DirectRM's (DRM), Direct Authenticator (DA) server is the core engine which encapsulates and provides a complete life-cycle for the different type of authenticators within the DA family suite. The DA Access Manager server is scalable, flexible and provides high availability, a key ingredient for a robust enterprise solution.
Direct Authenticator covers entry-to-exit security by following the six core principles of security, also known as the six A’s. The six A’s follows a holistic approach to security to ensure that users and organizations are completely protected.
- Assess: Inspection of user device (laptops and desktop computers, PDAs, smart-phones) to ensure it complies with a corporate security policy.
- Authenticate: Identify that users are who they claim.
- Authorize: Determine which applications users gain access.
- Access: Creates a secure encrypted network link between users’ devices and the desired application or information.
- Audit: Who accessed any document or application and when did they do it, and what they did.
- Abolish: Removes all traces off access to the corporate network on completion of the session.
Some key rich-features of the DA with respect to “identity management” include:
- Delegates identity management between multiple administrators
- Lock down Access based on User IP Address, IP Range or Device MAC Address
- Uses a simple and intuitive web-based interface, making it is easy for “super administrators” to set up management rules for other administrators based on their roles, location, responsibilities, seniority, etc.
- Allows users to seamlessly access applications and directories without having to login again
- Delegated management for multiple users (groups) and locations
The Six A’s
Direct Authenticator inspects, or assesses, client devices to ensure compliance with your corporate security policy. Non-compliant devices may be refused entry, or be referred to software update sites. Assessment includes the following functions:
- Checks and Secures Operating systems and patches
- Checks Device type
- Checks Firewall and Anti-Virus software,
- Defeats Spyware
- Identifies Device Type (PC, Laptop, PDA, Smartphone, Internet Kiosk, etc.)
- Verifies Windows domain and registry settings
- Installs correct Network configuration settings
- Adaptable / extendable software to add system administrator checks
- Only after passing all of the above security checks – will the user/device be able to access the network resources.
- Authenticator prevents unauthorized connections and protects against a malicious attack coming from inside the network perimeter
When activated, Direct Authenticator Assessment inspects the client computer and makes a security assessment before the user is or granted access to a resource. This step complements the proceeding user authorization by verifying that the client computer is actually an authorized computer and has been properly protected.
You create access rules on which the actual security assessment and policy verification is based. The security assessment can be configured and extended to support your security policy. The communication and data from the client computer is protected and an intruder cannot modify any evidence collected from the client computer.
The Authentication in Direct Authenticator is an easy process for the user. The Access Point verifies the identity of the user by forwarding the user credentials via the Policy Service to the Authentication Service, which in turn compares the information with credentials stored in the user storage. When the control is completed, a Request Accept is sent to the Access Point which allows the user to enter.
Access is defined to allow users to access specific resources. All resources are associated with at least one access rule, consisting of requirements such as authentication methods, date or time restrictions, or user-group memberships.
Any kind of resource, usually an application, can be accessed through the Application Portal and the Access Client. Resources include Web, Client Server, Terminal Server and File Server applications. By using the Application Portal the complexity of how access is granted is hidden from the user. The Access Client creates a secure encrypted network tunnel between the user device and the application. You may define possible limitations for user access. Direct Authenticator is designed for 365/24/7 access.
Auditing in Direct Authenticator provides:
- Central capture off all access to corporate applications.
- Real-Time and historical reports covering all of the six A’s, plus system and performance reports.
- Permanent record of Application Access
- Who accessed any document or application, when they did it and what they did.
The auditing features in Direct Authenticator provide organizations with the tools to meet strict industry, government and corporate, compliancy regulations.
With Direct Authenticator all traces of access to the corporate network on completion of the session can be removed. On-demand end point security checks through BYOD device assessment and web browsers are renowned for creating a “bread trail” of information during a user session. Abolishment ensures that:
- No traces or footprints left behind on the mobile user’s computer.
- Configured to delete the following components the moment a user ends the session:
- Cookies, URL History, Cached Pages, Registry Entries, Downloadable Files, Temporary Files
- No cached information is maintained in the web browser
- All on-demand applications are deleted after they are executed
- All applications are executable for one-time-run
- If an application is left open because of a computer crash, it will not run later
- Delete any scratch pad data after the session logs out
- Inactive session is automatically logged out after a predetermined time