信息安全身份认证策略.ppt

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * All Contents ? 2005 Burton Group. All rights reserved. Strong Authentication: Increased Options, but Interoperability and Mobility Challenges Remain * Strong Authentication Thesis Strong authentication deployments are growing due to security, cost reduction, and identity theft concerns One time password (OTP) device deployments continue to grow due to their “zero footprint” attribute and broad application coverage Organizations are increasingly deploying smart cards, due to their security and application coverage, including physical access and OTP Biometrics have their rightful place in the strong authentication landscape Enterprises should adopt adequate identity proofing processes to ensure that strong authenticators are not degraded Strong authentication presents issues for organizations’ Identity Management (IdM) infrastructure Strong authentication is frequently paired with enterprise SSO (SSO) systems, which provides organizational benefits and challenges * Strong Authentication Agenda Identity assurance Strong authentication survey Identity management stack and Microsoft Windows Authentication challenges Recommendations * Strong Authentication Agenda Identity assurance Strong authentication survey Identity management stack and Microsoft Windows Authentication challenges Recommendations * Identity Assurance Identity Proofing Cornerstone of authentication Due diligence performed before issuance or certification of user credentials Must be performed at each stage of the identity lifecycle Initialization, recertification, emergency access, elevated access (optional) Knowledge-based authentication (KBA) alone is not sufficient identity proofing Reduces strong authenticator to a few well-known questions Presents usability problems (especially when number of questions are increased) Layered and out of band authentication can provide adequate identity proofing Interactive voice