html5-img
1 / 30

Tectia MobileID – Tokenless 2-Factor Authentication for Juniper SSL VPN Appliances

Tectia MobileID – Tokenless 2-Factor Authentication for Juniper SSL VPN Appliances. Vesa Tiihonen, Director, SSH December 30 th 2011. Helsinki, Finland (HQ). Boston, USA. Redwood, USA. Hong Kong, China. SSH Communications Security. Kloten, Switzerland. Founded 1995

axel-workman
Download Presentation

Tectia MobileID – Tokenless 2-Factor Authentication for Juniper SSL VPN Appliances

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Tectia MobileID –Tokenless 2-Factor Authentication for Juniper SSL VPN Appliances Vesa Tiihonen, Director, SSH December 30th 2011

  2. Helsinki, Finland (HQ) Boston, USA Redwood, USA Hong Kong, China SSH Communications Security Kloten, Switzerland Founded 1995 • The Inventor of Secure Shell (SSH) protocol • NASDAQ OMX enlisted public company Tectia Managed Security solution • Replacement for unsecured protocols • Managed File Transfer Worldwide customer base: • 7 out of top 10 Fortune 500 • 40% of Fortune 500

  3. Contents • Tectia MobileID Introduction • Use Cases and Benefits of Tectia MobileID • Key Differentiators of Tectia MobileID • Juniper Technology Alliance • SSL VPN Login Use Cases • Tectia MobileID integration with Juniper SSL VPN • Summary

  4. The Best 2-FA Solution in the Market : The Next Generation Authentication Platform • Multi-factor appliance designed specifically for on-demand andout-of-band authentication, • Based on high quality SMS One-Time-Password (OTP) as the main strong authentication delivery method, • Supports also ALL OTP delivery methods, such aspassword lists, email OTP, Voice OTP, Instant Messaging OTP, and any OATH compliant hardware and software tokens(e.g. Google Authenticator), • Fully customizable, • Operator Grade SMS Messaging Connections Out-Of-The-Box.

  5. SMS authentication use cases When to consider tokenless login • When you have geographically dispersed groups of users • When you have a mobile / remote workforce • When you provide an extranet • When you have ad-hoc login requirements • When you do not want to invest in and manage hardware • When you can’t wait weeks for a new token to be delivered

  6. Benefits of using Tectia MobileID • No seed data to be compromised • No security devices to be stolen or lost • 24/7 service deactivation provided by operators, not only by your company helpdesk • One-Time Password unpredictable and 100% random, unlike with tokens • Ability to detect fraudulent activity, e.g. Man-in-the-Middle (MitM/MitB) attacks • Improved user login experience • Less administration • Fewer helpdesk calls

  7. Fraud prevention and password management with SMS OTP Benefits of using Tectia MobileID Lock my account • Pro-actively lock end user accounts after N failed login attempts • Notification of locked account via SMS • Permit account re-activation via SMS • GeoIP match on Mobile device location • Permit forgotten password/PIN reset via SMS, eliminating the need for helpdesk services

  8. Unique Differentiators of Tectia MobileID

  9. Unmatched scalability and reliability • Scales to millions of concurrent users • Operator grade SMS delivery world-wide with SLA-guaranteed throughputtimes • Certified to work with • In live production since 2003 • Modular architecture that provides service • provider-grade scalability,customization and control of networkconditions and business logic

  10. Unmatched TCO and ROI • Flexible pricing models with pay-per-active-userson a monthly basis • Low TCO • Example 5-year TCO: • for 250 RSA SecurID users: $140,000 (RSA Whitepaper) • for 250 MobileID users: $38,000 (excluding SMS traffic; 0.04-0.09€ per message) • Practically ZERO administration;new users activated instantly • Tokenless solution – No logistics overhead No extra or hidden costs!

  11. Tectia MobileID – Fast deployment and activation Add/remove traditional token user vs. MobileID:

  12. Tectia MobileID – Superior end-user experience • No end-user training needed • Use 100% intuitive with Flash SMS • No changes to existing login process • Works on any phone,anywhere in the world So easy it makes your customers smile – guaranteed!

  13. Tectia MobileID – multi-use authentication platform Tectia MobileID can solve ANY ad-hoc multi-factor authentication problem: 2-factor authentication for SSL VPN access (RADIUS) 2-factor authentication for Web Services and portals (SOAP) Solving Man-in-the-Browser / Man-in-the-Middle threats withOut-Of-Band authentication Multi-domain (LDAP) support MS Outlook Web Access Instant Messaging OTP Any custom ad-hoc on-demand multi-factor authentication use case 2-factor SMS OTP for MS Windows logins Supports ALL OTP techniques: email, lists, OATH tokens, Voice, etc. Cloud-based SMS OTP available Out-Of-The-Box OTP and business logic for online banking transaction verification

  14. Tectia MobileID mRules framework Custom business logic for Authentication, Authorization and Access (AAA) • New authentication methods can be added and the existing ones extended • Authentication methods can be chained, triggered, scheduled, etc. • Network packets (i.e. RADIUS) can be re-written, routed, scheduled, etc. Sample custom access rule

  15. Juniper Technology Alliance Juniper SSL VPN with SSH’s MobileID: Full turnkey 2FA solution without the challenges of first generation two-factor authentication! • Protect against unauthorized access to your critical business information • Reduce your IT administrative workload and hard costs, • Easily scale with tokenless One-Time-Passwords delivered via SMS, • Be up and running in hours, not weeks or months! +

  16. Juniper Technology Alliance Direct integration to existing corporate infrastructure 958482 Operator grade global 3G network Third party Gateway or Integrated Tectia Messaging service One-time password Hello Jane, Your SMS password is 949372 AD/ LDAP Internet Firewall SSL VPN Remote user 16

  17. Authenticating using SMS One-Time Password Scenario 1 – SSL VPN login

  18. Authenticating using SMS One-Time Password On-demand SMS password for two-factor authentication

  19. Authenticating using SMS One-Time Password And you’re logged in!

  20. Authenticating using SMS One-Time Password Scenario 2 – Login with pre-distributed SMS

  21. Authenticating using SMS One-Time Password And you’re logged in!

  22. Technical integration with Juniper SSL VPN Adding a new RADIUS Server to Juniper SA VPN

  23. Technical integration with Juniper SSL VPN Adding a new RADIUS Client to MobileID

  24. Technical integration with Juniper SSL VPN Connecting MobileID to AD / LDAP

  25. Technical integration with Juniper SSL VPN MobileID is LIVE – Start using it!

  26. Tectia MobileID Web Admin Interface Administer the Virtual Appliance

  27. Viewing Tectia MobileID Logs in Real-Time Viewing Tectia MobileID Logs in Real-Time

  28. Try Tectia MobileID Live Today! • Live VPN demonstrationfor anyone, anywhere, free-of-charge: • Juniper SSL VPN login: • Register here: http://mobileiddemo.ssh.com/pub/index.php?plugin=register&app=juniper • Login and demo here: http://mobileiddemo.ssh.com/pub/index.php?plugin=testing&app=juniper

  29. Summary Tectia MobileID Competitive Solutions • Typically no operator messaging support • No High Availability (HA), requires purchasing and configuring 3rd party messaging service or product • Accounts must be registered and provisioned to work • Typically for SME use only • Typically only few pre-defined methods available • Operator grade messaging capabilities • Integrated HA messaging • Allows ad-hoc use • Highly scalable • Framework for customized login methods • Certified for Juniper SSL VPN

  30. Thank You! Vesa Tiihonen Director Vesa.Tiihonen@ssh.com www.ssh.com

More Related