Novell Home

A Look at Novell SecureLogin, Now and New

Novell Cool Solutions: Feature

Digg This - Slashdot This

Posted: 4 Nov 2005
 

What is SecureLogin and Why Do I Want It?

What SecureLogin Does ...

SecureLogin provides a single and secure Identity for an employee or consumer when accessing one or more computer systems, even when those systems have different authentication security requirements and authentication challenges.

Value Propositions

End users have too many passwords to remember. It takes too long to authenticate to every system, and helpdesks are overloaded. Users will typically forget passwords, write them down, or use weak passwords. Kiosk environments are especially painful for this. Password related issues account for 70% of helpdesk calls, and helpdesk administrators themselves can pose potential security risks.

Increased Security with SecureLogin

SecureLogin helps increase security by eliminating the following problems:

1. Bad habits

  • Writing down passwords is eliminated.
  • End users must remember only their main directory credential.
  • Strong Authentication can completely eliminate passwords.

2. Sharing of accounts

  • End users may not know their password to back-end systems.
  • Traceability/Accountability is increased when accounts are not shared.

3. Using weak passwords

  • Password Policies can be applied to apps that don't have any.
  • Different systems can have different policies.

4. Calling the helpdesk for password reset

The helpdesk doesn't need password reset rights to sensitive apps.

Challenges: Key Ring vs. Synchronization

Synchronization is only as strong as the weakest system. Many apps pass credentials on the wire in the clear, and many apps are easily compromised.

Key rings support different Password Policies. However, there may be political challenges with key rings. Also, it may be difficult or impossible on some systems to change the implementation.

There will also be systems that you don't control. With these systems, you can't easily sync passwords to outside applications, and you can't control what untrusted individuals may do with sync'ed credentials.

Solution: Add Strong Authentication and Provisioning

Strong authentication eliminates the use of passwords altogether. There are no more forgotten passwords, which greatly increases ease of use for end users.

The "plausible deniability" factor is eliminated. Users can't claim that another user or administrator impersonated them to gain system access. Access can be correlated to the secure use of an ATM card, and there is a positive correlation between audit logs and individuals.

Provisioning adds another element to the solution. With provisioning, users can't know their password for any system. Passwords are randomly generated and are extremely strong. Users must access applications via SecureLogin/iChain, strengthening security.

Provisioning also eliminates the need for "training" apps. SecureLogin already has the correct password for apps, which increases ease of use for the end user. Deprovisioning can occur more rapidly and securely: once the enterprise authentication is disabled, users can't access anything.

How Can I Easily Deploy SecureLogin?

The "Usual Suspects" for SecureLogin are:
  • SneakerNet - this is inefficient, inconsistent, unmanageable, and just not cool
  • Login Scripts - back in 1990, this was a cool way to go; but it is unscalable, unmanageable, and inconsistent
  • Novell ZENWorks - an excellent way to go, but the infrastructure requirements can be daunting
  • Other desktop management systems - umm ... you want something that works, right? OK, they can be made to work ... they're just not as cool.
Introducing WebEspresso, a web-based delivery of SecureLogin. It runs on SUSE Linux Enterprise Server and Novell eDirectory/NVDS. With WebEspresso, no reboot is required, and no admin access is required. It provides directory infrastructure for those without one, and it integrates with enterprise directories.

What Else is New?

Linux Client

The Linux Client for SecureLogin is supported on the Novell Linux Desktop. It integrates with GNOME keyring, with KDE Wallet, and with PAM. Support is also included for Terminal Emulation and Tarentella. The Linux Client is compatible with the Windows version.

Strong Authentication

SecureLogin provides "directory-agnostic" strong authentication. Novell Virtual Directory Services provides Authentication Chaining; CASA/MiCASA provides client-side credential store, with iFolder for Credentials; and NMAS-TNG provides "clientless" integration.

Support for Mobile Devices

SecureLogin for moblie devices provides the following features:

  • OTP Keyring
  • Selective Credential cache
  • Protection of sensitive data
  • Secure device management


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell