Make Sure They Are Who They Say They Are

  • Published on
    12-Jun-2015

  • View
    65

  • Download
    5

DESCRIPTION

7,500 users have corporate laptops but all users are allowed to use personal devices External web-based applications Worried about Man-in-the-Middle Attacks http://www.portalguard.com

Transcript

  • 1. 7,500 users have corporate laptops but all users are allowed to use personal devices External web-based applications Worried about Man-in-the-Middle Attacks Resources: Mutual Authentication TOTP Definition Beating MitM Attacks Information Technology Solutions Industry: Engineering Number of Users: 14,000 SOLUTION: The PortalGuard team worked with the companys CTO to deploy PortalGuard with the goal of providing an integrated two-factor authentication with mutual authentication solution. The users' laptop acts as "something you have" to minimize user impact thereby making the strong authentication transparent to the user. By using PortalGuards Transparent Tokenless Toolbar (TTT) for delivering time- variant one-time passwords (TOTP), the customer was offered strong authentication plus the ability to defeat man-in-the-middle attacks, which intercept messages in a public key exchange and resends them, substituting their public key for the requested key, leaving both parties with the appearance that they are still communicating with each other. PortalGuard defeats this by using an encrypted cookie designated for the valid web-site. The cookie is encrypted using PKI. Phishing attacks are also successfully defeated by the TTT. CHALLENGE External Application Access SOLUTION PortalGuard Transparent Tokenless Toolbar (TTT) PLATFORM LAYER Transparent User Authentication Usage Scenario CHALLENGE: As directed by senior IT management, to increase information security, the customer is seeking a two-factor authentication solution to access external web-based applications with minimum user impact. The need for strong authentication is being driven by recent a corporate compliance requirement to increase security without adding significant Help Desk calls. There's a requirement for a solution that prevents man-in-the-middle attacks. In layman's terms this refers to a user authenticating themselves to a server and that server authenticating itself to the user so both parties are assured of the others' identity. 2012, PistolStar, Inc. dba PortalGuard All Rights Reserved.