Request A Demo

Two Factor Authentication

Google 2 Factor
Office 365
Wikid Systems
Duo Security

Download A White Paper

Cloud Authentication Security

Cloud Authentication Security (CAS), What is it?

Cloud Authentication Security (CAS) provides a single sign-on environment by integrating Google Apps For Education Authentication or Microsoft Office 365 with the either of the Adaptive Network Access Control appliances Milton Security manufactures (Edge7200 and ICEGuard).  When a user logs in with their Cloud account, they are immediately granted access to the network based on their identity. Not only is this simpler for students, staff, and guests, but it gives visibility and control to the IT Department.

Authentication without Active Directory

To access resources on a network, users require a set of credentials.  Needing to remember yet another username and password can be seem like an extra burden, causing some people to reuse the same set they use for multiple other sites like social media, banking and gaming. The reuse of passwords is one of the most common mistakes people make as it compromises many networks at once when a password is leaked. Another common mistake that people make, when they’re feeling lazy about security, is to use an extremely simple username and password on both encrypted and unencrypted sites.  This can also put your network in jeopardy.

So, what can be done to help alleviate this stress from your students and faculty when you are not using an enterprise level authentication method like Active Directory? Utilize an existing form of authentication via cloud services, such as Google Apps for Education or Microsoft Office 365. The user’s school email login can now gain them secure access to their Cloud account as well as the network, without the stress of yet another username and password to remember.  While there are benefits to using a cloud authentication service(like cloud storage), there are also some difficult challenges that this solution presents.  For instance, how do you use an external login like Cloud authentication to gain access to local resources?  Knowing exactly who is on your network becomes more difficult when the authentication is hosted in the cloud.  What is needed is a link, something to tie the Cloud Authentication with the internal identity of each device and user.

Tying Cloud and Local Authentication With Inline Security

The CAS integration with Google Apps for Education uses the OAuth 2.0 protocol, which is currently what Google recommends to be used with all of their services.  However, while OAuth 2.0 is prefered, CAS also provides support for deprecated OAuth 1.0 for those who have not migrated to the new version.  When users login with the Google Apps for Education Authenticator, the Edge7200i security appliance accepts that login immediately because its been approved by Google.

So what exactly is required for this level of control over your authentication? The Milton Security Group CAS solution works in tandem with the Milton Security Group Inline security appliances to provide a seamless environment with Google Apps for Education Authentication or Microsoft Office 365 servers.  When combined with other features offered on the Milton Security Edge and ICEGuard solutions(bandwidth throttling, user access levels, OS compliance (patch, updates, version type) etc.), the overall access level of every person that is connected to your network is highly controlled.

Two Factor Authentication

Any passwords or username, no matter how complex, can be cracked.  The benefit of a two-factor authentication is that even if someone has your login information, they still need that second piece of the puzzle.  This piece is either something you have(a random security code), or something you are (thumbprint, retina scan etc.). Built right into Google Apps is the ability to utilize Two Factor Authentication, it just needs to be turned on.  While this will give you Two factor Authentication on chrome devices and to Google Apps, it does little for Windows devices on your network.  Now CAS gives you the ability to harness the power of a few other Two Factor Authentication Systems.

DUO Security and WIKID Systems both offer two-factor authentication services, with individual twists.  DUO is a cloud based service, which requires very little set up.  The ease of setup and configuration is painless.  DUO is free for less than 10 users.

WiKID Systems is locally hosted at your premises, keeping your data and control local.  The highly scalable, multi-tenant server is available as a  software appliance or as Linux packages. It  includes scripts to allow user-self registration in a secure manner, group functionality, RADIUS return attribute support, detailed logging and reporting.  Unlike most tokens, WiKID uses asymmetric keys generated on the device and server for encryption, meaning WiKID does not have a copy of them.. It also allows greater functionality, such as mutual SSL authentication and multiple tokens per user. Their API is freely available under the LGPL license to extend the server's multi-tenant capabilities. The open-source  WiKID Community version is available under the GPL license.