Implementing two factor authentication for remote access using phone factor
-
Upload
michael-kaishar -
Category
Technology
-
view
804 -
download
2
description
Transcript of Implementing two factor authentication for remote access using phone factor
- 1. Implementing Two-Factor Authentication for Remote Access using PhoneFactor A Proof-of-Concept Experiment for an Accountancy Firm (AF) Michael G. Kaishar, MSIA | CISSP | Security+ Sr. Information Security Architect & Consultant A Master of Science Research Practicum Presentation Graduate School of Management University of Dallas Partial Fulfillment of the Requirements for the Master of Science Degree in Information Assurance Saturday, March 27, 2010
2. INTRODUCTION
- Michael G. Kaishar
- Practicum Study
-
- An Experiment for an Accountancy Firm (AF)
-
- Implementing Two-Factor Authentication for Remote Access using PhoneFactor
- Significance
-
- Feasible
-
- Address issue of unauthorized access
Saturday, March 27, 2010Michael G. Kaishar2 Implementing Two-Factor Authentication for Remote Access using PhoneFactor A Proof-of-Concept Experiment for an Accountancy Firm (AF) 3. MATERIALS
- Hardware
-
- Dell Laptop with sufficient resources
-
- Cell Phone
- Software & Service
-
- Operating Systems (XP and W2K3 Server)
-
- VMware & 2X Remote Access Server
-
- PhoneFactor Two-Factor Authentication
-
- Internet Connectivity
Saturday, March 27, 2010Michael G. Kaishar3 Implementing Two-Factor Authentication for Remote Access using PhoneFactor A Proof-of-Concept Experiment for an Accountancy Firm (AF) 4. ANALYSIS
- Built Test Environment using VMware
-
- Simulated AFs production infrastructure
-
-
- Without PhoneFactor
-
-
-
- With PhoneFactor
-
Saturday, March 27, 2010Michael G. Kaishar4 Implementing Two-Factor Authentication for Remote Access using PhoneFactor A Proof-of-Concept Experiment for an Accountancy Firm (AF) Figure 1 .Illustration of remote connectivity processFigure 2 .VMWare Inc.Illustration of where virtual machines reside in reference to the Dell Laptop Hardware Layer 5. VIDEO DEMONSTRATION 1
- Current Procedures for Connectivity
-
- Username
-
- Password
Saturday, March 27, 2010Michael G. Kaishar5 Implementing Two-Factor Authentication for Remote Access using PhoneFactor A Proof-of-Concept Experiment for an Accountancy Firm (AF) 6. VIDEO DEMONSTRATION 2
- Proposed Solution for Connectivity
-
- Username
-
- Password
-
- Two-Factor Authentication using PhoneFactor
Saturday, March 27, 2010Michael G. Kaishar6 Implementing Two-Factor Authentication for Remote Access using PhoneFactor A Proof-of-Concept Experiment for an Accountancy Firm (AF) 7. VIDEO DEMONSTRATION 3
- Failed Attempt for Connectivity
-
- Username
-
- Password
-
- PhoneFactor
Saturday, March 27, 2010Michael G. Kaishar7 Implementing Two-Factor Authentication for Remote Access using PhoneFactor A Proof-of-Concept Experiment for an Accountancy Firm (AF) 8. RESULTS
- PhoneFactor worked as advertised
- Easy to install, configure, and manage
- Easy to integrate into existing system
- Required little to no downtime
- AF is very pleased with outcome
- Cost Effective (free for up to 25 users)
Saturday, March 27, 2010Michael G. Kaishar8 Implementing Two-Factor Authentication for Remote Access using PhoneFactor A Proof-of-Concept Experiment for an Accountancy Firm (AF) 9. CONCLUSIONS
- Recommendations
-
- Augment security strategy
-
- Separate systems for each function
-
- Balance between security and functionality
- Limitations
-
- Isolated (Sand-boxed)
-
- Virtualized Environment
-
- Single client (lack of system load)
Saturday, March 27, 2010Michael G. Kaishar9 Implementing Two-Factor Authentication for Remote Access using PhoneFactor A Proof-of-Concept Experiment for an Accountancy Firm (AF) 10. CONCLUSIONS
- Future Work
-
- Voice recognition
-
- Text-based authentication (SMS)
Saturday, March 27, 2010Michael G. Kaishar10 Implementing Two-Factor Authentication for Remote Access using PhoneFactor A Proof-of-Concept Experiment for an Accountancy Firm (AF) 11. Questions? Saturday, March 27, 2010Michael G. Kaishar11 Implementing Two-Factor Authentication for Remote Access using PhoneFactor A Proof-of-Concept Experiment for an Accountancy Firm (AF) 12. Thank You Saturday, March 27, 2010Michael G. Kaishar12 Implementing Two-Factor Authentication for Remote Access using PhoneFactor A Proof-of-Concept Experiment for an Accountancy Firm (AF)