Microsoft
Internet Information Services (IIS) is a valuable tool
for running company websites, portals. It enhances the
availability of applications on the Internet and brings
administration to manageable levels. However, securing
it and protecting valuable company assets can be a challenge.
Authenex meets this challenge
with the ASAS®
System Plug-in for MS IIS, a simple addition to
the Authenex Strong Authentication
System (ASAS®).
The ASAS®
System Plug-in for IIS only takes about twenty minutes
to install and configure. Once in, it requires anyone
who wants access to your IIS-run web site to
verify who they are via ASAS®
System two factor authentication.
Like
a bank ATM, the ASAS®
System two-factor authentication process is based
on identifying a user by something they have (in this
case, an A-Key®
token) and something they know (a password or PIN).
Anyone visiting your IIS login page must use both factors
to gain access. Without both, the ASAS®
System denies access.
From any web browser in any location
in the world, users can securely get the access they
need when they need it.
Using One-time Password (OTP)
access, the IIS-powered site user’sA-Key®
token generates a six-digit OTP value. The
user enters that number along with their PIN into the
log in password field. Each OTP value is unique and
can only be used once. Every time the user accesses
an ASAS®
System-protected log in page, a new, unique OTP
value is required.
The A-Key®
token can also contain a USB interface that
enables users to authenticate via Challenge/Response
authentication. In this case, the user plugs their token
into the USB port of their computer, then accesses the
IIS-powered site log in page. Rather than entering their
network password, the user enters the password for the
A-Key®
token itself. The password plus information
on the token enables the token to authenticate the user
(passwords are never transmitted across any network).
Flexible, dependable, the ASAS®
System IIS solution is designed to provide the highest
security to all IIS features, including File Transport
Protocol (FTP), Network News Transport Protocol (NNTP),
Simple Mail Transport Protocol (SMTP) as well as all
administrative and management applications. |