passwords. perfected.

Our Agents

Click the Title of the specific category to expand it:

Protect Windows logon

Protect Windows logon

Weak passwords offer little protection to information assets. They allow adversaries to act on behalf of trusted users and present the opportunity to compromise or even destroy confidential information. AuthAnvil’s Windows Logon Agent protects against this by delivering strong two-factor authentication to all interactive logon requests.

Why Secure Windows Logon?

When a password is compromised, the results can be disastrous to a company. Adversaries can pose as trusted users and access or destroy privileged and confidential information. In a Windows network the risks are further compounded by the fact a single Active Directory password credential will open up access to resources all over the organization. From company database resources to the corporate Sharepoint intranet, an account that is breached can cost a business highly in financial loss, lost productivity and the potential of a damaged reputation.

The AuthAnvil Windows Logon Agent offers companies the ability to add strong two-factor authentication to Microsoft’s Windows client and server operating systems. It provides a simple and consistent logon experience no matter if they logon at the local desktop or through a terminal session. And it offers identity assurance by requiring users to provide their AuthAnvil passcode during the logon process.

AuthAnvil Strong Authentication

AuthAnvil uses one-time passwords (OTP) that are dynamically generated by portable hardware authentication tokens. Combined with an easy to remember PIN, these two pieces of information create a strong passcode that cannot be reproduced. And can only be used once. This is what makes up two-factor authentication. It is something you know (your unique PIN) and something you have (your OTP).

How It Works

When employees or partners need to access Microsoft Windows clients and servers they will log on directly at the keyboard, through Terminal Services or through a direct RDP session. Extending Microsoft’s Windows Logon, AuthAnvil updates the dialog box challenging the user for their Active Directory credentials and their AuthAnvil passcode for that logon session. When a user attempts to log in their passcode is sent to the AuthAnvil Strong Authentication Server (SAS) for authentication. If accepted, AuthAnvil then transfers the request back to the Windows security subsystem, which then attempts to authenticate the user against their domain credentials.

Securing Web Sites and Web Applications

Securing Web Sites and Web Applications

In an effort to increase productivity, streamline communications and give easier access to business assets many businesses have turned to migrating critical business applications to the web. This exposes companies to new online risk that should be mitigated to prevent unauthorized access to information assets. AuthAnvil helps to mitigate this risk by providing strong authentication and identity assurance to employees, partners and customers who access protected web applications.

Why Secure Your Web Applications?

When a password is compromised, the results can be disastrous to a company. Adversaries can pose as trusted users and access or destroy privileged and confidential information. When web applications are used, the risks are further compounded by the fact access is easily available with a simple web browser anywhere. From company line-of-business applications to the corporate SharePoint intranet, an account that is breached can cost a business highly in financial loss, proprietary information disclosure, lost productivity and the potential of a damaged reputation.

The AuthAnvil Web Logon Agent offers companies the ability to add strong two-factor authentication to web applications running on Microsoft’s Internet Information Server (IIS). It provides a simple and consistent authentication experience in front of any web application or portal installed into IIS, including Outlook Web Access (OWA), Remote Desktop Web Access (RD Web Access), MSCRM and SharePoint. And it offers identity assurance by requiring users to provide their AuthAnvil passcode before they can access the underlying web application or portal.

AuthAnvil Strong Authentication

AuthAnvil uses one-time passwords (OTP) that are dynamically generated by portable hardware authentication tokens. Combined with an easy to remember PIN, these two pieces of information create a strong passcode that cannot be reproduced. And can only be used once. This is what makes up two-factor authentication. It is something you know (your unique PIN) and something you have (your OTP).

How It Works

When employees, partners or customers visit a protected web application AuthAnvil provides a web logon form challenging the user for their AuthAnvil passcode. When a user attempts to log in their passcode is sent to the AuthAnvil Strong Authentication Server (SAS) for authentication. If accepted, AuthAnvil transfers the request back to IIS, which then attempts to authenticate the user against the authentication system provided by the web application.

To accomplish this, AuthAnvil uses an ISAPI extension that installs directly into IIS. It sits between the user’s browser and the web server, intercepting all resource requests. When a request is made to a protected resource AuthAnvil challenges the user for their username and passcode. If the user is authenticated and authorized to access the resource, a tamper-resistant session cookie is created and the request is passed on to the underlying web resource.

Securing Virtual Private Networks

Securing Virtual Private Networks

A mobile workforce is a great asset to a business, and a great liability. The use of virtual private networking (VPN) allows businesses to provide remote access to corporate information assets. Unfortunately, VPN is only as secure as the endpoints; a weak password system can expose your business to great risk as there is no way to reliably prove the identity of the remote user that is using that credential. When using AuthAnvil, you can get the identity assurance that you need.

Why Secure VPN?

The growth of remote access for telecommuters and employees in the field has driven the use of virtual private networking (VPN) for many businesses connected to the Internet. This creates a secure tunnel between the remote worker and the corporate network to protect data in transit over an unsecure network like the Internet. This is typically done using Secure Socket Layer (SSL) or IP Security (IPSec).

Unfortunately, VPN alone does not provide assurance that this remote workforce is who they say they are. A virtual private network that doesn’t use strong authentication isn’t that private at all. If a user’s password can be captured and used, an adversary can easily gain access to corporate information assets without anyone even knowing, as long as they have access to the VPN client software.

This becomes even more of a concern when using SSL VPNs. While easier to deploy than typical VPN solutions, SSL VPNs become easier targets for hackers as there are no special configuration or client software to install… they just need to have a web browser present. The need for strong authentication becomes more evident as you consider just what sensitive and proprietary information assets are then exposed through the use of a simple web browser.

Securing the data in transit is indeed important. That is what VPN is good at. However, reliably proving who is accessing that data… that’s the job for strong authentication.

AuthAnvil Strong Authentication

AuthAnvil uses one-time passwords (OTP) that are dynamically generated by portable hardware authentication tokens. Combined with an easy to remember PIN, these two pieces of information create a strong passcode that cannot be reproduced. And can only be used once. This is what makes up two-factor authentication. It is something you know (your unique PIN) and something you have (your OTP).

How It Works

VPN is used to create a secure and encrypted tunnel between the remote user and the corporate network. On initialization of the tunnel an authentication check occurs where the username and password are forwarded to the VPN server. In turn, if the credentials are valid the VPN server assigns the remote host an IP address on the local LAN and gives appropriate rights on the network.

With AuthAnvil, the user simply replaces the normal password they would provide in the login dialog with their AuthAnvil passcode, a combination of their personal PIN and the unique one-time password generated by their authentication token. When the credentials are sent to the VPN server, the request is forwarded to the AuthAnvil RADIUS server and validated against the AuthAnvil Strong Authentication Server (SAS). If accepted, the RADIUS server sends back an appropriate response which informs the VPN server to grant access and assign the local LAN IP.

Seamless VPN Integration

The AuthAnvil RADIUS Agent is a small Windows Service that runs on Windows Server and integrates with any VPN server or device that supports RADIUS, including solutions from:

  • Microsoft
  • Cisco
  • Nortel
  • Sonicwall
  • Watchguard
  • Checkpoint
  • Juniper
  • NetGear

Protecting Microsoft DirectAccess

Protecting Microsoft DirectAccess

Windows Server 2008 R2 introduces an excellent remote access feature in DirectAccess, a new user experience which seamlessly connects Windows 7 based workstations to their corporate network any time they have Internet access. With DirectAccess, users are able to access corporate resources (such as e-mail servers, shared folders, or intranet Web sites) securely without connecting to a virtual private network (VPN).

With such easy access to the corporate network, strong authentication is a vital component to help definitively prove with confidence that when someone is using that workstation and gaining access to your company’s resources in the office, they are who they say they are.

AuthAnvil for Windows7 Logon

DirectAccess takes the concept of VPN and throws it topsy-turvy. User initiated PPTP or L2TP are great VPN solutions that we have used in Windows XP and Vista for years. But lets face it, it has its limitations. Many hotels don’t allow for such VPN. When tethering with some cell providers, they won’t allow it either. It makes it difficult at best to use it for that “anywhere, anytime” access remote works seek. And it is not always practical to buy into yet another appliance so we can have SSL VPN and still not get all the benefits we need for full corporate network access.

Worse yet is that managing remote computers over VPN is a nightmare. You have to wait until a connection is established, and generally the gpupdates don’t happen fast enough which means its extremely difficult to manage the machines through group policy. And we all have seen the ugliness of remote shares and connectivity when using PPTP. It works well when the tunnel is up, but hangs everything when you try to access shares when it isn’t.

Enter DirectAccess. DirectAccess allows machine level connectivity by combining IPV6 with IPSec to give you a tunnelled direct connection back to the office in a secure manner. This means you can actually apply full group policy and management to these machines ANYTIME they are connected to the Internet.

That’s right, in case you think you didn’t read that correctly, when the PC is online, its actually connected to the corporate LAN. That means it has full access to all assets and resources, and can come into complete visibility to your management systems like System Center.

Of course, that in itself becomes a concern to some IT professionals. That means laptops in the field always have connectivity. How do we know for sure they are who they say they are? DirectAccess has built in trust through its certificate management chain. Each machine under a DirectAccess scope will have received a client certificate from the Certificate Authority attached to Active Directory. However, if you want more assurance, AuthAnvil can come into play here in a REALLY nice way, to provide identity assurance for the user accessing the system.

Because DirectAccess allows your remote Windows 7 clients to be always communicating with Active Directory, you can take advantage of Active Directory Software Distribution policies and assign a Group Policy Object (GPO) to the OU in question. In other words, if you were to create an OU called “DAClients” and apply the AuthAnvil Protection Policy, the remote Windows 7 clients would have the AuthAnvil Credential Provider distributed and installed to them the next time it reboots, giving you immediate two-factor authentication on your DirectAccess clients. And here is what it would look like when they go to log into the Windows 7 client:

[image]

Of course, since there will be times when these machines WON’T be connected to the corporate network, or more precisely won’t be connected to the Internet… we recommend you configure the AuthAnvil Credential Provider to use Offline Caching Mode. This way you can continue to use AuthAnvil’s two-factor authentication security even when you cannot reach the AuthAnvil Strong Authentication Server, like when you may be flying in an airplane or in the middle of nowhere with no network access to speak of.

Securing Network Devices

Securing Network Devices

Providing access to information for customers, partners and employees requires a new degree of access control and trust. Firewalls, VPNs and network devices provide access, but also create new risk to your business. Password security simply can’t verify that the person gaining access to your information assets is actually who they claim to be. The use of strong two-factor authentication gives you positive assurance and eliminates this risk.

Why is authentication important?

Compromised passwords hold serious consequences to your business. The use of such credentials with typical password security systems allow untrusted users to gain access and impersonate trusted users without you even knowing. With Scorpion Software’s AuthAnvil two-factor authentication solution the password changes every time it is used. There is never a chance to compromise it.

AuthAnvil Strong Authentication

AuthAnvil uses one-time passwords (OTP) that are dynamically generated by portable hardware authentication tokens. Combined with an easy to remember PIN, these two pieces of information create a strong passcode that cannot be reproduced. And can only be used once. This is what makes up two-factor authentication. It is something you know (your unique PIN) and something you have (your OTP).

How It Works

When customers, partners or employees need to access corporate information resources their access will be controlled through firewalls, VPNs and/or other network devices. Challenged for their password on entry, the user will input their PIN + OTP to create a single use passcode for that logon session. In turn, that device will forward the request via the RADIUS protocol to the AuthAnvil RADIUS Server which then uses AuthAnvil to authenticate the request.

Enhance Online Trust

AuthAnvil lets you easily and cost-effectively eliminate the risks exposed with the use of password security systems. It enhances online trust and enables secure remote access to protected information assets by offering the ability to reliably prove the identity of requesting users. As users connect through your network and security devices, you can be assured that the user requesting access is who they say they are.

Seamless Integration with Devices

AuthAnvil integrates with any firewall, VPN or network device that supports RADIUS including solutions from:

  • Checkpoint
  • Cisco
  • Fortinet
  • FS
  • IBM
  • Juniper
  • Microsoft
  • NetGear
  • NetScreen
  • Nortel
  • Sonicwall
  • WatchGuard

Protecting Remote Desktop Services

Protecting Remote Desktop Services

A mobile workforce is a great asset to a business, and a great liability. The use of Remote Desktop Services allows businesses to provide remote access to corporate information assets. Unfortunately, Remote Desktop Services is only as secure as the endpoints; a weak password system can expose your business to great risk as there is no way to reliably prove the identity of the remote user that is using that credential. When using AuthAnvil, you can get the identity assurance that you need.

Why Secure Remote Desktop Services?

The growth of remote access for telecommuters and employees in the field has driven the use of remote access solutions for many businesses connected to the Internet. Remote Desktop Services creates a secure connection between the remote worker and their computer on the corporate network to protect session data in transit over an unsecure network like the Internet. This is typically done using Secure Socket Layer (SSL) or RDP Encryption

Unfortunately, a username and password alone does not provide assurance that this remote workforce is who they say they are. A remote access solution that doesn’t use strong authentication isn’t that private at all. If a user’s password can be captured and used, an adversary can easily gain access to corporate information assets without anyone even knowing. This is a special concern because, as long as the computer is running Windows, there are no special configuration or client software to install… they just need to have a web browser present. The need for strong authentication becomes more evident as you consider just what sensitive and proprietary information assets are then exposed through the use of a simple web browser.

Securing the session data in transit is indeed important. Remote Desktop Services does a good job of that. However, reliably proving who is accessing that data… that’s the job for strong authentication.

AuthAnvil Strong Authentication

AuthAnvil uses one-time passwords (OTP) that are dynamically generated by portable authentication tokens, using either traditional keyfob tokens, or SoftTokens, which allow you to turn your mobile phone or computer into an OTP generating system. Combined with an easy to remember PIN, these two pieces of information create a strong passcode that cannot be reproduced. And can only be used once. This is what makes up two-factor authentication. It is something you know (your unique PIN) and something you have (your OTP).

How It Works

Remote Desktop Services is used to create a connection between the remote user and a computer on the corporate network. When the connection is set up, an authentication check occurs where the username and password are forwarded to the authentication server, usually an Active Directory domain controller. If the credentials are valid, the connection is established between the remote user and the computer, and the user gets access to the computer’s desktop.

With AuthAnvil, in addition to their regular username and password, the user also provides their AuthAnvil passcode in the login dialog. This is a combination of their personal PIN and the unique one-time password generated by their authentication token. When the credentials are sent to the authentication server, the request is also validated against the AuthAnvil Strong Authentication Server (SAS). If accepted, the AuthAnvil server sends back an appropriate response which informs the agent to grant access and allow the connection to be established.

Seamless Remote Desktop Services Integration

AuthAnvil Agents are available to protect a number of Remote Desktop Services implementations:

  • Terminal Services/Remote Desktop Services – AuthAnvil Windows Logon Agent/Windows Credential Provider
  • RemoteApp – AuthAnvil Windows Credential Provider
  • RD Web App – RD Web App Logon Agent
  • Remote Web Workplace – RWWGuard
  • TS Web Access – AuthAnvil Web Logon Agent

Protecting Citrix

Protecting Citrix

A mobile workforce is a great asset to a business, and a great liability. The use of Citrix remote access solutions allows businesses to provide remote access to corporate information assets. Unfortunately, Citrix solutions are only as secure as the endpoints; a weak password system can expose your business to great risk as there is no way to reliably prove the identity of the remote user that is using that credential. When using AuthAnvil, you can get the identity assurance that you need.

Why Secure Citrix?

The growth of remote access for telecommuters and employees in the field has driven the use of remote access solutions for many businesses connected to the Internet. The Citrix client creates a secure connection between the remote worker and the resources that they want to access on the corporate network to protect session data in transit over an unsecure network like the Internet. This is typically done using Secure Sockets Layer (SSL).

Unfortunately, a username and password alone does not provide assurance that this remote workforce is who they say they are. A remote access solution that doesn’t use strong authentication isn’t that private at all. If a user’s password can be captured and used, an adversary can easily gain access to corporate information assets without anyone even knowing. This is a special concern because; the client software does not need any configuration and is freely and publicly available for download. The need for strong authentication becomes more evident as you consider just what sensitive and proprietary information assets are then exposed through the use of freely available software.

Securing the session data in transit is indeed important. Citrix does a good job of that. However, reliably proving who is accessing that data… that’s the job for strong authentication.

AuthAnvil Strong Authentication

AuthAnvil uses one-time passwords (OTP) that are dynamically generated by portable authentication tokens, using either traditional keyfob tokens, or SoftTokens, which allow you to turn your mobile phone or computer into an OTP generating system. Combined with an easy to remember PIN, these two pieces of information create a strong passcode that cannot be reproduced. And can only be used once. This is what makes up two-factor authentication. It is something you know (your unique PIN) and something you have (your OTP).

How It Works

Citrix solutions create a connection between the remote user and a Citrix server on the corporate network. When the connection is set up, an authentication check occurs where the username and password are forwarded to the authentication server, usually an Active Directory domain controller. If the credentials are valid, the connection is established between the remote user and the Citrix server, and the user gets access to the resources provided by the Citrix server.

With AuthAnvil, in addition to their regular username and password, the user also provides their AuthAnvil passcode in the login dialog. This is a combination of their personal PIN and the unique one-time password generated by their authentication token. When the credentials are sent to the authentication server, the request is also forwarded to the AuthAnvil RADIUS server and validated against the AuthAnvil Strong Authentication Server (SAS). If accepted, the AuthAnvil server sends back an appropriate response which informs the Citrix server to grant access and allow the connection to be established.

Seamless Citrix Integration

AuthAnvil can protect a number of Citrix technologies:

  • XenApp
  • XenApp Fundamentals
  • XenDesktop
  • Citrix Access Gateway

Protecting PSA platforms

Protecting PSA platforms

PSA platforms allow users to access and manage all of the information that an IT business needs to run, such as contracts, billable items, and other proprietary client information. Unfortunately, PSA platforms are only as secure as their access points; a weak password system can expose your business to great risk as there is no way to reliably prove the identity of the remote user that is using that credential. When using AuthAnvil, you can get the identity assurance that you need.

Why Secure Your PSA platform?

PSA platforms allow users to connect from anywhere, at anytime, to manage the accounts and information that they are responsible for. This may mean that they are connecting from untrusted computers or connections. PSA platforms can create a secure connection between the technician and the PSA platform to protect session data in transit over an unsecure network like the Internet. This is typically done using Secure Socket Layer (SSL).

Unfortunately, a username and password alone does not provide assurance that technicians are who they say they are. If a user’s password can be captured and used, an adversary can easily gain access to the PSA platform and wreak havoc without anyone even knowing where the attack came from. This is a special concern because there are no special configuration or client software to install… they just need to have a web browser present. The need for strong authentication becomes more evident as you consider just what sensitive tools and assets are then exposed through the use of a simple web browser.

Securing the session data in transit is indeed important. SSL does a good job of that. However, reliably proving who is accessing the tools… that’s the job for strong authentication.

AuthAnvil Strong Authentication

AuthAnvil uses one-time passwords (OTP) that are dynamically generated by portable authentication tokens, using either traditional keyfob tokens, or SoftTokens, which allow you to turn your mobile phone or computer into an OTP generating system. Combined with an easy to remember PIN, these two pieces of information create a strong passcode that cannot be reproduced. And can only be used once. This is what makes up two-factor authentication. It is something you know (your unique PIN) and something you have (your OTP).

How It Works

When a user logs into an PSA platform, an authentication check occurs where the username and password are checked against the PSA platform’s user database. If the credentials are valid, the user is allowed to log in.

With AuthAnvil, after a user logs in using their regular username and password. If the user is marked as requiring Two-Factor Authentication, the user is challenged for their AuthAnvil passcode after putting in their username and password. This passcode is a combination of their personal PIN and the unique one-time password generated by their authentication token. When the credentials are checked against the PSA platform’s database, the request is also validated against the AuthAnvil Strong Authentication Server (SAS). If accepted, the AuthAnvil server sends back an appropriate response which informs the PSA platform to grant access and allow the user to log in.

Supported PSA platforms

AuthAnvil integration is available to protect the following PSA platforms:

  • Autotask
  • Connectwise

Protecting RMM Platforms

Protecting RMM Platforms

RMM platforms allow technicians to remotely monitor and manage computers from anywhere in the world, without having to be on site. They allow incredibly powerful management tools, allowing a technician to deploy software, perform maintenance and updates, and assist users with only a few clicks. Unfortunately, RMM platforms are only as secure as the places that users access them from; a weak password system can expose your business to great risk as there is no way to reliably prove the identity of the remote user that is using that credential. When using AuthAnvil, you can get the identity assurance that you need.

Why Secure Your RMM platform?

RMM platforms allow technicians to connect from anywhere, at anytime, to manage the systems that they are responsible for. This may mean that they are connecting from untrusted computers or connections. RMM platforms can create a secure connection between the technician and the RMM platform to protect session data in transit over an unsecure network like the Internet. This is typically done using Secure Socket Layer (SSL).

Unfortunately, a username and password alone does not provide assurance that technicians are who they say they are. If a user’s password can be captured and used, an adversary can easily gain access to the RMM platform and wreak havoc without anyone even knowing where the attack came from. This is a special concern because there are no special configuration or client software to install… they just need to have a web browser present. The need for strong authentication becomes more evident as you consider just what sensitive tools and assets are then exposed through the use of a simple web browser.

Securing the session data in transit is indeed important. SSL does a good job of that. However, reliably proving who is accessing the tools… that’s the job for strong authentication.

AuthAnvil Strong Authentication

AuthAnvil uses one-time passwords (OTP) that are dynamically generated by portable authentication tokens, using either traditional keyfob tokens, or SoftTokens, which allow you to turn your mobile phone or computer into an OTP generating system. Combined with an easy to remember PIN, these two pieces of information create a strong passcode that cannot be reproduced. And can only be used once. This is what makes up two-factor authentication. It is something you know (your unique PIN) and something you have (your OTP).

How It Works

When a user logs into an RMM platform, an authentication check occurs where the username and password are checked against the RMM platform’s user database. If the credentials are valid, the user is allowed to log in.

With AuthAnvil, in addition to their regular username and password, the user also provides their AuthAnvil passcode on the login page. This passcode is a combination of their personal PIN and the unique one-time password generated by their authentication token. When the credentials are checked against the RMM platform’s database, the request is also validated against the AuthAnvil Strong Authentication Server (SAS). If accepted, the AuthAnvil server sends back an appropriate response which informs the RMM platform to grant access and allow the user to log in.

Supported RMM platforms

AuthAnvil Agents and integration are available to protect the following RMM platforms:

  • Continuum
  • Kaseya
  • Labtech
  • Level Platforms
  • N-Able

Protecting Apps with Custom Authentication

Protecting Apps with Custom Authentication

Embedding strong authentication into existing applications provides a mechanism to reduce risk to confidential resources by offering identity assurance for those people needing to use these applications. Take advantage of AuthAnvil’s web services architecture to provide two-factor authentication directly into your own software, and reuse your existing AuthAnvil infrastructure that is already protecting the rest of your business.

Why Add AuthAnvil Support To Your Applications?

Many companies leverage in-house developed applications to meet objectives in their business workflow. These tools and applications typically have a great deal of access to confidential information and are normally protected with built in password systems which may be inadequate to protect the data. Adding stronger authentication solutions hasn’t been easily available for custom applications. They are usually too complex and require serious overhauling of the code to integrate. Not anymore.

AuthAnvil supports a web services interface which makes it extremely easy to add strong authentication support in just a few lines of code. If your in-house application is developed in Visual Studio, you can use the built in tools to import “Web References” and immediately gain access to the AuthAnvil Web Service. This lets you reuse your existing AuthAnvil infrastructure that is already protecting the rest of your business within your own code.

We also include an administrative web service, making it extremely easy to provision and modify entire AuthAnvil sites. We even have managed service providers (MSP) using Microsoft’s PowerShell to manage their infrastructure!

AuthAnvil Strong Authentication

AuthAnvil uses one-time passwords (OTP) that are dynamically generated by portable hardware authentication tokens. Combined with an easy to remember PIN, these two pieces of information create a strong passcode that cannot be reproduced. And can only be used once. This is what makes up two-factor authentication. It is something you know (your unique PIN) and something you have (your OTP).

How It Works

Under the hood, the core of AuthAnvil is driven by a Web Service. A web service is a software system designed to support interoperable Machine to Machine interaction over a network. Using an XML-based extensible message envelope, a client wishing to consume strong authentication provided by AuthAnvil can send a request to the AuthAnvil server for authentication. Once validated, AuthAnvil will return an envelope which contains information granting or revoking the request.

For developers who do not know how to use web services or cannot use a language that readily supports it, a COM interface is available that can be called directly. This interface converts the COM request into a web service request and completes the transaction on behalf of the caller.