Post on 28-Nov-2014
description
© Copyright Entrust, Inc. 2010
What are the Challenges of Securing Identities online?
© Copyright Entrust, Inc. 2010
2
Entrust is a World Leader in Identity Management and Security Software
• Founded in 1994, publicly-listed in 1998 (NASDAQ: ENTU)
• Best-in-class technology, service and support – industry pioneer
• Over 2000 customers in 50 countries – global reach
• Geographic presence: U.S., Canada, UK, China, Germany, India and Japan
• 411 employees and 110+ patents
• 2008 Revenue: ~$100.0 million
Enterprise Authentication
© Copyright Entrust, Inc. 2010
Enterprise Identities: Problems
Protect access to intellectual property and customer data
Work from anywhere
Stay out of employees’ way
Audit access to resources
Reduce transaction costs by moving online
EmployeesPartners
Contractors
OtherBusinesses
4Mobile Devices
Other internalServers & Devices
# ofIDs
2000 2010
© Copyright Entrust, Inc. 2010
Enterprise Identities: Entrust’s Solution
Broad range of authentication credentials
For users, servers, devices
Enables encryption and digital signature with strong identity
EmployeesPartners
Contractors
OtherBusinesses
Mobile Devices 5
Other internalServers & Devices
© Copyright Entrust, Inc. 2010
Entrust IdentityGuard
• Single open platform, centralized policy management• User self administration• Deploy based on Risk, Usability, Cost
Username & Password
Grid
VersatileAuthenticationPlatform
ScratchPad Digital
Certificates
OTP Tokens
Smartcards &USB Tokens
Mutual Auth
IP-Geolocation
Machine/Device Auth
Mobile
Knowledge-Based
© Copyright Entrust, Inc. 2010 7
Integrating IdentityGuard
Remote Access Applications
Microsoft Windows Servers
End User
Web Authentication Applications
Enterprise Applications
& Data
Repository
© Copyright Entrust, Inc. 2010 8
2nd Factor Authentication
Authentication Platform
Online Application
Initial Logon
User Name?Password?
User Name?Password?
2nd Factor Authentication
2nd Factor Challenge
© Copyright Entrust, Inc. 2010 9
Application: Remote Access
End User
Remote Access Applications
• Integrates with leading remote access solutions
• Leverages industry standards to streamline deployment
• Supports MS RAS, IP-SEC, & 802.1x clients
© Copyright Entrust, Inc. 2010 10
10
Application: Enterprise Desktops & Servers
End User
• Integrated 2nd factor authentication
• Easy to use & deploy
• Leverages common security infrastructure
Any user
****
1 6 3
Enterprise Servers
Microsoft WindowsDesktops
Administrators
© Copyright Entrust, Inc. 2010 11
Application: Extranet Access
End User
Web Authentication Applications
• Range of authenticators
• Inexpensive to deploy
• Easy to use and support
© Copyright Entrust, Inc. 2010 12
Easily Extends across Enterprise Applications
• Extranet (incl. MS OWA & leading Web SSO vendors)• Microsoft Windows Desktops • Remote Access: Leading IP-SEC & SSL VPNs, RAS, 802.1x, Citrix
AnyUser
******
© Copyright Entrust, Inc. 2010 13
IdentityGuard 2nd Factor Protection
Remote Access
Enterprise ServersMicrosoft Desktops
Extranet Access
© Copyright Entrust, Inc. 2010 14
Integrating IdentityGuard
Remote Access Applications
Microsoft Windows Servers
End User
Web Authentication Applications
Enterprise Applications
& Data
Repository
© Copyright Entrust, Inc. 2010 15
Integrated with Leading Technology Partners
Applications
Application / Infrastructure
Remote Access
Platform
© Copyright Entrust, Inc. 2010 16
SSL VPN: Juniper
© Copyright Entrust, Inc. 2010 17
Web Application Integration
Customer Environment
Existing Authentication/
Sign-on Application
SSL
SOAP
• WSDL Interface for J2EE & .NET applicactions
• Included Java bindings• Included ISAPI filter for IIS/ISA
© Copyright Entrust, Inc. 2010 18
Microsoft Desktop & Server Integration
Existing Active Directory
Enterprise Applications &
Network Resources
• Small Client for Windows desktops (GINA Chain)
• Existing AD Deployment (single or multi-domain)
• Configurable support for MS RAS, IP-SEC, and 802.1x clients built-in
© Copyright Entrust, Inc. 2010 19
Remote Access Integration
Existing Remote Access Gateway(IP-SEC or SSL)
Radius
Directory UN/PW auth with Active
Directory or LDAP
• IP-SEC or SSL Gateways• Configuration-only integration!
© Copyright Entrust, Inc. 2010 20
Remote Access Authentication Flow
VPN Client or
Web Browser
Remote Access Gateway
1.User enters authentication credentials
2. User credentials sent to IdentityGuard
4. IdentityGuard challenge requested & presented
5. IdentityGuard response sent to IG server
6. IdentityGuard server returns accept/reject to VPN Client
Repository
7.Success allows user entry
3. User credentials validated against directory
© Copyright Entrust, Inc. 2010 21
Repository Integration
• Leverages existing user entries
• Adds attributes to object classes for LDAP or independent table for RBDMS
• Read and Write operations required for some authentication options
DirectoryDatabase
JNDI
SSL
Thank you!