More Related Content Similar to Enhancing Novell SecureLogin with Multi-factor Authentication (20) Enhancing Novell SecureLogin with Multi-factor Authentication1. Enhancing Novell SecureLogin ®
with Multi-factor Authentication
Troy Drewry Nick Ivon
Technical Sales Specialist Director of Information Systems
Novell / tdrewry@novell.com Clark & Daughtrey Medical Centers
nickivon@clark-daughtrey.com
Greg Domjan
Senior Software Engineer
Novell / gdomjan@novell.com
2. Session Overview
• SecureLogin in Novell ISM Model - Solutions, Framework and Integration
®
• Defining Advanced Authentication - Cool Technology or Invaluable Tool?
– Why Do it?
– Why Do It with SecureLogin?
– Device Options
– Who Does it Today
• Practical Applications of Advanced Authentication
– The Real World With Our Client: Clark & Daughtrey Medical Group
– IT Drivers
– The Solution
– Benefits
• SecureLogin AA Architecture – Novell eDirectory , Active Directory and LDAP
™
• Demonstration
– SecureLogin and Advanced Authentication Explained
– Using Biometric
– Using Proximity Cards
– Using Smart Cards
• Discussion with Q&A
2 © Novell, Inc. All rights reserved.
4. Identity and Security Solutions
Identity and Access Security Compliance
Management Management Management
• User Provisioning • Security Monitoring • Access Certification
and Management and Remediation
• Enterprise Compliance
• Roles Management • Log Management Solutions
• Simplified Secure • Cloud Security • Privileged User
Access Management
4 © Novell, Inc. All rights reserved.
5. Identity and Security Framework
Roles Driven Governance
Governance Access Identity Management Roles Engineering Common Roles and
Organizations Certification
Business Processes, Methodology and Access Permissions
and Processes Policies and Standards Tools
Identity Management Simplified, Secure Access
Identity Authentication Authorization
Identity Vault Integration and
Synchronization Multi-Factor
Auth./ SSL
Federated Identity
Course Grained
VPN Authorization
Management
Privileged User
Provisioning and Workflows Management Web Access
Management
Fine Grained
Delegated Self-Service Reduced / Authorization
Single
Administration Administration Sign-On
Audit Identity Audit Access
Administration Control Events Reporting
Events
Security and Vulnerability Management
5 © Novell, Inc. All rights reserved.
6. Identity and Security Framework
Roles Driven Governance
Governance
Novell Access Certification Manager / Novell Roles Engineering Common Roles and
Access Identity Management Roles Lifecycle Manager /
Organizations Certification
Business Processes, Methodology and Access Permissions
and Processes Novell Professional and Partner Services
Policies and Standards Tools
Identity Management Simplified, Secure Access
Identity Authentication Authorization
SecureLogin (eSSO)
Identity Vault Integration and
Privileged User
Access Manager
Synchronization Multi-Factor
Auth./ SSL
Federated Identity
Course Grained
Manager
Manager
VPN
Access
(WSSO)
Authorization
Management
Identity Manager /
Privileged User Access
Role Based Provisioning /
Provisioning and Workflows Management Web Access
Management Manager
Storage Manager
Fine Grained
Delegated Self-Service Reduced / Authorization
Single
Administration Administration Sign-On
Audit Identity Audit Access
Novell Sentinel / Novell Identity Reporting
Administration Control Events Audit
Events
Security and Vulnerability Management
6 © Novell, Inc. All rights reserved.
7. The Integration Platform of Novell Identity ®
and Security Management Products
Novell
Novell
®
Identity
SecureLogin
Manager
Novell Novell
Access Sentinel ™
Manager ™
Approval and Workflow Role-based administration
Password self service Business policy enforcement
Identity Synchronization Auditing and remediation
7 © Novell, Inc. All rights reserved.
9. What is Advanced Authentication?
Start with these definitions:
Identity: A unique assigned value used to reference a principal
Authentication: The process of verifying reference to principal with factors
Authorization: Capabilities of principals based on policy definition and enforcement
Authentication is NOT Authorization
Advanced Authentication with Novell SecureLogin: ®
Extend Advanced Authentication to the application
Novell SecureLogin
Registered Identity
9 © Novell, Inc. All rights reserved.
10. What is Advanced Authentication?
The key requirements of today's and future network infrastructures are to
provide security while maintaining high Quality of Service (QoS) and user
satisfaction—all while responding to continuous demands for additional
functionality.
It all comes down to negotiation
– In development - trade feature for release date
– In QoS - trade predictable performance for resource requirements
– In security - trade usability for compliance
Many companies are now investigating advanced authentication
(sometimes referred to as “two-factor” or 2FA) solutions which typically
involve biometrics, proximity cards, smart cards or tokens (randon multi-digit
numeric generators) to complement their existing security. Only a small
percentage have moved to production.
Why do think this is true? Can this be changed now?
10 © Novell, Inc. All rights reserved.
11. Advanced Authentication:
Cool Technology or Invaluable Tool?
Why Do It? Simply because of users? Security? Other?
– Users create easily guessable passwords, use names or something so
complicated they end up having to write it down or call for reset
– Users are not good at protecting their passwords
– Users can put the company in the news. NOT in a good way!
– Advanced Authentication can greatly improve the user experience and
Quality of Service (QoS)
– Oh... and it dramatically increases security and helps with regulatory
compliance requirements
The fact is that the ingenuity, persistence and proliferation of commercial
hackers has led to an increase in concern for protecting crucial systems
from unauthorized access. Many businesses stand to lose enormous
amounts of money as well as investor confidence from such security
breaches. Protecting data in the digital age is essential.
11 © Novell, Inc. All rights reserved.
12. Advanced Authentication:
Cool Technology or Invaluable Tool?
Why Do It? Simply because of users? Security? Other?
– Users create easily guessable passwords, use names or something so
complicated they end up having to write it down or call for reset
– Users are not good at protecting their passwords
– Users can put the company in the news. NOT in a good way!
– Advanced Authentication can greatly improve the user experience and
Quality of Service (QoS)
– Oh... and it dramatically increases security and helps with regulatory
compliance requirements
The fact is that the ingenuity, persistence and proliferation of commercial
hackers and has led to an increase in concern for protecting crucial systems
from unauthorized access. Many businesses stand to lose enormous
amounts of money as well as investor confidence from such security
breaches. Protecting data in the digital age is essential.
12 © Novell, Inc. All rights reserved.
13. Advanced Authentication:
Cool Technology or Invaluable Tool?
Why Do It With SecureLogin? Extending the use of the device.
– Something the user knows
> Username, ID, Badge Number, etc.
> Password
–
– Eliminated Issues – Remaining Issues
> forgotten passwords > disgruntled employees
> Keystroke logging > false negatives / positives
> password trapping > lost cards / tokens
> shoulder surfing > remote / traveling users
> phishing / identity theft
> trojans / man-in-the-middle
13 © Novell, Inc. All rights reserved.
14. Advanced Authentication:
Tool
Cool Technology or Invaluable Tool?
Why Do It With SecureLogin? Extending the use of the device.
– Something the user knows
> Username, ID, Badge Number, etc.
> Password
– Eliminated Issues – Remaining Issues
> forgotten passwords > disgruntled employees
> Keystroke logging > false negatives / positives
> password trapping > lost cards / tokens
> shoulder surfing > remote / traveling users
> phishing / identity theft
> trojans / man-in-the-middle
14 © Novell, Inc. All rights reserved.
15. Advanced Authentication:
Cool Technology or Invaluable Tool?
Device Options
– Something the user knows
> Username, ID, Badge Number, etc.
> Password
15 © Novell, Inc. All rights reserved.
16. Advanced Authentication:
Cool Technology or Invaluable Tool?
Who Does It Today?
– Something the user knows
> Username, ID, Badge Number, etc.
> Password
Biom tricSe urityO
e c pportunities
R g la ion
eu t s
R v nue
ee s H P -2
SD 4
D ,D S,D T e c
oD H oS, SA t PrivateIndustry
St te
a s
C s
itie International
N RHO
OTC M
O rC C Ms
the O O
ForeignGov’ts
CNC M
E TO
T e
im
16 © Novell, Inc. All rights reserved.
19. Federal Bridge
• PKI Authentication across government agencies
– Verisign, Exostar, Entrust
– Federal Bridge Certificate Authority - FBCA
– Validation and trust among agencies that use the bridge
FBCA
19 © Novell, Inc. All rights reserved.
20. Federal & Industry Bridges
Other Industries are leveraging the FBCA
HEBCA
(Future)
FBCA
20 © Novell, Inc. All rights reserved.
21. Practical Application of
Advanced Authentication
The Real World With Our Client: Clark & Daughtrey Medical Group
Nicholas Ivon
Director of Information Systems
(863) 284-5025
nickivon@clark-daughtrey.com
21 © Novell, Inc. All rights reserved.
22. Practical Application of
Advanced Authentication
Clark & Daughtrey Medical Group Overview
– C&D is a large multi-specialty, multi-location provider group
in Lakeland Florida
– Celebrating it’s 60th anniversary this year
– Over the past eight years, C&D has invested heavily in
technology and EMR
– Transitioned all our providers to ‘point-of-care’ over the past
three years
– Each patient visit is electronically documented. This means
no paper charts, and minimal transcription services
22 © Novell, Inc. All rights reserved.
23. Practical Application of
Advanced Authentication
Clark & Daughtrey Medical Group IT Drivers
C&D has four people in the I.T. department
– Manage firewalls, routers, and wireless network, to servers,
PBX/IP telephony, workstations, tablets, in 7 locations
– Virtualizing our datacenter with VMware vSphere 4
– Must utilize technologies to help us manage our environment
– Novell ZENworks is one tool we use to manage our servers,
® ®
workstations, automate application installations and updates,
and apply consistent policies throughout our organization
23 © Novell, Inc. All rights reserved.
24. Practical Application of
Advanced Authentication
Clark & Daughtrey Medical Group IT Drivers
– A major problem was all the different user credentials.
– Over 25 different applications user must log into.
– Cannot control credentialing policy for most applications
– Expanding use of extranets
> Makes password management
even more difficult
– Dozens of user id/password
help desk tickets every week
24 © Novell, Inc. All rights reserved.
25. Practical Application of
Advanced Authentication
Clark & Daughtrey Medical Group Solution
• Advanced Authentication with Biometrics
– SecuGen Hampster VI
– BioKey Algorithm (for shared pattern)
– NMAS middleware
™
• Desktop Automation Services (DAS) Provides
Kiosk Functionality
– Fast User Switching
– Application Control
• Novell SecureLogin
®
– Single Sign-On
– Secure sensitive applications with Biometric integration
25 © Novell, Inc. All rights reserved.
26. Practical Application of
Advanced Authentication
Clark & Daughtrey Medical Group Benefits
– Virtually Password Free
– Drastically reduced number of password-related help
desk tickets.
– Can re-verify biometric authentication when launching
applications or any identified window or event
– Dramatically increases security
– Centralized administration with network directory integration
– Corporate environment is more secure
– Superior desktop and application management
– I.T. can be proactive instead of reactive
– Fast ROI
26 © Novell, Inc. All rights reserved.
28. Novell SecureLogin Architecture
®
Novell eDirectory ™
Shared
Desktop
+
Enterprise Terminal Enterprise
DAS Desktop Services Systems
Strong Novell Application A
Authentication + Client
Novell
SSO Application B
SecureLogin
Application C
Novell
SecretStore ™
eDirectory
Report Audit
Database Server
Optional Add-on
28 © Novell, Inc. All rights reserved.
29. Novell SecureLogin Architecture
®
Microsoft ActiveDirectory
Shared
Desktop
+
Enterprise Terminal Enterprise
DAS Desktop Services Systems
Strong Application A
Authentication + MS Client
Novell
SSO Application B
SecureLogin
Application C
Active
Directory
Report Audit
Database Server
Optional Add-on
29 © Novell, Inc. All rights reserved.
30. Novell SecureLogin Architecture
®
Other LDAP Directories
Shared
Desktop
+
Enterprise Terminal Enterprise
DAS Desktop Services Systems
Strong Application A
Authentication + MS Client
Novell
SSO Application B
SecureLogin
Application C
LDAP V3
Directory
Report Audit
Database Server
Optional Add-on
30 © Novell, Inc. All rights reserved.
32. Using Biometrics
In this demonstration we will show the
use of a SecuGen Hampster:
– Physical Setup to Support Biometrics
> Workstation Driver
> NMAS Server (Novell eDirectory ) Configuration
™
®
™
> NMAS Workstations Gina / Security Provider
– Biometric Enrollment
> Configuring Novell eDirectory Options
> Enrolling Multiple Fingers
– Login With the Biometric
> Testing Different Fingers
32 © Novell, Inc. All rights reserved.
33. Using Proximity Cards
In this demonstration we will show the
use of a RFIDEAS PCProx:
– Physical Setup to Support the PCProx
> Workstation Driver
> NMAS Server (Novell eDirectory ) Configuration
™
®
™
> NMAS Workstations Gina / Security Provider
– PCProx Enrollment
> Configuring Novell eDirectory Options
> Enrolling the Prox Card
– Login With the Prox Card
> Testing Different Prox Cards
33 © Novell, Inc. All rights reserved.
34. Using Smart Cards
In this demonstration we will show the use
of a Smart Card Reader:
– Physical Setup to Support the Reader
> Workstation Driver
> NMAS Server (Novell eDirectory ) Configuration
™
®
™
> NMAS Workstations Gina / Security Provider
– Smart Card Enrollment
> Configuring eDirectory Options
> Enrolling the Smart Card
– Login With the Smart Card
> Testing Different Smart Cards
34 © Novell, Inc. All rights reserved.
35. For More Information
• Visit table A5 in IT Central
• Walk through the SecureLogin demo in the Installation
and Migration Depot
• Attend the following complementary sessions:
– BOF106: SecureLogin in the Real World Panel Discussion
– IAM205: Novell SecureLogin Installation, Deployment and
Lifecycle Management
– IAM207: SecureLogin and Your Active Directory Setup
– IAM302: Using Hard Disk Encryption and SecureLogin
– IAM304: Securing Shared Workstation with SecureLogin
• Visit www.novell.com/securelogin
35 © Novell, Inc. All rights reserved.
36. For More Information
Try SecureLogin for
Yourself
We'll install SecureLogin on
• Visit table A5 in IT Central your machine (for free).
• Attend the following complementary sessions:
– BOF106: SecureLogin in the Real World Panel Discussion
– IAM205: Novell SecureLogin Installation, Deployment and Lifecycle
Management
– IAM207: SecureLogin and Your Active Directory Setup
– IAM302: Using Hard Disk Encryption and SecureLogin
– IAM303: Enhancing SecureLogin with Multi-factor Authentication
– IAM304: Securing Shared Workstation with SecureLogin
• Walk through the SecureLogin demo in the
Installation and Migration Depot
• Visit www.novell.com/securelogin
36 © Novell, Inc. All rights reserved.
38. Unpublished Work of Novell, Inc. All Rights Reserved.
This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc.
Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope
of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified,
translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc.
Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.
General Disclaimer
This document is not to be construed as a promise by any participating company to develop, deliver, or market a
product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in
making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents
of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any
particular purpose. The development, release, and timing of features or functionality described for Novell products
remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to
make changes to its content, at any time, without obligation to notify any person or entity of such revisions or
changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc.
in the United States and other countries. All third-party trademarks are the property of their respective owners.