• No results found

SSO MetaFrame Password Manager

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "SSO MetaFrame Password Manager"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)
(2)

What is Citrix MetaFrame Password Manager?

The MetaFrame Password Manager is a component of the MetaFrame Access Suite from Citrix Systems. It provides single sign-on (SSO) access to Windows, Web, proprietary and host-based applications running in the MetaFrame Access Suite environment, or locally on the desktop.

Single Sign-on (SSO) allows enterprise network users to access all authorized password protected applications seamlessly, on the basis of a single authentication that is performed when they initially access the workstation. After the user is authenticated the SSO system manages the password login and password changes for the user invisibly.

What can this Product do?

Organizations will see the following benefits from deploying this product:

Increased Security

Password memorization has become too much for the average user, specifically:

• The number of systems now requiring a login.

• The frequency that the password needs to change.

• The complexity of the password accepted has become higher.

This has led users to circumvent the integrity of business systems by adopting insecure password habits, such as:

• Writing down passwords and keeping a permanent record. Post-it notes on the back of the keyboard, or unencrypted password lists on their workstation.

• Using the same user-id and password for multiple systems.

• Using easy to guess passwords.

• Using easy to break passwords.

The MetaFrame Password Manager increases security by automating the password management process. A user is only required to authenticate once when they login, the SSO System manages all passwords from that point onwards. Specifically:

• When a user enters an application. SSO logs them in automatically.

• When it comes time to change a password, SSO changes it for them and chooses a strong password.

• If your policies are set correctly, users will never know passwords to systems. This is important because they will never be tempted to write them down.

The MetaFrame Password Manager will do this for the following applications:

(3)

• Windows 32 bit applications.

• Web based applications.

• Host-based applications (mainframe based apps running from a terminal emulator).

The product will work for applications running locally on your desktop or if the application resides on a MetaFrame Presentation Server.

Increased Productivity

All of the IT research groups agree on one thing, traditional password management via our less than perfect memory reduces user productivity. Once a user fails to access a system they cannot fulfill their task, then they have to consume the time of internal administrators to regain access to that system. During this downtime the organization accrues not only the lost productivity but also the lost opportunity of that user.

Reduced Cost

Cost reductions from increased user productivity are more easily identified and quantified. The true saving of increased security is harder to evaluate. Companies can only count the cost of known security breaches. The unknown breaches represent a much more troubling and unquantifiable part of the equation.

Internal Security

One of the most frequent questions that our engineers are asked is, “How good is the internal security of the passwords contained within Password Manager?”. It’s a very good question, when you relinquish control of all your passwords to an SSO system it’s critically important that the product itself does not expose the passwords.

MetaFrame Password Manager is highly secure within itself. Passwords and sensitive information are ALWAYS encrypted this includes:

• When the data is stored on disk.

• When the data is in transit over a network.

• When the data is in the memory of the application.

A 3DES cryptosystem is employed to keep the data safe. 3DES uses a 168bit key length to ensure excellent security based on the computing power currently available to decrypt it.

When the Password Manager logs you into an application the password is decrypted at that instant. The password is still not exposed to the user interface of the operating system, where possible, the password is delivered using API calls within the operating system. This makes it very hard to intercept a password as it is sent to an application.

(4)

Fault Tolerance

Fault tolerance, the ability for a system to sustain “faults” yet not be down for an organization, is another critical area for an SSO system. SSO cannot “go down” for its users; here is how MetaFrame Password Manager protects itself from catastrophic failure.

The agent that runs for each user using SSO has a local copy of the data it needs to continue functioning. This means that each agent is a standalone entity should any server component be offline or unavailable. This is highly important to mobile users using laptops.

The local agent will synchronizes any updates it requires when it is next on the network and can contact server resources.

(5)

Best Practices

It is a good idea to consider combining an SSO System deployment with a two-factor authentication or biometric authentication device. The SSO System relies on the integrity of the login to the system. It is a good idea to harden this entry point with additional checks on the user.

Make sure that policies are set to lock the desktop shortly after no activity is recorded from the workstation. It is also important to train your users to lock their workstations as they leave them.

Make sure workstations are protected from viruses and spy-ware. Either of these entities can compromise the hard fought security that you have gained for your systems.

Make sure that any security system or procedure employed by your organization is underpinned by a sensible, yet thorough, computing security policy. This policy should be enforced by HR.

Last, but not least, ask you iTCO Representative to join you and chat about Single Sign-on, and security in general. Our engineers have vast experience in these areas and we would enjoy discussing your issues and opportunities.

iTCO Solutions Corporation P.O. Box 610090

Redwood City, CA 94061 United States

http://www.itcosolutions.com/

Enterprise Sales Team Contact Ryan Edwards National Accounts Manger Tel: 650-367-0514

References

Download now ( PDF - 5 Page - 123.18 KB )

Related documents

Preparing Public Service Professionals for a Diverse and Changing Workforce and Citizenry: Evaluating the Progress of NASPAA Programs in Competency Assessment

This paper examines the self-reported progress of public service degree programs in NASPAA for defining, measuring, and assessing student learning outcomes as they relate to

101660055 Vietnamese Home Cooking by Charles Phan Recipes and Excerpt

xxvi Preface xxviii Introduction Soup 5 Pork Stock 6 Chicken Stock 7 Beef Stock.. 8 Pho Gá: Chicken

National Competition Rules

The major Non Points racing program is the Entry Level which the regulations and criteria are uniform across Canada with their own set of rules and criteria for children ages

Antibacterial Activity Test of Ethanol Extract of White and Red Flesh From Guava Leaf ( Psidium Guajava. L) Againts Staphylococcus Aureus and Escherichia Coli

Berdasarkan hasil pengamatan ekstrak etanol daun jambu biji berdaging buah warna putih dan merah rata-rata memiliki diameter hambat yang lebih besar terhadap

Authentication. Authentication in FortiOS. Single Sign-On (SSO)

Windows AD Server FortiAuthenticator Server LDAP, RADIUS, or TACACS+ Server Local Users FortiGate Local User Database Mobile Mobile User Group User Group Home

The Essentials Series: Enterprise Identity and Access Management. Authentication. sponsored by. by Richard Siddaway

This enables the user to access all data and applications via a single identity and authentication event. SSO can be accomplished by performing password synchronization

IBM Security Access Manager for Enterprise Single Sign-On Version 8.2 with IMS Server Interim Fix 4 and AccessAgent Fix Pack 22 Security Target

In GINA mode, a user logs on to the IBM Security Access Manager for Enterprise Single Sign-On (ISAM E-SSO) GINA using his ISAM E-SSO username and password, whereupon the

Password Power 8 Plug-In for Lotus Domino Single Sign-On via Kerberos

The Password Power 8 Plug-In for Lotus Domino Single Sign-On (SSO) via Ker- beros allows end-users connecting to Domino to achieve SSO to all Domino HTTP servers using the