authshield- intigration with mail-microsoft exchange

33
AuthShield Security for Mails Private and Confidential

Upload: authshield

Post on 29-Dec-2015

35 views

Category:

Documents


0 download

DESCRIPTION

AuthShield for ActiveSync is a user friendly multi-factor authentication solution for mobile users. ActiveSync allows users to synchronize their inbox, subfolders, calendar, contacts etc. with their mobile device like smart phones and tablets. - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: Authshield- Intigration with mail-Microsoft Exchange

Private and Confidential

AuthShield Security for Mails

Page 2: Authshield- Intigration with mail-Microsoft Exchange

Private and Confidential2

“If you were a hacker trying to hack into an organization – what will be your attack methodology?

Attack the perimeter (IP Range), scan it for vulnerabilities, try and find a way behind the firewall, IPS, IDS and then find a vulnerability in the router to sniff traffic. (P.S – CISCO spends up to $ 50 Mn every year to scan their routers for vulnerabilities). You will also have to hide your traces during this entire exercise to prevent from getting caught

Go on Social media. Identify employees working in the organization. Chat up with them, and carry out a phishing scam to get access to their credentials. Use the same credentials to log into the critical IT assets of the organization”

Page 3: Authshield- Intigration with mail-Microsoft Exchange

Private and Confidential3

Vulnerabilities in E-mails

Page 4: Authshield- Intigration with mail-Microsoft Exchange

Private and Confidential4

Most vulnerable Point of Attack

Credential

Access Granted

Server

Page 5: Authshield- Intigration with mail-Microsoft Exchange

Private and Confidential5

Mails – Warehouse of Information on the Go!

E-mails are an integral part of our communication mechanisms

Can be accessed anywhere in the world on almost every device

Considered as written proof of communication in many countries

Can be used to steal information or to impersonate senior members of an organization

As per Internet Crime Complaint Center (IC3) in the past fourteen months there have 1200 US and over 900 non US victims where business mails have been compromised

Page 6: Authshield- Intigration with mail-Microsoft Exchange

Private and Confidential6

Microsoft Exchange

• Microsoft Exchange had an installed base of 470 million in 2014

• Microsoft Exchange uses a propriety RPC protocol, MAPI / RPC that was designed to be used by Microsoft Outlook

• Emails hosted on exchange can also be accessed using SMTP, POP3 and IMAP4 protocols

• Many Android, iOS and Windows Mobile phones now support Exchange ActiveSync Push Email

Page 7: Authshield- Intigration with mail-Microsoft Exchange

Private and Confidential7

Why AuthShield 2FA

• Most Cyber attacks are Phishing related scams and effective in majority of cases

• A non aware user is the weakest link in the Cyber Security Chain

• Every organization needs to protect their mails as they are one of the most critical assets of an organization

Page 8: Authshield- Intigration with mail-Microsoft Exchange

Private and Confidential8

Tackling Identity Theft

Only Protection against User Level Attacks

• Identify the user based on – – Something he knows (User Name / Password)– Something in the user’s possession – Something the user is

Page 9: Authshield- Intigration with mail-Microsoft Exchange

Private and Confidential9

Username, Password + Second Factor of Authentication

Access Granted Server

Username + Password

ACCESS DENIED

Hacker may have access to the Password but he cannot have access to the “Second Factor of Authentication”

Page 10: Authshield- Intigration with mail-Microsoft Exchange

Private and Confidential10

How is AuthShield different??

AuthShield Patented Protocol Decoding Engine ensures that Authentication Security is

implemented at a Protocol level rather than Application layer

Authentication Security has been limited to applications which provide inherent support

for 2FA

Page 11: Authshield- Intigration with mail-Microsoft Exchange

Private and Confidential11

Architecture

Page 12: Authshield- Intigration with mail-Microsoft Exchange

Private and Confidential12

Solution Components

Page 13: Authshield- Intigration with mail-Microsoft Exchange

Private and Confidential13

AuthShield Tokens for OWA

Hard TokenAndroid / iOS / Windows /BB Linux / Mac / Windows

Page 14: Authshield- Intigration with mail-Microsoft Exchange

Private and Confidential14

Hard Token

• Security device (Hard Token) given to authorized users

• The token generates a new password after every 90 seconds

• Each token is unique to the user and synchronized with the server based on time

• The password is based on a pre defined unbreakable randomized algorithm.

Hard Token

Page 15: Authshield- Intigration with mail-Microsoft Exchange

Private and Confidential15

Mobile Token for Smart Phones

• Application installed on smart Phones

• User identity is mapped to his smartphone

• User has to enter PIN to generate the One Time Password

• Available for all smart phones

Android / iOS / Windows /BB

Page 16: Authshield- Intigration with mail-Microsoft Exchange

Private and Confidential16

Soft Token for Desktops

• Application installed on Desktop

• User identity is mapped to his desktop

• User has to enter PIN to generate the token

• Available for all OSLinux / Mac / Windows

Page 17: Authshield- Intigration with mail-Microsoft Exchange

Private and Confidential17

AuthShield Tokens for OWA / ActiveSync / Outlook Anywhere

One Touch Authentication for Windows / Linux / Mac Systems OS

One Touch Authentication for Android / iOS / Windows Phones

Page 18: Authshield- Intigration with mail-Microsoft Exchange

Private and Confidential18

Mobile One Touch Authentication

• Maps users identity to his registered mobile phones

• Anytime a user wishes to login, a ‘PUSH’ notification is sent with details on – – IP– Location– TimeStamp

• User has to ‘Approve’ the request to login

Page 19: Authshield- Intigration with mail-Microsoft Exchange

Private and Confidential19

System One Touch Authentication

• Maps users identity to his registered Desktop / Laptop

• Anytime a user wishes to login, a ‘PUSH’ notification is sent with details on – – IP– Location– TimeStamp

• User has to ‘Approve’ the request to login

Page 20: Authshield- Intigration with mail-Microsoft Exchange

Private and Confidential20

• AuthShield Protocol Decoding Engine receives Authentication request from User

• Server validates the User name and Password from AD / LDAP

• Request is forwarded to the Authentication Server for the second factor authentication check

AuthShield Integration with Microsoft Exchange

Page 21: Authshield- Intigration with mail-Microsoft Exchange

Private and Confidential21

Page 22: Authshield- Intigration with mail-Microsoft Exchange

Private and Confidential22

User Name and Password are validated from AD

On correct validation, request is forwarded to the Authentication Server

Users device is mapped against his registered devices

In case users device is different from his registered device, an Authentication Notification sent to the registered device(s) of the user

User has to approve the Authentication request for the mails to be downloaded on his non-registered device

Process Flow

Page 23: Authshield- Intigration with mail-Microsoft Exchange

Private and Confidential23

Process Flow

Page 24: Authshield- Intigration with mail-Microsoft Exchange

Private and Confidential24

About Us

About the CompanyResearch Oriented Information Security

Organization

All technologies are indigenous - Evaluated and approved by multiple Government Agencies

Empanelled with DRDO

More than six years of experience in Cyber Security

Served key clients in Private and Public sector

Page 25: Authshield- Intigration with mail-Microsoft Exchange

Private and Confidential25

Contd.

Features Patents on 2FA with Protocol level decoding

Direct integration of 2FA with – SAP / ERP Mail servers – Microsoft Exchange,

OCMS, IBM Lotus Nodes, Zimbra etc VPN Database Queries Web Applications etc

Customized products focused on technology immersion in clients

Page 26: Authshield- Intigration with mail-Microsoft Exchange

Private and Confidential26

Contd.

Page 27: Authshield- Intigration with mail-Microsoft Exchange

Private and Confidential27

In the Press

“Rated 9/10 by PC Quest

Magazine”

“DRDO Implements AuthShield Authentication Security”

“AuthShield launches Zero cost Biometrics”

“Mindteck has

appointed AuthShield for

MFA”

Page 28: Authshield- Intigration with mail-Microsoft Exchange

Private and Confidential28

Our Success Stories!!!

Empanelled with DRDO for Multi-factor Authentication

Only Indian Company to have developed an indigenous Multi-factor Authentication at Protocol Level.

Only Indian Company to have developed and deployed an independent Internet Monitoring System across an entire region.

Multiple Patent Pending Technologies including Cyber Café Surveillance, Tactical Internet Monitoring System and Multifactor Authentication.

Page 29: Authshield- Intigration with mail-Microsoft Exchange

Private and Confidential29

AuthShield Integrations

Page 30: Authshield- Intigration with mail-Microsoft Exchange

Private and Confidential30

Support

• 24 * 7 Support center

• Dedicated Helpline and Ticketing portal with monthly reports (on support as well as application performance) submitted to client

• SLA with inbuilt penalty clauses - Timeframes

defined for critical, priority and non-critical support

• Optional - Dedicated Team deployed for client (for Priority support)

Page 31: Authshield- Intigration with mail-Microsoft Exchange

Private and Confidential31

Some of our Government Clients

Delhi Police

Ministry of Home Affairs Indian Army

Ministry of Defense

National Investigation AgencyAP Police

UP Police

National Technical Research Organization

Chandigarh Police

JK Police

Page 32: Authshield- Intigration with mail-Microsoft Exchange

Private and Confidential32

Some of our other clients

Page 33: Authshield- Intigration with mail-Microsoft Exchange

Private and Confidential33

Contact Us

@ authshield2FA

+91-11-47065866/ 45272272

[email protected]

www.auth-shield.com / www.innefu.com

876, 8th Floor, Aggarwal Cyber Plaza II,Netaji Subhash Place, New Delhi, India

GET IN TOUCH WITH US. WE’D BE HAPPY TO HELP