Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Tectia MobileID - J

advertisement 
Tectia MobileID –
Tokenless 2-Factor Authentication for
Juniper SSL VPN Appliances
Vesa Tiihonen, Director, SSH
December 30th 2011
Founded 1995
•
•
The Inventor of Secure Shell (SSH) protocol
NASDAQ OMX enlisted public company
Tectia Managed Security solution
•
•
Replacement for unsecured
protocols
Managed File Transfer
Worldwide customer base:
•
•
Helsinki, Finland (HQ)
Kloten, Switzerland
Redwood, USA
Boston, USA
Hong Kong,
China
7 out of top 10 Fortune 500
40% of Fortune 500
2
Contents
• Tectia MobileID Introduction
• Use Cases and Benefits of Tectia MobileID
• Key Differentiators of Tectia MobileID
• Juniper Technology Alliance
• SSL VPN Login Use Cases
• Tectia MobileID integration with Juniper SSL VPN
• Summary
3
The Best 2-FA Solution in the Market
: The Next Generation Authentication Platform
• Multi-factor appliance designed specifically for on-demand and
out-of-band authentication,
• Based on high quality SMS One-Time-Password (OTP) as the main
strong authentication delivery method,
• Supports also ALL OTP delivery methods, such as
password lists, email OTP, Voice OTP, Instant Messaging OTP, and any
OATH compliant hardware and software tokens
(e.g. Google Authenticator),
• Fully customizable,
• Operator Grade SMS Messaging Connections Out-Of-The-Box.
4
SMS authentication use cases
When to consider tokenless login
•
When you have geographically dispersed groups of users
•
When you have a mobile / remote workforce
•
When you provide an extranet
•
When you have ad-hoc login requirements
•
When you do not want to invest in and manage hardware
•
When you can’t wait weeks for a new token to be delivered
5
Benefits of using Tectia MobileID
• No seed data to be compromised
• No security devices to be stolen or lost
• 24/7 service deactivation provided by operators,
not only by your company helpdesk
• One-Time Password unpredictable and 100%
random, unlike with tokens
• Ability to detect fraudulent activity,
e.g. Man-in-the-Middle (MitM/MitB) attacks
• Improved user login experience
• Less administration
• Fewer helpdesk calls
6
Benefits of using Tectia MobileID
Fraud prevention and password management with SMS OTP
• Pro-actively lock end user accounts
after N failed login attempts
• Notification of locked account via SMS
• Permit account re-activation via SMS
• GeoIP match on Mobile device
location
• Permit forgotten password/PIN reset
via SMS, eliminating the need for
helpdesk services
7
Unique Differentiators of Tectia MobileID
Most Scalable
& Reliable
Best User
Experience
Fastest to
Deploy & Use
Most Cost
Efficient
8
Unmatched scalability and reliability
• Scales to millions of concurrent users
• Operator grade SMS delivery worldwide with SLA-guaranteed throughput
times
• Certified to work with
• In live production since 2003
• Modular architecture that provides service
• provider-grade scalability,
customization and control of network
conditions and business logic
9
Unmatched TCO and ROI
• Flexible pricing models with pay-per-active-users
on a monthly basis
• Low TCO
- Example 5-year TCO:
- for 250 RSA SecurID users: $140,000 (RSA Whitepaper)
- for 250 MobileID users:
$38,000 (excluding SMS traffic;
0.04-0.09€ per message)
• Practically ZERO administration;
new users activated instantly
• Tokenless solution – No logistics overhead
No extra or hidden costs!
10
Tectia MobileID – Fast deployment and activation
Add/remove traditional token user vs. MobileID:
ADDING NEW TOKEN
RSA USER
USER
REMOVING A TOKEN
RSA USER
USER
1.
1.
Admin removes / disables the account
2.
Admin notifies the user that the token should be
returned via courier.
3.
If user fails to return the token, or it's lost then admin
must initiate cost recovery procedures or the company
must pay for a replacement token.
4.
Admin eventually receives the token.
5.
If the token is damaged then admin must initiate cost
recovery procedures or the company must pay for a
replacement token.
2.
Admin creates token user account and delivers the
account details i.e. via e-mail
Admin adds token serial number to the new account
and synchronizes the token.
3.
Admin packages the token, user instructions and letter
on the token terms of use and mails it to the user.
4.
Admin informs the new user that token will be
delivered within a few days.
5.
User eventually receives the token and reads the
instructions and terms of use.
6.
Assuming that token has not become out-of-synch, or
6.
has not broken
been damaged
during delivery,
during delivery,
and thatand
userthat
knows
user
how to how
knows
use token,
to use etc.,
token,
user
user
successfully
successfully
logs
logs
in in
using
using 7.
the token.
Admin notifies the user that token was correctly
received and intact.
Admin marks the token as ”returned” and adds the
token serial to a pool of free tokens
ADDING NEW MOBILEID USER
REMOVING A MOBILEID USER
1.
1. Admin removes / disables the account.
User successfully logs in.
11
Tectia MobileID – Superior end-user experience
• No end-user training needed
• Use 100% intuitive with Flash SMS
• No changes to existing login process
• Works on any phone,
anywhere in the world
So easy it makes your
customers smile – guaranteed!
12
Tectia MobileID – multi-use authentication platform
Tectia MobileID can solve ANY ad-hoc multi-factor authentication problem:
•
2-factor authentication for SSL VPN access (RADIUS)
•
2-factor authentication for Web Services and portals (SOAP)
•
Solving Man-in-the-Browser / Man-in-the-Middle threats with
Out-Of-Band authentication
•
Multi-domain (LDAP) support
•
MS Outlook Web Access
•
Instant Messaging OTP
•
Any custom ad-hoc on-demand multi-factor authentication use case
•
2-factor SMS OTP for MS Windows logins
•
Supports ALL OTP techniques: email, lists, OATH tokens, Voice, etc.
•
Cloud-based SMS OTP available Out-Of-The-Box
•
OTP and business logic for online banking transaction verification
13
Tectia MobileID mRules framework
Custom business logic for Authentication, Authorization and Access (AAA)
•
New authentication methods can be added and the existing ones extended
•
Authentication methods can be chained, triggered, scheduled, etc.
•
Network packets (i.e. RADIUS) can be re-written, routed, scheduled, etc.
Sample custom access rule
14
Juniper Technology Alliance
Juniper SSL VPN with SSH’s MobileID:
Full turnkey 2FA solution without the challenges of first
generation two-factor authentication!
• Protect against unauthorized access to your critical
business information
• Reduce your IT administrative workload and hard costs,
• Easily scale with tokenless One-Time-Passwords
delivered via SMS,
• Be up and running in hours, not weeks or months!
15
Juniper Technology Alliance
Direct integration to existing corporate infrastructure
Operator grade
global 3G
network
Third party Gateway or
Integrated Tectia
Messaging service
One-time password
Hello Jane,
Your SMS
password
is 949372
958482
AD/ LDAP
SSL VPN
Internet
Remote user
Firewall
16
16
Authenticating using SMS One-Time Password
Scenario 1 – SSL VPN login
17
Authenticating using SMS One-Time Password
On-demand SMS password for two-factor authentication
18
Authenticating using SMS One-Time Password
And you’re logged in!
19
Authenticating using SMS One-Time Password
Scenario 2 – Login with pre-distributed SMS
20
Authenticating using SMS One-Time Password
And you’re logged in!
21
Technical integration with Juniper SSL VPN
Adding a new RADIUS Server to Juniper SA VPN
22
Technical integration with Juniper SSL VPN
Adding a new RADIUS Client to MobileID
23
Technical integration with Juniper SSL VPN
Connecting MobileID to AD / LDAP
24
Technical integration with Juniper SSL VPN
MobileID is LIVE – Start using it!
25
Tectia MobileID Web Admin Interface
Administer the Virtual Appliance
26
Viewing Tectia MobileID Logs in Real-Time
Viewing Tectia MobileID Logs in Real-Time
27
Try Tectia MobileID Live Today!
• Live VPN demonstration for anyone, anywhere, free-of-charge:
• Juniper SSL VPN login:
• Register here:
http://mobileiddemo.ssh.com/pub/index.php?plugin=register&app=juniper
• Login and demo here:
http://mobileiddemo.ssh.com/pub/index.php?plugin=testing&app=juniper
28
Summary
Tectia MobileID
 Operator grade messaging
capabilities
 Integrated HA messaging
 Allows ad-hoc use
 Highly scalable
 Framework for customized
login methods
Certified for Juniper SSL VPN
Competitive Solutions
 Typically no operator messaging
support
 No High Availability (HA),
requires purchasing and
configuring 3rd party messaging
service or product
 Accounts must be registered and
provisioned to work
 Typically for SME use only
 Typically only few pre-defined
methods available
29
Thank You!
Vesa Tiihonen
Director
Vesa.Tiihonen@ssh.com
www.ssh.com
Related documents
cpt
cpt
SMS - FltPlan.com
SMS - FltPlan.com
Slide 1
Slide 1
Peplink SpeedFusion
Peplink SpeedFusion
Email Service
Email Service
Evolution of IdM Architecture
Evolution of IdM Architecture
Data Flow Diagram - Digital Knowledge Centre
Data Flow Diagram - Digital Knowledge Centre
Intra-ASEAN Secure Transactions Framework Project
Intra-ASEAN Secure Transactions Framework Project
Download
advertisement