A Look at Novell SecureLogin, Now and New
Novell Cool Solutions: Feature
Digg This -
Posted: 4 Nov 2005
What is SecureLogin and Why Do I Want It?
What SecureLogin Does ...
SecureLogin provides a single and secure Identity for an employee or consumer when accessing one or more computer systems, even when those systems have different authentication security requirements and authentication challenges.
End users have too many passwords to remember. It takes too long to authenticate to every system, and helpdesks are overloaded. Users will typically forget passwords, write them down, or use weak passwords. Kiosk environments are especially painful for this. Password related issues account for 70% of helpdesk calls, and helpdesk administrators themselves can pose potential security risks.
Increased Security with SecureLogin
SecureLogin helps increase security by eliminating the following problems:
1. Bad habits
- Writing down passwords is eliminated.
- End users must remember only their main directory credential.
- Strong Authentication can completely eliminate passwords.
2. Sharing of accounts
- End users may not know their password to back-end systems.
- Traceability/Accountability is increased when accounts are not shared.
3. Using weak passwords
- Password Policies can be applied to apps that don't have any.
- Different systems can have different policies.
4. Calling the helpdesk for password reset
The helpdesk doesn't need password reset rights to sensitive apps.
Challenges: Key Ring vs. Synchronization
Synchronization is only as strong as the weakest system. Many apps pass credentials on the wire in the clear, and many apps are easily compromised.
Key rings support different Password Policies. However, there may be political challenges with key rings. Also, it may be difficult or impossible on some systems to change the implementation.
There will also be systems that you don't control. With these systems, you can't easily sync passwords to outside applications, and you can't control what untrusted individuals may do with sync'ed credentials.
Solution: Add Strong Authentication and Provisioning
Strong authentication eliminates the use of passwords altogether. There are no more forgotten passwords, which greatly increases ease of use for end users.
The "plausible deniability" factor is eliminated. Users can't claim that another user or administrator impersonated them to gain system access. Access can be correlated to the secure use of an ATM card, and there is a positive correlation between audit logs and individuals.Provisioning adds another element to the solution. With provisioning, users can't know their password for any system. Passwords are randomly generated and are extremely strong. Users must access applications via SecureLogin/iChain, strengthening security.
Provisioning also eliminates the need for "training" apps. SecureLogin already has the correct password for apps, which increases ease of use for the end user. Deprovisioning can occur more rapidly and securely: once the enterprise authentication is disabled, users can't access anything.
How Can I Easily Deploy SecureLogin?The "Usual Suspects" for SecureLogin are:
- SneakerNet - this is inefficient, inconsistent, unmanageable, and just not cool
- Login Scripts - back in 1990, this was a cool way to go; but it is unscalable, unmanageable, and inconsistent
- Novell ZENWorks - an excellent way to go, but the infrastructure requirements can be daunting
- Other desktop management systems - umm ... you want something that works, right? OK, they can be made to work ... they're just not as cool.
What Else is New?
The Linux Client for SecureLogin is supported on the Novell Linux Desktop. It integrates with GNOME keyring, with KDE Wallet, and with PAM. Support is also included for Terminal Emulation and Tarentella. The Linux Client is compatible with the Windows version.
SecureLogin provides "directory-agnostic" strong authentication. Novell Virtual Directory Services provides Authentication Chaining; CASA/MiCASA provides client-side credential store, with iFolder for Credentials; and NMAS-TNG provides "clientless" integration.
Support for Mobile Devices
SecureLogin for moblie devices provides the following features:
- OTP Keyring
- Selective Credential cache
- Protection of sensitive data
- Secure device management
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com