Tuesday, June 17, 2008

SecureAuth Deploys Secure X.509 Authentication in Less Than a Day

MultiFactor SecureAuth uniquely enables enterprises to rapidly deploy non-phishable authentication.

By Garret Grajek, CISSP
COO, MultiFactor Corp.

SecureAuth for Microsoft and Federated Web Authentication is the non-phishable authentication solution that can be deployed in less than a day’s effort.

Enterprises are looking for authentication solutions that actually address the issues of phishing, identity-theft, man-in-the-middle and man-in-the-browser attacks. Unfortunately – solutions such as one-time-passwords and web-picture solutions simply do not address these problems, because the end-user is not authenticating the server. (See Figure #1)

Figure 1 – End Users are vulnerable to attacks where the end server “impersonates” the legitimate target

Security engineers know the solution to this dilemma. What needs to be enacted is a solution that:

  • Authenticates the end-user
  • And... Authenticates the server
The 2nd part of this equation has been the most difficult. A methodology that has been algorithmically proven to solve this “bi-lateral” authentication dilemma – is Public Key Infrastructure. Unfortunately – the infrastructure to deploy a working PKI infrastructure has been beyond daunting. (See Figure 2)

Figure 2 – Standard PKI Infrastructure is far too complicated for a standard enterprise to deploy

The SecureAuth solution is unique, in that it abstracts the complexities of a PKI and PKI registration from both the end user and the deploying enterprise. With SecureAuth an enterprise can deploy the SecureAuth solution into its infrastructure in less than a day. For VPN authentication the integration is simply a matter of integrating the SecureAuth appliance with the enterprise network device. (See MultiFactor SecureAuth for Cisco VPN Authentication.)

For web authentication, enterprises usually desire more customization than a drop in appliance. For this reason, SecureAuth offers SecureAuth for Microsoft Applications and SecureAuth for Federated Applications.

A key value and differentiator for the SecureAuth solution is its ability to be deployed rapidly into the existing infrastrure – in fact, the product is designed to be deployed in less than a days effort.

The product has (4) basic installation steps, all designed for web programmers to work with existing data and applications integration mechanisms.

The (4) steps to a MultiFactor SecureAuth integration are:

1. Install the SecureAuth Web MSI module on an IIS server
2. Connect SecureAuth with your datastore
3. Redirect your application to the SecureAuth URL
4. Link SecureAuth to MultiFactor’s Web Services

1. Install the MultiFactor SecureAuth MSI

This is a trivial step where the enterprise simply clicks through the SecureAuth MSI. The installation executable creates a SecureAuth virtual directory with the necessary account privileges to execute all of SecureAuth’s enterprise side functionalities, including data connector commands, certificate inspection and web service calls.

Estimated Deployment Time:

1-2 hours by Web Admin

Figure 3 – SecureAuth installs with a simple MSI executable

2. Connect SecureAuth with your DataStore

The SecureAuth solution utilizes .NET classes to connect to the existing datastore. SecureAuth can take advantage of the largest set of data connectors in the world: The .NET library of membership and profile classes. (See figure 4).

Estimated Deployment Time:
2-4 hours to Microsoft AD or MS/SQL by ASP.NET data programmer

Figure 4 – SecureAuth utilizes .NET Membership and Profile Classes

3. Redirect the application

The key to the SecureAuth solution is its ability to abstract the authentication process from your application. SecureAuth utilizes native .NET target/redirect authentication methodologies (documented in this Microsoft tech note, titled Forms Authentication Across Applications.)

The key to the solution is to utilize the forms section in target application's web.config to redirect an authenticated user.

SecureAuth is designed to integrate into standard ASP.NET infrastructure, thereby taking advantage of cross-application authentication. SecureAuth can be integrated on the web server that the application resides – or it can be hosted on a separate web server.

Estimated Deployment Time:
1-2 hours by ASP.NET programmer

4. Connect to MultiFactor Web Services

The SecureAuth license includes usage of seamless integration with MultiFactor’s integrated web services, including:

• SMS text messaging service
• Telephony (Speech-to-text) service
• X.509 v3 Certificate service

These services are hosted in MultiFactor Corporation’s high availability, co-located SAS 70 compliant facility. They become a part of the authentication process without requiring additional servers or software. (See figure #6)

Communication between the SecureAuth web component and the web services is established over a secure WSE 3.0 connection. The solution saves the enterprise thousands in maintenance and personnel fees, while providing the functionality needed for the most secure bi-lateral authentication available.

Estimated Deployment Time:

1-2 hours by ASP.NET programmer

Figure 5 – MultiFactor has hosted web services that work seamless with the SecureAuth solution.


MultiFactor SecureAuth offers the only non-phishable, tokenless authentication solution that is able to be deployed in less than a day of work.

Garret Grajek is the COO and a co-founder of MultiFactor Corporation. He is a certified security engineer who has deployed 100s of security solutions while working for RSA, IBM, Cisco and others.

No comments:

Copyright 2008. MultiFactor Corporation. All Rights Reserved.