Transcript Corporate Information Security User Identification & Logical Access Control
Corporate Information Security
User Identification & Logical Access Control
Logical Access Control – Heart of Security
Efficient Control Mechanisms
User identification, authentication & authorization Centralized user rights management Logging & auditing Corporate Information Security
Passwords: Security Bottlenecks
Most Likely Security Breaches
Easy to guess passwords Same password for all applications Password sharing Not keeping passwords secret Corporate Information Security
Security Stats
Half of help desk calls are password related
Source: Lenovo
$ 150 per user annually - operating expenses for managing user accounts
Source: SC Magazine
$ 25-50 - average cost of processing a single help desk call
Source: Compulenta Corporate Information Security
Biometrics: Efficient & Reliable
Identification of a person, not of a password, token or card Intuitive & easy to use technology Non-repudiation of biometrically confirmed actions Users do not have to know or remember passwords No password sharing Corporate Information Security
VPN Internet AD Integration E-mail Shared Resources Applications
Corporate Information Security
Integration
Physical Access T&A Workstations Corporate Data
IDenium Purpose
Safeguard data against unauthorized access Replace a vulnerable password system with biometric IDs Corporate Information Security
IDenium Functions
User Access Control
A fingerprint is a single key to network data, applications, e-mail & Internet Secure Standby & screensaver modes Support for Windows & Novell
Logging Access Events
Corporate Information Security
IDenium Functions
Centralized User Management
One-time enrollment of users & credentials Domain controller interaction Network access from any network PC Corporate Information Security
Workstations
Identification of Windows Users
Windows Domain Controller
Architecture
Applications & Web-applications
User Identification in Applications
Windows User Account User Account of a Specific Application CITRIX User Account Novell User Account
Identification of CITRIX Users Identification of Novell Users
Workstations Workstations and/or Clients CITRIX Server
Corporate Information Security
Novell Server
3
Workstation
1 2
IDenium for AD
Identification Server
4
Windows Domain Controller
1 Digital Fingerprint Template 2 Data Required for User Authentication 3 Data Required for User Authentication 4 Synchronization
Corporate Information Security
Microsoft Windows AD Database
IDenium is fully integrated into Active Directory (AD):
Centralized storage, protection & transfer of user ID data via AD tools
Centralized user rights management BioLink tabs in ADUC
AD Integration
BioLink - Enroll Tab
Corporate Information Security
IDenium Components
Client SW
IDenium Windows Logon Password Vault
Admin SW
Admin Pack Synchronization Agent Password Changer Corporate Information Security
IDenium Windows Logon
Verifying user identity when logging on to the OS or applications User verification in other applications compliant with IDenium Windows Logon & Authenteon Server Workstation unlocking by a fingerprint
Workstation Unlocking
Corporate Information Security
Replacing passwords with biometric IDs in applications & Internet Script recording to replace a password Several scripts for an application Automated script execution upon successful fingerprint identification
Password Vault
List of Scripts
Corporate Information Security
Admin Tools
Admin Pack
Centralized enrollment of users & fingerprint data Setting-up identification policies & other administrative tasks
Synchronization Agent
Synchronization of AD catalogue data & biometric ID data stored on Authenteon Corporate Information Security
Admin Tools
Password Changer
Generation of random passwords Attaching new passwords to relevant user accounts & biometric IDs Admin-defined generation frequency No access to unauthorized users by stolen passwords Corporate Information Security
IDs Enrollment
Biometric IDs can be enrolled while adding a new user account in AD when hiring a new employee, at administrator’s workplace.
Biometric IDs can be enrolled by users themselves at their workplaces when deploying IDenium.
Corporate Information Security
“Windows Security” window for users to enroll their fingerprint identifiers
Selection of Identification Policies
User identification only by fingerprints is recommended for most users
User identification by a fingerprint OR password is recommended for administrators and security staff
Two-factor identification by a fingerprint AND password is recommended for the most sensitive data
Selecting an Identification Policy
Corporate Information Security
Customization & Management Options
Add users (or user accounts), edit properties & delete
Enable/disable ID data caching
Hide the actual fingerprint image while scanning
Generate random passwords for Windows user accounts
Окно настройки сервиса IDenium Settings window
Corporate Information Security
Identification Servers
BioLink Authenteon
Software-and-hardware server Hot swappable Unlimited number of users
BioLink Authenteon Software Appliance (ASA)
Software server for MS Windows Number of users – up to 1 000 Scalable Corporate Information Security
Biometric Scanners
Scanning Method Scanning Window Size Optical 25.5 x 18 mm Scanning Speed 15 fingerprints per second Resolution 508 dpi False Acceptance Rate (FAR) Interface 10 9 (1 out of 1 000 000 000) USB 2.0/1.1, Plug&Play, 2 m cable included Corporate Information Security
Biometric Scanners
Compact & ergonomic
Cost-effective & durable
Quickly attached to a computer
Ready for operation upon installation of BioLink IDenium
Used to secure corporate networks & stand-alone PCs
Corporate Information Security
Biometric Scanners
BioLink U-Match 3.5 USB Scanner for Office Use
Dimensions (length x width x height):
45 x 63 x 26 mm
Weight:
120 g BioLink U-Match 5.0 USB Scanner with a Card Reader
Supported smart card standards:
ISO 7816, EMV 2000
Smart card power supply:
5 V, 3 V & 1.8 V
Transmission speed:
up to 119 Kbps
Card type detection:
automatic
Corporate Information Security
IDenium Benefits
Data security increase Cost-effectiveness Scalability Fault-tolerance Ease of use Corporate Information Security
Data Security Increase
Reliable, accurate & quick user identification by distinct parameters Eliminated threat of identification by lost/stolen identifiers Multi-factor identification for sensitive data Integration options for logical & physical access & T&A systems Corporate Information Security
Cost-Effectiveness
Faster access to protected resources Biometric IDs never fail Reduced admin load Decreased access infrastructure management expenses Corporate Information Security
Scalability
Unlimited number of users Server clusters & load balance options Centralized installation & management Seamless integration into legacy corporate systems Corporate Information Security
Fault-Tolerance
Hot swappable biometric ID servers Data replication options Local cache options in case of failed LAN Corporate Information Security
Ease of Use
One time enrollment of users’ biometric data Identification by any enrolled fingerprint A fingerprints is a single key to resources & applications User-friendliness Corporate Information Security
Corporate Information Security
User Identification & Logical Access Control
www.bio-metrica.com
Thank You!
Corporate Information Security