Security made simple -- is single sign-on the answer?
What are the barriers to single sign-on? How are products from Sun and other vendors beginning to address them?
Is it really the desire of security experts to torture you into a sense of well being? Surely it feels that way since every application, system, and resource seems to need a password, challenge key, or other physical form of security to keep your data (hence livelihood) secure from intruders and open to all who should have access to it. But just as we have become prisoners in our own society to the criminal element, perhaps we have become prisoners in our application space. Single sign-on, as a concept and emerging technology set, brings the promise of delivery from this prison, making security simpler, yet effective. Sun is moving ahead to make this concept a reality. (2,300 words)
"Good morning, this is your friendly, easy to use computer, ready to do your bidding. But before we begin, I need to ask a small favor: Can you give me your password so I know what I can do for you?"
So far, so good, I don't mind doing this once each day. Time to enter the business status program.
"Yes sir, I'll start that right away, just as soon as you give me your password for that application."
All right, I can do that again, after all, it is the company jewels that are being revealed. While I'm thinking about it, I'd better check HR to see what I have left to do on John's evaluation.
"Right away, HR being loaded now. Welcome to HR, password please."
Enough! There has to be an easier way.
Well, perhaps there is. The concept of single sign-on is the nirvana users are searching for and software suppliers are striving to provide. It is infinitely easier for users to remember a single and consistent authentication process, and much more likely remembered and respected, if the user finds the process minimally intrusive.
Single sign-on isn't easy to define. How extensive should the permissions be when you authenticate a person once for an entire enterprise? Think about the challenge. Take a person who has rights to use thirty applications across 10 servers located in 5 different facilities on two continents and is in charge of 300 people whose files he should have access to at any time. Within that structure, there are applications and files sets that are outside his security domain, so access needs to be specifically granted in a number of situations. As you might begin to imagine, the idea of defining the permission model quickly gets out of hand when it is extended beyond system access or application execution.
Sun is currently focusing its product efforts, with the Solstice Security Manager product line, on the area of application access through a single sign-on. At this stage of the model, a user is able to authenticate once, providing access to a series of applications that have been defined in the security system. But what are the real issues of single sign-on?
Single sign-on challenges
Several areas of concern emerge immediately as IT staffs and users address this area of security. Start with the number of applications that are involved and the number of servers that they reside on. In the past, each application has embedded its own security process or relied on the authentication procedure for access to the system hosting the application. This design model has generated an enormous redundancy of application development as the process was often recreated rather than replicated. The impact to the user was the necessity to have another password prompt during application start-up, while security personnel had another point of failure where security had to be managed. Distributing the application across servers complicates matters, as there are security access issues for the additional servers plus the application. Christian Byrnes, vice president of services and systems management at the Meta Group, says that there are an average of 39 sign-ons per user in Fortune 500 companies.
As you can envision, with such a large number of authentication points, the administration requirements are enormous. Since large corporations inherently have turnover, think about the challenge of tearing down the security for a terminated employee and then initializing the new replacement. Since those 39 applications are unlikely to reside in the same system, let alone operating system, this task will consume moderate efforts to accomplish. In very large organizations, the sheer number of people transition will lead to a large security staff just for this task. Now add the costs and effort required to train the new employee on the security procedures of each different system; the chance for mistakes as new passwords are set up; and the likelihood that the employee will just post all of the passwords on their terminal to make it easier to use -- you now have all the seeds for a complete failure of the process.
A second issue is the encryption of data and passwords across the network. Especially in light of the many software based network-sniffing tools, security breaches from unencrypted data transport on the network has become a more tangible danger to be addressed. Now security modules need to encrypt not only passwords, but also possibly all of the data in a given application.
Roaming users present another tough challenge in a networked application environment. As an example, a hospital in Sweden has the need for its users to access secured applications from any point in the hospital network, like doctors and nurses in each of the patient rooms. Each user must authenticate into multiple applications upon entering the patient's room. Given the large number of times these users transition between patients, if every application had a separate access procedure, this would escalate into an untenable situation. As it stands a key card or security access disk provides a mechanism for the user to sign in at each workstation, then access all appropriate applications and digitally sign for all entries and orders.
The many client platforms on the market, from Unix systems to Windows, create a significant challenge in distributing the technology to integrate with any server-based security management system. Often in today's heterogeneous networks, a number of clients and/or servers cannot be managed under a single domain or access technology. In addition, the distribution of servers across the network and the reality that mainframe operating systems such as MVS, MPE, and others host your applications, the technology challenge heightens as you look to support what can amount to dozens of operating environments.
The last major issue to be addressed is that of access rights at a file or application process level. Many applications could benefit in design if the coding could be reused for all users, with specific data elements or functions isolated to the users based on their system authentication. For example, a single update screen in an application would dynamically configure itself to the rights of the user. For example, a supervisor could access all field elements with full control, while a clerk might be limited to read only access to all fields and have add-only capabilities for new records.
In an effort to improve this situation, the Open Group is attempting to develop a standard for the industry. (See our news story "Sun to include new single sign-on standard in Solaris 2.6,".) Single Sign-on Standard (code-named XSSO), is an attempt to guide the functionality of the single sign-on process. By provisioning the functionality and ultimate behavior of the process, the standard can cross platforms and technologies. At the core of this standard model is the trust model, where application security requirements are fulfilled through a trust relationship with the initial security mechanism for the enterprise. This model provides the appearance of single sign-on to the user, while allowing the complexity of the security desired by many application environments.
The technology independence of the Open Group standards proposal encourages the development of solutions that use today's best technologies. Kerberos is a proposed Internet Standard RFC 1510 authentication protocol that supports single sign-on between operating platforms. Through the use of tickets, obtained by a user who authenticates to a Kerberos Distribution center, the user can access other servers in the Kerberos realm, without repeating the authentication process.
In Europe, SESAME (secure European system for applications in a multivendor environment) is the competing standard. This standard is being developed as a superset of the Kerberos functionality, providing a better platform independence and application interface than Kerberos. However, with the support of Kerberos in the Microsoft platform, it is likely that Kerberos will dominate the world market.
One other aspect of security technology lies in the public key encryption developments. (See SunWorld's March feature story, "Keep you data secure from prying eyes: An encryption primer".) This technology combines security certificates with a public key and private key, which can match users with servers and applications. Through this process all transmissions between the client and the server can be encrypted to prevent the physical security breaches that network sniffers present today. Both Kerberos and SESAME are evolving to incorporate this technology.
Solutions available today
Solutions today are required for many reasons. Popularized in the press, security breaches from the Internet demonstrate the vulnerability of your system, but the main threat, according to Byrnes, is from internal hackers, who are estimated to account for 70 to 80 percent of the break-ins. Hackers are better prepared to challenge system security with the ability to automate logon attempts, coding algorithms that mimic many of the likely passwords, and other data a user will employ to meet security requirements. There is nothing like a persistent and efficient computer to challenge a stubborn and persistent computer.
Access control to the field or file level is not readily solved today in Sun and other environments. According to Walt O'Maley, senior product manager for security products at Sun, these issues are being studied now, and it may take several years to develop a viable enterprise solution. In the interim, there are a number of security measures that can be taken now to improve current environments. In fact, O'Maley notes that single sign-on usually follows the implementation of firewalls, network segmentation, or other network security measures, since each level of security requires an increasing number of resources to implement and manage, at a cost that must be weighed against the value of the application and information being protected.
Solstice Security Manger has three products today, Solstice Security Manager for Intranets, Solstice Security Manager for Desktops, and Solstice Security Manager for Applications. The first, Solstice Security Manager for Intranets, addresses the technology needs to administer multiple systems inside your network. Security management is simplified by centralizing the activities, while allowing the delegation of tasks to a central security administration team. This product opens the door to decreased administration costs in larger organizations with established networks and applications. Scaling down to small networks, under 500 nodes, is being made possible with the inclusion of Windows NT support in the second quarter of this year.
Sun certainly doesn't have the lock on security solutions. In the resources section at the end of this story, you will find links to many of the alternatives being offered today. Below is a list of a number of vendors and their products for your consideration. All of them are striving to fill the gap with enterprise wide solutions, but in most cases the supported systems may fall short of your actual mix of systems.
Computer Associates -- Top Secret/WS
Memco -- SeOS
Open Horizon -- Connection
Unisys -- Single Point Security
CKS -- MyNet
Hewlett-Packard -- Praesidium
IBM -- SecureWay
Bull -- A+AccessMaster Security Management
Tivoli -- TME 10 Security Management
Solstice Security Manager for Intranets
Features of this product include:
Features of Solstice Security Manager for Desktop
Solstice Security Manager for Applications
Core to the real single sign-on technology is the ability to control access to applications. This product introduces that capability on Solaris-based applications running Sybase or Oracle. Sun recognizes the need to expand this technology to other platforms and has committed to release on Windows NT and HP-UX platforms later this year.
Not quite there yet
If this technology and task seems daunting, it's because it is. The Meta Group's Byrnes says it can take 12 to 15 months to implement a single sign-on solution for 10,000 users. Certainly this hints at the effort and expense involved. Byrnes says he considers "1997 [the] year to pilot single sign-on if internal demand is high. Early adopters will find reasonably functional, but expensive, solutions." He believes the technologies underlying single sign-on will shift rapidly between 1997 and 1999.
The initial features of Sun's Solstice security products introduce the basic security measures that fit an ease of use model desired by users. Recognition of the need to expand the product line to include support for other client and server platforms shows that Sun understands the needs of many MIS shops, which are not Sun-only organizations. It also shows that Sun wants to capture more of the market by leveraging its technology expertise in the network domain. It is a good beginning, these products are still a number of years away from being comprehensive cross-platform solutions.
About the author
Robert E. Lee is a technology consultant, speaker, columnist, and author who has been in the computer industry for 20 years. He specializes in networking, Internet strategies, systems analysis and design activities, and has participated in the Windows NT and Internet Information Server betas since the start of those products. Reach Robert at email@example.com.
If you have technical problems with this magazine, contact firstname.lastname@example.org