RE: Authentication solution

["Matt Flynn" <mflynn () netvision com>]

Saqib,

There are a number of solutions for consumer-focused strong
authentication.  RSA has solutions that remember the user's hardware and
habits, for example, and request additional authentication based on
behavior.  There are also solutions that leverage mobile phones, typing
rhythm, or a user's ability to recognize human faces.  Arcot has a nice
solution, though, too with very good security.

I haven't used Symplified (I'm not in that type of job) but I've looked
at their architecture and it looks strong.  They essentially provide
WebSSO but with an on-demand architecture.  The founders built the
product that is now RSA's WebSSO product.  So, they know what they're
doing.

If you're new to the IAM market, my suggestion is to hook up with a
consultant who knows the ins and outs of the product offerings.  If they
listen to your needs, they can probably quickly create a short list for
your evaluation.  There are lots of options.  The key is finding a
solution that matches your unique needs.

Matt

Matthew Flynn
Director of Marketing & Strategy
NetVision
 

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Ali, Saqib
Sent: Wednesday, July 15, 2009 4:52 PM
To: Hellkyng () gmail com
Cc: security-basics () securityfocus com
Subject: Re: Authentication solution

Mike,

Do you guys use multi-factor authentication for your internal users?
If so, using a single-factor authentication for external external
client/customer will cause security concerns. Giving out multi-factor
tokens (E.g. RSA token) to customers/clients could be cost prohibitive.

I am in a similar situation, and currently looking at PingFederated[1],
Symplified[2], and ArcotId[3]


1. http://www.pingidentity.com/solutions/enterprises.cfm
2. http://www.symplified.com/
3. http://www.arcot.com/ (multi-factor auth without the cost of hardware
tokens)

Does anyone have experience with any of these systems? I couldn't find
much information about Symplified's architecture on their website.

Saqib
http://www.capital-punishment.us

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide
we examine the importance of Apache-SSL and who needs an SSL
certificate.  We look at how SSL works, how it benefits your company and
how your customers can tell if a site is secure. You will find out how
to test, purchase, install and use a thawte Digital Certificate on your
Apache web server. Throughout, best practices for set-up are highlighted
to help you ensure efficient ongoing management of your encryption keys
and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------


Checked by AVG - www.avg.com
Version: 8.5.375 / Virus Database: 270.13.16/2241 - Release Date:
07/16/09 05:58:00

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------