Identification and authentication are core components of any security architecture. They provide a way of confirming that a system or person is who they say they are. Authentication solutions can be many and varied depending on the needs of the organisation. Many security standards such as those found in government or within the financial sector often require strong authentication mechanisms to verify a user of a system. A strong authentication mechanism may consist of two or three of the different factors of authentication:

  • Something a user has
  • Something a user knows
  • Something a user is (or does)

Where two or more factors are combined, this is commonly referred to as multi-factor authentication. Multi-factor authentication is one of the most effective mitigation strategies to prevent adversaries from pivoting within a network and gaining further access or elevated privilege. Foresight has gained experience with many different forms of multi-factor authentication, including smart-cards, tokens and certificates (with a focus on PKI).

PKI is the name given to the combination of software, hardware, people, policies and procedures needed to create, manage, store, distribute and revoke Public Key certificates (also known as digital certificates). One of the main benefits of PKI is that it provides a system for distributing and trusting those certificates.

Foresight can provide PKI consulting and integration services. Foresight consultants have a strong background in the authentication space, having been involved in PKI initiatives in both the public and private sector including Australian Government GateKeeper projects. Foresight can assist with:

  • Designing secure and usable PKI solutions;
  • Implementation and integration of well known PKI products;
  • Gatekeeper compliance and advice;
  • PKI Documentation; and
  • PKI-related Risk Assessments.

 

NeAF Assessments

The National e-Authentication Framework (NeAF) is a better practice authentication framework aimed at Australian Government agencies. As per the framework, the NeAF covers two aspects of authentication:

  • electronic authentication of the identity of individuals and businesses; and
  • authentication of government websites.

NeAF provides five levels of assurance: 0 (the lowest – null level) through 4 (the highest). If you are a government agency considering an authentication solution a NeAF assessment should be conducted.

Foresight can provide NeAF assessments for agencies. Contact us at info@foresightconsulting.com.au

 

Gatekeeper PKI

Gatekeeper is the Australian Government PKI framework, administered by the Australian Government Information Management Office (AGIMO). Gatekeeper was designed to increase confidence in online government services by providing an endorsed framework using public key technologies. The Gatekeeper program allows an organisation to undergo an accreditation process that provides assurance that the organisation has met rigorous standards in relation to physical, personnel and logical security, operational procedures and technical requirements. We can assist organisations who are seeking to become Gatekeeper compliant by either preparing them for assessment or conducting the assessment activities in our role as endorsed IRAP assessors.