As IT systems and technologies proliferate to enhance business processes, users and system administrators have to face the problem of dealing with different applications and their verification standards to accomplish their job functions. A user typically has to sign-on to multiple systems, having to remember an equivalent number of sign-on dialogues, each of which may involve different usernames and passwords.
Single sign-on (SSO) is a solution to this problem. It is a method of access control that enables a user to log in once and gain access to the resources of multiple software systems without being prompted to log in again. A single sign on infrastructure is increasingly becoming essential in modern enterprises with many users accessing multiple applications over large networks.
Benefits of single sign on are;
- Improved productivity since user only needs to remember one SSO passwordto access every network resource or application.
- Ability to enforce uniform enterprise authentication and/or authorization policies across the enterprise
- Simpler and more secure integration of security features during applicationprogramming
- Integration of security administration for applications running on different operating systems, hardware, etc.
- Improved network security - by implementing an SSO it is assured thatpasswords and sensitive data will be securely transmitted and managed for all applications. Users don’t need to write down their multiple passwords, ensuring better security practices amongst users.
- A centralized profileadministration to control and monitor user’s access privileges.
- Lower cost of implementing and maintaining security across the enterprise.Security services & functionality need not be re-built from scratch for every newapplication.
When using SSO functionality, organizations often have to tackle some of common types of attacks such as network sniffing for shared secrets, man in the middle attacks (passive & active), spoofing by counterfeit servers, etc. SSO infrastructure if properly designed can help avoid such system failures. Few of them are stated below;
- An SSO infrastructure must be reliable and provide a fail-over arrangement.
- It should use reliable transport mechanisms for transmissions.
- It should be able to support access certificates or access control information, access rules and restriction filters.
- It must securely identify a user and support a number of different identity verification methods such as passwords, dynamic passwords, security tokens, smart cards, digital certificates, biometric identifiers, etc.
- The user’s access control information and the resource’s access control profile must be stored centrally by the SSO for better security and administration.
- All profile and security administration activity must be auditable and controlled securely.
- In all enterprises, identity data management processes should be responsive and quick to pick up on any change to the identity such as new identity creation, identity termination or role changes. Without this, enterprise SSO systems are vulnerable to creating enterprise security holes.
|
Author : amer india |
Views : 166 |
|
|
|
|
This Blog Has Been PowerShared™ Successfully! |
|
|
Check out AmerIndia's Profile, and Blogs! |
|