Multifactor AuthN: It Isn t Just for Auditors Anymore. Rob Carter & Shilen Patel, Duke University Fall, 2011 Internet2 Member Meeting
|
|
- Kelley Bell
- 6 years ago
- Views:
Transcription
1 Multifactor AuthN: It Isn t Just for Auditors Anymore Rob Carter & Shilen Patel, Duke University Fall, 2011 Internet2 Member Meeting 1
2 But first, a few words from our security office... 2
3 Passwords are the problem Password phishing 5% success rate spearphishing Some users have had local passwords speared repeatedly 3
4 Passwords are the problem Hash crackers & GPUs SO demo: random pw s on a single std. video card 5-char: 4 min, 8-char: 45 days Linear decomp, scaling $25k ==> 8-char ~ 8 hrs Password reuse + one weak external system... 4
5 ...and a word from our auditors... 5
6 You ve Got Policy Problems Institutional expiration, complexity policies considered too weak Crack efficiency rises faster than password policies harden maybe always will... kpmg(sis,erp) ~= FAIL 6
7 ...and a few from our users... 7
8 Passwords are a different kind of problem... You already make my password impossibly hard If I have to change it frequently, I ll have to write it down If I have to pick one suddenly, it ll be weak Isn t the system already secure? 8
9 Guess where that leaves us? Auditors say we need to do something Security says we need to do it quickly Users won t accept strict password policies 9
10 We ve no way out but up... Multifactor AuthN seems the answer Physical factors aren t phishable Auditors love N- factor AuthN Security Office loves it, too 10
11 Flexibility is critical Not all application contexts have the same requirements or capabilities Institutional security goals often run counter to applications ease-of-use goals Everybody needs a little give and take... 11
12 ...especially the users. Tenured Professor: You use the same password for my HR benefits that I give my secretary so she can read my . This is an outrage! Something s definitely an outrage, here, but......maybe we can use this as a carrot to the auditors stick......but it ll require more than the traditional approach to multifactor authentication... 12
13 Traditional single-mode multifactor is a non-starter Authmech = f(organization) one-size-fits-all -- that always works University users aren t exactly a captive audience Second factors are always attractive targets (viz RSA) -- want to avoid lock-in 13
14 Multimode solution seems more attractive... Authmech = f(app,user) (or even f(app,user,location)) f() = Max(user(app),app(user),institution(app,user)) Prof W. can self-select a higher bar for his logins to his blog, while we can raise the bar for logins to grant mgt. Another RSA-type hack could force us to change mechanisms......and besides... it s good enough for Google Accounts 14
15 Low-hanging fruit strategy Start with the IDP 700+ on-campus SPs and growing already If we re careful, most SPs won t need to do anything and their users won t notice anything Infrastructure behind the IDP can be reused New apps are largely web-based; older apps continue to grow better web interfaces 15
16 But shouldn t it be the SP s problem? Perhaps, but......sp<->idp conversation lacks full negotiation, so......negotiation would require multiple SP round-trips,......and would likely require app awareness,......but application authors aren t usually that savvy 16
17 Guess where we are again? 17
18 New IDP external authmech Pluggable interface for custom credential verifiers Auth Svc Auth Svc Recognizes different strength values for different credential types Computes required strength based on claimed identity and SP making request. Plug-In Plug-In Plug-In Plugin API Custom multifactor "external" authmech IDP Login Page (jsp) Rules Prefs 18
19 New IDP external authmech IDP Login Extensions ajaxy and context sensitive Auth Svc Auth Svc authn options depend on user capabilities and preferences Plug-In Plug-In Plug-In Plugin API Custom multifactor "external" authmech IDP Login Page (jsp) Rules Prefs constrained feedback to defeat incremental attacks 19
20 New IDP external authmech Data repositories for rules and preferences IDP stores mech strength rules locally LDAP stores user, SP specific data Auth Svc Auth Svc Plug-In Plug-In Plug-In Plugin API Custom multifactor "external" authmech Rules Considering Grouper as replacement for one or both to enhance generality IDP Login Page (jsp) Prefs 20
21 How re y gonna keep em on the farm? SSO becomes an issue across disparate SPs Auth Svc Auth Svc Built-in previous session handler doesn t understand strength Plug-In Plug-In Plug-In Plugin API Custom multifactor "external" authmech SSO Handler IDP Login Page (jsp) Rules Prefs We disable it and supply SSO in the external authmech itself SP1 SP2 21
22 How re y gonna keep em on the farm? Record authn strength factor (sum) in login context (auth method) SSO implements >= semantics -- SSO succeeds iff previous session method strength >= current requirement On SSO failure, require all new creds from user Auth Svc Auth Svc Plug-In Plug-In Plug-In Plugin API Custom multifactor "external" authmech SP1 SSO Handler IDP Login Page (jsp) SP2 Rules Prefs 22
23 Novel Use Cases Sometimes a password may not be required (WS) If no one specifies anything, UI can look just like before If an SP explicitly lowers its expectations, new options arise Default numeric strength requirement = 1 (equiv to password only ) Allow OpenID gateway as option for SPs requiring strength < 1 23
24 Demos, Demos, Demos 24
Multifactor Authentication in Higher Education Tuesday, December 6, p.m. ET
IAM Online Multifactor Authentication in Higher Education Tuesday, December 6, 2011 3 p.m. ET Steven Burke, Federal Student Aid, US Dept. of Education Shilen Patel, Senior IT Analyst, Duke University Miguel
More informationHow to Secure SSH with Google Two-Factor Authentication
How to Secure SSH with Google Two-Factor Authentication WELL, SINCE IT IS QUITE COMPLEX TO SET UP, WE VE DECIDED TO DEDICATE A WHOLE BLOG TO THAT PARTICULAR STEP! A few weeks ago we took a look at how
More informationOffice 365 and Azure Active Directory Identities In-depth
Office 365 and Azure Active Directory Identities In-depth Jethro Seghers Program Director SkySync #ITDEVCONNECTIONS ITDEVCONNECTIONS.COM Agenda Introduction Identities Different forms of authentication
More informationSupporting a Widely Deployed Campus Shibboleth Implementation
Spring 2012 Internet2 Member Meeting April 25, 2012 Supporting a Widely Deployed Campus Shibboleth Implementation Russell Beall, University of Southern California Brendan Bellina, University of Southern
More informationSingle Sign-On Showdown
Single Sign-On Showdown ADFS vs Pass-Through Authentication Max Fritz Solutions Architect SADA Systems #ITDEVCONNECTIONS Azure AD Identity Sync & Auth Timeline 2009 2012 DirSync becomes Azure AD Sync 2013
More informationYour Auth is open! Oversharing with OpenAuth & SAML
Your Auth is open! Oversharing with OpenAuth & SAML Andrew Pollack Northern Collaborative Technologies 2013 by the individual speaker Sponsors 2013 by the individual speaker Who Am I? Andrew Pollack President
More informationRemote Desktop Security for the SMB
A BWW Media Group Brand Petri Webinar Brief October 5th, 2018 Remote Desktop Security for the SMB Presenter: Michael Otey Moderator: Brad Sams, Petri IT Knowledgebase, Executive Editor at Petri.com There
More informationWarm Up to Identity Protocol Soup
Warm Up to Identity Protocol Soup David Waite Principal Technical Architect 1 Topics What is Digital Identity? What are the different technologies? How are they useful? Where is this space going? 2 Digital
More informationFederated AAI and the World of Tomorrow. Rion Dooley
Federated AAI and the World of Tomorrow Rion Dooley Who is this guy? Systems provider @ TACC Infrastructure provider @ iplant/xsede Service provider @ Agave Application developer @ GatewayDNA Support staff
More informationOutline Key Management CS 239 Computer Security February 9, 2004
Outline Key Management CS 239 Computer Security February 9, 2004 Properties of keys Key management Key servers Certificates Page 1 Page 2 Introduction Properties of Keys It doesn t matter how strong your
More informationHow NOT To Get Hacked
How NOT To Get Hacked The right things to do so the bad guys can t do the wrong ones Mark Burnette Partner, LBMC -Risk Services October 25, 2016 Today s Agenda Protecting Against A Hack How should I start?
More informationHolistic Database Security
Holistic Database Security 1 Important Terms Exploit: Take advantage of a flaw or feature Attack Surface: Any node on the network that can be attacked. That can be the UI, People, anything that touches
More informationEnhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation
Enhancing cloud applications by using external authentication services After you complete this section, you should understand: Terminology such as authentication, identity, and ID token The benefits of
More informationLiferay Security Features Overview. How Liferay Approaches Security
Liferay Security Features Overview How Liferay Approaches Security Table of Contents Executive Summary.......................................... 1 Transport Security............................................
More informationRethinking Authentication. Steven M. Bellovin
Rethinking Authentication Steven M. https://www.cs.columbia.edu/~smb Why? I don t think we understand the real security issues with authentication Our defenses are ad hoc I regard this as a step towards
More informationDATACENTER MANAGEMENT Goodbye ADFS, Hello Modern Authentication! Osman Akagunduz
Goodbye ADFS, Hello Modern Authentication! Osman Akagunduz Osman Akagunduz Consultant @ InSpark Microsoft Country Partner Of The Year Twitter: @Osman_Akagunduz What s in this session The role of Azure
More informationOATH : An Initiative for Open AuTHentication
OATH : An Initiative for Open AuTHentication Who Are You Really Doing Business With? 2 Oath Proprietary Confidential The New York Magazine, July 5, 1993, Peter Steiner, The Economic Promise of e-business
More informationGoogle Search Appliance
Google Search Appliance Security May 2014 2014 Google 1 Security Security is a key consideration when designing and implementing solutions that integrate data from different sources for enterprise search.
More informationGoals. Understand UNIX pw system. Understand Lamport s hash and its vulnerabilities. How it works How to attack
Last Updated: Nov 7, 2017 Goals Understand UNIX pw system How it works How to attack Understand Lamport s hash and its vulnerabilities History of UNIX passwords Originally the actual passwords were stored
More informationOpen Source in the Corporate World. Open Source. Single Sign On. Erin Mulder
Open Source in the Corporate World Open Source Single Sign On Erin Mulder Agenda Introduction Single Sign On for Multiple s Shared directory (e.g. OpenLDAP) Proxy systems (e.g. Yale CAS) X.509 certificates
More informationMulti-Factor Authentication (MFA) Interoperability Profile. Karen Herrington, Virginia Tech David Walker, Internet2 September 26, 2016
Multi-Factor Authentication (MFA) Interoperability Profile Karen Herrington, Virginia Tech David Walker, Internet2 September 26, 2016 1 Mission Working group formed at the request of the Assurance Advisory
More informationAuthentication. Katarina
Authentication Katarina Valalikova @KValalikova k.valalikova@evolveum.com 1 Agenda History Multi-factor, adaptive authentication SSO, SAML, OAuth, OpenID Connect Federation 2 Who am I? Ing. Katarina Valaliková
More informationiphone Encryption, Apple, and The Feds David darthnull.org
iphone Encryption, Apple, and The Feds David Schuetz @DarthNull darthnull.org NoVA Hackers October 13, 2014 Background Apple s new privacy page, On devices running ios 8 : Apple cannot bypass your passcode
More informationBEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE
BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE OUR ORGANISATION AND SPECIALIST SKILLS Focused on delivery, integration and managed services around Identity and Access Management.
More informationAttributes for Apps How mobile Apps can use SAML Authentication and Attributes
Attributes for Apps How mobile Apps can use SAML Authentication and Attributes Lukas Hämmerle lukas.haemmerle@switch.ch TNC 2013, Maastricht Introduction App by University of St. Gallen Universities offer
More informationIntroduction to application management
Introduction to application management To deploy web and mobile applications, add the application from the Centrify App Catalog, modify the application settings, and assign roles to the application to
More informationHashes, MACs & Passwords. Tom Chothia Computer Security Lecture 5
Hashes, MACs & Passwords Tom Chothia Computer Security Lecture 5 Today s Lecture Hashes and Message Authentication Codes Properties of Hashes and MACs CBC-MAC, MAC -> HASH (slow), SHA1, SHA2, SHA3 HASH
More informationRSA SecurID Ready Implementation Guide. Last Modified: December 13, 2013
Ping Identity RSA SecurID Ready Implementation Guide Partner Information Last Modified: December 13, 2013 Product Information Partner Name Ping Identity Web Site www.pingidentity.com Product Name PingFederate
More informationToday s workforce is Mobile. Cloud and SaaSbased. are being deployed and used faster than ever. Most applications are Web-based apps
Today s workforce is Mobile Most applications are Web-based apps Cloud and SaaSbased applications are being deployed and used faster than ever Hybrid Cloud is the new normal. % plan to migrate >50% of
More informationAdministering Jive Mobile Apps for ios and Android
Administering Jive Mobile Apps for ios and Android TOC 2 Contents Administering Jive Mobile Apps...3 Configuring Jive for Android and ios...3 Custom App Wrapping for ios...3 Authentication with Mobile
More informationSAP Security in a Hybrid World. Kiran Kola
SAP Security in a Hybrid World Kiran Kola Agenda Cybersecurity SAP Cloud Platform Identity Provisioning service SAP Cloud Platform Identity Authentication service SAP Cloud Connector & how to achieve Principal
More informationNovell Access Manager 3.1
Technical White Paper IDENTITY AND SECURITY www.novell.com Novell Access Manager 3.1 Access Control, Policy Management and Compliance Assurance Novell Access Manager 3.1 Table of Contents: 2..... Complete
More informationAssurance Enhancements for the Shibboleth Identity Provider 19 April 2013
Assurance Enhancements for the Shibboleth Identity Provider 19 April 2013 This document outlines primary use cases for supporting identity assurance implementations using multiple authentication contexts
More informationRelated Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced)
PRESENTED BY: Related Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced) One of the main problems that customers face with the adoption of SaaS and cloud-based apps is how to deliver the
More informationBusiness value of Federated Login for Enterprises Enterprise SaaS vendors Consumer websites
Business value of Federated Login for Enterprises Enterprise SaaS vendors Consumer websites Eric Sachs Product Manager, Google Security & CIO organization My Identity Enterprise Space 2008 - Cloud Computing
More informationCSCE 548 Building Secure Software Entity Authentication. Professor Lisa Luo Spring 2018
CSCE 548 Building Secure Software Entity Authentication Professor Lisa Luo Spring 2018 Previous Class Important Applications of Crypto User Authentication verify the identity based on something you know
More informationBest Practices: Authentication & Authorization Infrastructure. Massimo Benini HPCAC - April,
Best Practices: Authentication & Authorization Infrastructure Massimo Benini HPCAC - April, 03 2019 Agenda - Common Vocabulary - Keycloak Overview - OAUTH2 and OIDC - Microservices Auth/Authz techniques
More informationFIGURING OUT WHAT MATTERS, WHAT DOESN T, AND WHY YOU SHOULD CARE
FIGURING OUT WHAT MATTERS, WHAT DOESN T, AND WHY YOU SHOULD CARE CONTENTFAC.COM As an FYI, this document is designed to go along with our video by the same name. If you haven t checked that out yet, you
More informationIMPROVING MOBILE AUTHENTICATION FOR PUBLIC SAFETY AND FIRST RESPONDERS
#RSAC SESSION ID: MBS-R02 IMPROVING MOBILE AUTHENTICATION FOR PUBLIC SAFETY AND FIRST RESPONDERS William Fisher Security Engineer National Cybersecurity Center of Excellence @Billfshr LET S TALK ABOUT
More informationThese are notes for the third lecture; if statements and loops.
These are notes for the third lecture; if statements and loops. 1 Yeah, this is going to be the second slide in a lot of lectures. 2 - Dominant language for desktop application development - Most modern
More informationUnlocking Office 365 without a password. How to Secure Access to Your Business Information in the Cloud without needing to remember another password.
Unlocking Office 365 without a password How to Secure Access to Your Business Information in the Cloud without needing to remember another password. Introduction It is highly likely that if you have downloaded
More informationAuthentication in the Cloud. Stefan Seelmann
Authentication in the Cloud Stefan Seelmann Agenda Use Cases View Points Existing Solutions Upcoming Solutions Use Cases End user needs login to a site or service End user wants to share access to resources
More informationO Single Sign-Off, Where Art Thou? An Empirical Analysis of Single Sign-On Account Hijacking and Session Management on the Web
O Single Sign-Off, Where Art Thou? An Empirical Analysis of Single Sign-On Account Hijacking and Session Management on the Web Mohammad Ghasemisharif, Amrutha Ramesh, Stephen Checkoway, Chris Kanich, and
More informationSecure single sign-on for cloud applications
Secure single sign-on for cloud applications Secure single sign-on for cloud applications Traditional on-premises tools used to rule the IT environments of most organizations, but now cloud applications
More informationEXPLOITING CLOUD SYNCHRONIZATION TO HACK IOTS
SESSION ID: SBX1-R1 EXPLOITING CLOUD SYNCHRONIZATION TO HACK IOTS Alex Jay Balan Chief Security Researcher Bitdefender @jaymzu 2 IoT = hardware + OS + app (+ Cloud) wu-ftpd IIS5.0 RDP Joomla app 3 EDIMAX
More informationCIS 6930/4930 Computer and Network Security. Topic 6.2 Authentication Protocols
CIS 6930/4930 Computer and Network Security Topic 6.2 Authentication Protocols 1 Authentication Handshakes Secure communication almost always includes an initial authentication handshake. Authenticate
More informationMANAGING LOCAL AUTHENTICATION IN WINDOWS
MANAGING LOCAL AUTHENTICATION IN WINDOWS Credentials Manager Windows OS has a set of tools that help remedy some of the authentication challenges. For example, the Credential Manager in Windows 7 and newer
More informationSecurity Automation Best Practices
WHITEPAPER Security Automation Best Practices A guide to making your security team successful with automation TABLE OF CONTENTS Introduction 3 What Is Security Automation? 3 Security Automation: A Tough
More informationIntegration Patterns for Legacy Applications
Integration Patterns for Legacy Applications Index Why should I integrate my apps with Okta? 3 Scope 5 When to use this ebook 6 How to read this ebook 7 Integration patterns supported by Okta 8 RADIUS
More informationOCLC-Hosted EZproxy Troubleshooting Tips
OCLC-Hosted EZproxy Troubleshooting Tips EZproxy Problems/Issues This is a list of frequently asked questions and issues you may encounter when managing your Hosted EZproxy server. It provides information
More informationCS 161 Computer Security
Popa & Weaver Fall 2016 CS 161 Computer Security 10/4 Passwords 1 Passwords are widely used for authentication, especially on the web. What practices should be used to make passwords as secure as possible?
More informationDelegated Access Control in AD using Grouper
ERP IDM MS-AD Grouper Java Web UI Admin Admin Authority Manager Admin Delegated Access Control in AD using Grouper Rob Carter, Duke University Shilen Patel, Duke University History How did it ever come
More informationSECURITY AUTOMATION BEST PRACTICES. A Guide on Making Your Security Team Successful with Automation SECURITY AUTOMATION BEST PRACTICES - 1
SECURITY AUTOMATION BEST PRACTICES A Guide on Making Your Security Team Successful with Automation SECURITY AUTOMATION BEST PRACTICES - 1 Introduction The best security postures are those that are built
More informationAzure Developer Immersions API Management
Azure Developer Immersions API Management Azure provides two sets of services for Web APIs: API Apps and API Management. You re already using the first of these. Although you created a Web App and not
More informationEXPERIENCE SIMPLER, STRONGER AUTHENTICATION
1 EXPERIENCE SIMPLER, STRONGER AUTHENTICATION 2 Data Breaches are out of control 3 IN 2014... 783 data breaches >1 billion records stolen since 2012 $3.5 million average cost per breach 4 We have a PASSWORD
More informationDIGIPASS Authentication for Check Point VPN-1
DIGIPASS Authentication for Check Point VPN-1 With IDENTIKEY Server 2009 Integration VASCO Data Security. Guideline All rights reserved. Page 1 of 36 Disclaimer Disclaimer of Warranties and Limitations
More informationWHITEPAPER ON NEXT-LEVEL ACCESS MANAGEMENT
A WHITEPAPER ON NEXT-LEVEL ACCESS MANAGEMENT 1 CONTENTS INTRODUCTION OUR MINDSET TOPICUS KEYHUB PRINCIPLES CENTRAUL AUTHENTICATION DECENTRALIZED AUTHORIZATION CONNECTIVITY ENCRYPTION COMPLIANCE AND ACCOUNTABILITY
More informationWelcome. Security: First Line of Defense. Chris Riley Director x4331
Welcome Email Security: First Line of Defense Chris Riley Director criley@syssrc.com 410-771-5544 x4331 We Hope You are Enjoying Your Pizza!! If it hasn t arrived by 12:15 Please double check with your
More informationPASSWORDS TREES AND HIERARCHIES. CS121: Relational Databases Fall 2017 Lecture 24
PASSWORDS TREES AND HIERARCHIES CS121: Relational Databases Fall 2017 Lecture 24 Account Password Management 2 Mentioned a retailer with an online website Need a database to store user account details
More informationKerberos and Active Directory symmetric cryptography in practice COSC412
Kerberos and Active Directory symmetric cryptography in practice COSC412 Learning objectives Understand the function of Kerberos Explain how symmetric cryptography supports the operation of Kerberos Summarise
More informationSecurity Awareness & Best Practices Best Practices for Maintaining Data Security in Your Business Environment
Security Awareness & Best Practices Best Practices for Maintaining Data Security in Your Business Environment Ray Colado, Information Security Analyst Raise awareness around information security to help
More informationBridging Identity Islands with Continuous, Contextual Identity Assurance
Bridging Identity Islands with Continuous, Contextual Identity Assurance Kayvan Alikhani RSA, Lead Strategist, Identity and Authentication What we ll cover Islands of Identity Continuous authentication
More informationDATAOPS.BARCELONA SIMPLIFYING IDENTITY MANAGEMENT WITH SSO TOOLS
SIMPLIFYING IDENTITY MANAGEMENT WITH SSO TOOLS WHO AM I & WHAT DO WE DO? Pol Jane - Senior DevOps Engineer DevOps IoT Big Data Software Development Migrations Automation Cost Optimization WE RE WOLDWIDE!
More informationConfiguration Guide - Single-Sign On for OneDesk
Configuration Guide - Single-Sign On for OneDesk Introduction Single Sign On (SSO) is a user authentication process that allows a user to access different services and applications across IT systems and
More informationSecure access to your enterprise. Enforce risk-based conditional access in real time
Secure access to your enterprise Enforce risk-based conditional access in real time FOREWORD The intelligent cloud has created an opportunity to do security better Traditional security perimeters no longer
More informationCS 147 Autumn 2017: Assignment 9 (Heuristic Evaluation Group Template) Instructor: James Landay. Fix: make web also block the desktop screen.
Fix: make web also block the desktop screen. 5. H10 Help and documentation / Severity: 2 / Found by: A On the web calendar, there aren t any detailed instructions on how to engage in self-care activities,
More informationRadius, LDAP, Radius, Kerberos used in Authenticating Users
CSCD 303 Lecture 5 Fall 2018 Radius, LDAP, Radius, Kerberos used in Authenticating Users Kerberos Authentication and Authorization Previously Said that identification, authentication and authorization
More informationStreamline IT with Secure Remote Connection and Password Management
Streamline IT with Secure Remote Connection and Password Management Table of Contents Introduction Identifying IT pain points Selecting a secure remote connection and password management solution Turning
More informationSalesforce External Identity Implementation Guide
Salesforce External Identity Implementation Guide Salesforce, Winter 18 @salesforcedocs Last updated: December 20, 2017 Copyright 2000 2017 salesforce.com, inc. All rights reserved. Salesforce is a registered
More informationEffective Password Hashing
Effective Password Hashing November 18th, 2015 Colin Keigher colin@keigher.ca ~ @afreak ~ https://afreak.ca ~ https://canary.pw Who am I? I am a Senior Security Analyst at a large Canadian company Actively
More informationConfiguring Thunderbird for GMail
Configuring Thunderbird for GMail There are a couple of settings that need to be changed on Gmail before you can add the account to Thunderbird. 1) Log in to Gmail and click on Settings (which looks like
More informationProf. Christos Xenakis
From Real-world Identities to Privacy-preserving and Attribute-based CREDentials for Device-centric Access Control Device-Centric Authentication for Future Internet Prof. Christos Xenakis H2020 Clustering
More informationDIGIPASS Authentication for NETASQ
DIGIPASS Authentication for NETASQ With IDENTIKEY Server 2010 Integration VASCO Data Security. Guideline All rights reserved. Page 1 of 19 Disclaimer Disclaimer of Warranties and Limitations of Liabilities
More informationCentrify for Dropbox Deployment Guide
CENTRIFY DEPLOYMENT GUIDE Centrify for Dropbox Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as a critical component of
More informationServiceNow Okta Identity Cloud for ServiceNow application Deployment Guide Okta Inc.
ServiceNow Okta Identity Cloud for ServiceNow application Deployment Guide Okta Identity Cloud for ServiceNow Configuring the Okta Application from the ServiceNow App Store Okta Inc. 301 Brannan Street
More informationProf. Christos Xenakis
From Real-world Identities to Privacy-preserving and Attribute-based CREDentials for Device-centric Access Control Device-Centric Authentication for Future Internet Prof. Christos Xenakis SAINT Workshop
More informationMajor SAML 2.0 Changes. Nate Klingenstein Internet2 EuroCAMP 2007 Helsinki April 17, 2007
Major SAML 2.0 Changes Nate Klingenstein Internet2 EuroCAMP 2007 Helsinki April 17, 2007 Tokens, Protocols, Bindings, and Profiles Tokens are requests and assertions Protocols bindings are communication
More informationBIDMC Multi-Factor Authentication Enrollment Guide Table of Contents
BIDMC Multi-Factor Authentication Enrollment Guide Table of Contents Definitions... 2 Summary... 2 BIDMC Multi-Factor Authentication Enrollment... 3 Common Multi-Factor Authentication Enrollment Issues...
More informationIdentity and Access Management Infrastructure for Oxford University
Identity and Access Management Infrastructure for Oxford University John Ireland Systems Development and Support Section Manager Oxford University Computing Services Identity and Access Management Digital
More informationAdaptive Authentication Adapter for Citrix XenApp. Adaptive Authentication in Citrix XenApp Environments. Solution Brief
Adaptive Authentication Adapter for Citrix XenApp Adaptive Authentication in Citrix XenApp Environments Solution Brief RSA Adaptive Authentication is a comprehensive authentication platform providing costeffective
More informationStrong signs your website needs a professional redesign
Strong signs your website needs a professional redesign Think - when was the last time that your business website was updated? Better yet, when was the last time you looked at your website? When the Internet
More informationInside Symantec O 3. Sergi Isasi. Senior Manager, Product Management. SR B30 - Inside Symantec O3 1
Inside Symantec O 3 Sergi Isasi Senior Manager, Product Management SR B30 - Inside Symantec O3 1 Agenda 2 Cloud: Opportunity And Challenge Cloud Private Cloud We should embrace the Cloud to respond to
More informationPasswords. Secure Software Systems
1 Passwords 2 Password Lifecycle Change/Reset Password Create Password (user choice) Use Password (user supplies for auth) Store Password (with user identifier) 3 Password Creation 4 Password Creation
More informationExtending Services with Federated Identity Management
Extending Services with Federated Identity Management Wes Hubert Information Technology Analyst Overview General Concepts Higher Education Federations eduroam InCommon Federation Infrastructure Trust Agreements
More informationFacilitating the Attribute Economy. David W Chadwick George Inman, Kristy Siu 2011 University of Kent
Facilitating the Attribute Economy David W Chadwick George Inman, Kristy Siu University of Kent 2011 University of Kent Internet 2 Fall 2011 Member Meeting 1 (Some) Attribute AuthzRequirements Attributes
More informationAuthentication and Authorization in Enterprise Wikis
1 Authentication and Authorization in Enterprise Wikis Cindy Cicalese Approved for Public Release; Distribution Unlimited. Case Number 17-0713 2 Agenda Terminology A comparison of Wikimedia project wikis
More informationISBG May LDAP: It s Time. Gabriella Davis - Technical Director The Turtle Partnership
ISBG May 2015 LDAP: It s Time Gabriella Davis - Technical Director The Turtle Partnership gabriella@turtlepartnership.com What Is LDAP? Lightweight Directory Access Protocol Standard language for reading
More informationBackend IV: Authentication, Authorization and Sanitization. Tuesday, January 13, 15
6.148 Backend IV: Authentication, Authorization and Sanitization The Internet is a scary place Security is a big deal! TODAY What is security? How will we try to break your site? Authentication,
More informationAzure Multi-Factor Authentication: Who do you think you are?
Azure Multi-Factor Authentication: Who do you think you are? Sander Berkouwer CTO at SCCT scct.nl Sander Berkouwer CTO at SCCT scct.nl Microsoft MVP Veeam Vanguard A little history Server Microsoft acquired
More information11 Most Common. WordPress Mistakes. And how to fix them
11 Most Common WordPress Mistakes And how to fix them Introduction We all make mistakes from time to time but when it comes to WordPress, there are some mistakes that can have devastating consequences.
More informationGet Started Installing IBM Lotus Sametime You Too Can Be a WAS Admin! OR 140 Slides In 60 Minutes
Get Started Installing IBM Lotus Sametime 8.5.1 You Too Can Be a WAS Admin! OR 140 Slides In 60 Minutes Gabriella Davis Technical Director The Turtle Partnership About Me Gabriella Davis The Turtle Partnership
More informationDistributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018
Distributed Systems 25. Authentication Paul Krzyzanowski Rutgers University Fall 2018 2018 Paul Krzyzanowski 1 Authentication For a user (or process): Establish & verify identity Then decide whether to
More informationDeprecating the Password: A Progress Report. Dr. Michael B. Jones Identity Standards Architect, Microsoft May 17, 2018
Deprecating the Password: A Progress Report Dr. Michael B. Jones Identity Standards Architect, Microsoft May 17, 2018 The password problem Alpha-numeric passwords are hard for humans to remember and easy
More informationCloud sicherung durch Adaptive Multi-factor Authentication
Cloud sicherung durch Adaptive Multi-factor Authentication Lars Gotlieb Regional manager DACH Lgo@smspasscode.com Marktbewährte Technologie Selected References 2 Marktbewährte Technologie Selected retail
More informationFrontline Information Protection
Frontline Information Protection a presentation to the Phoenix Chapter of ISACA by Hoyt L Kesterson II October 2014 OBSERVATION Most successful attacks spring from weakly-coded web pages or compromised
More informationCaching-In for SharePoint Performance. Sean McDonough Product Manager, SharePoint Products Idera
Caching-In for SharePoint Performance Sean McDonough Product Manager, SharePoint Products Idera Session overview Caching 101 Understanding each of SharePoint s platform caching options How to leverage
More informationSecuring ArcGIS for Server. David Cordes, Raj Padmanabhan
Securing ArcGIS for Server David Cordes, Raj Padmanabhan Agenda Security in the context of ArcGIS for Server User and Role Considerations Identity Stores Authentication Securing web services Protecting
More informationNumber Systems Using and Converting Between Decimal, Binary, Octal and Hexadecimal Number Systems
Number Systems Using and Converting Between Decimal, Binary, Octal and Hexadecimal Number Systems In everyday life, we humans most often count using decimal or base-10 numbers. In computer science, it
More informationHIPAA Compliance discussion
HIPAA Compliance discussion GoToWebinar Housekeeping: attendee participation Open and hide your control panel Join audio: Choose Mic & Speakers to use VoIP Choose Telephone and dial using the information
More informationSECURITY AUTOMATION BEST PRACTICES. A Guide to Making Your Security Team Successful with Automation
SECURITY AUTOMATION BEST PRACTICES A Guide to Making Your Security Team Successful with Automation TABLE OF CONTENTS Introduction 3 What Is Security Automation? 3 Security Automation: A Tough Nut to Crack
More information