Implementing two factor authentication for remote access using phone factor
12
Implementing Two-Factor Authentication for Remote Access using PhoneFactor A Proof-of-Concept Experiment for an Accountancy Firm (AF) Michael G. Kaishar, MSIA | CISSP | Security+ Sr. Information Security Architect & Consultant A Master of Science Research Practicum Presentation Graduate School of Management University of Dallas Partial Fulfillment of the Requirements for the Master of Science Degree in Information Assurance Saturday, March 27, 2010
-
Upload
michael-kaishar -
Category
Technology
-
view
804 -
download
2
description
Small and medium sized businesses cannot afford the luxury of purchasing expensive token-based two-factor authentication products, so they rely mostly on user names and passwords as methods for remote access security. The reliance on user names and passwords as methods of security is a weak strategy; therefore small and medium-sized businesses need to add an extra layer of security in order to strengthen their security stance.
Transcript of Implementing two factor authentication for remote access using phone factor
- 1. Implementing Two-Factor Authentication for Remote Access using PhoneFactor A Proof-of-Concept Experiment for an Accountancy Firm (AF) Michael G. Kaishar, MSIA | CISSP | Security+ Sr. Information Security Architect & Consultant A Master of Science Research Practicum Presentation Graduate School of Management University of Dallas Partial Fulfillment of the Requirements for the Master of Science Degree in Information Assurance Saturday, March 27, 2010
2. INTRODUCTION
- Michael G. Kaishar
- Practicum Study
-
- An Experiment for an Accountancy Firm (AF)
-
- Implementing Two-Factor Authentication for Remote Access using PhoneFactor
- Significance
-
- Feasible
-
- Address issue of unauthorized access
Saturday, March 27, 2010Michael G. Kaishar2 Implementing Two-Factor Authentication for Remote Access using PhoneFactor A Proof-of-Concept Experiment for an Accountancy Firm (AF) 3. MATERIALS
- Hardware
-
- Dell Laptop with sufficient resources
-
- Cell Phone
- Software & Service
-
- Operating Systems (XP and W2K3 Server)
-
- VMware & 2X Remote Access Server
-
- PhoneFactor Two-Factor Authentication
-
- Internet Connectivity
Saturday, March 27, 2010Michael G. Kaishar3 Implementing Two-Factor Authentication for Remote Access using PhoneFactor A Proof-of-Concept Experiment for an Accountancy Firm (AF) 4. ANALYSIS
- Built Test Environment using VMware
-
- Simulated AFs production infrastructure
-
-
- Without PhoneFactor
-
-
-
- With PhoneFactor
-
Saturday, March 27, 2010Michael G. Kaishar4 Implementing Two-Factor Authentication for Remote Access using PhoneFactor A Proof-of-Concept Experiment for an Accountancy Firm (AF) Figure 1 .Illustration of remote connectivity processFigure 2 .VMWare Inc.Illustration of where virtual machines reside in reference to the Dell Laptop Hardware Layer 5. VIDEO DEMONSTRATION 1
- Current Procedures for Connectivity
-
- Username
-
- Password
Saturday, March 27, 2010Michael G. Kaishar5 Implementing Two-Factor Authentication for Remote Access using PhoneFactor A Proof-of-Concept Experiment for an Accountancy Firm (AF) 6. VIDEO DEMONSTRATION 2
- Proposed Solution for Connectivity
-
- Username
-
- Password
-
- Two-Factor Authentication using PhoneFactor
Saturday, March 27, 2010Michael G. Kaishar6 Implementing Two-Factor Authentication for Remote Access using PhoneFactor A Proof-of-Concept Experiment for an Accountancy Firm (AF) 7. VIDEO DEMONSTRATION 3
- Failed Attempt for Connectivity
-
- Username
-
- Password
-
- PhoneFactor
Saturday, March 27, 2010Michael G. Kaishar7 Implementing Two-Factor Authentication for Remote Access using PhoneFactor A Proof-of-Concept Experiment for an Accountancy Firm (AF) 8. RESULTS
- PhoneFactor worked as advertised
- Easy to install, configure, and manage
- Easy to integrate into existing system
- Required little to no downtime
- AF is very pleased with outcome
- Cost Effective (free for up to 25 users)
Saturday, March 27, 2010Michael G. Kaishar8 Implementing Two-Factor Authentication for Remote Access using PhoneFactor A Proof-of-Concept Experiment for an Accountancy Firm (AF) 9. CONCLUSIONS
- Recommendations
-
- Augment security strategy
-
- Separate systems for each function
-
- Balance between security and functionality
- Limitations
-
- Isolated (Sand-boxed)
-
- Virtualized Environment
-
- Single client (lack of system load)
Saturday, March 27, 2010Michael G. Kaishar9 Implementing Two-Factor Authentication for Remote Access using PhoneFactor A Proof-of-Concept Experiment for an Accountancy Firm (AF) 10. CONCLUSIONS
- Future Work
-
- Voice recognition
-
- Text-based authentication (SMS)
Saturday, March 27, 2010Michael G. Kaishar10 Implementing Two-Factor Authentication for Remote Access using PhoneFactor A Proof-of-Concept Experiment for an Accountancy Firm (AF) 11. Questions? Saturday, March 27, 2010Michael G. Kaishar11 Implementing Two-Factor Authentication for Remote Access using PhoneFactor A Proof-of-Concept Experiment for an Accountancy Firm (AF) 12. Thank You Saturday, March 27, 2010Michael G. Kaishar12 Implementing Two-Factor Authentication for Remote Access using PhoneFactor A Proof-of-Concept Experiment for an Accountancy Firm (AF)
