Click here to load reader
View
73
Download
5
Embed Size (px)
DESCRIPTION
7,500 users have corporate laptops but all users are allowed to use personal devices External web-based applications Worried about Man-in-the-Middle Attacks http://www.portalguard.com
Citation preview
7,500 users have corporate
laptops but all users are allowed
to use personal devices
External web-based applications
Worried about Man-in-the-Middle
Attacks
Resources:
Mutual Authentication
TOTP Definition
Beating MitM Attacks
Information Technology Solutions
Industry: Engineering
Number of Users: 14,000
SOLUTION: The PortalGuard team worked with the company’s CTO to deploy PortalGuard with the goal of providing an integrated two-factor authentication with mutual authentication solution. The users' laptop acts as "something you have" to minimize user impact thereby making the strong authentication transparent to the user. By using PortalGuard’s Transparent Tokenless Toolbar (TTT) for delivering time-variant one-time passwords (TOTP), the customer was offered strong authentication plus the ability to defeat man-in-the-middle attacks, which intercept messages in a public key exchange and resends them, substituting their public key for the requested key, leaving both parties with the appearance that they are still communicating with each other. PortalGuard defeats this by using an encrypted cookie designated for the valid web-site. The cookie is encrypted using PKI. Phishing attacks are also successfully defeated by the TTT.
CHALLENGE
External Application Access
SOLUTION
PortalGuard Transparent
Tokenless Toolbar (TTT)
PLATFORM LAYER
Transparent User
Authentication
Usage Scenario
CHALLENGE: As directed by senior IT management, to increase information security, the customer is seeking a two-factor authentication solution to access external web-based applications with minimum user impact. The need for strong authentication is being driven by recent a corporate compliance requirement to increase security without adding significant Help Desk calls. There's a requirement for a solution that prevents man-in-the-middle attacks. In layman's terms this refers to a user authenticating themselves to a server and that server authenticating itself to the user so both parties are assured of the others' identity.
© 2012, PistolStar, Inc. dba PortalGuard All Rights Reserved.