-
-
Our current courses
- Knowledge of TCP/IP
- Basic knowledge of Firewall
- ALF course
- TCB course
>> in more details
Gentoo biztonsagi frissitesek
Több biztonsági hibát (köztük PHP kód futtatást is lehetővé tevőt) találtak a phpMyAdmin csomagban. ... >> Continue
Debian biztonsagi frissitesek
Különböző kód futtatást eredményező biztonsági hibákat találtak az ffmpeg csomag Matroska, QDM2, VP3, VP5, VP6, VMD és SVQ1 formátum kezelőib... >> Continue
Ubuntu biztonsagi frissitesek
Kihozták a kernel csomag javítását a 10.04 LTS verzió IMX51 platformjára: információ szivárgási hibát találtak a TPM adatok kezelésé... >> Continue
More security news in the Guru.
Our Certifications
Auth server
In larger networks it is a serious problem to develop a shared authentication system of appropriate strength. Using the Auth server enables authentication with a strength that satisfies today's expectations for mixed client applications running on different operating systems. The authentication system co-operating with the ALF firewall system ensures the execution of strong authentication in the network perimeter security as well.
The client side function library provided with the system enables the fast and convenient integration of the system into several client applications. To date, we have successfully integrated our system with C, C++, Delphi, Pascal, and Oracle based applications. Its great flexibility makes it possible to use it from almost any programming environment, that way any type of custom solution can be easily linked to the company's authentication system.
If necessary for successful authentication, the use of several - even different - pre-authentication methods can be enforced. This allows several special defence methods. It can be used to make one user authenticate himself/herself through several different methods, but a really interesting possibility is that an "authentication" can be bound to the authentication of several people. For example with this it is possible that to reach certain functions of the financial system, the presence of both the financial leader and the managing director is required.
Supported authentication methods
- SmartCard
It is one of the most modern and secure authentication techniques accessible today. The modern smart cards are not simple memory cards, on which the necessary information for the authentication can be stored, but embedded microcomputers. They are capable of creating the key pair necessary for the authentication, and make its public part accessible. The authentication is made by the miniature computer on the card, the secret key never leaves it, the only way to get the key is to get the card itself as well. This way the authentication data can't get into unauthorized hands without noticing it - unlike, for example with password based authentication. Here the authentication is based on an asymmetric encryption algorithm, so even through intercepting network traffic the putative attacker can't get the authentication information and it doesn't have to be stored on the authentication server either. The only unpleasant property of the chipcard based authentication is that it requires a special card-reader. - USB token
The USB token works based on a similar principle as the SmartCard, with the difference that it can be connected to USB ports, that way it doesn't require a special reader. In its other properties it's identical to the chipcard. - CryptoCard
The CryptoCard is a small device that looks like a simple calculator, which, with the help of a stored secret key, generates a different output sequence from an input sequence. The authentication happens this way: at log-in the authentication server sends a number of 7 or 8 digits, the so-called challenge. The user activates the CryptoCard with a numerical code known only to him/her, then types in the received sequence. After this, the built-in miniature computer generates a 7 digit number from the sequence with the help of the secret key stored previously, that is the so-called response. The user types in the resultant number to the application requesting authentication, which forwards it to the Auth server, where the authentication happens based on these. The great advantage of the method is that it can be forwarded even on unencrypted networks, because even in case of several interceptions of challenge-response it is very difficult to discover the secret key. Its further advantage is that it can be used everywhere, it doesn't have to be connected to the computer in any way, and yet it enables a great security authentication. - SKey
The SKey based authentication operating with "disposable" passwords has been known for a long time, but is an undeservedly neglected form of authentication method. Its principle is that the system makes a known quantity of passwords in advance, which the users can use only once. That way, if the network or even the keystrokes can be intercepted, the password cannot be used once again. Its great advantage is that if the issued passwords run out, then the user must ask for new ones, and that way the operators of the system can determine the number of possible log-ins. Its disadvantage is that the user must store the passwords that still haven't been used in some form (on a PDA, for example). - Password
Of course, the well known, password-based authentication method can be used as well.
Supported background databases
- LDAP
- Berkeley DB
|
We became Veeam Silver Partner. |
|
|
All materials without any licence notification contained on this site are owned by Andrews Kft.
All rights reserved. Copyright (c) 1999-2011 by Andrews Kft. Please send your suggestions to the webmaster@andrews.hu e-mail address.