Kemp Security Series 2020 – Part 3: Identity Access

Posted on

It is often said that the weakest link in the security of IT systems is the human element. If we accept this assertion as true, then the selection, storage, and use of user passwords is certainly the biggest contributory factor. The 2019 Verizon Data Breach Investigations report would support that weak, default or stolen passwords are a large factor in confirmed data breaches. Clearly, passwords are a tempting target for malicious 3rd parties trying to gain unauthorized access to applications and websites.

Protecting your Password

Augmenting password systems is becoming increasingly standard for internet-facing applications and services. The most common method of doing this is to enable dual-factor and more increasingly multi-factor authentication. When this is enabled, additional pieces of one-off unique information are used in conjunction with the password to gain access to systems. This additional piece of information is often a code that is generated by an app on a mobile device, a dedicated code generator assigned to each user or sent to a mobile device via text message.

Other actions that organizations can take include:

  • Changing default passwords on all systems
  • Discourage password reuse
  • Invest in a password manager like LastPass, 1Password, Bitwarden, Dashlane etc
  • Invest in your employees by spreading security awareness especially around phishing

This is not meant to be an exhaustive list and indicative of some actions that organizations can take in this area.

Edge Security with Kemp

Deploying LoadMaster with the Kemp Edge Security Pack (ESP) enabled, simplifies the secure publishing of applications with pre-authentication of clients and Single Sign-On (SSO) to improve the user experience. ESP can be fully integrated into your current authentication and authorization directories, including Microsoft Active Directory. This means that the passwords used to gain access to Internet facing applications can be the ones set in your corporate directory, with all the password policy settings maintained in one place. In addition, single sign-on and group memberships can be used to provide granular access to applications, and secure two-factor authorization solutions, such as RADIUS or RSA SecurID, can be used to augment the directory-based passwords.

ESP can be deployed on LoadMaster instances running in the major cloud platforms such as Microsoft Azure and Amazon Webservices, or on on-premises hypervisors such as Hyper-V and VMware. Deploying to the cloud or hybrid allows the solution to scale and flex as needs change. This also allows you to provide mitigation against DoS attacks as the Cloud instances can be distributed globally.

Specific features of Edge Security Pack include:

  • reCAPTCHA v2 support
  • RADIUS authentication support
  • Dual factor authentication
    • RADIUS based 2FA and RSA SecurID
    • Multiple protocols are used, for example RSA SecurID and LDAP or RADIUS and LDAP
  • Active Directory integration and support
  • Basic and Forms Based Authentication
  • Certificate based Authentication
  • JSON Web Token-based authentication and verification
  • LDAP and LDAPS support
  • STARTTLS support
  • KCD support
  • NTLM support
  • SAML support
  • Customizable Login forms
  • Detailed logging in Common Event Format (CEF)

Some examples of Edge Security Pack with Google reCAPTCHA and Google Authenticator, LinOTP and Google reCAPTCHA.

Contact us today to discuss all your application delivery and security needs.

Additional Information

Trustwave 2019 Global Security Report Verizon 2019 Data Breach Investigations Report

Posted on

David O'Connor

David O’Connor is a Product Manager in Kemp working in Limerick, Ireland. He holds a bachelor’s degree in Computer Engineering from University of Limerick. David has a telecoms background with previous roles in development, customer support and presales with a focus on product-market fit and creating tech products that customers love.