AuthenticationWorld.com
The business of authentication
- Authentication Categories
- Password Authentication
- Single Sign On Authentication
- Access Control Authentication
- Access Control Business Case
- Role Based Access Control
- Access Control Cards
- Access Control Software Systems
- Network Access Control
- Authentication - Enterprise Security
- Authentication Strength
- Authentication Transaction
- Authentication Management
- User Authentication
- Authentication Federation
- Authentication-Biometric
- PKI Authentication
- Token Authentication
- Wireless Authentication
- Document Authentication
- Authentication -Outsourcing
Access Control Software Systems
Modern enterprises want to integrate the existing access control and system silos in order to:
Eliminate security holes caused by poor access control de-provisioning systems i.e. an employee leaves but still has access to a site, facility, building, room, network, applications and enterprise assets
- Reduce time and costs in access control provisioning a new worker i.e. same day access control provisioning for site, building and room access, network and application access and enterprise assets
- Improve regulatory reporting - i.e. automatically produce tailored access control reports to regulators and enterprise security auditors to demonstrate compliance for Sarbanes-Oxley, HIPPA, Homeland Security, Occupational and Health regulations, European Safe Harbor, etc.
- Strengthen existing enterprise security - provide a layered access control security strategy requiring stronger forms of access control to higher risk facilities, sites, buildings, rooms, networks and applications
- Provide an user life-cycle audit - Determine historically the access control actions and movements of workers in an enterprise
The building blocks of access control software and systems to meet the above needs are:
Enterprise Directory (or directories)
This may use something called a virtual directory to create a directory with ties to databases and other directories where user identity information is contained
Access Control Provisioning Software
This software picks up user changes from the authoritative user identity sources via the enterprise Lightweight Direcotry Access Protocol (LDAP) and then provides the access control approval workflow and account creation in the applications. For example, the provisioning software would be told by the LDAP directory that a new hire has been created. It might automatically create a email account and also create a security access badge in the access control card server. It may also request management approval for a new account in the financial application, then when it receives it create the identity in the financial application automatically.
Access Control Card Software and Hardware
The access control hardware used to read the card needs to be able to communicate with a access control card saftware server. This server needs to be able to interact with the enterprise LDAP directory and/or be able to be integrated with the access control provisioning software. The access control card server software needs to be able to be told from a central enterprise identity control point to create an identity account, the type of card to be produced and when to terminate access.
Single Sign On Software
Once the identity has been created, the single sign on software can authenticate, authorize and audit all user access control interactions with the enterprise network and applications. It can use a layered identity authentication approach for network and application access based on risk. Therefore, it may allow a id and password to be used to gain general access to the enterprise portal but require re-authentication using a smart card for a higher risk application.
A wide variety of vendors supply the above access control software, systems and hardware. For medium to large enterprises, it is advisable to purchase an identity management suite of software to do the directories, provisioning and single sign on. Vendors include Oracle, Sun, Computer Associates, HP, IBM, Novell, Entrust and RSA amongst others.
Recommended Access Control Card Vendors
HID and Checkpoint.
Network Access Control
Password Authentication Single Sign On Authentication Access Control Authentication Authentication-Enterprise Security Authentication Strength Authentication Transaction
Authentication Management User Authentication Authentication Federation Biometric Authentication PKI Authentication Token Authentication Wireless Authentication Document Authentication Authentication - Outsourcing
