return variable]

33 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 33 Integrating a mainframe application with a fingerprint reader

34 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 34 Demonstration and Questions/Answers

35 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 35

Download ppt "Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com Implementing Secure Workstations via Advanced Authentication and Secure Application."

Similar presentations

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
Novell eDirectory™ Deployment at Hydro Quebec Richard Cabana Enterprise Technology Account Manager Novell Canada Ltd.

Novell eDirectory™ Deployment at Hydro Quebec Richard Cabana Enterprise Technology Account Manager Novell Canada Ltd.
 Physical Logical Access  Physical and Logical Access  Total SSO and Password Automation  Disk/Data Encryption  Centralized management system  Biometric.

 Physical Logical Access  Physical and Logical Access  Total SSO and Password Automation  Disk/Data Encryption  Centralized management system  Biometric.
Sway3-1 NabiTel Component : Global Sign-On  User Administration : 사용자 등록 관리  Global Sign-On : 사용자 Log On 관리  Security Manager : 보안 정책 생성 및 적용 관리  Policy.

Sway3-1 NabiTel Component : Global Sign-On  User Administration : 사용자 등록 관리  Global Sign-On : 사용자 Log On 관리  Security Manager : 보안 정책 생성 및 적용 관리  Policy.
Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com The Cost Justification for Choosing Biometrics Roy Lopez System Engineering Director.

Hosted by: June 23-26, 2003 New York City The Cost Justification for Choosing Biometrics Roy Lopez System Engineering Director.
Novell iChain ® 2.x Configuration Using the Web Server Accelerator Wizard Cary Andrews Senior Software Engineer Novell, Inc.

Novell iChain ® 2.x Configuration Using the Web Server Accelerator Wizard Cary Andrews Senior Software Engineer Novell, Inc.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Network+ Guide to Networks, Fourth Edition Chapter 10 Netware-Based Networking.

Network+ Guide to Networks, Fourth Edition Chapter 10 Netware-Based Networking.
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating.

Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating.
Cognizance Identity and Access Management Identity Management ● Authentication ● Authorization ● Administration The next generation security solution www.cognizancesecurity.com.

Cognizance Identity and Access Management Identity Management ● Authentication ● Authorization ● Administration The next generation security solution
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
Password Management Bill Street, Nathan Jensen, Mike Simpson, Will Peterson Identity Management Engineering.

Password Management Bill Street, Nathan Jensen, Mike Simpson, Will Peterson Identity Management Engineering.
Chapter 10: Authentication Guide to Computer Network Security.

Chapter 10: Authentication Guide to Computer Network Security.
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.

RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.

Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Upgrading to Novell ® SecureLogin 3.5 Rod Tietjen,

Upgrading to Novell ® SecureLogin 3.5 Rod Tietjen,

Similar presentations

Ads by Google