Post on 01-Nov-2014
description
Intellect Armor
COPYRIGHT NOTICE
Copyright © 2011 Polaris Software Lab Limited
All rights reserved. These materials are confidential and proprietary to Polaris and no part of these
materials should be reproduced, published in any form by any means, electronic or mechanical
including photocopy or any information storage or retrieval system nor should the materials be
disclosed to third parties without the express written authorization of Polaris Software Lab Limited.
© Copyright Polaris Software Lab Limited,
2011
2
Index Slide
Contents
Facts
Armor Solution
Armor Architecture
Armor Features
© Copyright Polaris Software Lab Limited,
2011
3
FactsThe average employee
accesses 5 to 30 password-protected applications as a part of his/her job
spends as much as 44 hours per year performing multiple login tasks to access 4 applications
More than 25% of Helpdesk costs are password related (Gartner)
Businesses spend an average of $200 per user each year on password management (Forrester)
© Copyright Polaris Software Lab Limited,
2011
4
Armor SolutionARMOR is an integrated suite of Security Services to provide end-to-end security with minimal effort and low costs. ARMOR provides an enterprise-wide system for User Authentication and Profiling, enables centralized administration and ease of implementing corporate security policies.
Enterprise-wide SSO Web/J2EE applications Thick client applications Host based applications Third party tools
Multiple Authentication Mechanisms Static Password Dynamic Password Challenge Response
Multi-level Access control Application access Menu control Functional Access
Single Point Administration Comprehensive suite to define and manage Entities Audit Logs, Security Reports
Multi-lingual support (UTF-8)
© Copyright Polaris Software Lab Limited,
2011
5
ARMOR Architecture
© Copyright Polaris Software Lab Limited,
2011
6
Single Sign OnBrowser based Thin-Client shellAvailable for
Any technology - Windows, Unix, LinuxAny architecture - Three-tier, Two-tier, Browser-
based, Host-basedAny application - Developed in-house
Applications may be of the type Web based or Desktop
© Copyright Polaris Software Lab Limited,
2011
7
Multiple Authentication MechanismsVerification of the identity of a user, typically by User IDs
and passwords Armor Supports Strong Authentication mechanisms
Configurable Static PasswordsDynamic Password TokensChallenge-Response Password Tokens
Works with third party authentication providers, such as Siteminder, RSA, MS-AD (LDAP), Safeword, Blackshield, VASCO, WebSeal
© Copyright Polaris Software Lab Limited,
2011
8
Password PoliciesSecurity Policy ensures security standards:Allows user initiated password changeForced Password Change once every 45 (configurable)
days ID is disabled after 6 (configurable) consecutive
unsuccessful attempts ID is disabled if not in use for 60 (configurable) days ID is closed if not in use for 90 (configurable) days
© Copyright Polaris Software Lab Limited,
2011
9
Password PoliciesPassword Policy restrictions can be set & defines
corporate standards:Allowed length is configurable (min 6, max 16)Should be alphanumericChecked against negative list of common passwords (Configurable) 2 consecutive characters cannot be sameReuse restriction on previous ‘n’ passwords (configurable,
default 6) Cannot be changed twice within a (configurable) 24 hr
period
© Copyright Polaris Software Lab Limited,
2011
10© Copyright Polaris
Software Lab Limited, 2007
Two Factor AuthenticationIntellect Armor currently interfaces with SafeWord, Vasco and RSA to support Two factor Authentication Dynamic Passwords & Challenge Response
Something you Have i.e. Hand Held Hardware device Something you Know i.e. Corresponding PIN number,
ChallengeOne-time use passwords, generated every time the user
wants to log in
© Copyright Polaris Software Lab Limited,
2011
11
Multilevel Access Control
Defines what a User can do in an application Application Access Control
Web Based, launched using a web browserThick Client Based, launched using signed applet
Access Control Within ApplicationMenu ControlFunction Access
© Copyright Polaris Software Lab Limited,
2011
12
Single Point Administration Browser based single-point administration
Audit Reports and Sensitive Event Logging
Passwords for the registries used by the application likeRelational databases (Oracle)Unix hostsApplication Server console
© Copyright Polaris Software Lab Limited,
2011
13
Armor Components Armor Backend
Comprises of Java Services and the Oracle Repository which holds access privileges and information of an application hosted on Armor. This component handles all administration requests generated from the web front end.
Armor Frontend
This is a web application that allows performing all administrative tasks like creating users, assigning entitlements generating and viewing reports.
Armor Toolkit
This is a plug-in adapter component containing APIs that enables Java applications to communicate with the ARMOR for Authentication and Authorization.
© Copyright Polaris Software Lab Limited,
2011
14
Ready to Use Security API’s Complete set of readily available Java & COM
Security APIs for Developers Features include
Security AuthenticationUser AuthorizationUser Info ServicesPassword Management ServicesSSO Services
© Copyright Polaris Software Lab Limited,
2011
Armor Features• Access Control List - Offers IP Address based restriction
for users to strengthen Armor Native Authentication• Forgot Password/Security Question – Facilitates user
driven Reset password feature (without the Admin user's intervention) whenever user forgets his/her own password
• Password Rules - Password Rules are now configurable as per Customer's requirement through Regular Expressions
• Default Password - Default password can now be set (combination of first 4 letters of User ID and Date of Birth (ddmmyyyy)) for a user at the time of user creation automatically
© Copyright Polaris Software Lab Limited,
2011
Armor Features• Zero Configuration (Native Authentication) - Armor
binaries will be provided with default configurations and intelligent modules to read environment specific configurations required and auto configure themselves for deployment
• Securing User’s Login Credentials - For every authentication request raised from the client end, identified sensitive information (password) shall go through a cryptographic routine to form an indecipherable string before being communicated through network layer
• CSRF token implementation - Prevents Cross Site Request Forgery Attacks
© Copyright Polaris Software Lab Limited,
2011
Armor Features• Password communication via Email - With the email flag
enabled in Armor any new user addition or password reset results in sending a random password to the mentioned email id of the user during the addition
• Idle/Forced Session Timeout - Automatic Idle/Forced Session timeout would now be centrally managed through configuration for all the applications launched through Armor
• Set Default field values for User Creation• Excel upload utility for Entity Maintenance
Thank You