![Page 1: Authentication for Office 365 Erik Notermans Country Manager Central and Northern Europe](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649ef45503460f94c06b15/html5/thumbnails/1.jpg)
Authentication for Office 365
Erik Notermans
Country Manager Central and Northern Europe
![Page 2: Authentication for Office 365 Erik Notermans Country Manager Central and Northern Europe](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649ef45503460f94c06b15/html5/thumbnails/2.jpg)
Cloud, Desktop and BYOD
“Access from anywhere with anything”
By Erik Notermans
![Page 3: Authentication for Office 365 Erik Notermans Country Manager Central and Northern Europe](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649ef45503460f94c06b15/html5/thumbnails/3.jpg)
![Page 4: Authentication for Office 365 Erik Notermans Country Manager Central and Northern Europe](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649ef45503460f94c06b15/html5/thumbnails/4.jpg)
The Cloud
• Is a very public place• Everyone knows where your front door is
• Everyone knows what your username is
• Email address, just like Facebook!
• Just one password away from access!
• What is your identity worth?
![Page 5: Authentication for Office 365 Erik Notermans Country Manager Central and Northern Europe](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649ef45503460f94c06b15/html5/thumbnails/5.jpg)
It is not Rocket Science
• I know that DuPont use O365• http://www.microsoft.com/en-gb/office365/nowonoffice365.aspx
• I know the format of DuPont’s emails is [email protected]• http://www.email-format.com/d/dupont.com/
• I know that Ellen Kullman is CEO• (source: DuPont.com)
• Just one password away from access ?????
• Cloud means all access is remote access
• The office building is no longer a perimeter
defence
![Page 6: Authentication for Office 365 Erik Notermans Country Manager Central and Northern Europe](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649ef45503460f94c06b15/html5/thumbnails/6.jpg)
Practical problems with password re-use
• Twitter; Feb 2013: 250,000 passwords hacked
• LinkedIn; June 2012: 6.4 million passwords released
• Facebook; January 2012: 50,000 accounts hacked
• Facebook; 600,000 fraudulent login attempts everyday
• Sega; June 2011, 1.29 million account details stolen
• Sony; April 2011, 100 million accounts suffered data theft
Sega explained that it had reset all passwords and urged customers to change their log-on details on other services and websites where they used the same credentials.
(http://www.bbc.co.uk/news/technology-13829690)
![Page 7: Authentication for Office 365 Erik Notermans Country Manager Central and Northern Europe](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649ef45503460f94c06b15/html5/thumbnails/7.jpg)
Practical problems with password re-use
![Page 8: Authentication for Office 365 Erik Notermans Country Manager Central and Northern Europe](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649ef45503460f94c06b15/html5/thumbnails/8.jpg)
Corporate Data Personal Machines
• Facebook in one window, OWA in the other.
• Same password in both?
• Mixed environment
• Is your corporate identity your social identity?
• What other cloud applications are your employees using ?
![Page 9: Authentication for Office 365 Erik Notermans Country Manager Central and Northern Europe](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649ef45503460f94c06b15/html5/thumbnails/9.jpg)
Password Vulnerability
• Passwords are particularly vulnerable because they are static.
• The same for every authentication
• We all have so many… we reuse them
1. 123456
2. 2345
3. 123456789
4. Password
5. Iloveyou
6. Princess
7. Rockyou
8. 1234567
9. 12345678
10. abc123
Rock You 2009
1. link
2. 1234
3. work
4. god
5. job
6. 12345
7. angel
8. the
9. ilove
10. sex
LinkedIn 2012
1. 5!uE2)~8
2. _34:7eW
3. $W2Nc
4. Y:l3}
5. GQNu>5$+wj
6. L*uC}n&"2Ic5V1
7. !-5$Bu0^
8. P1^&5ux(
9. [><c@2I=g
10. dn9f7#x2}/&W.)+VR'&K
Strong Passwords
![Page 10: Authentication for Office 365 Erik Notermans Country Manager Central and Northern Europe](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649ef45503460f94c06b15/html5/thumbnails/10.jpg)
Hacking Tools
![Page 11: Authentication for Office 365 Erik Notermans Country Manager Central and Northern Europe](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649ef45503460f94c06b15/html5/thumbnails/11.jpg)
Cloud, Desktop and BYOD
Best Practice = Strong Authentication
![Page 12: Authentication for Office 365 Erik Notermans Country Manager Central and Northern Europe](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649ef45503460f94c06b15/html5/thumbnails/12.jpg)
How to add additional authentication to Office 365
• Configure your O365 Domain to use ADFS
• Federation is your friend.
• User have to authenticate to YOU not Microsoft
• You retain control of credentials
• You can have your own login page
![Page 13: Authentication for Office 365 Erik Notermans Country Manager Central and Northern Europe](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649ef45503460f94c06b15/html5/thumbnails/13.jpg)
Microsoft Endorsement
“Microsoft Office 365 is live with customers for 2FA integration and only officially support two vendors. RSA and Swivel”
Steve Patrick
![Page 14: Authentication for Office 365 Erik Notermans Country Manager Central and Northern Europe](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649ef45503460f94c06b15/html5/thumbnails/14.jpg)
O365 ADFS
ADFSProxy
ExternalUser
Internet
ActiveDirectory
ADFSServer
InternalUser
Office 365
![Page 15: Authentication for Office 365 Erik Notermans Country Manager Central and Northern Europe](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649ef45503460f94c06b15/html5/thumbnails/15.jpg)
InternalUser
Applications of Swivel: Cloud
ADFSProxy
ExternalUser
InternetSwivelfilter
ActiveDirectory
ADFSServer
Swivel
Office 365
![Page 16: Authentication for Office 365 Erik Notermans Country Manager Central and Northern Europe](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649ef45503460f94c06b15/html5/thumbnails/16.jpg)
Browser-based
• Image authentication: Delivered in browser, every device has a browser.
![Page 17: Authentication for Office 365 Erik Notermans Country Manager Central and Northern Europe](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649ef45503460f94c06b15/html5/thumbnails/17.jpg)
Adding PINsafe
![Page 18: Authentication for Office 365 Erik Notermans Country Manager Central and Northern Europe](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649ef45503460f94c06b15/html5/thumbnails/18.jpg)
PINsafe protocol
5 7 2 4
1 3 6 9
One-Time Code
Security String
PIN stays the same
changes for every authentication attempt
Different every time
Strong Authentication
5 1 7 3 9 2 0 6 4 8
1 2 3 4 5 6 7 8 9 0
![Page 19: Authentication for Office 365 Erik Notermans Country Manager Central and Northern Europe](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649ef45503460f94c06b15/html5/thumbnails/19.jpg)
Device options: Browser
Image and PINsafe:
• PINpad challenge uses a 10 digit security string, and the grid can be displayed in any design• Credential different every time• User uses the mouse to click on their PIN number. Transmitted number is an OTC.• Defence against brute-force and other automated attacks
![Page 20: Authentication for Office 365 Erik Notermans Country Manager Central and Northern Europe](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649ef45503460f94c06b15/html5/thumbnails/20.jpg)
VPN Web Cloud Desktop
Mobile App Web SMS Telephony
Core
User enters the correct response to
authenticate
The core platform sends users a
challenge
The Swivel ApproachAnything anywhere with anything(subject to policies of course)
![Page 21: Authentication for Office 365 Erik Notermans Country Manager Central and Northern Europe](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649ef45503460f94c06b15/html5/thumbnails/21.jpg)
Desktop
Telephony
VPN Web Cloud
Mobile App Web SMS
Core
Adding a Device (factor)
• If the challenge can only be received on one device or the response only sent from one device, we have 2-factor authentication
![Page 22: Authentication for Office 365 Erik Notermans Country Manager Central and Northern Europe](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649ef45503460f94c06b15/html5/thumbnails/22.jpg)
Using Two-Factor
• SMS: Every mobile device can send or receive SMS.
![Page 23: Authentication for Office 365 Erik Notermans Country Manager Central and Northern Europe](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649ef45503460f94c06b15/html5/thumbnails/23.jpg)
Using Two Factor
• Mobile app.: Works on even basic smartphones. Lightweight.
![Page 24: Authentication for Office 365 Erik Notermans Country Manager Central and Northern Europe](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649ef45503460f94c06b15/html5/thumbnails/24.jpg)
Applications of Swivel: VPN
• SSL VPN
• IPSec
• RADIUS
• XML API
• AD Integration
• Swivel Knowledge Base: kb.swivelsecure.com/integrations
![Page 25: Authentication for Office 365 Erik Notermans Country Manager Central and Northern Europe](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649ef45503460f94c06b15/html5/thumbnails/25.jpg)
Applications of Swivel: VPN
![Page 26: Authentication for Office 365 Erik Notermans Country Manager Central and Northern Europe](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649ef45503460f94c06b15/html5/thumbnails/26.jpg)
Applications of Swivel: Web applications
Web:
• Swivel can secure any web site
• Browser agnostic
• Pre-built solutions for IIS and ISA
• OWA, Sharepoint
![Page 27: Authentication for Office 365 Erik Notermans Country Manager Central and Northern Europe](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649ef45503460f94c06b15/html5/thumbnails/27.jpg)
Applications of Swivel: Web applications
SharePoint:
• SharePoint
• Flexible deployment on SharePoint Applications
• Creates ‘Claims Token’
• SharePoint service protected by .NET http filter
![Page 28: Authentication for Office 365 Erik Notermans Country Manager Central and Northern Europe](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649ef45503460f94c06b15/html5/thumbnails/28.jpg)
Swivel Alternative
• A single authentication platform to meet all your needs
• Cloud, On-Premise, VPN, Virtual Desktop
• Strong and Two-factor authentication as appropriate
• Tokenless
• Easy to manage
• Easy to work with changing userbase*
![Page 29: Authentication for Office 365 Erik Notermans Country Manager Central and Northern Europe](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649ef45503460f94c06b15/html5/thumbnails/29.jpg)
Questions?