Presentation is loading. Please wait.

Presentation is loading. Please wait.

Tectia MobileID – Tokenless 2-Factor Authentication for Juniper SSL VPN Appliances Vesa Tiihonen, Director, SSH December 30 th 2011.

Similar presentations


Presentation on theme: "Tectia MobileID – Tokenless 2-Factor Authentication for Juniper SSL VPN Appliances Vesa Tiihonen, Director, SSH December 30 th 2011."— Presentation transcript:

1 Tectia MobileID – Tokenless 2-Factor Authentication for Juniper SSL VPN Appliances Vesa Tiihonen, Director, SSH December 30 th 2011

2 Founded 1995 The Inventor of Secure Shell (SSH) protocol NASDAQ OMX enlisted public company Tectia Managed Security solution Replacement for unsecured protocols Managed File Transfer Worldwide customer base: 7 out of top 10 Fortune % of Fortune Redwood, USA Boston, USA Helsinki, Finland (HQ) Hong Kong, China Kloten, Switzerland

3 Contents Contents 3 Tectia MobileID Introduction Use Cases and Benefits of Tectia MobileID Key Differentiators of Tectia MobileID Juniper Technology Alliance SSL VPN Login Use Cases Tectia MobileID integration with Juniper SSL VPN Summary

4 4 The Best 2-FA Solution in the Market : The Next Generation Authentication Platform Multi-factor appliance designed specifically for on-demand and out-of-band authentication, Based on high quality SMS One-Time-Password (OTP) as the main strong authentication delivery method, Supports also ALL OTP delivery methods, such as password lists, OTP, Voice OTP, Instant Messaging OTP, and any OATH compliant hardware and software tokens (e.g. Google Authenticator), Fully customizable, Operator Grade SMS Messaging Connections Out-Of-The-Box.

5 SMS authentication use cases SMS authentication use cases When you have geographically dispersed groups of users When you have a mobile / remote workforce When you provide an extranet When you have ad-hoc login requirements When you do not want to invest in and manage hardware When you can’t wait weeks for a new token to be delivered 5 When to consider tokenless login

6 No seed data to be compromised No security devices to be stolen or lost 24/7 service deactivation provided by operators, not only by your company helpdesk One-Time Password unpredictable and 100% random, unlike with tokens Ability to detect fraudulent activity, e.g. Man-in-the-Middle (MitM/MitB) attacks Improved user login experience Less administration Fewer helpdesk calls Benefits of using Tectia MobileID Benefits of using Tectia MobileID 6

7 Fraud prevention and password management with SMS OTP Pro-actively lock end user accounts after N failed login attempts Notification of locked account via SMS Permit account re-activation via SMS GeoIP match on Mobile device location Permit forgotten password/PIN reset via SMS, eliminating the need for helpdesk services 7 Lock my account Benefits of using Tectia MobileID Benefits of using Tectia MobileID

8 Unique Differentiators of Tectia MobileID Most Scalable & Reliable Fastest to Deploy & Use Most Cost Efficient Best User Experience 8

9 9 Unmatched scalability and reliability Unmatched scalability and reliability Scales to millions of concurrent users Operator grade SMS delivery world- wide with SLA-guaranteed throughput times Certified to work with In live production since 2003 Modular architecture that provides service provider-grade scalability, customization and control of network conditions and business logic

10 Unmatched TCO and ROI Flexible pricing models with pay-per-active-users on a monthly basis Low TCO -Example 5-year TCO: -for 250 RSA SecurID users: $140,000 (RSA Whitepaper) -for 250 MobileID users: $38,000 (excluding SMS traffic; € per message) Practically ZERO administration; new users activated instantly Tokenless solution – No logistics overhead No extra or hidden costs! 10

11 11 Tectia MobileID – Fast deployment and activation Tectia MobileID – Fast deployment and activation ADDING NEW RSA USERREMOVING A RSA USER 1.Admin creates token user account and delivers the account details i.e. via 2.Admin adds token serial number to the new account and synchronizes the token. 3.Admin packages the token, user instructions and letter on the token terms of use and mails it to the user. 4.Admin informs the new user that token will be delivered within a few days. 5.User eventually receives the token and reads the instructions and terms of use. 6.Assuming that token has not become out-of-synch, or has not broken during delivery, and that user knows how to use token, etc., user successfully logs in using the token. 1.Admin removes / disables the account 2.Admin notifies the user that the token should be returned via courier. 3.If user fails to return the token, or it's lost then admin must initiate cost recovery procedures or the company must pay for a replacement token. 4.Admin eventually receives the token. 5.If the token is damaged then admin must initiate cost recovery procedures or the company must pay for a replacement token. 6.Admin notifies the user that token was correctly received and intact. 7.Admin marks the token as ”returned” and adds the token serial to a pool of free tokens ADDING NEW MOBILEID USERREMOVING A MOBILEID USER 1.User successfully logs in.1.Admin removes / disables the account. Add/remove traditional token user vs. MobileID: ADDING NEW TOKEN USERREMOVING A TOKEN USER 1.Admin creates token user account and delivers the account details i.e. via 2.Admin adds token serial number to the new account and synchronizes the token. 3.Admin packages the token, user instructions and letter on the token terms of use and mails it to the user. 4.Admin informs the new user that token will be delivered within a few days. 5.User eventually receives the token and reads the instructions and terms of use. 6.Assuming that token has not become out-of-synch, or has not been damaged during delivery, and that user knows how to use token, user successfully logs in using the token. 1.Admin removes / disables the account 2.Admin notifies the user that the token should be returned via courier. 3.If user fails to return the token, or it's lost then admin must initiate cost recovery procedures or the company must pay for a replacement token. 4.Admin eventually receives the token. 5.If the token is damaged then admin must initiate cost recovery procedures or the company must pay for a replacement token. 6.Admin notifies the user that token was correctly received and intact. 7.Admin marks the token as ”returned” and adds the token serial to a pool of free tokens ADDING NEW MOBILEID USERREMOVING A MOBILEID USER 1.User successfully logs in.1.Admin removes / disables the account.

12 12 Tectia MobileID – Superior end-user experience Tectia MobileID – Superior end-user experience No end-user training needed Use 100% intuitive with Flash SMS No changes to existing login process Works on any phone, anywhere in the world So easy it makes your customers smile – guaranteed!

13 13 Tectia MobileID – multi-use authentication platform Tectia MobileID – multi-use authentication platform Tectia MobileID can solve ANY ad-hoc multi-factor authentication problem: 2-factor authentication for SSL VPN access (RADIUS) 2-factor authentication for Web Services and portals (SOAP) Solving Man-in-the-Browser / Man-in-the-Middle threats with Out-Of-Band authentication Multi-domain (LDAP) support MS Outlook Web Access Instant Messaging OTP Any custom ad-hoc on-demand multi-factor authentication use case 2-factor SMS OTP for MS Windows logins Supports ALL OTP techniques: , lists, OATH tokens, Voice, etc. Cloud-based SMS OTP available Out-Of-The-Box OTP and business logic for online banking transaction verification

14 Tectia MobileID mRules framework Tectia MobileID mRules framework Custom business logic for Authentication, Authorization and Access (AAA) New authentication methods can be added and the existing ones extended Authentication methods can be chained, triggered, scheduled, etc. Network packets (i.e. RADIUS) can be re-written, routed, scheduled, etc. Sample custom access rule 14

15 Juniper Technology Alliance Juniper Technology Alliance Protect against unauthorized access to your critical business information Reduce your IT administrative workload and hard costs, Easily scale with tokenless One-Time-Passwords delivered via SMS, Be up and running in hours, not weeks or months! Juniper SSL VPN with SSH’s MobileID : Full turnkey 2FA solution without the challenges of first generation two-factor authentication! 15

16 Juniper Technology Alliance Juniper Technology Alliance 16 Direct integration to existing corporate infrastructure AD/ LDAP Hello Jane, Your SMS password is Third party Gateway or Integrated Tectia Messaging service SSL VPN Remote user Internet Firewall Operator grade global 3G network One-time password

17 17 Authenticating using SMS One-Time Password Authenticating using SMS One-Time Password Scenario 1 – SSL VPN login

18 On-demand SMS password for two-factor authentication 18 Authenticating using SMS One-Time Password Authenticating using SMS One-Time Password

19 And you’re logged in! 19 Authenticating using SMS One-Time Password Authenticating using SMS One-Time Password

20 20 Authenticating using SMS One-Time Password Authenticating using SMS One-Time Password Scenario 2 – Login with pre-distributed SMS

21 And you’re logged in! 21 Authenticating using SMS One-Time Password Authenticating using SMS One-Time Password

22 22 Technical integration with Juniper SSL VPN Technical integration with Juniper SSL VPN Adding a new RADIUS Server to Juniper SA VPN

23 23 Technical integration with Juniper SSL VPN Technical integration with Juniper SSL VPN Adding a new RADIUS Client to MobileID

24 24 Technical integration with Juniper SSL VPN Technical integration with Juniper SSL VPN Connecting MobileID to AD / LDAP

25 25 Technical integration with Juniper SSL VPN Technical integration with Juniper SSL VPN MobileID is LIVE – Start using it!

26 26 Tectia MobileID Web Admin Interface Tectia MobileID Web Admin Interface Administer the Virtual Appliance

27 27 Viewing Tectia MobileID Logs in Real-Time Viewing Tectia MobileID Logs in Real-Time Viewing Tectia MobileID Logs in Real-Time

28 28 Try Tectia MobileID Live Today! Try Tectia MobileID Live Today! Live VPN demonstration for anyone, anywhere, free-of-charge: Juniper SSL VPN login: Register here: Login and demo here:

29 Summary Summary 29 Tectia MobileID Operator grade messaging capabilities Integrated HA messaging Allows ad-hoc use Highly scalable Framework for customized login methods Certified for Juniper SSL VPN Competitive Solutions  Typically no operator messaging support  No High Availability (HA), requires purchasing and configuring 3rd party messaging service or product  Accounts must be registered and provisioned to work  Typically for SME use only  Typically only few pre-defined methods available

30 Vesa Tiihonen Director Thank You!


Download ppt "Tectia MobileID – Tokenless 2-Factor Authentication for Juniper SSL VPN Appliances Vesa Tiihonen, Director, SSH December 30 th 2011."

Similar presentations


Ads by Google