corporateinformationsecurity corporate information security user identification & logical access...
TRANSCRIPT
CorporateCorporateInformationInformationSecuritySecurity
Corporate InformationSecurity
User Identification & Logical Access ControlUser Identification & Logical Access Control
Corporate Information SecurityCorporate Information Security
Logical Access Control Logical Access Control – Heart of Security– Heart of Security
Efficient Control MechanismsEfficient Control Mechanisms User identification, authentication &
authorization Centralized user rights management Logging & auditing
Corporate Information SecurityCorporate Information Security
Passwords: Passwords: Security BottlenecksSecurity Bottlenecks
Most Likely Security Breaches Easy to guess passwords Same password for all applications Password sharing Not keeping passwords secret
Corporate Information SecurityCorporate Information Security
Security StatsSecurity Stats
Half of help desk calls are password-related
Source: Lenovo
$ 150 per user annually - operating expenses for managing user accounts
Source: SC Magazine
$ 25-50 - average cost of processing a single help desk call
Source: Compulenta
Corporate Information SecurityCorporate Information Security
Biometrics: Biometrics: Efficient & ReliableEfficient & Reliable
Identification of a person, not of a password, token or card
Intuitive & easy to use technology Non-repudiation of biometrically confirmed
actions Users do not have to know or remember
passwords No password sharing
Corporate Information SecurityCorporate Information Security
IntegrationIntegration
Corporate Corporate DataData
AD IntegrationAD Integration
Shared ResourcesShared Resources
WorkstationsWorkstations
VPNVPN
Physical AccessPhysical Access
ApplicationsApplications
E-mailE-mail
T&AT&A
InternetInternet
Corporate Information SecurityCorporate Information Security
IDenium PurposeIDenium Purpose
Safeguard data against unauthorized access
Replace a vulnerable password system with biometric IDs
Corporate Information SecurityCorporate Information Security
IDenium FunctionsIDenium Functions
User Access Control A fingerprint is a single key to network
data, applications, e-mail & Internet Secure Standby & screensaver modes Support for Windows & Novell
Logging Access Events
Corporate Information SecurityCorporate Information Security
IDenium FunctionsIDenium Functions
Centralized User Management One-time enrollment of users &
credentials Domain controller interaction Network access from any
network PC
Corporate Information SecurityCorporate Information Security
ArchitectureArchitecture
User Account of a Specific Application
Novell User Account
Windows User Account
CITRIX User Account
WorkstationsWorkstationsWindows Domain Controller
Applications & Applications & Web-applicationsWeb-applications
Workstations and/or Clients
CITRIX ServerNovell Server
WorkstationsWorkstations
Identification of Windows Users User Identification in Applications
Identification of CITRIX Users Identification of Novell Users
Corporate Information SecurityCorporate Information Security
IDenium for ADIDenium for AD
Windows Domain Controller
Workstation
1
2
3
4
Identification Server
Microsoft Windows AD Database
11 Digital Fingerprint Template
22 Data Required for User Authentication
33 Data Required for User Authentication
44 Synchronization
Corporate Information SecurityCorporate Information Security
AD IntegrationAD Integration
IDenium is fully integrated into Active Directory (AD):
Centralized storage, protection & transfer of user ID data via AD tools
Centralized user rights management
BioLink tabs in ADUC
BioLink - Enroll TabBioLink - Enroll Tab
Corporate Information SecurityCorporate Information Security
IDenium ComponentsIDenium Components
Client SW IDenium Windows Logon Password Vault
Admin SW Admin Pack Synchronization Agent Password Changer
Corporate Information SecurityCorporate Information Security
IDenium WindowsIDenium Windows LogonLogon
Verifying user identity when logging on to the OS or applications
User verification in other applications compliant with IDenium Windows Logon & Authenteon Server
Workstation unlocking by a fingerprint
Workstation UnlockingWorkstation Unlocking
Corporate Information SecurityCorporate Information Security
Password VaultPassword Vault
Replacing passwords with biometric IDs in applications & Internet
Script recording to replace a password
Several scripts for an application
Automated script execution upon successful fingerprint identification
List of ScriptsList of Scripts
Corporate Information SecurityCorporate Information Security
Admin ToolsAdmin Tools
Admin Pack Centralized enrollment of users &
fingerprint data Setting-up identification policies & other
administrative tasks Synchronization Agent
Synchronization of AD catalogue data & biometric ID data stored on Authenteon
Corporate Information SecurityCorporate Information Security
Admin ToolsAdmin Tools
Password Changer Generation of random passwords Attaching new passwords to relevant user
accounts & biometric IDs Admin-defined generation frequency No access to unauthorized users by stolen
passwords
Corporate Information SecurityCorporate Information Security
IDs EnrollmentIDs Enrollment
““Windows Security” window for users to Windows Security” window for users to enroll their fingerprint identifiersenroll their fingerprint identifiers
Biometric IDs can be enrolled while adding a new user account in AD - when hiring a new employee, at administrator’s workplace.
Biometric IDs can be enrolled by users themselves at their workplaces when deploying IDenium.
Corporate Information SecurityCorporate Information Security
Selection of Identification Selection of Identification PoliciesPolicies
Selecting an Identification PolicySelecting an Identification Policy
User identification only by fingerprints is recommended for most users
User identification by a fingerprint OR password is recommended for administrators and security staff
Two-factor identification by a fingerprint AND password is recommended for the most sensitive data
Corporate Information SecurityCorporate Information Security
Customization & Customization & ManagementManagement OptionsOptions
Окно настройки сервисаОкно настройки сервисаIDenium Settings windowIDenium Settings window
Add users (or user accounts), edit properties & delete
Enable/disable ID data caching
Hide the actual fingerprint image while scanning
Generate random passwords for Windows user accounts
Corporate Information SecurityCorporate Information Security
Identification ServersIdentification Servers
BioLink Authenteon Software-and-hardware server Hot swappable Unlimited number of users
BioLink Authenteon Software Appliance (ASA) Software server for MS Windows Number of users – up to 1 000 Scalable
Corporate Information SecurityCorporate Information Security
Biometric ScannersBiometric Scanners
Scanning Method Optical
Scanning Window Size 25.5 x 18 mm
Scanning Speed 15 fingerprints per second
Resolution 508 dpi
False Acceptance Rate (FAR)
10-9 (1 out of 1 000 000 000)
Interface USB 2.0/1.1, Plug&Play, 2 m cable included
Corporate Information SecurityCorporate Information Security
Biometric ScannersBiometric Scanners
Compact & ergonomic
Cost-effective & durable
Quickly attached to a computer
Ready for operation upon installation of BioLink IDenium
Used to secure corporate networks & stand-alone PCs
Corporate Information SecurityCorporate Information Security
Biometric ScannersBiometric ScannersBioLink U-Match 3.5 - BioLink U-Match 3.5 - USB Scanner for Office Use
Dimensions (length x width x height):45 x 63 x 26 mm
Weight:120 g
BioLink U-Match 5.0 - BioLink U-Match 5.0 - USB Scanner with a Card Reader
Supported smart card standards:ISO 7816, EMV 2000
Smart card power supply:5 V, 3 V & 1.8 V
Transmission speed:up to 119 Kbps
Card type detection:automatic
Corporate Information SecurityCorporate Information Security
IDenium BenefitsIDenium Benefits
Data security increase
Cost-effectiveness
Scalability
Fault-tolerance
Ease of use
Corporate Information SecurityCorporate Information Security
Data Security IncreaseData Security Increase
Reliable, accurate & quick user identification by distinct parameters
Eliminated threat of identification by lost/stolen identifiers
Multi-factor identification for sensitive data Integration options for logical & physical
access & T&A systems
Corporate Information SecurityCorporate Information Security
Cost-EffectivenessCost-Effectiveness
Faster access to protected resources Biometric IDs never fail Reduced admin load Decreased access infrastructure
management expenses
Corporate Information SecurityCorporate Information Security
ScalabilityScalability
Unlimited number of users Server clusters & load balance options Centralized installation & management Seamless integration into legacy
corporate systems
Corporate Information SecurityCorporate Information Security
Fault-ToleranceFault-Tolerance
Hot swappable biometric ID servers Data replication options Local cache options in case of failed
LAN
Corporate Information SecurityCorporate Information Security
Ease of UseEase of Use
One-time enrollment of users’ biometric data
Identification by any enrolled fingerprint A fingerprints is a single key to resources &
applications User-friendliness
Corporate Information SecurityCorporate Information Security
CorporateCorporateInformationInformationSecuritySecurity
CorporateInformationSecurity
User Identification & Logical Access ControlUser Identification & Logical Access Control
www.bio-metrica.com
Thank You!Thank You!