FortiToken – Time Based One Time Password Enabling 2-factor authentication Fortinet Confidential
Stronger Authentication Is Needed Confidential data is compromised when users misplace passwords or their identity is stolen Remote users and those accessing confidential information should provide multiple forms of identification Authentication can be made more robust by requesting Two or more forms of credentials PIN 1 2 This is the basic idea behind 2-factor authentication Fortinet Confidential
Time-based Token Authentication Login: Bob Password: fortinet Token: 080485 Someone you are Something you know Something you have Token codes can only be used ONCE Token code: changes every 60 seconds Fortinet Confidential Shoulder Surfing and Snoop will NOT work
Additional login question FortiClient, SSL Client and Weblogin have been augmented to request for additional token information if the user profile has been configured for 2-factor Authentication. OS Version FortiToken Enabled FortiOS 4.0MR3 FortiClient* 4.0MR3 *On the roadmap for Q2, 2011 Fortinet Confidential
A Closer Look at Time Synchronization FortiGate Token 080485 080485 Algorithm Algorithm Time Seed Same Time Time Seed Same Seed The very first time the token code may not matchup with FortiGate code due to possible clock drift FortiGate will ask for a 2nd code to adjust its clock window with token Fortinet Confidential
HA SYNC FortiGate Primary ForitGate Secondary Serial numbers and seed files automatically synchronized between HA pairs FortiManager can be used to Sync multiple non-HA FortiGates Fortinet Confidential
FortiToken 2-factor Authentication Available for: Fortinet Confidential
FortiToken Benefits Feature Benefit Positive identification of users Authentication ensures security for VPN & Admin access Compatible with any FortiGate and a 2-factor Authenticator Fits all customer sizes – a unique Fortinet benefit Easy to use Separate Box to ask for user login investment protection Tokens Never Expire Your existing FortiGate install base can be upgraded Flexibility Fortinet Confidential Works without any additional boxes or changes to authentication infrastructure
FortiToken vs. RSA SecureID FortiToken-200 RSA-Secure ID Tokens don’t expire SecureID tokens expire OTP only when button pushed One-time password always shown Long battery life Limited battery life FortiGate validates token External Ace server required Scalable to all customer sizes Server cost high for certain markets Affordable token pricing Fortinet Confidential Expensive tokens
FortiToken – One-time Password Generator Specifications FortiToken-200 Time-based one time password generator Fortinet Confidential Display 6 characters LCD screen Security Processing Time-Based: passwords provided are time-synchronized between the authentication server and the client. Software Support Planned with FortiOS v4.3 Power Supply Lithium battery Expected Life Span 3-5 years License cost Perpetual License for life
Initial Setup Fortinet Confidential
SSL-VPN web login example 1) IT purchases a pool of tokens and enters each tokens Serial number into the FortiGate GUI or CLI 2) FortiGate validates the serial numbers against FortiGuard Center and securely downloads and stores the seed files in encrypted format 3)In HA mode the Token Seed and Serial numbers are automatically synchronized 2 Fortinet Confidential 1 HA Sync (serial # & Seed) 3
SSL-VPN web login example 4) After seed files download, the tokens are activated and ready for assignment to users. IT selects each user that should undergo 2-factor authentication 5) IT selects which one of the 4 services should ask for 2-factor authentication 4 2 Fortinet Confidential 1. 2. 3. 4. IPSEC VPN 5 SSL VPN Captive Portal FortiGate Administration
User Logon Process Fortinet Confidential
SSL-VPN web login example 1) User connects to SSL-VPN login page and Enters username and password 2) FortiGate validates the username and password with the normally configured backend database 1 Active Directory 2 LDAP Bob Password! Radius Fortinet Confidential
Scaling FortiToken Management FortiGate Platform For complete list of supported platforms, please visit the Maximum Values Matrix: iGate-max-values40-mr2.pdf Fortinet Confidential Maximum # of FortiTokens FortiGate-50B FortiGate-50B 20 FortiGate- 60B/C FortiGate-80C 500 FortiGate -110C/111C FortiGate-200B FortiGate-310 FortiGate-620 FortiGate-800 1000 FortiGate-1240 FortiGate-3016B FortiGate-3040B FortiGate-3600A 5000 FortiGate-3810 FortiGate-3950 FortiGate-5001A/5001B 5000
Thank you Thank you! Fortinet Confidential
Expected Life Span 3-5 years License cost Perpetual License for life. Fortinet Confidential Initial Setup. Fortinet Confidential . FortiGate-50B FortiGate-50B 20 FortiGate- 60B/C FortiGate-80C 500 FortiGate -110C/111C FortiGate-200B FortiGate-310 FortiGate-620 FortiGate-800 1000 FortiGate-1240 FortiGate-3016B
Luciferian) Luke 23:35 the chosen of God His Chosen One (NIV, Living Bible) Only One (f) (Luciferian) The one and only God only one the One (NASB) only one the one (NIV) Luciferian “One-Only One” there standeth one among you one is your Master One is your teacher (NASB) one is your Father One is your father (NASB) John 8:50 one One
Book One: XLIX His Relationship with King Nicomedes Book One: L His Affairs with Roman Women Book One: LI His Reputation Elsewhere Book One: LII His Royal Love Affairs Book One: LIII His Food And Drink Book One: LIV His Cupidity Book One: LV His Oratory Book One: LVI His Writings Book One: LVII His Physical Skills and Powers of Endurance
equipment is maintained in depot stocks. One set of M4T6 can be used to construct any one of the following: One 141-foot 8-inch normal bridge One 108-foot reinforced bridge One four-float normal raft One five-float normal raft One four-float reinforced and one five-float reinforced raft One
With the One & Done Workout Program Follow your One & Done workout calendar and do 1 One Minute Finishers exercise after your One & Done Workout, before doing the Flow Down. You can choose any one of the One Minute Finishers exercises you like. If you have purchased One Minute Abs, follow your One & Done One Minute Abs workout calendar.
FP bead, one 7/0 bead, one FP bead, (8 beads total). 2) Slide all the beads to the end of the thread and tie a square knot to form a circle. Then pass through the nearest FP bead. 3) String one 7/0 bead, one FP bead, one 7/0 bead, one FP bead, one 7/0 bead, one FP bead, one 7/0 bead (7 beads total) and then pass through the same FP bead.
based or region-based approach. Though the region-based approach and edge-based approaches are complementary to each other the edge-based approach has been used widely. Using the edge-based approach, a number of methods have been proposed for low-level analysis viz. image compressi
Assessment of School-Based Management Practices A Manual on the Republic of the Philippines Department of Education . DepED Memorandum vi I. Introduction 1 II. Purposes of SBM Assessment 2 III. Assessment Framework of SBM Practice 2 IV. School Based Management System 3 .File Size: 1MBPage Count: 74Explore furtherA Comprehensive Guide to School-Based Management (SBM .www.teacherph.comRevised School-Based Management - SlideSharewww.slideshare.netBest Practices on School-Based Management (SBM) - TeacherPHwww.teacherph.comDO 45, s. 2015 – Guidelines on School-Based Management .www.deped.gov.phLevels of Participation of the School Stakeholders to the .files.eric.ed.govRecommended to you b
-Textbook: Ladefoged (2006), A Course in Phonetics, (available in Thai version) -Website (for interactive learning): UCLA.-Supplementary reading and interactive lessons: Academic websites around the world, e.g., U. of Arizona, USA, Macquarie U., Australia, Otago U., New Zealand, Stuttgart U., Germany, etc. A. Tumtavitikul, SWU, Aug. 2009-Lectures: on-campus, in classroom environments via .