SecureLogin Solution for Hospital Environments Keith Lewis Novell Consultant Novell, Inc. Troy...
-
Upload
blaze-cuthbert-hudson -
Category
Documents
-
view
222 -
download
0
Transcript of SecureLogin Solution for Hospital Environments Keith Lewis Novell Consultant Novell, Inc. Troy...
SecureLogin Solution for Hospital Environments
Keith LewisNovell ConsultantNovell, Inc.
Troy DrewryProtocom ConsultantProtocom
© March 9, 2004 Novell Inc.2
one Net: Information without boundaries…where the right people are connected with the right information at the right time to make the right decisions.
The one Net vision
Novell exteNd™
Novell Nsure™
Novell Nterprise™
Novell NgageSM
:
:
:
:
© March 9, 2004 Novell Inc.3
The one Net vision
Novell Ngage services provides real-world experience from consultants around the world. Novell's service professionals make sure every Novell solution you implement is based on best practices, customized to meet your needs, and capable of delivering the highest possible return on investment.
Novell NgageSM
Novell exteNd™
Novell Nsure™
Novell Nterprise™
Novell NgageSM
:
:
:
:
© March 9, 2004 Novell Inc.4
Session Rules
The success of this session depends upon audience participation. Your best opportunity to learn is to be involved.
Questions should be asked when the subject matter is being covered or at the end of the session.
Questions should be related to lesson being discussed. Other questions can be handled after the session is complete.
© March 9, 2004 Novell Inc.5
Session Overview
Common issues in hospital environments that inhibit the implementation of a single sign-on solution.
Discuss how SecureLogin can be used alone or with other products to provide solutions.
Provide demonstrations of some of the solution discussed.
Q & A
© March 9, 2004 Novell Inc.6
What is a Complete Solution?
A solution that provides capabilities in a wide range of environmental and work-flow conditions.
A customizable solution that has options.
A secure solution.
A solution that you can actually implement within a reasonable timeline and budget.
A solution that you can maintain.
A solution that adheres to current and is customizable for future HIPAA requirements.
© March 9, 2004 Novell Inc.7
Factors Inhibiting a Complete Solution
Ambiguous requirements.
Lack of situational knowledge.
Project Personnel availability.
Infrastructure requirements.
Budgetary concerns.
Corporate Climate.
© March 9, 2004 Novell Inc.8
To Build a Complete SecureLogin Solution One Must Consider
The Applications (Authentication Methods, Access Points and their use)
The Solution Distribution Method
Existing or New Password Policies
The User Environment
OS and Platforms
Current and Future HIPAA Regulations
Help Desk Training
User Training
Solution Documentation
Ongoing Maintenance
Can SecureLogin Alone Be a Complete Solution?
© March 9, 2004 Novell Inc.10
What SecureLogin brings to the table
Infrastructure Flexibility• Integrates with Novell® eDirectory™ and NDS®
• Integrates with Microsoft AD and MS Windows NT Domains• Integrates with NetScape iPlanet / SunOne directories• Integrates with any other LDAP v3+ compliant directory• NO additional infrastructure requirements• Support for mobile and disconnected users• Community (nursing) workstation support• Full Citrix and Microsoft Terminal Server capabilities• Microsoft Windows 9x, NT/2000 and XP workstation agents • Linux and hand-held agents in development
© March 9, 2004 Novell Inc.11
What SecureLogin brings to the tableContinued...Application Integration
• Microsoft Windows 16/32 bit support• Web HTML support• Terminal Emulator Support• Java support (Sun Java not that other company's junk!)• Advanced recognition and response features • Robust scripting language• Ability to run external scripts and applications• Capable of leveraging directory and environment
variables• Ability to share credentials with Novell Portal and iChain®
• Integrated SNMP auditing and reporting
© March 9, 2004 Novell Inc.12
Security• Utilizes 3Des to secure credentials, settings and scripts• Open SSL used in LDAP mode• Full NMAS integration• ‘Advanced Authentication’ support
– Biometrics devices– SmartCard readers– Tokens– Etc…
• Secondary Key for offline security• Integrates with OTP (One Time Password) for
mainframes• Integrates with SSPR (Self Service Password Reset)
What SecureLogin brings to the tableContinued...
© March 9, 2004 Novell Inc.13
A Complete SecureLogin Solution will include some or all of the following:
Securelogin
SecretStore
NMAS™
The NetWare® client
ZENWorks® or MSI
Advanced Authentication Devices
Special Securelogin utilities, DLLs and Configurations
Applicable HIPAA Regulations
© March 9, 2004 Novell Inc.15
Physical Safeguards
Required Safeguards• Workstation Use (164.310(b))• Workstation Security (164.310(c))
© March 9, 2004 Novell Inc.16
Technical Safeguards
Access Control - 164.312(a)(1)• Unique User Identification• Emergency Access Procedure
Person or Entity Authentication – 164.312(d)
How it WorksSome Quick Demos
© March 9, 2004 Novell Inc.18
Windows Applications
1 Identify the application in memory
2 Identify the active form
3 Provide the credentials
© March 9, 2004 Novell Inc.19
Web Applications
1 Identify Domain
2 Provide Credentials
3 Auto Submit
20
Terminal Emulation Applications
1 Create Tlaunch Configuration
2 Use Trigger/Response
3 Exit
Citrix SolutionOverview and Demos
© March 9, 2004 Novell Inc.22
An Overview – Citrix Configurations
Citrix MetaFrame v1.8+ Support
Citrix XP Support
Citrix NFuse Support
Citrix Servers with NetWare Client
Citrix Servers without NetWare Client
Published desktops
Published applications
Web portal applications
© March 9, 2004 Novell Inc.23
Citrix Desktops
1 SecureLogin Runs in the session startup
2 Connects to Directory
3 Provides Credentials
MS Terminal Serveror Citrix Farm
MS Terminal Server
or Citrix Farm
© March 9, 2004 Novell Inc.24
Citrix Published Application & Nfuse
1 The published application is started with SLLauncher
2 SecureLogin connects to the directory
3 Provides credentials
MS Terminal Serveror Citrix Farm
MS Terminal Serveror Citrix Farm
Citrix Demo
PDA SolutionDiscussion and Demo
© March 9, 2004 Novell Inc.27
PDA’s and SecureLogin
MS Terminal Serveror Citrix Farm
Required Components• Wireless Capability• Citrix ICA Client• for PocketPC
MS Terminal Serveror Citrix Farm
PDA Demo
Nursing Station SolutionOverview and Demonstration
© March 9, 2004 Novell Inc.30
A Complete SecureLogin Solutionfor a Nursing Station Might Use
The NetWare client
NMAS (SecureWorkstation)
ZENWorks
Biometrics
© March 9, 2004 Novell Inc.31
Factors Inhibiting a Complete Solution at a Nursing Station
Multiple people sharing a single desktop.
HIPAA Requiring that each user must have a unique login.
HIPAA requiring that the user authentication must time out after inactivity.
Another user accessing the workstation after the workstation is locked.
Authentication time.
© March 9, 2004 Novell Inc.32
The SecureLogin Complete Solutionin a Nursing Station
Provide Credentials for each user accessing the shared workstation.
Use NMAS and the Post Login Method Secure Workstation to lock or logoff the user after a specified period of inactivity.
Use the NetWare client version 4.9 and configure it to provide the user the force logoff command button.
Use ZENWorks to map drives and display applications only if the user has access to the applications if the login script is slowing authentication. (Java and VB scripts can also be used)
Nursing Station Demo
Other Solutions
© March 9, 2004 Novell Inc.35
Hospital Environmental Challenges?
General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. Novell, Inc., makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.
No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.