Embed Size (px)
DESCRIPTION
Did you know that besides the single sign-on capabilities Novell SecureLogin delivers, it also supports multi-factor authentication? That means you can not only deploy stronger passwords, but also require the use of more advanced authentication to protect workstations and applications. In the session, the presenters will detail how Novell SecureLogin can help you control user authentication on the basis of:• Something the user knows (user name and password)• Something the user has (proximity card, smart card, one-time password token device)• Something the user is (biometric device)In particular, the presenters will demonstrate how to integrate SecureLogin with a smartcard for network authentication, and then require the smart card and PIN to access a specific application.To show how advanced authentication works in the real world, you will also hear how a regional medical group integrated biometrics with Novell SecureLogin and Novell ZENworks to secure 400 workstations and 100 tablets across several locations. In addition to showcasing how the integrated solution works in their environment, the presenter will also offer tips for avoiding common pitfalls.
Citation preview
Enhancing Novell® SecureLogin with Multi-factor Authentication
Troy DrewryTechnical Sales SpecialistNovell / [email protected]
Greg DomjanSenior Software EngineerNovell / [email protected]
Nick IvonDirector of Information SystemsClark & Daughtrey Medical Centers [email protected]
© Novell, Inc. All rights reserved.2
Session Overview
• SecureLogin in Novell® ISM Model - Solutions, Framework and Integration• Defining Advanced Authentication - Cool Technology or Invaluable Tool?
– Why Do it?– Why Do It with SecureLogin?– Device Options– Who Does it Today
• Practical Applications of Advanced Authentication– The Real World With Our Client: Clark & Daughtrey Medical Group– IT Drivers– The Solution– Benefits
• SecureLogin AA Architecture – Novell eDirectory™, Active Directory and LDAP• Demonstration
– SecureLogin and Advanced Authentication Explained – Using Biometric– Using Proximity Cards– Using Smart Cards
• Discussion with Q&A
SecureLogin in Novell® Identityand Security Management
Solutions, Framework, Integration
© Novell, Inc. All rights reserved.4
Identity and Access Management• User Provisioning
and Management
• Roles Management
• Simplified Secure Access
• Access Certification
• Enterprise Compliance Solutions
• Privileged User Management
ComplianceManagement
• Security Monitoring and Remediation
• Log Management
• Cloud Security
SecurityManagement
Identity and Security Solutions
© Novell, Inc. All rights reserved.5
Identity and Security Framework
Identity ManagementAuthentication Authorization
Multi-Factor Auth./ SSL
VPN
Web Access Management
Reduced / Single
Sign-On
Fede
rate
d Id
entit
y M
anag
emen
t Course Grained Authorization
Fine Grained Authorization
Audit Identity Administration
EventsAudit Access
Control Events Reporting
Identity VaultIdentity
Integration and Synchronization
Provisioning and Workflows
Delegated Administration
Self-Service Administration
GovernanceOrganizationsand Processes
Identity Management Business Processes,
Policies and StandardsAccess
CertificationRoles Engineering Methodology and
ToolsCommon Roles and Access Permissions
Privileged User Management
Simplified, Secure Access
Security and Vulnerability Management
Roles Driven Governance
© Novell, Inc. All rights reserved.6
Identity and Security Framework
Identity ManagementAuthentication Authorization
Multi-Factor Auth./ SSL
VPN
Web Access Management
Reduced / Single
Sign-On
Fede
rate
d Id
entit
y M
anag
emen
t Course Grained Authorization
Fine Grained Authorization
Audit Identity Administration
EventsAudit Access
Control Events Reporting
Identity VaultIdentity
Integration and Synchronization
Provisioning and Workflows
Delegated Administration
Self-Service Administration
GovernanceOrganizationsand Processes
Identity Management Business Processes,
Policies and StandardsAccess
CertificationRoles Engineering Methodology and
ToolsCommon Roles and Access Permissions
Privileged User Management
Simplified, Secure Access
Security and Vulnerability Management
Roles Driven Governance
Novell Access Certification Manager / Novell Roles Lifecycle Manager /Novell Professional and Partner Services
Identity Manager /Role Based Provisioning /
Storage ManagerAccess
Manager
Acc
ess
Man
ager
Secu
reLo
gin
(eSS
O)
Acce
ss M
anag
er(W
SSO
)
Priv
ilege
d U
ser
Man
ager
Novell Sentinel / Novell Identity Audit
© Novell, Inc. All rights reserved.7
The Integration Platform of Novell® Identity and Security Management Products
Approval and Workflow Role-based administrationPassword self service Business policy enforcementIdentity Synchronization Auditing and remediation
Novell®
IdentityManager
NovellAccess
Manager™
NovellSecureLogin
NovellSentinel™
Defining Advanced AuthenticationCool Technology or Invaluable Tool
© Novell, Inc. All rights reserved.9
Novell SecureLogin
What is Advanced Authentication?
Start with these definitions: Identity: A unique assigned value used to reference a principal
Authentication: The process of verifying reference to principal with factors
Authorization: Capabilities of principals based on policy definition and enforcement
Authentication is NOT AuthorizationAdvanced Authentication with Novell® SecureLogin: Extend Advanced Authentication to the application
Registered Identity
© Novell, Inc. All rights reserved.10
What is Advanced Authentication?
The key requirements of today's and future network infrastructures are to provide security while maintaining high Quality of Service (QoS) and user satisfaction—all while responding to continuous demands for additional functionality.
It all comes down to negotiation– In development - trade feature for release date– In QoS - trade predictable performance for resource requirements– In security - trade usability for compliance
Many companies are now investigating advanced authentication (sometimes referred to as “two-factor” or 2FA) solutions which typically involve biometrics, proximity cards, smart cards or tokens (randon multi-digit numeric generators) to complement their existing security. Only a small percentage have moved to production.
Why do think this is true? Can this be changed now?
© Novell, Inc. All rights reserved.11
Advanced Authentication: Cool Technology or Invaluable Tool? Why Do It? Simply because of users? Security? Other?
– Users create easily guessable passwords, use names or something so complicated they end up having to write it down or call for reset
– Users are not good at protecting their passwords– Users can put the company in the news. NOT in a good way!– Advanced Authentication can greatly improve the user experience and
Quality of Service (QoS)– Oh... and it dramatically increases security and helps with regulatory
compliance requirements
The fact is that the ingenuity, persistence and proliferation of commercial hackers has led to an increase in concern for protecting crucial systems from unauthorized access. Many businesses stand to lose enormous amounts of money as well as investor confidence from such security breaches. Protecting data in the digital age is essential.
© Novell, Inc. All rights reserved.12
Advanced Authentication: Cool Technology or Invaluable Tool? Why Do It? Simply because of users? Security? Other?
– Users create easily guessable passwords, use names or something so complicated they end up having to write it down or call for reset
– Users are not good at protecting their passwords– Users can put the company in the news. NOT in a good way!– Advanced Authentication can greatly improve the user experience and
Quality of Service (QoS)– Oh... and it dramatically increases security and helps with regulatory
compliance requirements
The fact is that the ingenuity, persistence and proliferation of commercial hackers and has led to an increase in concern for protecting crucial systems from unauthorized access. Many businesses stand to lose enormous amounts of money as well as investor confidence from such security breaches. Protecting data in the digital age is essential.
Cool Technology
© Novell, Inc. All rights reserved.13
Advanced Authentication: Cool Technology or Invaluable Tool? Why Do It With SecureLogin? Extending the use of the device.
– Something the user knows> Username, ID, Badge Number, etc.> Password
–– Eliminated Issues
> forgotten passwords> Keystroke logging> password trapping > shoulder surfing
– Remaining Issues > disgruntled employees> false negatives / positives> lost cards / tokens > remote / traveling users> phishing / identity theft> trojans / man-in-the-middle
© Novell, Inc. All rights reserved.14
Advanced Authentication: Cool Technology or Invaluable Tool? Why Do It With SecureLogin? Extending the use of the device.
– Something the user knows> Username, ID, Badge Number, etc.> Password
– Eliminated Issues > forgotten passwords> Keystroke logging> password trapping > shoulder surfing
– Remaining Issues > disgruntled employees> false negatives / positives> lost cards / tokens > remote / traveling users> phishing / identity theft> trojans / man-in-the-middle
Invaluable Tool
© Novell, Inc. All rights reserved.15
Advanced Authentication: Cool Technology or Invaluable Tool? Device Options
– Something the user knows
> Username, ID, Badge Number, etc.
> Password
© Novell, Inc. All rights reserved.16
Advanced Authentication: Cool Technology or Invaluable Tool? Who Does It Today?
– Something the user knows
> Username, ID, Badge Number, etc.
> Password
Biometric Security Opportunities
CENTCOM
NORTHCOMOther COCOMs
HSPD-24DoD, DHS, DoS, TSA etc
StatesCities
Private IndustryInternationalForeign Gov’ts
Revenues
Time
Regulations
© Novell, Inc. All rights reserved.17
Advanced Authentication: Cool Technology or Invaluable Tool?
Perhaps Both...
Practical Application ofAdvanced Authentication
Cool Technology or Invaluable Tool
© Novell, Inc. All rights reserved.19
Federal Bridge
• PKI Authentication across government agencies– Verisign, Exostar, Entrust– Federal Bridge Certificate Authority - FBCA– Validation and trust among agencies that use the bridge
FBCA
© Novell, Inc. All rights reserved.20
Federal & Industry BridgesOther Industries are leveraging the FBCA
FBCA
HEBCA(Future)
© Novell, Inc. All rights reserved.21
Practical Application of Advanced Authentication The Real World With Our Client: Clark & Daughtrey Medical Group
Nicholas IvonDirector of Information Systems(863) [email protected]
© Novell, Inc. All rights reserved.22
Practical Application of Advanced Authentication Clark & Daughtrey Medical Group Overview
– C&D is a large multi-specialty, multi-location provider group in Lakeland Florida
– Celebrating it’s 60th anniversary this year
– Over the past eight years, C&D has invested heavily in technology and EMR
– Transitioned all our providers to ‘point-of-care’ over the past three years
– Each patient visit is electronically documented. This means no paper charts, and minimal transcription services
© Novell, Inc. All rights reserved.23
Practical Application of Advanced Authentication Clark & Daughtrey Medical Group IT Drivers
C&D has four people in the I.T. department
– Manage firewalls, routers, and wireless network, to servers, PBX/IP telephony, workstations, tablets, in 7 locations
– Virtualizing our datacenter with VMware vSphere 4
– Must utilize technologies to help us manage our environment
– Novell® ZENworks® is one tool we use to manage our servers, workstations, automate application installations and updates, and apply consistent policies throughout our organization
© Novell, Inc. All rights reserved.24
Practical Application of Advanced Authentication Clark & Daughtrey Medical Group IT Drivers
– A major problem was all the different user credentials.
– Over 25 different applications user must log into.
– Cannot control credentialing policy for most applications
– Expanding use of extranets
> Makes password management even more difficult
– Dozens of user id/password help desk tickets every week
© Novell, Inc. All rights reserved.25
Practical Application of Advanced Authentication Clark & Daughtrey Medical Group Solution• Advanced Authentication with Biometrics
– SecuGen Hampster VI– BioKey Algorithm (for shared pattern) – NMAS™ middleware
• Desktop Automation Services (DAS) Provides Kiosk Functionality
– Fast User Switching– Application Control
• Novell® SecureLogin– Single Sign-On– Secure sensitive applications with Biometric integration
© Novell, Inc. All rights reserved.26
Practical Application of Advanced Authentication Clark & Daughtrey Medical Group Benefits
– Virtually Password Free– Drastically reduced number of password-related help
desk tickets.– Can re-verify biometric authentication when launching
applications or any identified window or event– Dramatically increases security– Centralized administration with network directory integration– Corporate environment is more secure– Superior desktop and application management– I.T. can be proactive instead of reactive– Fast ROI
SecureLogin AA ArchitectureNovell® eDirectory™, Active Directory and LDAP
© Novell, Inc. All rights reserved.28
Novell® SecureLogin ArchitectureNovell eDirectory™
SSO
+
+
SharedDesktop
DAS
Strong Authentication
Novell Client
EnterpriseDesktop
TerminalServices
NovellSecureLogin
Enterprise Systems
Application A
Application B
Application C
SecretStore™NovelleDirectory
AuditServer
ReportDatabase
Optional Add-on
© Novell, Inc. All rights reserved.29
Novell® SecureLogin Architecture Microsoft ActiveDirectory
SSO
+
MS Client
ActiveDirectory
+
SharedDesktop
DAS
Strong Authentication
EnterpriseDesktop
TerminalServices
NovellSecureLogin
Enterprise Systems
Application A
Application B
Application C
AuditServer
ReportDatabase
Optional Add-on
© Novell, Inc. All rights reserved.30
Novell® SecureLogin Architecture Other LDAP Directories
SSO
LDAP V3Directory
MS Client
SharedDesktop
DASEnterpriseDesktop
TerminalServices
NovellSecureLogin
Enterprise Systems
Application A
Application B
Application C
AuditServer
ReportDatabase
Optional Add-on
+
+Strong Authentication
Demonstration
© Novell, Inc. All rights reserved.32
Using Biometrics
In this demonstration we will show the use of a SecuGen Hampster:
– Physical Setup to Support Biometrics> Workstation Driver
> NMAS™ Server (Novell® eDirectory™) Configuration
> NMAS Workstations Gina / Security Provider
– Biometric Enrollment > Configuring Novell eDirectory Options> Enrolling Multiple Fingers
– Login With the Biometric > Testing Different Fingers
© Novell, Inc. All rights reserved.33
Using Proximity Cards
In this demonstration we will show the use of a RFIDEAS PCProx:
– Physical Setup to Support the PCProx> Workstation Driver
> NMAS™ Server (Novell® eDirectory™) Configuration
> NMAS Workstations Gina / Security Provider
– PCProx Enrollment > Configuring Novell eDirectory Options> Enrolling the Prox Card
– Login With the Prox Card > Testing Different Prox Cards
© Novell, Inc. All rights reserved.34
Using Smart Cards
In this demonstration we will show the use of a Smart Card Reader:
– Physical Setup to Support the Reader> Workstation Driver
> NMAS™ Server (Novell® eDirectory™) Configuration
> NMAS Workstations Gina / Security Provider
– Smart Card Enrollment > Configuring eDirectory Options> Enrolling the Smart Card
– Login With the Smart Card > Testing Different Smart Cards
© Novell, Inc. All rights reserved.35
For More Information
• Visit table A5 in IT Central• Walk through the SecureLogin demo in the Installation
and Migration Depot• Attend the following complementary sessions:
– BOF106: SecureLogin in the Real World Panel Discussion– IAM205: Novell SecureLogin Installation, Deployment and
Lifecycle Management– IAM207: SecureLogin and Your Active Directory Setup– IAM302: Using Hard Disk Encryption and SecureLogin– IAM304: Securing Shared Workstation with SecureLogin
• Visit www.novell.com/securelogin
© Novell, Inc. All rights reserved.36
For More Information
• Visit table A5 in IT Central• Attend the following complementary sessions:
– BOF106: SecureLogin in the Real World Panel Discussion– IAM205: Novell SecureLogin Installation, Deployment and Lifecycle
Management– IAM207: SecureLogin and Your Active Directory Setup– IAM302: Using Hard Disk Encryption and SecureLogin– IAM303: Enhancing SecureLogin with Multi-factor Authentication– IAM304: Securing Shared Workstation with SecureLogin
• Walk through the SecureLogin demo in the Installation and Migration Depot
• Visit www.novell.com/securelogin
Try SecureLogin for Yourself
We'll install SecureLogin on your machine (for free).
Unpublished Work of Novell, Inc. All Rights Reserved.This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.
General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.
