1 / 19

Secure SharePoint mobile connectivity

Secure SharePoint mobile connectivity. http://www.mobility-shield.com. Background - The problem. Connecting mobile devices to the corporate network from outside the organization increases the risk of data leaks and possible exposure of a user’s network credentials .

kristy
Download Presentation

Secure SharePoint mobile connectivity

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure SharePoint mobile connectivity http://www.mobility-shield.com

  2. Background - The problem • Connecting mobile devices to the corporate network from outside the organization increases the risk of data leaks and possible exposure of a user’s network credentials. • As there is no control over apps installed on employees’ smartphones, these devices are more prone to malware infection. • Publishing SharePoint externally exposes the Active Directory to new security risks.

  3. Security issues addressed • Active Directory password leakage • Connecting non authorized devices • DoS, DDoS and Brute force attacks • Connecting mobile device using smart cards

  4. SharePoint Shield overview • Server side solution with no additional client installment requirements. • SharePoint Shield interacts directly with the client- server SharePoint traffic. • Available either as an add-on to the Microsoft Forefront security server family (ISA/TMG), or with a proprietary pluggable Reverse Proxy platform (Bastion) on windows or Linux. • Part of Mobility-shield product suite securing Lync and corporation application

  5. AD credential protection approach • SharePoint Shield introduces a new approach for protecting the Active Directory credentials • SharePoint Shield completely eliminates the need to store Active Directory passwords on the device. • With SharePoint Shield the connection to SharePoint is done by using dedicated SharePoint credentials that are created by the user rather than the regular network Active Directory credentials. • Using this approach the AD credentials are never used or stored on the mobile device

  6. Active Directory dedicated login • The user creates dedicated SharePoint credentials on a self service internal web site for use on device, instead of Active Directory credentials.

  7. Mobile Smart Card solution • Many organizations that smart card for network login do not have a username and password for Active Directory. • SharePoint Shield allows the usage of SharePoint without the need to manage Active Directory credentials. • With the dedicated login solution, the user logs into the Access Portal authenticating with his smart card from his network computer and creates dedicated SharePoint credentials for use on the mobile device.

  8. Block Dos/Brute force attacks • Publishing SharePoint to the internet exposes your network to • DoS (denial-of-service) • Brute force attacks • Such attacks can result in the network becoming unavailable and may cause significant business damage. • SharePoint Shield blocks these attacks on the gateway level by configuring a block failed login policy, thus blocking attack attempts from reaching the Active Directory.

  9. Active Directory Lockout Guard • Account lockout can be the result of two scenarios: • The user changed the Active Directory password, but did not change the settings on the device. • A hacker got hold of the username (without the password) and tries to login several times. • SharePoint Shield eliminates these threats by blocking the failed attempts on the gateway server side, before reaching the Active Directory

  10. Two Factor authentication • Based on Device ID sent by client • Several registration/ enrolment options to enforce access control policy based on matching the device and the user. • Available for specific third party SharePoint Clients

  11. Access Control – Enrollment • Support several access control policies: • Automatic Registration – Device ID is registered upon first use of account. Two steps registration process: •  Two Step Registration – User registers on internal site and then must sync within a defined time frame to complete registration. • Admin Manual Enrollment – Admin management of user list using training mode and rejected auditing list.

  12. Two Step Registration

  13. Access Portal admin • View approved & blocked users • Block specific users • Product settings • Allow multiple users per device • Two level admin - local domain admin • Reports • Search

  14. Access Portal admin control

  15. SharePointShield typical architecture

  16. Bastion • Reverse proxy forwarding traffic to the configured backend servers. • Cross-platform- Windows / Linux • Pluggable filtering architecture. • Filters HTTP(S). • Scalable Event-Driven Architecture. • Can publish multiple servers in parallel. • Highly efficient asynchronous architecture. • Bi-directional content filtering.

  17. Bastion (cont) • Geared towards full-featured HTTP filtering. • Most reverse proxy solutions are geared towards web acceleration. • Supports many HTTP features and scenarios. • Chunked, gzipand deflate Transfer-Encodings. • Pipelining. • Supports filtering content, blocking content or generating proxy responses anytime during the filtering chain (unlike TMG and UAG).

  18. AGAT Security suite - Overview • SharePointShield and MobilityShield are part of AGAT’s Security suite. • AGAT Security suite is a set of unique components that allow extending Forefront (ISA/TMG IAG/UAG) functionality to solve complex architectures and requirements, typically implemented in large, complex and well secured networks. • The solution is also available on Bastion reverse proxy without the use of Forefront.

  19. To learn more about our solutions please visit our website at http://www.mobility-Shield.com info@agatsolutions.com

More Related