I set up a resource for the Web server residing behind the iGate appliance--www.test.com, which was locally configured to point to the virtual IP address served by the iGate appliance--and allowed access to only users in the "Even users" group. Once the configuration was complete, I uploaded the configuration to the appliance. Then I had to try it all out.
I started up Internet Explorer and tried to load www.test.com. A dialog instructed me to plug in my key or hit cancel to use a user name/password. On initial use of the key, I was asked to supply a PIN, which is not configured by the ACM. This is the only password that needs to be remembered and is provided to prevent a theft.
|
Vendor Information
NetSwift iGate Web security appliance, $9,995 for starter package with appliance, 50 USB tokens and access control software. Rainbow Technologies, (949) 450-7300, (800) 852-8569; fax (949) 450-7450.
www.rainbow.com |
Once the PIN was configured, I was presented with the requested resource, as expected. What happened in the background was a challenge-response. The token on the key is actually a shared secret, which is used by the client to create a hashed value. The appliance also knows the shared secret and will create a hash based on that secret. The client sends the hashed value to the appliance, and it is compared. If they match, authentication is granted. Because a password is never transmitted, token-based systems are considered more secure than authentication systems that transmit a password, even if the latter uses encryption.
I pulled out the key and the ActiveX control sensing the event and loaded a "logged out" page into my browser. The browser plug-ins will sense both the removal of the key as well as the expiration of a time-out value that is configured on the appliance and will react by logging the user out of the resource and replacing the location with a notification page. This helps you deal with users who habitually leave browser windows open.
I inserted the key for user3 and attempted to access www.test.com again. This time I was denied, as expected. Resources can be configured based on domain, directory or rudimentary pattern matching on the URI.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
