Home > Ask the Security Experts > Identity Management and Access Control Questions & Answers > Can single sign-on (SSO) provide authentication for remote logons?
Ask The Security Expert: Questions & Answers
EMAIL THIS

Can single sign-on (SSO) provide authentication for remote logons?

Joel Dubin, past SearchSecurity.com expert EXPERT RESPONSE FROM: Joel Dubin, past SearchSecurity.com expert

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 02 December 2006
I am accessing multiple applications through a remote Citrix server, which has three or four applications that I use regularly. Can I use enterprise single sign-on (SSO) to provide authentication for the remote application as well?

>
There are two ways to implement enterprise single sign-on (SSO) for remote logons. One is to use Citrix itself, which you already have, and the other is to set up an SSL VPN with another provider.

Citrix Password Manager lets users sign on whether they're already in the network and behind the corporate firewall, or whether they're off-site and remotely logging in from outside the firewall. The product uses the Citrix Presentation Server to manage passwords, and users can access their accounts with the Citrix Web Interface. Password Manager has been enhanced for SSO, too, and integrates with Active Directory.

Password Manager is fully automated, and users can set themselves up and reset passwords on their own without having to call the help desk.

Another approach for remote user authentication is an SSL VPN. An SSL VPN allows specific remote users to connect to particular internal applications, which is what you're trying to do here. This contrasts with a traditional IPsec VPN, which connects a workstation to a network.

As for combining SSO with an SSL VPN, Aventail Corp. now offers SSO access in its beefed- up ST2 platform. Aventail is a leading vendor in the SSL VPN market and integrates with Active Directory, LDAP and RADIUS, an authenticating server for remote users.

Another top player in the SSL VPN arena is Juniper Networks Inc. Juniper joined forces with RSA Security (which is now owned by EMC Corp.) to add SSO functionality to its SSL VPN offering. The RSA Federated Identity Manager handles the SSO side of the application and integrates into existing corporate directories.

The key point to remember with SSO is that it cuts both ways. With a single user ID and password for multiple applications, it provides real ease of use for your employees. That ease of use, however, extends equally to malicious users trying to get into your system. In one stroke, an entire network can be compromised.

Whichever SSO solution you choose, make sure it's secure, harden all SSO hardware and software and educate users in safe password handling practices.

More information:

  • Set up endpoint security features on a Juniper SSL VPN.
  • Learn more about VPNs in our Network Access Control Learning Guide.


    • BROWSE BY TAG
    Identity Management and Access Control,   SSL and TLS VPN Security,   Secure VPN Setup and Configuration,   Enterprise Network Security,   Enterprise Single Sign-On (SSO),   Enterprise Identity and Access Management,   User Authentication Services,   Expert Archive: Identity Management and Access Control,   VIEW ALL TAGS

    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



    RELATED CONTENT
    Identity Management and Access Control
    Is Identity Management as a Service (IDaaS) a good idea?
    How to log in to multiple servers with federated single sign-on (SSO)
    How to confirm the receipt of an email with security protocols
    Learn about enterprise strategy for server virtualization single sign-on
    Employee information security awareness training for new IAM systems
    Can you combine RFID tag technology with GPS to track stolen goods?
    Is there a free enterprise-caliber password-management tool?
    Cryptosystem attacks that do not involve obtaining the decryption key
    Can any firm or organization get a digital signature certificate?
    Should the CTO have domain administrator access?

    SSL and TLS VPN Security
    Expert calls SSL protocol vulnerability a non issue
    How SSL-encrypted Web connections are intercepted
    Best Remote Access Products
    How to set up a split-tunnel VPN in Windows Vista
    Securing the intranet with remote access VPN security
    A short enterprise VPN deployment guide
    Creating an SSL connection between servers
    Can S/MIME, XML and IPsec operate in one protocol layer?
    Can secure USB devices prevent man-in-the middle attacks
    How to secure SSL following new man-in-the-middle SSL attacks

    Enterprise Single Sign-On (SSO)
    How to log in to multiple servers with federated single sign-on (SSO)
    Security on a budget: How to make the most of authentication tools
    Best Identity and Access Management Products
    Changing times for identity management
    Kerberos configuration as an authentication system for single sign-on
    How to use single sign-on for Web access control to prevent malware
    Learn about enterprise strategy for server virtualization single sign-on
    Enterprise single sign-on: Easing the authentication process
    Exploring authentication methods: How to develop secure systems
    User provisioning and SSO for PeopleSoft- and Unix-based products
    Enterprise Single Sign-On (SSO) Research

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    Secure Shell  (SearchSecurity.com)
    Secure Sockets Layer  (SearchSecurity.com)
    server accelerator card  (SearchSecurity.com)
    SSL VPN  (SearchSecurity.com)
    Transport Layer Security  (SearchSecurity.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary



    Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice



    Find Security Solutions for Your Business
    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts