Upload
michael-kaishar-msia-cissp
View
878
Download
3
Tags:
Embed Size (px)
DESCRIPTION
Proof of concept experiment using Phone Factor within an Accountancy Firm.
Citation preview
Implementing Two-Factor Authentication for Remote Access using PhoneFactorA Proof-of-Concept Experiment for an Accountancy Firm (AF)
Michael G. Kaishar, MSIA | CISSP | Security+Sr. Information Security Architect & Consultant
A Master of Science Research Practicum Presentation
Graduate School of ManagementUniversity of Dallas
Partial Fulfillment of the Requirementsfor the Master of Science Degree
in Information Assurance
Saturday, March 27, 2010
Saturday, March 27, 2010 Michael G. Kaishar 2
Implementing Two-Factor Authentication for Remote Access using PhoneFactorA Proof-of-Concept Experiment for an Accountancy Firm (AF)
INTRODUCTION Michael G. Kaishar Practicum Study
An Experiment for an Accountancy Firm (AF) Implementing Two-Factor Authentication for
Remote Access using PhoneFactor Significance
Feasible Address issue of unauthorized access
Saturday, March 27, 2010 Michael G. Kaishar 3
Implementing Two-Factor Authentication for Remote Access using PhoneFactorA Proof-of-Concept Experiment for an Accountancy Firm (AF)
MATERIALS Hardware
Dell Laptop with sufficient resources Cell Phone
Software & Service Operating Systems (XP and W2K3 Server) VMware & 2X Remote Access Server PhoneFactor Two-Factor Authentication Internet Connectivity
Saturday, March 27, 2010 Michael G. Kaishar 4
Implementing Two-Factor Authentication for Remote Access using PhoneFactorA Proof-of-Concept Experiment for an Accountancy Firm (AF)
ANALYSIS Built Test Environment using VMware
Simulated AF’s production infrastructureWithout PhoneFactorWith PhoneFactor
Figure 1. Illustration of remote connectivity process Figure 2. VMWare Inc. Illustration of where virtual machines reside in reference to the Dell Laptop Hardware Layer
Saturday, March 27, 2010 Michael G. Kaishar 5
Implementing Two-Factor Authentication for Remote Access using PhoneFactorA Proof-of-Concept Experiment for an Accountancy Firm (AF)
VIDEO DEMONSTRATION 1 Current Procedures for Connectivity
Username Password
Saturday, March 27, 2010 Michael G. Kaishar 6
Implementing Two-Factor Authentication for Remote Access using PhoneFactorA Proof-of-Concept Experiment for an Accountancy Firm (AF)
VIDEO DEMONSTRATION 2 Proposed Solution for Connectivity
Username Password Two-Factor Authentication using PhoneFactor
Saturday, March 27, 2010 Michael G. Kaishar 7
Implementing Two-Factor Authentication for Remote Access using PhoneFactorA Proof-of-Concept Experiment for an Accountancy Firm (AF)
VIDEO DEMONSTRATION 3 Failed Attempt for Connectivity
Username Password PhoneFactor
Saturday, March 27, 2010 Michael G. Kaishar 8
Implementing Two-Factor Authentication for Remote Access using PhoneFactorA Proof-of-Concept Experiment for an Accountancy Firm (AF)
RESULTS PhoneFactor worked as advertised Easy to install, configure, and manage Easy to integrate into existing system Required little to no downtime AF is very pleased with outcome Cost Effective (free for up to 25 users)
Saturday, March 27, 2010 Michael G. Kaishar 9
Implementing Two-Factor Authentication for Remote Access using PhoneFactorA Proof-of-Concept Experiment for an Accountancy Firm (AF)
CONCLUSIONS Recommendations
Augment security strategy Separate systems for each function Balance between security and functionality
Limitations Isolated (Sand-boxed) Virtualized Environment Single client (lack of system load)
Saturday, March 27, 2010 Michael G. Kaishar 10
Implementing Two-Factor Authentication for Remote Access using PhoneFactorA Proof-of-Concept Experiment for an Accountancy Firm (AF)
CONCLUSIONS Future Work
Voice recognition Text-based authentication (SMS)
Saturday, March 27, 2010 Michael G. Kaishar 11
Implementing Two-Factor Authentication for Remote Access using PhoneFactorA Proof-of-Concept Experiment for an Accountancy Firm (AF)
Questions?
Saturday, March 27, 2010 Michael G. Kaishar 12
Implementing Two-Factor Authentication for Remote Access using PhoneFactorA Proof-of-Concept Experiment for an Accountancy Firm (AF)
Thank You