1 / 31

Corporate Information Security

Corporate Information Security. Corporate Information Security. User Identification & Logical Access Control. Logical Access Control – Heart of Security. Efficient Control Mechanisms User identification, authentication & authorization Centralized user rights management

vangie
Download Presentation

Corporate Information Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Corporate InformationSecurity Corporate Information Security User Identification & Logical Access Control

  2. Logical Access Control – Heart of Security • Efficient Control Mechanisms • User identification, authentication & authorization • Centralized user rights management • Logging& auditing

  3. Passwords: Security Bottlenecks • Most Likely Security Breaches • Easy to guess passwords • Same password for all applications • Password sharing • Not keeping passwords secret

  4. Security Stats • Half ofhelp desk calls are password-related • Source: Lenovo • $ 150 per user annually - operating expenses for managing user accounts Source: SC Magazine • $ 25-50 - average cost of processing a single help desk call • Source: Compulenta

  5. Biometrics: Efficient & Reliable • Identification of a person, not of a password, token or card • Intuitive & easy to use technology • Non-repudiation of biometrically confirmed actions • Users do not have to know or remember passwords • No password sharing

  6. Integration AD Integration Internet Physical Access T&A VPN Workstations E-mail Shared Resources Corporate Data Applications

  7. IDenium Purpose • Safeguard data against unauthorized access • Replace a vulnerable password system with biometric IDs

  8. IDenium Functions • User Access Control • A fingerprint is a single key to network data, applications, e-mail & Internet • Secure Standby & screensaver modes • Support for Windows & Novell • Logging Access Events

  9. IDenium Functions • Centralized User Management • One-time enrollment of users & credentials • Domain controller interaction • Network access from any network PC

  10. Architecture Windows Domain Controller Workstations Applications & Web-applications User Identification in Applications Identification ofWindows Users User Account of a Specific Application Windows User Account CITRIX User Account Novell User Account Identification of CITRIX Users Identification of Novell Users Workstations Workstations and/or Clients Novell Server CITRIX Server

  11. IDenium for AD Workstation Identification Server 2 3 4 1 1 3 4 2 Synchronization Digital Fingerprint Template Data Required for User Authentication Data Required for User Authentication Microsoft Windows AD Database Windows Domain Controller

  12. AD Integration • IDeniumis fully integrated into Active Directory(AD): • Centralized storage, protection & transfer of user ID data via AD tools • Centralized user rights management • BioLink tabs in ADUC BioLink - Enroll Tab

  13. IDenium Components • Client SW • IDenium Windows Logon • Password Vault • Admin SW • Admin Pack • Synchronization Agent • Password Changer

  14. IDenium WindowsLogon • Verifying user identity when logging on to the OS or applications • User verification in other applications compliant with IDenium Windows Logon & Authenteon Server • Workstation unlocking by a fingerprint Workstation Unlocking

  15. Password Vault • Replacing passwords with biometric IDs in applications & Internet • Script recording to replace a password • Several scripts for an application • Automated script execution upon successful fingerprint identification List of Scripts

  16. Admin Tools • Admin Pack • Centralized enrollment of users & fingerprint data • Setting-up identification policies & other administrative tasks • Synchronization Agent • Synchronization of AD catalogue data & biometric ID data stored on Authenteon

  17. Admin Tools • Password Changer • Generation of randompasswords • Attaching new passwords to relevant user accounts & biometric IDs • Admin-defined generation frequency • No access to unauthorized users by stolen passwords

  18. IDs Enrollment • Biometric IDs can be enrolled while adding a new user account in AD-when hiring a new employee, at administrator’s workplace. • Biometric IDs can be enrolled by users themselves at their workplaces when deploying IDenium. “Windows Security” window for users to enroll their fingerprint identifiers

  19. Selection of Identification Policies • User identification only by fingerprints is recommended for most users • User identification by a fingerprint OR password is recommended for administrators and security staff • Two-factor identification by a fingerprint AND password is recommended for the most sensitive data Selecting an Identification Policy

  20. Customization & ManagementOptions • Add users (or user accounts), edit properties & delete • Enable/disable ID data caching • Hide the actual fingerprint image while scanning • Generate random passwords for Windows user accounts Окно настройки сервиса IDenium Settings window

  21. Identification Servers • BioLink Authenteon • Software-and-hardware server • Hot swappable • Unlimited number of users • BioLink Authenteon Software Appliance (ASA) • Software server for MS Windows • Number of users – up to 1 000 • Scalable

  22. Biometric Scanners

  23. Biometric Scanners • Compact & ergonomic • Cost-effective & durable • Quickly attached to a computer • Ready for operation upon installation of BioLink IDenium • Used to secure corporate networks & stand-alone PCs

  24. Biometric Scanners • BioLink U-Match 3.5 - USB Scanner for Office Use • Dimensions (length x width x height):45 x 63 x 26 mm • Weight:120 g • BioLink U-Match 5.0 - USB Scannerwith a Card Reader • Supported smart card standards:ISO 7816, EMV 2000 • Smart card power supply:5 V, 3 V& 1.8 V • Transmission speed:up to 119 Kbps • Card type detection:automatic

  25. IDenium Benefits • Data security increase • Cost-effectiveness • Scalability • Fault-tolerance • Ease of use

  26. Data Security Increase • Reliable, accurate & quick user identification by distinct parameters • Eliminated threat of identification by lost/stolen identifiers • Multi-factor identification for sensitive data • Integration options for logical & physical access & T&A systems

  27. Cost-Effectiveness • Faster access to protected resources • Biometric IDs never fail • Reduced admin load • Decreased access infrastructure management expenses

  28. Scalability • Unlimited number of users • Server clusters & load balance options • Centralized installation & management • Seamless integration into legacy corporate systems

  29. Fault-Tolerance • Hot swappable biometric ID servers • Data replication options • Local cache options in case of failed LAN

  30. Ease of Use • One-time enrollment of users’ biometric data • Identification by any enrolled fingerprint • A fingerprints is a single key to resources & applications • User-friendliness

  31. www.bio-metrica.com info@bio-metrica.com Corporate Information Security Corporate Information Security User Identification & Logical Access Control Thank You!

More Related