How to secure Alfresco ?
Monday, 24 October 2011
Alfresco Architecture
• The goal of this short slide show is to demonstrate what can be done to reinforce authentication.
• To achieve our objectives, we improved the Alfresco authentication system :
• To allow to users to evaluate the strength of their password,
• To allow to users to reset their password,
• To add a CAPTCHA system,
• To define password and account expiration dates,
• To disable accounts,
• To define a maximum of login attempts,
• To add an OpenID authentication (based on Google),
• To add a 2-Factor authentication.
Introduction
Monday, 24 October 2011
Alfresco Architecture
• We added a new component to allow to users to evaluate their password strength.
• Users can improve the global security by themselves.
Password Strength
Monday, 24 October 2011
Alfresco Architecture
Reset password
• This feature simplifies the administrator’s task.
• This one improves security by generating strong password.
• This feature could be called every month to reset all user’s password.
Monday, 24 October 2011
Alfresco Architecture
CAPTCHA Systems
• A CAPTCHA is a program that can tell whether its user is a human or a computer.
• To decrease the number of login attempts.
Use an open-source library called reCAPTCHA (that helps to digitize books).
Monday, 24 October 2011
Alfresco Architecture
Expiration dates
• Administrators can define an account and password expiration date for each user.
Monday, 24 October 2011
Alfresco Architecture
Disabled accounts
• Administrators can enable/disable account.
Monday, 24 October 2011
Alfresco Architecture
Maximum login attempts
• We can define a maximum login attempts (be default 3).
• After 3 unsuccessful login attempts, the account is automatically locked.
Monday, 24 October 2011
Alfresco Architecture
OpenID authentication
• OpenID is a safe, faster, and easier way to log in to web sites.
• OpenID Users Benefits:
• Fewer usernames and passwords to remember
• Helps protect personal identity information
• Globally unique,“Is that the same David?”
• Ability to know where you've shared information
Monday, 24 October 2011
Alfresco Architecture
OpenID Authentication
OpenID Authentication ?
Ask login to google
User is logged to Google.
Confirmation to continue
Login as trusted user
User logged to Alfresco
Register useras trusted user
Monday, 24 October 2011
Alfresco Architecture
2-Factor authentication
• A 2FA authentication (or strong authentication) is an approach to authentication which requires the presentation of two different kinds of evidence:
• Something known, like a password, (e.g. Alfresco password)
• Something unique (e.g. OTP or One-time password).
• In this example, we used a 2FA authentication called WiKID.
Monday, 24 October 2011
Alfresco Platform design
2-Factor authentication
Ask a passcode (OTP) for Alfresco ?
Passcode valid ?
Authentication
Passcode valid for 90 seconds
The user fills the passcode in Alfresco Share
Passcode valid for Alfresco ?
Passcode OK
Disable thepasscode
Passcode OK
Login withusername/password
User logged
Create apasscode
Monday, 24 October 2011
Alfresco Platform design
2-Factor authentication
Username ?
Password ?
Monday, 24 October 2011
Thank You
Monday, 24 October 2011
Top Related