1

Click here to load reader

Make Sure They Are Who They Say They Are

Embed Size (px)

DESCRIPTION

7,500 users have corporate laptops but all users are allowed to use personal devices External web-based applications Worried about Man-in-the-Middle Attacks http://www.portalguard.com

Citation preview

Page 1: Make Sure They Are Who They Say They Are

7,500 users have corporate

laptops but all users are allowed

to use personal devices

External web-based applications

Worried about Man-in-the-Middle

Attacks

Resources:

Mutual Authentication

TOTP Definition

Beating MitM Attacks

Information Technology Solutions

Industry: Engineering

Number of Users: 14,000

SOLUTION: The PortalGuard team worked with the company’s CTO to deploy PortalGuard with the goal of providing an integrated two-factor authentication with mutual authentication solution. The users' laptop acts as "something you have" to minimize user impact thereby making the strong authentication transparent to the user. By using PortalGuard’s Transparent Tokenless Toolbar (TTT) for delivering time-variant one-time passwords (TOTP), the customer was offered strong authentication plus the ability to defeat man-in-the-middle attacks, which intercept messages in a public key exchange and resends them, substituting their public key for the requested key, leaving both parties with the appearance that they are still communicating with each other. PortalGuard defeats this by using an encrypted cookie designated for the valid web-site. The cookie is encrypted using PKI. Phishing attacks are also successfully defeated by the TTT.

CHALLENGE

External Application Access

SOLUTION

PortalGuard Transparent

Tokenless Toolbar (TTT)

PLATFORM LAYER

Transparent User

Authentication

Usage Scenario

CHALLENGE: As directed by senior IT management, to increase information security, the customer is seeking a two-factor authentication solution to access external web-based applications with minimum user impact. The need for strong authentication is being driven by recent a corporate compliance requirement to increase security without adding significant Help Desk calls. There's a requirement for a solution that prevents man-in-the-middle attacks. In layman's terms this refers to a user authenticating themselves to a server and that server authenticating itself to the user so both parties are assured of the others' identity.

© 2012, PistolStar, Inc. dba PortalGuard All Rights Reserved.