ISS SA le presenta los Escenarios para IdentityGuard de Entrust

© Copyright Entrust, Inc. 2010

What are the Challenges of Securing Identities online?


2

Entrust is a World Leader in Identity Management and Security Software

• Founded in 1994, publicly-listed in 1998 (NASDAQ: ENTU)

• Best-in-class technology, service and support – industry pioneer

• Over 2000 customers in 50 countries – global reach

• Geographic presence: U.S., Canada, UK, China, Germany, India and Japan

• 411 employees and 110+ patents

• 2008 Revenue: ~$100.0 million

Enterprise Authentication


Enterprise Identities: Problems

Protect access to intellectual property and customer data

Work from anywhere

Stay out of employees’ way

Audit access to resources

Reduce transaction costs by moving online

EmployeesPartners

Contractors

OtherBusinesses

4Mobile Devices

Other internalServers & Devices

# ofIDs

2000 2010


Enterprise Identities: Entrust’s Solution

Broad range of authentication credentials

For users, servers, devices

Enables encryption and digital signature with strong identity

EmployeesPartners

Contractors

OtherBusinesses

Mobile Devices 5

Other internalServers & Devices


Entrust IdentityGuard

• Single open platform, centralized policy management• User self administration• Deploy based on Risk, Usability, Cost

Username & Password

Grid

VersatileAuthenticationPlatform

ScratchPad Digital

Certificates

OTP Tokens

Smartcards &USB Tokens

Mutual Auth

IP-Geolocation

Machine/Device Auth

Mobile

Knowledge-Based

© Copyright Entrust, Inc. 2010 7

Integrating IdentityGuard

Remote Access Applications

Microsoft Windows Servers

End User

Web Authentication Applications

Enterprise Applications

& Data

Repository


2nd Factor Authentication

Authentication Platform

Online Application

Initial Logon

User Name?Password?

User Name?Password?

2nd Factor Authentication

2nd Factor Challenge


Application: Remote Access

End User


• Integrates with leading remote access solutions

• Leverages industry standards to streamline deployment

• Supports MS RAS, IP-SEC, & 802.1x clients


10

Application: Enterprise Desktops & Servers

End User

• Integrated 2nd factor authentication

• Easy to use & deploy

• Leverages common security infrastructure

Any user

****

1 6 3

Enterprise Servers

Microsoft WindowsDesktops

Administrators


Application: Extranet Access

End User


• Range of authenticators

• Inexpensive to deploy

• Easy to use and support


Easily Extends across Enterprise Applications

• Extranet (incl. MS OWA & leading Web SSO vendors)• Microsoft Windows Desktops • Remote Access: Leading IP-SEC & SSL VPNs, RAS, 802.1x, Citrix

AnyUser

******


IdentityGuard 2nd Factor Protection

Remote Access

Enterprise ServersMicrosoft Desktops

Extranet Access


Integrating IdentityGuard


Microsoft Windows Servers

End User


Enterprise Applications

& Data

Repository


Integrated with Leading Technology Partners

Applications

Application / Infrastructure

Remote Access

Platform


SSL VPN: Juniper


Web Application Integration

Customer Environment

Existing Authentication/

Sign-on Application

SSL

SOAP

• WSDL Interface for J2EE & .NET applicactions

• Included Java bindings• Included ISAPI filter for IIS/ISA


Microsoft Desktop & Server Integration

Existing Active Directory

Enterprise Applications &

Network Resources

• Small Client for Windows desktops (GINA Chain)

• Existing AD Deployment (single or multi-domain)

• Configurable support for MS RAS, IP-SEC, and 802.1x clients built-in


Remote Access Integration

Existing Remote Access Gateway(IP-SEC or SSL)

Radius

Directory UN/PW auth with Active

Directory or LDAP

• IP-SEC or SSL Gateways• Configuration-only integration!


Remote Access Authentication Flow

VPN Client or

Web Browser

Remote Access Gateway

1.User enters authentication credentials

2. User credentials sent to IdentityGuard

4. IdentityGuard challenge requested & presented

5. IdentityGuard response sent to IG server

6. IdentityGuard server returns accept/reject to VPN Client

Repository

7.Success allows user entry

3. User credentials validated against directory


Repository Integration

• Leverages existing user entries

• Adds attributes to object classes for LDAP or independent table for RBDMS

• Read and Write operations required for some authentication options

DirectoryDatabase

JNDI

SSL

Thank you!

ISS SA le presenta los Escenarios para IdentityGuard de Entrust

Technology

Transcript of ISS SA le presenta los Escenarios para IdentityGuard de Entrust