Corporate Information Security User Identification & Logical Access Control

Download Report

Transcript Corporate Information Security User Identification & Logical Access Control

Corporate Information Security

User Identification & Logical Access Control

Logical Access Control – Heart of Security

Efficient Control Mechanisms

 User identification, authentication & authorization  Centralized user rights management  Logging & auditing Corporate Information Security

Passwords: Security Bottlenecks

Most Likely Security Breaches

 Easy to guess passwords  Same password for all applications  Password sharing  Not keeping passwords secret Corporate Information Security

Security Stats

Half of help desk calls are password related

Source: Lenovo 

$ 150 per user annually - operating expenses for managing user accounts

Source: SC Magazine 

$ 25-50 - average cost of processing a single help desk call

Source: Compulenta Corporate Information Security

Biometrics: Efficient & Reliable

     Identification of a person, not of a password, token or card Intuitive & easy to use technology Non-repudiation of biometrically confirmed actions Users do not have to know or remember passwords No password sharing Corporate Information Security

VPN Internet AD Integration E-mail Shared Resources Applications

Corporate Information Security

Integration

Physical Access T&A Workstations Corporate Data

IDenium Purpose

  Safeguard data against unauthorized access Replace a vulnerable password system with biometric IDs Corporate Information Security

IDenium Functions

 

User Access Control

 A fingerprint is a single key to network data, applications, e-mail & Internet   Secure Standby & screensaver modes Support for Windows & Novell

Logging Access Events

Corporate Information Security

IDenium Functions

Centralized User Management

 One-time enrollment of users & credentials   Domain controller interaction Network access from any network PC Corporate Information Security

Workstations

Identification of Windows Users

Windows Domain Controller

Architecture

Applications & Web-applications

User Identification in Applications

Windows User Account User Account of a Specific Application CITRIX User Account Novell User Account

Identification of CITRIX Users Identification of Novell Users

Workstations Workstations and/or Clients CITRIX Server

Corporate Information Security

Novell Server

3

Workstation

1 2

IDenium for AD

Identification Server

4

Windows Domain Controller

1 Digital Fingerprint Template 2 Data Required for User Authentication 3 Data Required for User Authentication 4 Synchronization

Corporate Information Security

Microsoft Windows AD Database

IDenium is fully integrated into Active Directory (AD):

Centralized storage, protection & transfer of user ID data via AD tools

 

Centralized user rights management BioLink tabs in ADUC

AD Integration

BioLink - Enroll Tab

Corporate Information Security

IDenium Components

 

Client SW

  IDenium Windows Logon Password Vault

Admin SW

 Admin Pack   Synchronization Agent Password Changer Corporate Information Security

IDenium Windows Logon

  

Verifying user identity when logging on to the OS or applications User verification in other applications compliant with IDenium Windows Logon & Authenteon Server Workstation unlocking by a fingerprint

Workstation Unlocking

Corporate Information Security

   

Replacing passwords with biometric IDs in applications & Internet Script recording to replace a password Several scripts for an application Automated script execution upon successful fingerprint identification

Password Vault

List of Scripts

Corporate Information Security

Admin Tools

 

Admin Pack

 Centralized enrollment of users & fingerprint data  Setting-up identification policies & other administrative tasks

Synchronization Agent

 Synchronization of AD catalogue data & biometric ID data stored on Authenteon Corporate Information Security

Admin Tools

Password Changer

 Generation of random passwords  Attaching new passwords to relevant user accounts & biometric IDs  Admin-defined generation frequency  No access to unauthorized users by stolen passwords Corporate Information Security

IDs Enrollment

 

Biometric IDs can be enrolled while adding a new user account in AD when hiring a new employee, at administrator’s workplace.

Biometric IDs can be enrolled by users themselves at their workplaces when deploying IDenium.

Corporate Information Security

“Windows Security” window for users to enroll their fingerprint identifiers

Selection of Identification Policies

User identification only by fingerprints is recommended for most users

User identification by a fingerprint OR password is recommended for administrators and security staff

Two-factor identification by a fingerprint AND password is recommended for the most sensitive data

Selecting an Identification Policy

Corporate Information Security

Customization & Management Options

Add users (or user accounts), edit properties & delete

Enable/disable ID data caching

Hide the actual fingerprint image while scanning

Generate random passwords for Windows user accounts

Окно настройки сервиса IDenium Settings window

Corporate Information Security

Identification Servers

 

BioLink Authenteon

 Software-and-hardware server   Hot swappable Unlimited number of users

BioLink Authenteon Software Appliance (ASA)

   Software server for MS Windows Number of users – up to 1 000 Scalable Corporate Information Security

Biometric Scanners

Scanning Method Scanning Window Size Optical 25.5 x 18 mm Scanning Speed 15 fingerprints per second Resolution 508 dpi False Acceptance Rate (FAR) Interface 10 9 (1 out of 1 000 000 000) USB 2.0/1.1, Plug&Play, 2 m cable included Corporate Information Security

Biometric Scanners

Compact & ergonomic

Cost-effective & durable

Quickly attached to a computer

Ready for operation upon installation of BioLink IDenium

Used to secure corporate networks & stand-alone PCs

Corporate Information Security

Biometric Scanners

BioLink U-Match 3.5 USB Scanner for Office Use

  Dimensions (length x width x height):

45 x 63 x 26 mm

Weight:

120 g BioLink U-Match 5.0 USB Scanner with a Card Reader

 Supported smart card standards:

ISO 7816, EMV 2000

 Smart card power supply:

5 V, 3 V & 1.8 V

  Transmission speed:

up to 119 Kbps

Card type detection:

automatic

Corporate Information Security

IDenium Benefits

 Data security increase  Cost-effectiveness  Scalability  Fault-tolerance  Ease of use Corporate Information Security

Data Security Increase

    Reliable, accurate & quick user identification by distinct parameters Eliminated threat of identification by lost/stolen identifiers Multi-factor identification for sensitive data Integration options for logical & physical access & T&A systems Corporate Information Security

Cost-Effectiveness

    Faster access to protected resources Biometric IDs never fail Reduced admin load Decreased access infrastructure management expenses Corporate Information Security

Scalability

    Unlimited number of users Server clusters & load balance options Centralized installation & management Seamless integration into legacy corporate systems Corporate Information Security

Fault-Tolerance

 Hot swappable biometric ID servers  Data replication options  Local cache options in case of failed LAN Corporate Information Security

Ease of Use

 One time enrollment of users’ biometric data  Identification by any enrolled fingerprint  A fingerprints is a single key to resources & applications  User-friendliness Corporate Information Security

Corporate Information Security

User Identification & Logical Access Control

www.bio-metrica.com

[email protected]

Thank You!

Corporate Information Security