Q1.

Why did Novell create NMAS?

A1.

NMAS represents another step in Novell's strategy to deliver security solutions. Today many businesses have a mixture of authentication methods and no way to manage them or to use a combination of those methods.

In addition, many NDS-installed organizations have determined that password authentication is insufficient for their security needs. Such organizations have decided to expand their network authentication from requiring the network user to authenticate via "something you know" (for example, a password) to "something you have" (for example, a smart card), or "something that you are" (for example, a fingerprint).

Novell recognizes the value that these different forms of network authentication provide and has developed an extensible framework to support and manage different and multiple authentication methods in NDS.

Q2.

Who needs this kind of solution?

A2.

NMAS is a dual product offering answering the needs of many customers.

NMAS Starter Pack is a free Web download at www.novell.com/products/nmas that allows for any provided single form of user login method. This means that NDS users can now authenticate using either a smart card, physical token, biometric, X.509 certificate, or a simple or NDS password.

NMAS Starter Pack is targeted towards organizations looking to implement different single-method NDS authentication policies. Undoubtedly, many of these initial customers will be existing customers whose authentication methods Novell is making available on the Web download.

NMAS Enterprise Edition is a for-charge product (available in April, 2000) that allows for multi-factor authentication as well as "Graded Authentication." Multi-factor authentication is the ability to chain authentication methods in a login sequence. Graded Authentication is the ability to grant network access based on authentication methods used.

NMAS Enterprise Edition is built for organizations with security needs that require multi-factor and Graded Authentication. While this can be virtually any large enterprise, the greatest need will come from health services, financial services, government agencies, pharmaceuticals, and utilities.

Q3.

How will NMAS help the CIO?

A3.

First, NMAS simplifies management of the authentication process, lowering costs of administration on the CIO's IT staff. Second, NMAS offers the management framework to increase security throughout the organization by offering IT the ability to write access policies that offer greater access protection to various volumes and partitions within the NDS. No dollar amount can be placed on undesired access to highly sensitive information.

Q4.

How will NMAS help the network administrator?

A4.

NMAS is flexible in allowing administrators to set the access policies for accessing NDS partitions and volumes, and then establishing who can access those areas through authentication.

With Graded Authentication, network administrators will feel confident in knowing that secure information in an NDS partition or volume requiring a certain login sequence, cannot be accidentally or purposefully moved or copied to any area that is not as equally secure.

Q5.

How will NMAS help the user?

A5.

More than anything, network users want to easily authenticate to NDS and get to their work. The Novell and third party authentication methods included in NMAS provide easy to follow user prompts that let the user authenticate to NDS quickly and securely.

Q6.

Why is network authentication management so important in an enterprise security program?

A6.

Authentication is the demonstration of credentials that indicate the user is who he or she claims to be. As the practical repository for enterprise data, network services must be able to adequately maintain the security of network data by limiting access to authorized users. These users validate their identities through authentication prompts and, provided the authentication credential is provided, are granted access.

NMAS supports a variety of strong authentication methods (smart card, physical token, biometric, X.509 certificate authentication) from many of today's leading network authentication developers.

Q7.

What are the primary security problems associated with passwords alone?

A7.

In many cases, it's unwise user tendencies that make password authentication vulnerable. For example, many users set up passwords that are easy to guess. Some users have their passwords noted in plain view of others on a sticky note on their monitor. For these reasons, and others, many organizations have decided to adopt strong authentication methods such as smart cards, physical tokens, biometrics, and PKI systems using X.509 certificates.

Q8.

What are tokens?

A8.

A token is a hand-held hardware device that generates a one-time password to authenticate its owner. Token authentication systems are based on various schemes.

NMAS includes a challenge-response token authentication from VASCO, and a time-synchronous token authentication method from RSA Security.

Q9.

What are biometrics?

A9.

Biometric authentication involves providing a unique physical characteristic that distinguishes one user from another. These characteristics might be a fingerprint, voice, handwriting, facial features, eye or retina scan, etc. Biometric characteristics are measured using sensors that produce data values that can then be processed by a computer using specialized algorithms for analysis and comparison against a known data value sample.

NMAS includes fingerprint authentication methods from Identicator and SAFLINK. SAFLINK also provides biometric authentication methods using voice and facial recognition technologies.

Q10.

Are strong authentication technologies expensive to implement and maintain?

A10.

As more and more organizations have begun adopting strong authentication methods, the deployment costs have dropped significantly. With smart card, physical token, and biometric authentication options now at affordable prices, many organizations are considering these methods as strong authentication alternatives.

NMAS supports a variety of industry-leading authentication methods for smart cards, physical tokens, and biometrics.

Q11.

Why would I be interested in chaining methods together?

A11.

NMAS Enterprise Edition allows for administrators to create login sequences that prompt for single, or a series of multiple (multi-factor) authentication prompts. By creating multi-factor login sequences that, for example, require the user to provide something he knows (such as a password), with something he has (such as a smart card), along with something he is (for example a fingerprint), the administrator has greater confidence that the user is who he or she claims to be.

As a security measure, certain industries are beginning to require multi-factor authentication policies for network users. These industries include health care, financial services, pharmaceuticals, as well as government departments.

The NMAS Enterprise Edition framework allows for Novell- and partner-developed authentication methods to work together easily and securely.

Q12.

Which authentication technology is best?

A12.

This is debatable among the different authentication developers and Novell makes no claims as to the superiority of one authentication method over another. Novell and it NMAS partners all agree that multi-factor authentication is normally more secure than single-factor authentication.

The NMAS Enterprise Edition framework allows network administrators to easily build multi-factor login sequences using a variety of Novell- and partner-developed authentication methods.

Q13.

Is Novell pursuing partnerships with any other authentication developers?

A13.

The value of NMAS comes from strong partnerships with some of the world's leading authentication developers. Novell continues to pursue partnerships and is currently working with nearly 30 partners in developing NMAS authentication methods.

Q14.

Does NMAS work with SSO? With BorderManager?

A14.

NMAS and Single Sign-on (SSO) provide different network security solutions to different security problems. NMAS provides security at the network authentication level, while SSO provides security at the application level.

Nevertheless, NMAS and SSO are designed to work together. For example, If a user has the connector for the Novell Client for Windows NT (http://www.novell.com/products/sso/applications.html), he can authenticate to NDS through NMAS, then, with the NT Client password stored in SecretStore, have the client launched automatically.

While BorderManager and NMAS work together well in the same network environment, there is no formal integration work between the two products with this release.

Q15.

Does NMAS replace BorderManager Authentication Service (BMAS)?

A15.

The NMAS roadmap includes plans to integrate the RADIUS authentication offering in BMAS in a future NMAS release.

Q16.

How much does it cost? When will it be available?

A16.

NMAS Starter Pack is a free Web download available January 18, 2000. NMAS Enterprise Edition will be available in April, 2000 and will be priced at $49 per user.

Q1.

A1.

Q2.

A2.

Q3.

A3.

Q4.

A4.

Q5.

A5.

Q6.

A6.

Q7.

A7.

Q8.

A8.

Q9.

A9.

Q10.

A10.

Q11.

A11.

Q12.

A12.

Q13.

A13.

Q14.

A14.