Credibility Policy Concepts
Most authentication methods in use apply the same criteria to all users without establishing a level of credibility for each user in real-time. All users within an organization for example, might use the same simple username and password combination or more sophisticated approaches, such as physical tokens or biometric solutions.
The issue is, in the case of simple methods, the security levels may be insufficient for some situations and put an organization at risk. With more sophisticated methods, time and money must be spent to invest in a system, maintain it, train users, and overcome acceptance issues. The goal is to match the authentication procedure with the sensitivity of the application or database being accessed—to balance usability and security.
PortalGuard’s Credibility Policies allow you to customize your organization’s authentication policies based on real world, real-time scenarios. By customizing PortalGuard’s Credibility Policies to fit your organization security needs, you can ease employee access without sacrificing security. You match the level of authentication required to gain access to a particular application with a score a user must meet. The greater the potential impact of the users or the data they are trying to access, the more authentication requirements there are.
Credibility vs. Risk
Credibility-based authentication matches the level of authentication to the potential impact of the surrounding events. The level of credibility of each user is assessed dynamically in real-time. PortalGuard uses this information to change the level of authentication required to access an application.
Authorized users (employees, for example) have an inherent level of credibility when they join an organization. For example, a user who regularly attempts to gain access to an application only on weekdays, from an encrypted corporate network, and who is using an IT-provided desktop computer from his or her office in Boston has a good level of credibility.
However, if the same user attempts to access the same application at 7:00 am on a Sunday morning from a coffee shop Wi-Fi hotspot in San Francisco with an iPad, the user will generate a much lower level of credibility. As the apparent potential impact of the user increases, the required level of authentication needed to grant access to a particular application also increases.
If users have a high score, that is, one that is close to the Maximum possible score that you have defined, it means that they have a high level of credibility. The authentication policy applied to them would not require multiple levels of authentication.
However, if users have a low score, they may pose a risk. As a result, they might be prompted to answer security questions, use a two-factor login, or use his cell phone as a hardware token to receive a one-time passcode.
Determining Category Scores
How would you establish a level of credibility for an authorized user or an unauthorized, potentially malicious user? By applying customized authentication policies based on categories and identifiers to which you assign a score. The scores you assign are based on your organization’s needs and use patterns.
Each PortalGuard Credibility Policy you configure is based on from one to four possible categories, as shown in the following figure:
Note that for each category type, there are several items listed under the Identifiers section.
As you can see, listed next to the various identifiers is a number that designates the level of credibility for each of the identifiers in each category. These numbers add up to a maximum possible score of 260.00. Refer to the screenshot above.
The maximum possible score could be any number, based on the how many categories you use and how many identifiers you add to each category. The numbers you assign are arbitrary, but they designate the relative credibility of items within each identifier. The higher number you assign to each Identifier, the more relative importance it has in assessing the credibility of a user.
If we click on the row of identifiers for Network, the following screen appears:
Note that for this organization, users who are accessing applications from within the corporate LAN get a score of 40, which shows a much higher level of credibility than those who are signing in over a WEP (with a score of 5), it uses a relatively weak encryption type. You may consider the following types of questions: Is access via a LAN-based IP address? If this is a wireless connection, is it encrypted? If so, what level of encryption? The more potential risk you feel is associated with a network type, the lower the score it should receive.
This organization has four locations: the headquarters, which are located in Boston, an office in Des Moines, and two sales offices, in Montreal and Buenos Aires. Notice that the Headquarters identifier is assigned a score of 40, while the other offices are all assigned 20. In terms of credibility, anyone accessing the network from headquarters is considered more credible.
This organization gives the highest score of credibility to PCs and laptops issued by the company. User-owned devices, such as IPads and mobile phones, receive a lower relative score within the Device category.
This organization has defined its work hours as from 6:00 to 19:00, Monday through Friday. Note that time has been assigned a low score of 10. Some of the reasons for this are that people often work late or access the company’s network on weekends. If employees could access company files only during a set time range each day, or if there were a company shut down during the holiday season, the time identifier would be more critical, and would therefore be assigned a higher score.