Strong authentication for your organization in a cost effective cloud-based model

Symantec VIP:
Strong Authentication for
your organization in a cost-
effective cloud-based
model.
Nantharat Puwarang, CISSP
Sr. Technical Consultant

Key to the Cloud with Symantec VIP - Paypal
2Symantec VIP – Solution Overview

Agenda
Overview1
Validation & ID Protection Service Overview2
Use Cases3

ตัวตนบนโลกออนไลนตัวตนบนโลกออนไลนตัวตนบนโลกออนไลนตัวตนบนโลกออนไลน
“On the Internet, no-one knows you’re a dog”

IT Helpdesk Common issues with Password
Passwords No Longer Offer Sufficient Protection
Source: Forrester Research, Florida State University, Imperva
Weak passwords
still the norm
Too many
passwords for
employees to
remember
Password
change/recovery
is top access
problem
• 55% of enterprises report
this is #1 issue for users
• 87% of enterprises need users to
have 2 or more passwords
for access to resources
• 66% have 6+ password policies!
• 1 in 5 users default to
simple passwords
• Only 30% require strong auth
• 54% had a breach in last year

Security Threat

Raising Trust And Improving Security For Consumers
Organisations Users/Devices
• Must establish trust with
their users through security
and reputation services
• Must authenticate and
manage user identities
• Must be able to verify the
security and reputation of
the on-line organization
prior to interaction
• Must be able to present
identity credentials before
accessing sensitive or
personal information
Trust The Organisation
Trust The User
Symantec Enables Mutual Authentication & Trust
VeriSign® Identity Protection Network
Cloud Based One Time Passwords SSL & Trust ServicesFDS & Risk Analysis

Making Strong Authentication with 2FA

Strong Authentication Is Critical to Protecting Assets
Cryptographically enhanced credentials ensure trusted access
Username/Passwords
Mother’s Maiden Name
Transaction History
OTP passwords alternatives
(risk-based or symmetric key cryptography)
Or
Digital Certificate
(public key cryptography)
Something You Know Something You Have

OATH and OTP generation
Secret key Moving factor
Time Counter
123456
OTP
OATH (HOTP, TOTP, OCRA)
Algorithm
www.openauthentication.org

OTP validation
User’s OTP
credential
Validation
service
123456
Compare results
To validate an OTP, the Validation Service performs the same
calculation as the OTP Credential and compares the result.
123456

Symantec Validation & ID Protection Service
Enterprise
Consumer Portal,
Business Partner
Extranet
Corporate Network
Cloud-based
Real Time
Authentication
User with VIP
Credential

A Strategic Approach to Authentication
Symantec™ VIP
Standalone OTP
Credentials
HardwareToken
Mobile,Desktop
Software
Embedded
Out-of-Band
SMS
VoiceCall
Email
Strong
Device IDs
Client-based
DeviceID
ClientlessDevice
ID
Risk
Based
Intelligent
Authentication
Symantec™ VIP Provides Flexible Strong Authentication Options

Symantec Validation & ID Protection (VIP)
Easy to Use & Deploy, Multiple VIP Credentials
OTP Security Token
Mobile Phone Credentials
OTP Security Card
SMS OTP /
Voice Enabled Pass-code / Embeded
345231
Software Token

Easy to Use Management Portal

Easy to Use Self Service Portals:
• Download your mobile credentials for Android, iOS, Blackberry,
Windows Mobile, and J2ME platforms https://idprotect.verisign.com
• Manage all your
credentials
(register, rename,
test, and remove)
Update – see Notes

Use Cases 1 :
VIP RADIUS integration Enterprise
applications

Symantec VIP - Enterprise Deployment Architecture

Secure remote access: VPN
Integrates out-of-the-box to Radius-based VPN gateways.

VIP Supports Many 3rd Party Integrations
• Array Networks
• Barracuda
• Check Point
• Citrix Systems
• Cisco
• IBM
• Juniper
• Microsoft
• and more at…
http://www.symantec.com/verisign/vip-
authentication-service/agents-options-
add-ons

Use Cases 2 :
VIP Integration with Enterprise AD

VIP with Windows AD

VIP integration with Windows AD

Symantec™ VIP Intelligent Authentication
• Superior protection vs. passwords
– Analyses login risk based on
device and behavior profiling
• Transparent user experience
– Invisibly authenticates users
except in cases of high risk logins
• Unique Symantec threat protection
– Uses Norton client, Symantec
End Point Protection, and
Symantec™ Global Intelligence
Network to help defeat emerging
threats
Augmenting Symantec™ VIP with Risk-Based Authentication

How Risk-based “Intelligent Authentication” Works
Evaluate…
• Do we know this device?
• Is this device trustworthy?
• Is the user behavior suspicious?
• Are there other potential threats?
Combining Passwords With Device ID And Risk Analysis
Complex Device ID
Threat Analysis
Actionable Risk Score
…and respond
• Low Risk: Grant access without an
additional challenge
• High Risk: Challenge user via Out-
Of-Band authentication process
User Behavior

Intelligent Authentication in Action…
Gatehouse
• User ID
• Password
Roadway Scanner
• Symantec Global Intelligence Network
• Device ID
• Fingerprint
• Symantec Endpoint Protection
• User Behaviour
Enter Validation Code
Correct Code
grants Access
Send Code by
SMS, email or voice
A Triggered Response In Elevated Risk Scenarios

Symantec Authentication Security and Reliability
Experience
15 years Validating Websites, User,
and Devices, with over 400,000
clients world wide
Secure Bandwidth
3 Billion Secure Validations a Day
with 100 % uptime for over the
last 5 years in a Saas Model

Why Symantec VIP?
Planning Beyond the Immediate Risk
Deploy authentication quickly & easily with no up-
front capital investmentCost-Effective
Choose the right authentication for your application,
user, device, and use caseFlexible
Provide a positive user experience and reduce the IT
burdenUser-Friendly
Address evolving authentication requirements with a
single vendorFuture-Proof

A Few VIP Customers

Q&A

Symantec VIP – Trial Account
• Register trial at
– https://vipmanager.verisign.com/vipmgr/createtrialaccount.v
• All of software and Guide can download in Account tabs

Hardware Requirements Software Requirements
• Intel or Intel-compatible 32-bit or
64-bit architecture
• 2 GB RAM
• 10GB disk space
One of the following operating systems:
• Microsoft Windows 2003 Enterprise R2
SP2 (32-bit)
• Microsoft Windows 2003 Enterprise SP2
(32-bit)
(32-bit)
(64-bit)
• Microsoft Windows 2008 Server R2 (64-
bit)
One of the following browsers (to access
the Configuration Console):
• Microsoft Internet Explorer 7.0 or later
• Firefox 3.0 or later
VIP Enterprise Gateway 9.0: Windows hardware and
software requirements

Hardware Requirements Software Requirements
• Intel or Intel-compatible 32-bit or
64-bit architecture
• 2 GB RAM
• 10GB disk space
One of the following operating systems:
• Red Hat Linux EL 5.x (32-bit)
• Red Hat Linux EL 5.x (64-bit)
• Red Hat Linux EL 6.1 (32-bit)
One of the following browsers (to access
the Configuration Console):
• Microsoft Internet Explorer 7.0 or later
• Firefox 3.0 or later
Supporting applications:
• GNU C Library (glibc) 2.4 or higher
VIP Enterprise Gateway 9.0: Linux hardware and
software requirements
For the latest supported platforms, check the VIP Enterprise Gateway
Installation and Configuration Guide.

Strong authentication for your organization in a cost effective cloud-based model

More Related Content

What's hot

Viewers also liked

Similar to Strong authentication for your organization in a cost effective cloud-based model

More from NetwayClub

Recently uploaded

Strong authentication for your organization in a cost effective cloud-based model