SlideShare una empresa de Scribd logo

Webmail Vulnerability Crisis

PortalGuard
PortalGuard

"With the TTT plugin installed, authenticating on a machine that passes a set of risk-based criteria requires just the users' password, nothing more than a standard OWA login, despite that a secure two-factor authentication is actually taking place." http://www.portalguard.com

1 de 1
Descargar para leer sin conexión
"With the TTT plugin installed, authenticating on a machine that passes a set of risk-based criteria requires just the users' password, nothing more than a standard OWA login, despite that a secure two-factor authentication is actually taking place." Press Release PortalGuard's Five Layer Authentication Offers Quintessential Solutions for the Worsening Webmail Vulnerability Crisis January 31, 2013 16:18 ET AMHERST, NH-- The PortalGuard platform's layered authentication approach adds protection which is crucial in defending Outlook Web App (OWA) against attacks, an often overlooked and critically weak focal point for illegitimate access to most any corporate network, with minimal tradeoff between security and usability. Through providing a variety of two-factor authentication methods for logins, the PortalGuard platform effectively alleviates the threat of compromised webmail credentials, greatly enhancing and securing OWA's native simple password authentication. In addition, the platform presents options for enhancing the authentication for self-service password reset, eliminating the compromise between allowing user self-service and softening security. "It is very clear that in an unprecedented number of accounts involving the compromise of corporate infrastructure in recent years, access to employee email accounts were a primary factor," says Thomas Hoey, founder and CEO of PortalGuard, a company whose principals have always centered on providing companies with low-risk, robust functionality, and dedicated customer service, all while maintaining usability at an affordable price point. "Webmail access is sought after by hackers for an overwhelming number of reasons. An email account contains a wealth of data that can be easily leveraged for further takeover of the individuals or company's assets or services," Hoey says. "Everything from password reset links, sensitive corporate information, and all of your personal data is there as well, to be waded through for answers to password recovery questions. It's in essence an archive with everywhere you've been and everything you've done online, making it the perfect place to initiate any sort of attack. Most OWA logins are publicly available and typically secured with the simplest lock available: a basic password." To hearken to the theme of usability, PortalGuard also offers completely transparent One-time Password (OTP) delivery methods to achieve its two-factor authentication in addition to the traditional, tangible type. Through use of its Transparent Tokenless Toolbar (TTT) browser plugin, the enhanced protection of two-factor authentication is combined with utmost usability, when a user is able to submit a full-fledged two-factor authentication without the need of a phone, hard- token, or anything the user has besides their laptop. The TTT automatically generates time based OTPs (TOTPs) on a regular interval, as well as encrypts the OTP value with public key cryptography. This ensures that the OTP is only able to be decrypted and read by the PortalGuard server, as well as severely limits the amount of time the OTP is valid if it were to be somehow compromised. With the TTT plugin installed, authenticating on a machine that passes a set of risk-based criteria requires just the users' password, nothing more than a standard OWA login, despite that a secure two-factor authentication is actually taking place. "For many, the importance of locking down your webmail access appears to be overlooked," Hoey continues, "Others are certainly actively securing their OWA logins, through SSL, or hiding them behind reverse proxies, which are all partial answers. The fact of the matter is: multi-factor authentication is the only solution that addresses the issue of it being a weakest link in its entirety." The full version of the PortalGuard authentication platform software is available for $7,500 USD per installation, and comes with a 90 day money back guarantee. A trial version of PortalGuard is also available. For details, please visit the company website (www.portalguard.com). "Through providing a variety of two-factor authentication methods for logins, the PortalGuard platform effectively alleviates the threat of compromised webmail credentials, greatly enhancing and securing OWA's native simple password authentication." Copyright 2009 - 2013 PistolStar, Inc. All Rights Reserved Site Map Search Solutions Resources Contact Us By Platform By Industry Platform Request Demo ShareShareShareShareShareShare

Recomendados

Examen informatico
Examen informaticoExamen informatico
Examen informaticoJoseak
 
Examen Final de Informatico
Examen Final de InformaticoExamen Final de Informatico
Examen Final de InformaticoJoseak
 
Examen Final de Informatico
Examen Final de InformaticoExamen Final de Informatico
Examen Final de InformaticoJoseak
 
El mapa de la India. Conversaciones con Manolo Matji
El mapa de la India. Conversaciones con Manolo MatjiEl mapa de la India. Conversaciones con Manolo Matji
El mapa de la India. Conversaciones con Manolo MatjiJCarlos Martínez
 
10 Insightful Quotes On Designing A Better Customer Experience
10 Insightful Quotes On Designing A Better Customer Experience10 Insightful Quotes On Designing A Better Customer Experience
10 Insightful Quotes On Designing A Better Customer ExperienceYuan Wang
 
How to Build a Dynamic Social Media Plan
How to Build a Dynamic Social Media PlanHow to Build a Dynamic Social Media Plan
How to Build a Dynamic Social Media PlanPost Planner
 
Learn BEM: CSS Naming Convention
Learn BEM: CSS Naming ConventionLearn BEM: CSS Naming Convention
Learn BEM: CSS Naming ConventionIn a Rocket
 
SEO: Getting Personal
SEO: Getting PersonalSEO: Getting Personal
SEO: Getting PersonalKirsty Hulse
 

Recomendados

Examen informatico
Examen informaticoExamen informatico
Examen informaticoJoseak
 
Examen Final de Informatico
Examen Final de InformaticoExamen Final de Informatico
Examen Final de InformaticoJoseak
 
Examen Final de Informatico
Examen Final de InformaticoExamen Final de Informatico
Examen Final de InformaticoJoseak
 
El mapa de la India. Conversaciones con Manolo Matji
El mapa de la India. Conversaciones con Manolo MatjiEl mapa de la India. Conversaciones con Manolo Matji
El mapa de la India. Conversaciones con Manolo MatjiJCarlos Martínez
 
10 Insightful Quotes On Designing A Better Customer Experience
10 Insightful Quotes On Designing A Better Customer Experience10 Insightful Quotes On Designing A Better Customer Experience
10 Insightful Quotes On Designing A Better Customer ExperienceYuan Wang
 
How to Build a Dynamic Social Media Plan
How to Build a Dynamic Social Media PlanHow to Build a Dynamic Social Media Plan
How to Build a Dynamic Social Media PlanPost Planner
 
Learn BEM: CSS Naming Convention
Learn BEM: CSS Naming ConventionLearn BEM: CSS Naming Convention
Learn BEM: CSS Naming ConventionIn a Rocket
 
SEO: Getting Personal
SEO: Getting PersonalSEO: Getting Personal
SEO: Getting PersonalKirsty Hulse
 
Let's Build a Better Password
Let's Build a Better PasswordLet's Build a Better Password
Let's Build a Better PasswordPortalGuard
 
Designing and Implementing a Secure, Fully Brandable Web Portal
Designing and Implementing a Secure, Fully Brandable Web PortalDesigning and Implementing a Secure, Fully Brandable Web Portal
Designing and Implementing a Secure, Fully Brandable Web PortalPortalGuard
 
Designing and Creating a Secure Web Portal
Designing and Creating a Secure Web PortalDesigning and Creating a Secure Web Portal
Designing and Creating a Secure Web PortalPortalGuard
 
PortalGuard Product Tour
PortalGuard Product TourPortalGuard Product Tour
PortalGuard Product TourPortalGuard
 
SSPM Retail
SSPM RetailSSPM Retail
SSPM RetailPortalGuard
 
SAML Executive Overview
SAML Executive OverviewSAML Executive Overview
SAML Executive OverviewPortalGuard
 
The Role of Password Management in Achieving Compliance
The Role of Password Management in Achieving ComplianceThe Role of Password Management in Achieving Compliance
The Role of Password Management in Achieving CompliancePortalGuard
 
PortalGuard Platform
PortalGuard PlatformPortalGuard Platform
PortalGuard PlatformPortalGuard
 
Already Have a Solution?
Already Have a Solution? Already Have a Solution?
Already Have a Solution? PortalGuard
 
Centralized Self-service Password Reset: From the Web and Windows Desktop
Centralized Self-service Password Reset: From the Web and Windows DesktopCentralized Self-service Password Reset: From the Web and Windows Desktop
Centralized Self-service Password Reset: From the Web and Windows DesktopPortalGuard
 
Sever-based Password Synchronization: Managing Multiple Passwords
Sever-based Password Synchronization: Managing Multiple PasswordsSever-based Password Synchronization: Managing Multiple Passwords
Sever-based Password Synchronization: Managing Multiple PasswordsPortalGuard
 
Configurable Password Management: Balancing Usability and Compliance
Configurable Password Management: Balancing Usability and ComplianceConfigurable Password Management: Balancing Usability and Compliance
Configurable Password Management: Balancing Usability and CompliancePortalGuard
 
Contextual Authentication: A Multi-factor Approach
Contextual Authentication: A Multi-factor ApproachContextual Authentication: A Multi-factor Approach
Contextual Authentication: A Multi-factor ApproachPortalGuard
 
Two-factor Authentication: A Tokenless Approach
Two-factor Authentication: A Tokenless ApproachTwo-factor Authentication: A Tokenless Approach
Two-factor Authentication: A Tokenless ApproachPortalGuard
 
Password Security and CJIS Compliance
Password Security and CJIS CompliancePassword Security and CJIS Compliance
Password Security and CJIS CompliancePortalGuard
 
Avoiding Two-factor Authentication? You're Not Alone
Avoiding Two-factor Authentication? You're Not AloneAvoiding Two-factor Authentication? You're Not Alone
Avoiding Two-factor Authentication? You're Not AlonePortalGuard
 
Portal Authentication: A Balancing Act Between Security Usability and Complia...
Portal Authentication: A Balancing Act Between Security Usability and Complia...Portal Authentication: A Balancing Act Between Security Usability and Complia...
Portal Authentication: A Balancing Act Between Security Usability and Complia...PortalGuard
 

Más contenido relacionado

Más de PortalGuard

Let's Build a Better Password
Let's Build a Better PasswordLet's Build a Better Password
Let's Build a Better PasswordPortalGuard
 
Designing and Implementing a Secure, Fully Brandable Web Portal
Designing and Implementing a Secure, Fully Brandable Web PortalDesigning and Implementing a Secure, Fully Brandable Web Portal
Designing and Implementing a Secure, Fully Brandable Web PortalPortalGuard
 
Designing and Creating a Secure Web Portal
Designing and Creating a Secure Web PortalDesigning and Creating a Secure Web Portal
Designing and Creating a Secure Web PortalPortalGuard
 
PortalGuard Product Tour
PortalGuard Product TourPortalGuard Product Tour
PortalGuard Product TourPortalGuard
 
SAML Executive Overview
SAML Executive OverviewSAML Executive Overview
SAML Executive OverviewPortalGuard
 
The Role of Password Management in Achieving Compliance
The Role of Password Management in Achieving ComplianceThe Role of Password Management in Achieving Compliance
The Role of Password Management in Achieving CompliancePortalGuard
 
PortalGuard Platform
PortalGuard PlatformPortalGuard Platform
PortalGuard PlatformPortalGuard
 
Already Have a Solution?
Already Have a Solution? Already Have a Solution?
Already Have a Solution? PortalGuard
 
Centralized Self-service Password Reset: From the Web and Windows Desktop
Centralized Self-service Password Reset: From the Web and Windows DesktopCentralized Self-service Password Reset: From the Web and Windows Desktop
Centralized Self-service Password Reset: From the Web and Windows DesktopPortalGuard
 
Sever-based Password Synchronization: Managing Multiple Passwords
Sever-based Password Synchronization: Managing Multiple PasswordsSever-based Password Synchronization: Managing Multiple Passwords
Sever-based Password Synchronization: Managing Multiple PasswordsPortalGuard
 
Configurable Password Management: Balancing Usability and Compliance
Configurable Password Management: Balancing Usability and ComplianceConfigurable Password Management: Balancing Usability and Compliance
Configurable Password Management: Balancing Usability and CompliancePortalGuard
 
Contextual Authentication: A Multi-factor Approach
Contextual Authentication: A Multi-factor ApproachContextual Authentication: A Multi-factor Approach
Contextual Authentication: A Multi-factor ApproachPortalGuard
 
Two-factor Authentication: A Tokenless Approach
Two-factor Authentication: A Tokenless ApproachTwo-factor Authentication: A Tokenless Approach
Two-factor Authentication: A Tokenless ApproachPortalGuard
 
Password Security and CJIS Compliance
Password Security and CJIS CompliancePassword Security and CJIS Compliance
Password Security and CJIS CompliancePortalGuard
 
Avoiding Two-factor Authentication? You're Not Alone
Avoiding Two-factor Authentication? You're Not AloneAvoiding Two-factor Authentication? You're Not Alone
Avoiding Two-factor Authentication? You're Not AlonePortalGuard
 
Portal Authentication: A Balancing Act Between Security Usability and Complia...
Portal Authentication: A Balancing Act Between Security Usability and Complia...Portal Authentication: A Balancing Act Between Security Usability and Complia...
Portal Authentication: A Balancing Act Between Security Usability and Complia...PortalGuard
 

Más de PortalGuard (17)

Let's Build a Better Password
Let's Build a Better PasswordLet's Build a Better Password
Let's Build a Better Password
 
Designing and Implementing a Secure, Fully Brandable Web Portal
Designing and Implementing a Secure, Fully Brandable Web PortalDesigning and Implementing a Secure, Fully Brandable Web Portal
Designing and Implementing a Secure, Fully Brandable Web Portal
 
Designing and Creating a Secure Web Portal
Designing and Creating a Secure Web PortalDesigning and Creating a Secure Web Portal
Designing and Creating a Secure Web Portal
 
PortalGuard Product Tour
PortalGuard Product TourPortalGuard Product Tour
PortalGuard Product Tour
 
SSPM Retail
SSPM RetailSSPM Retail
SSPM Retail
 
SAML Executive Overview
SAML Executive OverviewSAML Executive Overview
SAML Executive Overview
 
The Role of Password Management in Achieving Compliance
The Role of Password Management in Achieving ComplianceThe Role of Password Management in Achieving Compliance
The Role of Password Management in Achieving Compliance
 
PortalGuard Platform
PortalGuard PlatformPortalGuard Platform
PortalGuard Platform
 
Already Have a Solution?
Already Have a Solution? Already Have a Solution?
Already Have a Solution?
 
Centralized Self-service Password Reset: From the Web and Windows Desktop
Centralized Self-service Password Reset: From the Web and Windows DesktopCentralized Self-service Password Reset: From the Web and Windows Desktop
Centralized Self-service Password Reset: From the Web and Windows Desktop
 
Sever-based Password Synchronization: Managing Multiple Passwords
Sever-based Password Synchronization: Managing Multiple PasswordsSever-based Password Synchronization: Managing Multiple Passwords
Sever-based Password Synchronization: Managing Multiple Passwords
 
Configurable Password Management: Balancing Usability and Compliance
Configurable Password Management: Balancing Usability and ComplianceConfigurable Password Management: Balancing Usability and Compliance
Configurable Password Management: Balancing Usability and Compliance
 
Contextual Authentication: A Multi-factor Approach
Contextual Authentication: A Multi-factor ApproachContextual Authentication: A Multi-factor Approach
Contextual Authentication: A Multi-factor Approach
 
Two-factor Authentication: A Tokenless Approach
Two-factor Authentication: A Tokenless ApproachTwo-factor Authentication: A Tokenless Approach
Two-factor Authentication: A Tokenless Approach
 
Password Security and CJIS Compliance
Password Security and CJIS CompliancePassword Security and CJIS Compliance
Password Security and CJIS Compliance
 
Avoiding Two-factor Authentication? You're Not Alone
Avoiding Two-factor Authentication? You're Not AloneAvoiding Two-factor Authentication? You're Not Alone
Avoiding Two-factor Authentication? You're Not Alone
 
Portal Authentication: A Balancing Act Between Security Usability and Complia...
Portal Authentication: A Balancing Act Between Security Usability and Complia...Portal Authentication: A Balancing Act Between Security Usability and Complia...
Portal Authentication: A Balancing Act Between Security Usability and Complia...
 

Webmail Vulnerability Crisis

  • 1. "With the TTT plugin installed, authenticating on a machine that passes a set of risk-based criteria requires just the users' password, nothing more than a standard OWA login, despite that a secure two-factor authentication is actually taking place." Press Release PortalGuard's Five Layer Authentication Offers Quintessential Solutions for the Worsening Webmail Vulnerability Crisis January 31, 2013 16:18 ET AMHERST, NH-- The PortalGuard platform's layered authentication approach adds protection which is crucial in defending Outlook Web App (OWA) against attacks, an often overlooked and critically weak focal point for illegitimate access to most any corporate network, with minimal tradeoff between security and usability. Through providing a variety of two-factor authentication methods for logins, the PortalGuard platform effectively alleviates the threat of compromised webmail credentials, greatly enhancing and securing OWA's native simple password authentication. In addition, the platform presents options for enhancing the authentication for self-service password reset, eliminating the compromise between allowing user self-service and softening security. "It is very clear that in an unprecedented number of accounts involving the compromise of corporate infrastructure in recent years, access to employee email accounts were a primary factor," says Thomas Hoey, founder and CEO of PortalGuard, a company whose principals have always centered on providing companies with low-risk, robust functionality, and dedicated customer service, all while maintaining usability at an affordable price point. "Webmail access is sought after by hackers for an overwhelming number of reasons. An email account contains a wealth of data that can be easily leveraged for further takeover of the individuals or company's assets or services," Hoey says. "Everything from password reset links, sensitive corporate information, and all of your personal data is there as well, to be waded through for answers to password recovery questions. It's in essence an archive with everywhere you've been and everything you've done online, making it the perfect place to initiate any sort of attack. Most OWA logins are publicly available and typically secured with the simplest lock available: a basic password." To hearken to the theme of usability, PortalGuard also offers completely transparent One-time Password (OTP) delivery methods to achieve its two-factor authentication in addition to the traditional, tangible type. Through use of its Transparent Tokenless Toolbar (TTT) browser plugin, the enhanced protection of two-factor authentication is combined with utmost usability, when a user is able to submit a full-fledged two-factor authentication without the need of a phone, hard- token, or anything the user has besides their laptop. The TTT automatically generates time based OTPs (TOTPs) on a regular interval, as well as encrypts the OTP value with public key cryptography. This ensures that the OTP is only able to be decrypted and read by the PortalGuard server, as well as severely limits the amount of time the OTP is valid if it were to be somehow compromised. With the TTT plugin installed, authenticating on a machine that passes a set of risk-based criteria requires just the users' password, nothing more than a standard OWA login, despite that a secure two-factor authentication is actually taking place. "For many, the importance of locking down your webmail access appears to be overlooked," Hoey continues, "Others are certainly actively securing their OWA logins, through SSL, or hiding them behind reverse proxies, which are all partial answers. The fact of the matter is: multi-factor authentication is the only solution that addresses the issue of it being a weakest link in its entirety." The full version of the PortalGuard authentication platform software is available for $7,500 USD per installation, and comes with a 90 day money back guarantee. A trial version of PortalGuard is also available. For details, please visit the company website (www.portalguard.com). "Through providing a variety of two-factor authentication methods for logins, the PortalGuard platform effectively alleviates the threat of compromised webmail credentials, greatly enhancing and securing OWA's native simple password authentication." Copyright 2009 - 2013 PistolStar, Inc. All Rights Reserved Site Map Search Solutions Resources Contact Us By Platform By Industry Platform Request Demo ShareShareShareShareShareShare