Your SlideShare is downloading. ×
0
Understanding PortalGuard’sConfigurable Password Management: Balancing Usability and Compliance  Highlighting the Password...
By the end of this tutorial you will be able to… • How PortalGuard can help you • Understand how password management can m...
The PortalGuard software is a Contextual Authentication platform   which is focused on enhancing usability, while maintain...
Before going into the details…• Configurable by user, group or application• Security – password history, expiration and co...
Implementing stronger authentication security…
BUY         BUILD      NON-Compliant
Increasing security as a secondary thought…• Low risk applications - password-based authentication• Medium/High risk appli...
Password management is…A poorly chosen password may result in unauthorized accessand/or exploitation of critical data.• Pa...
The first step…Educate your users on password best practices including…                  • Never share your account       ...
Goes beyond the foundational policies and provides enhancedfunctionality which improves security of passwords whileimprovi...
FEATURES
Security Features:• Password Complexity - customizable rules for minimum and  maximum length, and uppercase, lowercase and...
Usability Features:• Email Calendar Reminders - set reminders in user’s email client  calendar of upcoming password expira...
Administrative & Help Desk Features:• Help Desk/Verbal Authentication - prove user’s identity when  calling into the Help ...
• Flexibility - configurable to the user, group or domain hierarchy• Increased Usability - maintains user productivity and...
HOW IT WORKS
Policy-based security settings….To enforce password management rules for your users.                                      ...
Password HistorySeveral previous passwords are remembered. With this policy setting,users cannot reuse old passwords when ...
Maximum Password AgeSo passwords expire as often as necessary for your environment,typically every 30 to 90 days. If an at...
Minimum Password AgeSo passwords cannot be changed until they are more than a certainnumber of days old. If a minimum age ...
Minimum Password LengthSo passwords must consist of at least a specified number of characters.Long passwords – seven or mo...
Search Order and PrecedenceDue to PortalGuard’s flexibility users can have multiple policies applied…               1.   P...
User ProfilesWhere PortalGuard’s user-specific information is stored.         •   Strike count         •   Last login time...
Step 1:The user’s password is expired, but within the grace period. The userdefers the password change by clicking the lin...
Step 2:A few days later, the user attempts to login and the password is nowexpired. PortalGuard forces a password change.
Step 2a:If PortalGuard is configured to use a password meter it is automaticallyupdated as the user types their new passwo...
Step 2b:If a password minimum age is enabled and the user attempts tomanually change their password again, PortalGuard wil...
Step 3:When password history is enabled, a password that satisfies thecomplexity rules may still be rejected.
Step 4:Once the new password is acceptable, PortalGuard changes it in thetarget user repository in real-time and notifies ...
Step 5:  If a password minimum age is enabled and the user attempts to  manually change their password again, PortalGuard ...
Configurable through the PortalGuard Configuration Utility:Password Rules:•   Minimum length•   Maximum length•   Minimum ...
Configurable through the PortalGuard Configuration Utility:Rule Grouping:• Combine standard  password rules into  pools wh...
Configurable through the PortalGuard Configuration Utility:Enable/DisablePassword Meter:• Minimum required  “score” when e...
Configurable through the PortalGuard Configuration Utility:Password History:• By number of entries  or time
Configurable through the PortalGuard Configuration Utility:Password Dictionary:• Standard words that  passwords cannot  co...
Configurable through the PortalGuard Configuration Utility:Misc:• Enforce Complexity  Rules During Login• Regular Expressi...
Configurable through the PortalGuard Configuration Utility:Password Expiration                 Lockout• Expiration period ...
TECHNICAL REQUIREMENTS
A MSI is used to install PortalGuard on IIS 6 or 7.x.This version of PortalGuard supports direct access and authentication...
THANK YOUFor more information visit PortalGuard.com or Contact Us
Upcoming SlideShare
Loading in...5
×

Password management

1,513

Published on

PortalGuard’s Password Management will increase the security of passwords by adding features such as more granular password quality rules, history, expiration and lockout due to incorrect logins. This is especially beneficial for applications failing to meet compliance requirements, such as homegrown web applications or custom SQL user repositories. Administrators can easily manage multiple password policies while users are given usability features such as password meters and password expiration reminders synched with their email client calendar.

Watch tutorial here: http://pg.portalguard.com/configurable_password_management_tutorial

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,513
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
23
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "Password management"

  1. 1. Understanding PortalGuard’sConfigurable Password Management: Balancing Usability and Compliance Highlighting the Password Management Layer of the PortalGuard Platform
  2. 2. By the end of this tutorial you will be able to… • How PortalGuard can help you • Understand how password management can make applications compliant • Discover PortalGuard’s Configurable Password Management • See the Step-by-step Authentication Process • Know the Technical Requirements
  3. 3. The PortalGuard software is a Contextual Authentication platform which is focused on enhancing usability, while maintaining a balance between security, auditing and compliance for your web, desktop and mobile applications. Usability Security • Single Sign-on • Knowledge-based • Password Management • Two-factor Authentication • Password Synchronization • Contextual Authentication • Self-service Password Reset • Real-time Reports/Alerts
  4. 4. Before going into the details…• Configurable by user, group or application• Security – password history, expiration and complexity• Strikeout/Lockout limits to enforce a configurable number of strikes• Usability – email calendar reminders and password strength meter• Self-service password reset, recovery and account unlock• Password synchronization• Verbal Authentication• Easy implementation• Cost effective – reduce Help Desk calls
  5. 5. Implementing stronger authentication security…
  6. 6. BUY BUILD NON-Compliant
  7. 7. Increasing security as a secondary thought…• Low risk applications - password-based authentication• Medium/High risk applications - stronger authentication• Contextual Authentication• Multi-factor• Two-factor• One-time password (OTP)
  8. 8. Password management is…A poorly chosen password may result in unauthorized accessand/or exploitation of critical data.• Password Creation• Password Protection• Password Change Frequency Protection Frequency Complexity
  9. 9. The first step…Educate your users on password best practices including… • Never share your account • Never use the same password for multiple systems • Never tell a password to anyone • Never write down a password • Never provide a password over the phone, email or instant messaging • Make sure to log off or lock workstation • Change your password whenever suspect • Passwords should be alpha-numeric at a minimum
  10. 10. Goes beyond the foundational policies and provides enhancedfunctionality which improves security of passwords whileimproving usability for users.
  11. 11. FEATURES
  12. 12. Security Features:• Password Complexity - customizable rules for minimum and maximum length, and uppercase, lowercase and special characters.• Password History - prevent users from reusing their last “n” passwords• Password Expiration - set expiration and grace periods• Strikeout/Lockout Limits - enforce a configurable number of strikes before an account lockout• Prevent Users from Sharing Credentials - limit multiple concurrent logon sessions• Lockout Inactive User After “n” Days - identify and stop access from dormant user accounts
  13. 13. Usability Features:• Email Calendar Reminders - set reminders in user’s email client calendar of upcoming password expirations• Expiration Grace Period – notify users of expiration but allow them to skip the password reset for a configurable number of days• Password Meter - provide users with visual clue of the strength of the password when resetting or creating one• Password Synchronization - leveraging one strong password across multiple systems
  14. 14. Administrative & Help Desk Features:• Help Desk/Verbal Authentication - prove user’s identity when calling into the Help Desk by answering a series of challenge questions• Auditing/Logging - record user login activity including invalid usernames, last login, last password change, etc.• Administrative Dashboard - provides administrators with a snapshot of recent user login activity• Help Desk Console – application which allows Help Desk staff to perform account actions such as a password reset, account unlock, etc.
  15. 15. • Flexibility - configurable to the user, group or domain hierarchy• Increased Usability - maintains user productivity and satisfaction with a password strength meter, email calendar reminders and self- service password reset• Increased Security - prevents both common password and code injection attacks• Balances Usability and Security - supports both compliance and user• Implements password best practices• Compliance – web-based and SQL applications now meet required standards• Cost effective – reduce password related Help Desk calls
  16. 16. HOW IT WORKS
  17. 17. Policy-based security settings….To enforce password management rules for your users. POLICY
  18. 18. Password HistorySeveral previous passwords are remembered. With this policy setting,users cannot reuse old passwords when their password expires. POLICY
  19. 19. Maximum Password AgeSo passwords expire as often as necessary for your environment,typically every 30 to 90 days. If an attacker manages to crack a user’spassword using offline tools, a shorter expiration interval increases thelikelihood that the password is no longer current for that user’s account,preventing the breach. POLICY
  20. 20. Minimum Password AgeSo passwords cannot be changed until they are more than a certainnumber of days old. If a minimum age is defined, users cannotrepeatedly change their passwords to get around the password historypolicy setting and then use their original password. POLICY
  21. 21. Minimum Password LengthSo passwords must consist of at least a specified number of characters.Long passwords – seven or more characters – are usually stronger thanshort ones. With this policy setting, users cannot use blank passwords,and they have to create passwords that are a certain number ofcharacters long. POLICY
  22. 22. Search Order and PrecedenceDue to PortalGuard’s flexibility users can have multiple policies applied… 1. Policies applied directly to a user 2. Policies applied to a group 3. Policies applied to a domain or OU 4. The default policy POLICY
  23. 23. User ProfilesWhere PortalGuard’s user-specific information is stored. • Strike count • Last login time • Password expiration time • Hashed answers to challenge questions • Last password change time • Accepted Terms of Use time POLICY
  24. 24. Step 1:The user’s password is expired, but within the grace period. The userdefers the password change by clicking the link shown and is allowed tologin.
  25. 25. Step 2:A few days later, the user attempts to login and the password is nowexpired. PortalGuard forces a password change.
  26. 26. Step 2a:If PortalGuard is configured to use a password meter it is automaticallyupdated as the user types their new password.
  27. 27. Step 2b:If a password minimum age is enabled and the user attempts tomanually change their password again, PortalGuard will prevent it.
  28. 28. Step 3:When password history is enabled, a password that satisfies thecomplexity rules may still be rejected.
  29. 29. Step 4:Once the new password is acceptable, PortalGuard changes it in thetarget user repository in real-time and notifies the user of the success.
  30. 30. Step 5: If a password minimum age is enabled and the user attempts to manually change their password again, PortalGuard will prevent it.
  31. 31. Configurable through the PortalGuard Configuration Utility:Password Rules:• Minimum length• Maximum length• Minimum lowercase• Minimum uppercase• Minimum numeric• Minimum special• Active Directory complexity
  32. 32. Configurable through the PortalGuard Configuration Utility:Rule Grouping:• Combine standard password rules into pools where only a subset must be met
  33. 33. Configurable through the PortalGuard Configuration Utility:Enable/DisablePassword Meter:• Minimum required “score” when enabled
  34. 34. Configurable through the PortalGuard Configuration Utility:Password History:• By number of entries or time
  35. 35. Configurable through the PortalGuard Configuration Utility:Password Dictionary:• Standard words that passwords cannot contain
  36. 36. Configurable through the PortalGuard Configuration Utility:Misc:• Enforce Complexity Rules During Login• Regular Expression Checking
  37. 37. Configurable through the PortalGuard Configuration Utility:Password Expiration Lockout• Expiration period • Strike limit• Grace period • Lock expiration• Expire first use • Strike messages• Minimum age • Inactivity• Calendar reminders • Session concurrency • Help Desk/Verbal Authentication Auditing: • Log last login • Log last password change • Log last password recovery • Require acceptance • URL for rejection
  38. 38. TECHNICAL REQUIREMENTS
  39. 39. A MSI is used to install PortalGuard on IIS 6 or 7.x.This version of PortalGuard supports direct access and authenticationto cloud/browser-based applications, only.• IBM WebSphere/WebSphere Portal v5.1 or higher• Microsoft IIS 6.0 or higher• Microsoft Windows SharePoint Services 3.0 or higher• Microsoft Office SharePoint Server 2007 or later• .NET 2.0 framework or later must be installed• (64-bit OS only) Microsoft Visual C++ 2005 SP1 Redistributable Package (x64)• Microsoft Windows Server 2000• Microsoft Windows Server 2003 (32 or 64-bit)• Microsoft Windows Server 2008 (32 or 64-bit)• Microsoft Windows Server 2008 R2
  40. 40. THANK YOUFor more information visit PortalGuard.com or Contact Us
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×