Austria Card: secure authentication for a security specialist - Vasco
13.04.2013 Views
Share Embed Flag

Austria Card: secure authentication for a security specialist - Vasco

Austria Card: secure authentication for a security specialist - Vasco

Austria Card: secure authentication for a security specialist - Vasco

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
vasco

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

DIGIPASS BY VASCO<br />

<strong>Austria</strong> <strong>Card</strong> Case Study<br />

<strong>Austria</strong> <strong>Card</strong>: <strong>secure</strong> <strong>authentication</strong> <strong>for</strong> a <strong>security</strong><br />

<strong>specialist</strong><br />

Data <strong>security</strong> is an issue in every company; however, in some industries it may be more essential than in others. As a competence<br />

center <strong>for</strong> the development and production of chip cards <strong>for</strong> electronic payments and identification, <strong>Austria</strong> <strong>Card</strong> GmbH uses the<br />

highest <strong>security</strong> standards. To prevent unauthorized access, <strong>Austria</strong> <strong>Card</strong> <strong>secure</strong>d its corporate network with two-factor <strong>authentication</strong><br />

using VASCO’s VACMAN <strong>authentication</strong> software and DIGIPASS devices.<br />

About fifty employees make regular use of the remote access facilities to<br />

access <strong>Austria</strong> <strong>Card</strong>’s corporate network. It mainly concerns a mobile work<strong>for</strong>ce,<br />

so called road warriors, who need to access business critical data from hotel<br />

rooms or public hotspots. Additionally, other employees occasionally require<br />

remote access, <strong>for</strong> instance to access the production planning and the ERPsystem<br />

after hours from the home computer. Similarly, system administrators<br />

require <strong>secure</strong> access due to the nature of their activities. Furthermore, a<br />

number of suppliers and partners also use remote access to access <strong>Austria</strong><br />

<strong>Card</strong>’s systems <strong>for</strong> maintenance purposes.<br />

EXISTING SOLUTIONS WERE TOO COMPLEX<br />

The adequate protection of remote access requests has always been a high<br />

priority at <strong>Austria</strong> <strong>Card</strong>. However, the existing solution proved to be too complex<br />

and unstable when the number of users increased.<br />

“The solution used certificates which had to be stored on the end-user’s PC,”<br />

explains Thomas Höher, CISO at <strong>Austria</strong> <strong>Card</strong>. This was the main reason <strong>for</strong><br />

<strong>Austria</strong> <strong>Card</strong> to look <strong>for</strong> a new solution. “The use of certificates was too complex<br />

<strong>for</strong> our users. Furthermore, client software had to be installed on every PC. As<br />

this software was anchored deep into the system it affected the overall system<br />

in a negative way in certain situations.”<br />

Together with Technovisie, the sister company responsible <strong>for</strong> IT, the decision<br />

was taken to look <strong>for</strong> another solution to <strong>secure</strong> remote access to the network in<br />

a user-friendly way and as a result would be easily accepted by the end-users.<br />

A solution based on two-factor <strong>authentication</strong> using one-time password best<br />

met the requirements. Through joint development projects, <strong>Austria</strong> <strong>Card</strong> already<br />

had some contacts with VASCO. On top of that, the colleagues from Technovisie<br />

who were responsible <strong>for</strong> the implementation, already successfully employed<br />

and used DIGIPASS.<br />

The simplicity and stability of the solution, as well as the recommendations<br />

from the Belgian colleagues, were deciding factors <strong>for</strong> choosing the VASCO<br />

<strong>authentication</strong> solution which would work with the SSL VPN appliance from<br />

Juniper.<br />

ONE-TIME PASSWORDS ARE THE SOLUTION<br />

For <strong>secure</strong> remote access each employee or partner received a DIGIPASS.<br />

When they log-on the DIGIPASS generates a one-time password which is used<br />

<strong>for</strong> <strong>authentication</strong> and which is only valid <strong>for</strong> about half a minute. VACMAN<br />

Middleware, the <strong>authentication</strong> server at <strong>Austria</strong> <strong>Card</strong>, will check the credentials<br />

and allow or block the access to the Juniper appliance. A policy has been<br />

defined on the Juniper appliance to determine who can access what type of<br />

data and applications.<br />

When logging-on, the VASCO solution ensures that the user really is who he<br />

says he is. VACMAN Middleware is also used as the central user repository<br />

from where user access can quickly be blocked if needed. When this happens,<br />

the end-user will no longer be able to authenticate himself. As a result, all the<br />

permissions to use the network and the applications will become obsolete.<br />

The new remote access solution deployed by <strong>Austria</strong> <strong>Card</strong> is very easy to use<br />

<strong>for</strong> employees. Each time they log-on, they will have to generate a new onetime<br />

password at the push of the button. The solution requires no installation<br />

of software on PCs or laptops and it eliminates the cumbersome handling of<br />

certificates. Since there is no physical connection between the PC and the<br />

DIGIPASS, it is even impossible <strong>for</strong> hackers to manipulate the DIGIPASS when<br />

the PC has been compromised. Even a password which has been intercepted<br />

by a key logger is useless, considering the password can only be used once.<br />

OUTSTANDING USER ACCEPTANCE<br />

«Our users are happy they no longer have to deal with certificates,» says<br />

Thomas Höher. «The new solution is absolutely reliable and a huge relief <strong>for</strong> the<br />

employees. It brings us a real <strong>security</strong> improvement, since the previous solution<br />

was rather a one and half-factor <strong>authentication</strong> solution than a true two-factor<br />

<strong>authentication</strong> solution.»<br />

On the server-side, the VASCO solution is also very easy to maintain. The central<br />

<strong>authentication</strong> plat<strong>for</strong>m VACMAN verifies the <strong>authentication</strong> requests and<br />

provides central user administration. It requires little resources: at <strong>Austria</strong> <strong>Card</strong><br />

VACMAN Middleware runs on virtual Windows 2003 servers using VMware ESX.<br />

VACMAN supports Radius server as well as Novell e-directory already used by<br />

<strong>Austria</strong> <strong>Card</strong>. As a result the integration of the <strong>authentication</strong> solution into the<br />

existing environment went smoothly.<br />

«VACMAN was installed and configured within the hour. The entire<br />

implementation, including the integration with our Novell environment went<br />

Case Study

smoothly,» said Thomas Höher. «And when we needed help, we got it fast and<br />

to-the-point from VASCO.» “But also in daily use the system is easy to manage,”<br />

Thomas adds. «I can explain our remote access solution to an administrator in<br />

about two minutes.»<br />

Since the end of March 2010, the new solution is fully operational. As soon<br />

as the last DIGIPASS was handed out, we started planning the next project.<br />

As a member of the Lykos Group <strong>Austria</strong> <strong>Card</strong> is responsible <strong>for</strong> the planning<br />

of a company-wide project management system which needs to be remotely<br />

accessed by many employees. For this project <strong>Austria</strong> <strong>Card</strong> plans to link the<br />

Radius server of the Belgian sister company to its own remote access solution<br />

enabling employees to access both networks with a single <strong>authentication</strong> device.<br />

Employees from other involved companies in other countries, will be equipped<br />

with a DIGIPASS device to use the central project management system.<br />

About <strong>Austria</strong> <strong>Card</strong><br />

DIGIPASS BY VASCO<br />

<strong>Austria</strong> <strong>Card</strong> Case Study<br />

Objective<br />

The replacement of a complex, certificate-based <strong>authentication</strong> solution with a<br />

<strong>secure</strong> and user-friendly remote access solution.<br />

Challenge<br />

The new solution should not only be safe and user-friendly, it also had to<br />

support the planned introduction of a multi-site project management system.<br />

The <strong>authentication</strong> to multiple RADIUS servers should be possible with a single<br />

<strong>authentication</strong> device.<br />

Solution<br />

<strong>Austria</strong> <strong>Card</strong> chose the combination of VASCO’s VACMAN Middleware and<br />

DIGIPASS: a strong two-factor <strong>authentication</strong> solution using one-time passwords<br />

to <strong>secure</strong> remote access to the company’s network and resources.<br />

<strong>Austria</strong> <strong>Card</strong> GmbH is a member of the Lykos Group and subsidiary of the center <strong>for</strong> the development and production of chip cards <strong>for</strong> electronic payments and<br />

identification of the <strong>Austria</strong>n National Bank (OeNB). For future proof <strong>security</strong>, the company creates new procedures on topics such as e-payment and digital signature.<br />

The focus on payments and identification strengthens its expertise in the timely implementation of complex projects in an international context. Traditional core<br />

competencies such as card production, personalization and logistics under high <strong>security</strong> conditions are, in addition to the development of chip-based application<br />

software and operating systems, the pillars of sustainable success.<br />

About VASCO<br />

VASCO is a leading supplier of strong <strong>authentication</strong> and e-signature solutions and services specializing in Internet Security applications and transactions. VASCO has<br />

positioned itself as global software company <strong>for</strong> Internet Security and designs, develops, markets and supports patented DIGIPASS ® , DIGIPASS PLUS ® , VACMAN ® ,<br />

IDENTIKEY ® and aXsGUARD ® <strong>authentication</strong> products. VASCO’s prime markets are the financial sector, enterprise <strong>security</strong>, e-commerce and e-government.<br />

www.vasco.com<br />

BRUSSELS (Europe)<br />

phone: +32 2 609 97 00<br />

email: info-europe@vasco.com<br />

BOSTON (North America)<br />

phone: +1 508 366 3400<br />

email: info-usa@vasco.com<br />

SYDNEY (Pacific)<br />

phone: +61 2 8061 3700<br />

email: info-australia@vasco.com<br />

VACMAN ® , IDENTIKEY ® , aXsGUARD ® , and DIGIPASS ® are registered trademarks of VASCO Data Security. All trademarks or trade names are the property of their respective owners.<br />

VASCO reserves the right to make changes to specifications at any time and without notice. The in<strong>for</strong>mation furnished by VASCO in this document is believed to be accurate and reliable.<br />

However, VASCO may not be held liable <strong>for</strong> its use, nor <strong>for</strong> infringement of patents or other rights of third parties resulting from its use. © 2010 VASCO. All rights reserved.<br />

SINGAPORE (Asia)<br />

phone: +65 6323 0906<br />

email: info-asia@vasco.com<br />

Case Study

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!