Intellect Armor

COPYRIGHT NOTICE Copyright 2011 Polaris Software Lab Limited All rights reserved. These materials are confidential and proprietary to Polaris and no part of these materials should be reproduced, published in any form by any means, electronic or mechanical including photocopy or any information storage or retrieval system nor should the materials be disclosed to third parties without the express written authorization of Polaris Software Lab Limited.

Index Slide
Contents
Facts Armor Solution Armor Architecture Armor Features

2 Copyright Polaris Software Lab Limited, 2011

Facts

The average employee accesses 5 to 30 password-protected applications as a part of his/her job spends as much as 44 hours per year performing multiple login tasks to access 4 applications More than 25% of Helpdesk costs are password related (Gartner) Businesses spend an average of $200 per user each year on password management (Forrester)

3 Copyright Polaris Software Lab Limited, 2011

Armor Solution
ARMOR is an integrated suite of Security Services to provide end-to-end security with minimal effort and low costs. ARMOR provides an enterprise-wide system for User Authentication and Profiling, enables centralized administration and ease of implementing corporate security policies.

Enterprise-wide SSO Web/J2EE applications Thick client applications Host based applications Third party tools Multiple Authentication Mechanisms Static Password Dynamic Password Challenge Response Multi-level Access control Application access Menu control Functional Access Single Point Administration Comprehensive suite to define and manage Entities Audit Logs, Security Reports Multi-lingual support (UTF-8)

4 Copyright Polaris Software Lab Limited, 2011

ARMOR Architecture

5 Copyright Polaris Software Lab Limited, 2011

Single Sign On

Browser based Thin-Client shell

Available for Any technology - Windows, Unix, Linux Any architecture - Three-tier, Two-tier, Browser-based, Host-based Any application - Developed in-house

Applications may be of the type Web based or Desktop

6 Copyright Polaris Software Lab Limited, 2011

Multiple Authentication Mechanisms

Verification of the identity of a user, typically by User IDs and passwords Armor Supports Strong Authentication mechanisms Configurable Static Passwords Dynamic Password Tokens Challenge-Response Password Tokens Works with third party authentication providers, such as Siteminder, RSA, MS-AD (LDAP), Safeword, Blackshield, VASCO, WebSeal

7 Copyright Polaris Software Lab Limited, 2011

Password Policies
Security Policy ensures security standards:

Allows user initiated password change Forced Password Change once every 45 (configurable) days ID is disabled after 6 (configurable) consecutive unsuccessful attempts ID is disabled if not in use for 60 (configurable) days ID is closed if not in use for 90 (configurable) days

8 Copyright Polaris Software Lab Limited, 2011

Password Policies
Password Policy restrictions can be set & defines corporate standards:

Allowed length is configurable (min 6, max 16) Should be alphanumeric Checked against negative list of common passwords (Configurable) 2 consecutive characters cannot be same Reuse restriction on previous n passwords (configurable, default 6) Cannot be changed twice within a (configurable) 24 hr period

9 Copyright Polaris Software Lab Limited, 2011

Two Factor Authentication

Intellect Armor currently interfaces with SafeWord, Vasco and RSA to support Two factor Authentication

Dynamic Passwords & Challenge Response Something you Have i.e. Hand Held Hardware device Something you Know i.e. Corresponding PIN number, Challenge One-time use passwords, generated every time the user wants to log in

10 Copyright Polaris Software Lab Limited, 2007 2011

Multilevel Access Control

Defines what a User can do in an application

Application Access Control

Web Based, launched using a web browser Thick Client Based, launched using signed applet Menu Control Function Access

Access Control Within Application

11 Copyright Polaris Software Lab Limited, 2011

Single Point Administration

Browser based single-point administration Audit Reports and Sensitive Event Logging Passwords for the registries used by the application like

Relational databases (Oracle) Unix hosts Application Server console

12 Copyright Polaris Software Lab Limited, 2011

Armor Components

Armor Backend Comprises of Java Services and the Oracle Repository which holds access privileges and information of an application hosted on Armor. This component handles all administration requests generated from the web front end.

Armor Frontend This is a web application that allows performing all administrative tasks like creating users, assigning entitlements generating and viewing reports.

Armor Toolkit

This is a plug-in adapter component containing APIs that enables Java applications to communicate with the ARMOR for Authentication and Authorization.
13 Copyright Polaris Software Lab Limited, 2011

Ready to Use Security APIs

Complete set of readily available Java & COM Security APIs for Developers

Features include Security Authentication User Authorization User Info Services Password Management Services SSO Services

14 Copyright Polaris Software Lab Limited, 2011

Armor Features

Access Control List - Offers IP Address based restriction for users to strengthen Armor Native Authentication Forgot Password/Security Question Facilitates user driven Reset password feature (without the Admin user's intervention) whenever user forgets his/her own password Password Rules - Password Rules are now configurable as per Customer's requirement through Regular Expressions Default Password - Default password can now be set (combination of first 4 letters of User ID and Date of Birth (ddmmyyyy)) for a user at the time of user creation automatically

Copyright Polaris Software Lab Limited, 2011

Armor Features

Zero Configuration (Native Authentication) - Armor binaries will be provided with default configurations and intelligent modules to read environment specific configurations required and auto configure themselves for deployment Securing Users Login Credentials - For every authentication request raised from the client end, identified sensitive information (password) shall go through a cryptographic routine to form an indecipherable string before being communicated through network layer CSRF token implementation - Prevents Cross Site Request Forgery Attacks

Copyright Polaris Software Lab Limited, 2011

Armor Features

Password communication via Email - With the email flag enabled in Armor any new user addition or password reset results in sending a random password to the mentioned email id of the user during the addition Idle/Forced Session Timeout - Automatic Idle/Forced Session timeout would now be centrally managed through configuration for all the applications launched through Armor Set Default field values for User Creation Excel upload utility for Entity Maintenance

Copyright Polaris Software Lab Limited, 2011

Thank You