Identification and authentication are core components of any security architecture. They provide a way of confirming that a system or person is who they say they are. Authentication solutions can be many and varied depending on the needs of the organisation. Many security standards such as those found in government or within the financial sector often require strong authentication mechanisms to verify a user of a system. A strong authentication mechanism may consist of two or three of the different factors of authentication:
something a user has
something a user knows
something a user is (or does)
Where two or more factors are combined, this is commonly referred to as multi-factor authentication. Multi-factor authentication is one of the most effective mitigation strategies to prevent adversaries from pivoting within a network and gaining further access or elevated privilege. Foresight has gained experience with many different forms of multi-factor authentication, including smart-cards, tokens and certificates (with a focus on PKI).
PKI is the name given to the combination of software, hardware, people, policies and procedures needed to create, manage, store, distribute and revoke Public Key certificates (also known as digital certificates). One of the main benefits of PKI is that it provides a system for distributing and trusting those certificates.
Foresight can provide PKI consulting and integration services. Foresight consultants have a strong background in the authentication space, having been involved in PKI initiatives in both the public and private sector including Australian Government GateKeeper projects. Foresight can assist with:
designing secure and usable PKI solutions
implementation and integration of well known PKI products
Gatekeeper compliance and advice
PKI-related Risk Assessments
The National e-Authentication Framework (NeAF) is a better practice authentication framework aimed at Australian Government agencies. As per the framework, the NeAF covers two aspects of authentication:
electronic authentication of the identity of individuals and businesses
authentication of government websites
NeAF provides five levels of assurance: 0 (the lowest – null level) through 4 (the highest). If you are a government agency considering an authentication solution a NeAF assessment should be conducted.
Gatekeeper is the Australian Government PKI framework, administered by the Australian Government Information Management Office (AGIMO). Gatekeeper was designed to increase confidence in online government services by providing an endorsed framework using public key technologies. The Gatekeeper program allows an organisation to undergo an accreditation process that provides assurance that the organisation has met rigorous standards in relation to physical, personnel and logical security, operational procedures and technical requirements. We can assist organisations who are seeking to become Gatekeeper compliant by either preparing them for assessment or conducting the assessment activities in our role as endorsed IRAP assessors.
For more information about any of our identity and authentication service offerings, contact us at [email protected].