Security Basics mailing list archives
RE: Authentication solution
From: "Matt Flynn" <mflynn () netvision com>
Date: Thu, 16 Jul 2009 12:49:34 -0600
Saqib, There are a number of solutions for consumer-focused strong authentication. RSA has solutions that remember the user's hardware and habits, for example, and request additional authentication based on behavior. There are also solutions that leverage mobile phones, typing rhythm, or a user's ability to recognize human faces. Arcot has a nice solution, though, too with very good security. I haven't used Symplified (I'm not in that type of job) but I've looked at their architecture and it looks strong. They essentially provide WebSSO but with an on-demand architecture. The founders built the product that is now RSA's WebSSO product. So, they know what they're doing. If you're new to the IAM market, my suggestion is to hook up with a consultant who knows the ins and outs of the product offerings. If they listen to your needs, they can probably quickly create a short list for your evaluation. There are lots of options. The key is finding a solution that matches your unique needs. Matt Matthew Flynn Director of Marketing & Strategy NetVision -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Ali, Saqib Sent: Wednesday, July 15, 2009 4:52 PM To: Hellkyng () gmail com Cc: security-basics () securityfocus com Subject: Re: Authentication solution Mike, Do you guys use multi-factor authentication for your internal users? If so, using a single-factor authentication for external external client/customer will cause security concerns. Giving out multi-factor tokens (E.g. RSA token) to customers/clients could be cost prohibitive. I am in a similar situation, and currently looking at PingFederated[1], Symplified[2], and ArcotId[3] 1. http://www.pingidentity.com/solutions/enterprises.cfm 2. http://www.symplified.com/ 3. http://www.arcot.com/ (multi-factor auth without the cost of hardware tokens) Does anyone have experience with any of these systems? I couldn't find much information about Symplified's architecture on their website. Saqib http://www.capital-punishment.us ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442 f727d1 ------------------------------------------------------------------------ Checked by AVG - www.avg.com Version: 8.5.375 / Virus Database: 270.13.16/2241 - Release Date: 07/16/09 05:58:00 ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Authentication solution Hellkyng (Jul 15)
- Re: Authentication solution Ali, Saqib (Jul 15)
- RE: Authentication solution Matt Flynn (Jul 16)
- Re: Authentication solution Nick Owen (Jul 16)
- RE: Authentication solution Matt Flynn (Jul 16)
- <Possible follow-ups>
- Re: Authentication solution Hellkyng (Jul 17)
- RE: Authentication solution Matt Flynn (Jul 17)
- Re: Authentication solution Lars (Jul 20)
- RE: Authentication solution Matt Flynn (Jul 17)
- Re: Authentication solution Ali, Saqib (Jul 15)