For a demo of 2-Factor LDAP, or for more information on how our AdminMapping™ technology works, please select Contact Us from the menu above, or click here.

 

 

For more information on monitoring the performance of your LDAP infrastructure, see RealTime LDAP

 

 

For the details of the FFIEC's guidelines on using 2-factor authentication by 2007, see Authentication in an Internet Banking Environment

2-Factor LDAP

 

LDAP servers provide the best performance for security authentications and authorizations, along with a hierarchical organization of data, which aligns with corporate structures. With current security threats from both internal and external users, as well as keyloggers and user carelessness, certain data needs to be protected with a stronger authentication mechanism than LDAP servers currently offer (such as static passwords). Elevating the need for greater security even further, federal regulators from the FFIEC have issued new Internet banking standards with which all banks performing transactions over the Internet are expected to comply by 2007. These standards require increasing the authentication security from 1-factor (something you know, like a password) to 2-factor (something you know, plus either something you have, like a token, or something about your physical body, like a fingerprint).

 

2-Factor LDAP provides the increased security seamlessly, easily, and reliably. 2-Factor LDAP bridges the gap between the performance, standards, and data organization in an LDAP server with the security requirements of a 2-factor authentication device such as a token. The user experience remains the same -- the user enters a dynamic password generated from their token instead of entering their static password. 2-Factor LDAP then transparently intercepts the dynamic password and authenticates it against the token's server. It returns the same result codes as your existing LDAP server, and acts exactly as your LDAP server does now, when a user enters a static password. The utilization of 2-Factor LDAP increases your system security without requiring new system builds and therefore saves you a significant amount of time and money.

 

In addition, with our exclusive AdminMapping™ technology, 2-Factor LDAP can also change the username after an authentication is successful. For example, to strengthen administrative security on the LDAP servers, an administrator can log in using his/her user ID and token, and upon successful authentication their user ID will be changed to the Directory Manager (or super-user) ID, allowing them to perform tasks that would normally require higher security credentials. The AdminMapping technology increases employee productivity while maintaining security standards. Contact us for a

2-Factor LDAP demo.

 

Specifications
  • Works with LDAP servers from Sun, iPlanet, and Netscape
  • Supports Safeword and SecureID tokens
  • Exclusive AdminMapping™ technology allows you to lock down the administrator account, as well as create new administrative IDs
  • Conforms to your existing schema -- no additional custom schema required
  • Conforms to your existing directory structure -- no changes required
  • Works on any entry in any branch of your directory
  • Adheres to all existing ACIs
  • Maintains secure connections to your back-end token server
  • Supports easily-configurable connection pooling to the token servers
  • Implements complete debug-level logging for fast troubleshooting
  • Fast! Performs as fast as your token servers can approve authentications -- no additional overhead

 

 

If any of our software doesn't meet your enterprise needs exactly, we will be happy to customize and support a version that better meets your specifications.

 

copyright © 2010 Cubic Consulting, LLC. all rights reserved