Enhancing Novell SecureLogin with Multi-factor Authentication

2,749 views
2,577 views

Published on

Did you know that besides the single sign-on capabilities Novell SecureLogin delivers, it also supports multi-factor authentication? That means you can not only deploy stronger passwords, but also require the use of more advanced authentication to protect workstations and applications. In the session, the presenters will detail how Novell SecureLogin can help you control user authentication on the basis of:
• Something the user knows (user name and password)
• Something the user has (proximity card, smart card, one-time password token device)
• Something the user is (biometric device)

In particular, the presenters will demonstrate how to integrate SecureLogin with a smartcard for network authentication, and then require the smart card and PIN to access a specific application.

To show how advanced authentication works in the real world, you will also hear how a regional medical group integrated biometrics with Novell SecureLogin and Novell ZENworks to secure 400 workstations and 100 tablets across several locations. In addition to showcasing how the integrated solution works in their environment, the presenter will also offer tips for avoiding common pitfalls.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,749
On SlideShare
0
From Embeds
0
Number of Embeds
16
Actions
Shares
0
Downloads
125
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Enhancing Novell SecureLogin with Multi-factor Authentication

  1. 1. Enhancing Novell SecureLogin ® with Multi-factor Authentication Troy Drewry Nick Ivon Technical Sales Specialist Director of Information Systems Novell / tdrewry@novell.com Clark & Daughtrey Medical Centers nickivon@clark-daughtrey.com Greg Domjan Senior Software Engineer Novell / gdomjan@novell.com
  2. 2. Session Overview • SecureLogin in Novell ISM Model - Solutions, Framework and Integration ® • Defining Advanced Authentication - Cool Technology or Invaluable Tool? – Why Do it? – Why Do It with SecureLogin? – Device Options – Who Does it Today • Practical Applications of Advanced Authentication – The Real World With Our Client: Clark & Daughtrey Medical Group – IT Drivers – The Solution – Benefits • SecureLogin AA Architecture – Novell eDirectory , Active Directory and LDAP ™ • Demonstration – SecureLogin and Advanced Authentication Explained – Using Biometric – Using Proximity Cards – Using Smart Cards • Discussion with Q&A 2 © Novell, Inc. All rights reserved.
  3. 3. SecureLogin in Novell Identity ® and Security Management Solutions, Framework, Integration
  4. 4. Identity and Security Solutions Identity and Access Security Compliance Management Management Management • User Provisioning • Security Monitoring • Access Certification and Management and Remediation • Enterprise Compliance • Roles Management • Log Management Solutions • Simplified Secure • Cloud Security • Privileged User Access Management 4 © Novell, Inc. All rights reserved.
  5. 5. Identity and Security Framework Roles Driven Governance Governance Access Identity Management Roles Engineering Common Roles and Organizations Certification Business Processes, Methodology and Access Permissions and Processes Policies and Standards Tools Identity Management Simplified, Secure Access Identity Authentication Authorization Identity Vault Integration and Synchronization Multi-Factor Auth./ SSL Federated Identity Course Grained VPN Authorization Management Privileged User Provisioning and Workflows Management Web Access Management Fine Grained Delegated Self-Service Reduced / Authorization Single Administration Administration Sign-On Audit Identity Audit Access Administration Control Events Reporting Events Security and Vulnerability Management 5 © Novell, Inc. All rights reserved.
  6. 6. Identity and Security Framework Roles Driven Governance Governance Novell Access Certification Manager / Novell Roles Engineering Common Roles and Access Identity Management Roles Lifecycle Manager / Organizations Certification Business Processes, Methodology and Access Permissions and Processes Novell Professional and Partner Services Policies and Standards Tools Identity Management Simplified, Secure Access Identity Authentication Authorization SecureLogin (eSSO) Identity Vault Integration and Privileged User Access Manager Synchronization Multi-Factor Auth./ SSL Federated Identity Course Grained Manager Manager VPN Access (WSSO) Authorization Management Identity Manager / Privileged User Access Role Based Provisioning / Provisioning and Workflows Management Web Access Management Manager Storage Manager Fine Grained Delegated Self-Service Reduced / Authorization Single Administration Administration Sign-On Audit Identity Audit Access Novell Sentinel / Novell Identity Reporting Administration Control Events Audit Events Security and Vulnerability Management 6 © Novell, Inc. All rights reserved.
  7. 7. The Integration Platform of Novell Identity ® and Security Management Products Novell Novell ® Identity SecureLogin Manager Novell Novell Access Sentinel ™ Manager ™ Approval and Workflow Role-based administration Password self service Business policy enforcement Identity Synchronization Auditing and remediation 7 © Novell, Inc. All rights reserved.
  8. 8. Defining Advanced Authentication Cool Technology or Invaluable Tool
  9. 9. What is Advanced Authentication? Start with these definitions: Identity: A unique assigned value used to reference a principal Authentication: The process of verifying reference to principal with factors Authorization: Capabilities of principals based on policy definition and enforcement Authentication is NOT Authorization Advanced Authentication with Novell SecureLogin: ® Extend Advanced Authentication to the application Novell SecureLogin Registered Identity 9 © Novell, Inc. All rights reserved.
  10. 10. What is Advanced Authentication? The key requirements of today's and future network infrastructures are to provide security while maintaining high Quality of Service (QoS) and user satisfaction—all while responding to continuous demands for additional functionality. It all comes down to negotiation – In development - trade feature for release date – In QoS - trade predictable performance for resource requirements – In security - trade usability for compliance Many companies are now investigating advanced authentication (sometimes referred to as “two-factor” or 2FA) solutions which typically involve biometrics, proximity cards, smart cards or tokens (randon multi-digit numeric generators) to complement their existing security. Only a small percentage have moved to production. Why do think this is true? Can this be changed now? 10 © Novell, Inc. All rights reserved.
  11. 11. Advanced Authentication: Cool Technology or Invaluable Tool? Why Do It? Simply because of users? Security? Other? – Users create easily guessable passwords, use names or something so complicated they end up having to write it down or call for reset – Users are not good at protecting their passwords – Users can put the company in the news. NOT in a good way! – Advanced Authentication can greatly improve the user experience and Quality of Service (QoS) – Oh... and it dramatically increases security and helps with regulatory compliance requirements The fact is that the ingenuity, persistence and proliferation of commercial hackers has led to an increase in concern for protecting crucial systems from unauthorized access. Many businesses stand to lose enormous amounts of money as well as investor confidence from such security breaches. Protecting data in the digital age is essential. 11 © Novell, Inc. All rights reserved.
  12. 12. Advanced Authentication: Cool Technology or Invaluable Tool? Why Do It? Simply because of users? Security? Other? – Users create easily guessable passwords, use names or something so complicated they end up having to write it down or call for reset – Users are not good at protecting their passwords – Users can put the company in the news. NOT in a good way! – Advanced Authentication can greatly improve the user experience and Quality of Service (QoS) – Oh... and it dramatically increases security and helps with regulatory compliance requirements The fact is that the ingenuity, persistence and proliferation of commercial hackers and has led to an increase in concern for protecting crucial systems from unauthorized access. Many businesses stand to lose enormous amounts of money as well as investor confidence from such security breaches. Protecting data in the digital age is essential. 12 © Novell, Inc. All rights reserved.
  13. 13. Advanced Authentication: Cool Technology or Invaluable Tool? Why Do It With SecureLogin? Extending the use of the device. – Something the user knows > Username, ID, Badge Number, etc. > Password – – Eliminated Issues – Remaining Issues > forgotten passwords > disgruntled employees > Keystroke logging > false negatives / positives > password trapping > lost cards / tokens > shoulder surfing > remote / traveling users > phishing / identity theft > trojans / man-in-the-middle 13 © Novell, Inc. All rights reserved.
  14. 14. Advanced Authentication: Tool Cool Technology or Invaluable Tool? Why Do It With SecureLogin? Extending the use of the device. – Something the user knows > Username, ID, Badge Number, etc. > Password – Eliminated Issues – Remaining Issues > forgotten passwords > disgruntled employees > Keystroke logging > false negatives / positives > password trapping > lost cards / tokens > shoulder surfing > remote / traveling users > phishing / identity theft > trojans / man-in-the-middle 14 © Novell, Inc. All rights reserved.
  15. 15. Advanced Authentication: Cool Technology or Invaluable Tool? Device Options – Something the user knows > Username, ID, Badge Number, etc. > Password 15 © Novell, Inc. All rights reserved.
  16. 16. Advanced Authentication: Cool Technology or Invaluable Tool? Who Does It Today? – Something the user knows > Username, ID, Badge Number, etc. > Password Biom tricSe urityO e c pportunities R g la ion eu t s R v nue ee s H P -2 SD 4 D ,D S,D T e c oD H oS, SA t PrivateIndustry St te a s C s itie International N RHO OTC M O rC C Ms the O O ForeignGov’ts CNC M E TO T e im 16 © Novell, Inc. All rights reserved.
  17. 17. Advanced Authentication: Cool Technology or Invaluable Tool? Perhaps Both... 17 © Novell, Inc. All rights reserved.
  18. 18. Practical Application of Advanced Authentication Cool Technology or Invaluable Tool
  19. 19. Federal Bridge • PKI Authentication across government agencies – Verisign, Exostar, Entrust – Federal Bridge Certificate Authority - FBCA – Validation and trust among agencies that use the bridge FBCA 19 © Novell, Inc. All rights reserved.
  20. 20. Federal & Industry Bridges Other Industries are leveraging the FBCA HEBCA (Future) FBCA 20 © Novell, Inc. All rights reserved.
  21. 21. Practical Application of Advanced Authentication The Real World With Our Client: Clark & Daughtrey Medical Group Nicholas Ivon Director of Information Systems (863) 284-5025 nickivon@clark-daughtrey.com 21 © Novell, Inc. All rights reserved.
  22. 22. Practical Application of Advanced Authentication Clark & Daughtrey Medical Group Overview – C&D is a large multi-specialty, multi-location provider group in Lakeland Florida – Celebrating it’s 60th anniversary this year – Over the past eight years, C&D has invested heavily in technology and EMR – Transitioned all our providers to ‘point-of-care’ over the past three years – Each patient visit is electronically documented. This means no paper charts, and minimal transcription services 22 © Novell, Inc. All rights reserved.
  23. 23. Practical Application of Advanced Authentication Clark & Daughtrey Medical Group IT Drivers C&D has four people in the I.T. department – Manage firewalls, routers, and wireless network, to servers, PBX/IP telephony, workstations, tablets, in 7 locations – Virtualizing our datacenter with VMware vSphere 4 – Must utilize technologies to help us manage our environment – Novell ZENworks is one tool we use to manage our servers, ® ® workstations, automate application installations and updates, and apply consistent policies throughout our organization 23 © Novell, Inc. All rights reserved.
  24. 24. Practical Application of Advanced Authentication Clark & Daughtrey Medical Group IT Drivers – A major problem was all the different user credentials. – Over 25 different applications user must log into. – Cannot control credentialing policy for most applications – Expanding use of extranets > Makes password management even more difficult – Dozens of user id/password help desk tickets every week 24 © Novell, Inc. All rights reserved.
  25. 25. Practical Application of Advanced Authentication Clark & Daughtrey Medical Group Solution • Advanced Authentication with Biometrics – SecuGen Hampster VI – BioKey Algorithm (for shared pattern) – NMAS middleware ™ • Desktop Automation Services (DAS) Provides Kiosk Functionality – Fast User Switching – Application Control • Novell SecureLogin ® – Single Sign-On – Secure sensitive applications with Biometric integration 25 © Novell, Inc. All rights reserved.
  26. 26. Practical Application of Advanced Authentication Clark & Daughtrey Medical Group Benefits – Virtually Password Free – Drastically reduced number of password-related help desk tickets. – Can re-verify biometric authentication when launching applications or any identified window or event – Dramatically increases security – Centralized administration with network directory integration – Corporate environment is more secure – Superior desktop and application management – I.T. can be proactive instead of reactive – Fast ROI 26 © Novell, Inc. All rights reserved.
  27. 27. SecureLogin AA Architecture Novell eDirectory , Active Directory and LDAP ® ™
  28. 28. Novell SecureLogin Architecture ® Novell eDirectory ™ Shared Desktop + Enterprise Terminal Enterprise DAS Desktop Services Systems Strong Novell Application A Authentication + Client Novell SSO Application B SecureLogin Application C Novell SecretStore ™ eDirectory Report Audit Database Server Optional Add-on 28 © Novell, Inc. All rights reserved.
  29. 29. Novell SecureLogin Architecture ® Microsoft ActiveDirectory Shared Desktop + Enterprise Terminal Enterprise DAS Desktop Services Systems Strong Application A Authentication + MS Client Novell SSO Application B SecureLogin Application C Active Directory Report Audit Database Server Optional Add-on 29 © Novell, Inc. All rights reserved.
  30. 30. Novell SecureLogin Architecture ® Other LDAP Directories Shared Desktop + Enterprise Terminal Enterprise DAS Desktop Services Systems Strong Application A Authentication + MS Client Novell SSO Application B SecureLogin Application C LDAP V3 Directory Report Audit Database Server Optional Add-on 30 © Novell, Inc. All rights reserved.
  31. 31. Demonstration
  32. 32. Using Biometrics In this demonstration we will show the use of a SecuGen Hampster: – Physical Setup to Support Biometrics > Workstation Driver > NMAS Server (Novell eDirectory ) Configuration ™ ® ™ > NMAS Workstations Gina / Security Provider – Biometric Enrollment > Configuring Novell eDirectory Options > Enrolling Multiple Fingers – Login With the Biometric > Testing Different Fingers 32 © Novell, Inc. All rights reserved.
  33. 33. Using Proximity Cards In this demonstration we will show the use of a RFIDEAS PCProx: – Physical Setup to Support the PCProx > Workstation Driver > NMAS Server (Novell eDirectory ) Configuration ™ ® ™ > NMAS Workstations Gina / Security Provider – PCProx Enrollment > Configuring Novell eDirectory Options > Enrolling the Prox Card – Login With the Prox Card > Testing Different Prox Cards 33 © Novell, Inc. All rights reserved.
  34. 34. Using Smart Cards In this demonstration we will show the use of a Smart Card Reader: – Physical Setup to Support the Reader > Workstation Driver > NMAS Server (Novell eDirectory ) Configuration ™ ® ™ > NMAS Workstations Gina / Security Provider – Smart Card Enrollment > Configuring eDirectory Options > Enrolling the Smart Card – Login With the Smart Card > Testing Different Smart Cards 34 © Novell, Inc. All rights reserved.
  35. 35. For More Information • Visit table A5 in IT Central • Walk through the SecureLogin demo in the Installation and Migration Depot • Attend the following complementary sessions: – BOF106: SecureLogin in the Real World Panel Discussion – IAM205: Novell SecureLogin Installation, Deployment and Lifecycle Management – IAM207: SecureLogin and Your Active Directory Setup – IAM302: Using Hard Disk Encryption and SecureLogin – IAM304: Securing Shared Workstation with SecureLogin • Visit www.novell.com/securelogin 35 © Novell, Inc. All rights reserved.
  36. 36. For More Information Try SecureLogin for Yourself We'll install SecureLogin on • Visit table A5 in IT Central your machine (for free). • Attend the following complementary sessions: – BOF106: SecureLogin in the Real World Panel Discussion – IAM205: Novell SecureLogin Installation, Deployment and Lifecycle Management – IAM207: SecureLogin and Your Active Directory Setup – IAM302: Using Hard Disk Encryption and SecureLogin – IAM303: Enhancing SecureLogin with Multi-factor Authentication – IAM304: Securing Shared Workstation with SecureLogin • Walk through the SecureLogin demo in the Installation and Migration Depot • Visit www.novell.com/securelogin 36 © Novell, Inc. All rights reserved.
  37. 37. Unpublished Work of Novell, Inc. All Rights Reserved. This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability. General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.

×