Implementing Multifactor Authentication: Protect your applications from cyberattacks with the help of MFA 1803246960, 9781803246963
Avoid MFA pitfalls—learn how to choose, implement, and troubleshoot MFA in your company Purchase of the print or Kindle
2,461 95 41MB
English Pages 550 Year 2023
Table of contents :
Cover
Title Page
Copyright and Credit
Dedicated
Contributors
Table of Contents
Preface
Part 1: Introduction
Chapter 1: On the Internet, Nobody Knows You’re a Dog
Identity and digital identity
Workforce identity
Customer identity
Additional authentication and security controls
What are authentication factors?
Summary
Chapter 2: When to Use Different Types of MFA
Not all MFA is created equal – when to use different types of MFA
Why use MFA then?
Different types of MFA
SIM swap and why SMSs and voice messages are the weakest authenticator factor types to use
What can the service provider do?
What can the user do?
MFA fatigue – also known as MFA push spam
What can the service provider do?
Phishing-resistant MFA
Keeping up with bad actors – good sources for up-to-date information on MFA and related topics
Cybersecurity and Infrastructure Security Agency
National Institute of Standards and Technology
National Security Agency
Summary
Part 2: Implementing Multifactor Authentication
Chapter 3: Preventing 99.9% of Attacks – MFA with Azure AD and Duo
Technical requirements
Azure AD setup
Enabling SAML-based SSO for enterprise applications
Adding an enterprise application
Assigning a user account to the Acme’s Azure AD SAML Toolkit application
Enabling SAML-based SSO for the Acme’s Azure AD SAML Toolkit application
Configuring SSO for the Acme’s Azure AD SAML Toolkit application
Testing SSO in the Acme’s Azure AD SAML Toolkit application
MFA on Azure AD
Disabling default security
CA policies
Configuring the conditions for MFA
Testing Azure AD MFA
Enabling combined security information registration in Azure AD
What is Duo and why use it?
Integrating Duo and Microsoft Azure AD
Using the Duo custom control
Testing Duo
Summary
Chapter 4: Implementing Workforce and Customer Authentication Using Okta
Technical requirements
Workforce Identity with Okta
Creating a Workforce Identity account
Signing into your Workforce Identity account for the first time
Configuring Okta
The essentials
Configuring authenticators
Requiring MFA to access Okta Workforce Identity apps
Customer Identity with Okta
Customer Identity administration
Testing Okta’s Customer Identity solution
Requiring MFA to access Okta Customer Identity apps
Summary
Chapter 5: Access Management with ForgeRock and Behavioral Biometrics
Technical requirements
Experiencing ForgeRock
Creating a ForgeRock software platform account
Signing into your backstage account for the first time
Installing ForgeRock Access Manager
Configuring ForgeRock’s Access Manager (openam)
Using openam
Protecting a Java application using openam
Installing the Tomcat Java Agent
Protecting a web application
Testing the Java Agent
Introducing Authentication Trees
Installing a Duo authentication node
Configuring authentication with a Duo authentication node
Configuring self-registration in openam
Testing self-registration and MFA
What are behavioral biometrics?
Installing BehavioSec
Configuring authentication with BehavioSec
Testing authentication with BehavioSec and Duo
Summary
Chapter 6: Federated SSO with PingFederate and 1Kosmos
Technical requirements
Experiencing Ping Identity’s PingFederate
Installing PingFederate
Configuring Ping Identity’s PingFederate
Deploying sample applications in PingFederate
What is passwordless MFA?
Integrating BlockID and PingFederate
Testing authentication with BlockID
Summary
Chapter 7: MFA and the Cloud – Using MFA with Amazon Web Services
Technical requirements
AWS IAM
An AWS account is not a user account
Workforce identities on AWS
AWS IAM Identity Center (successor to AWS Single Sign-on)
Customer Identity and Access Management on AWS
AWS Cognito
Summary
Chapter 8: Google Cloud Platform and MFA
Technical requirements
Google Cloud Identity
Setting up Cloud Identity
Managing user accounts and administrative functions
Setting up MFA in Cloud Identity
Testing MFA enforcement in Cloud Identity
Google Cloud Identity Platform
BeyondCorp
Summary
Chapter 9: MFA without Commercial Products – Doing it All Yourself with Keycloak
Technical requirements
What is Keycloak?
Running Keycloak using Docker
Running Keycloak using Java
Keycloak administration
Using Keycloak for SSO
Creating and deploying sample applications in Keycloak
Keycloak and MFA
MFA with required OTP
MFA with OTP or passwordless WebAuthn
Summary
Part 3: Proven Implementation Strategies and Deploying Cutting-Edge Technologies
Chapter 10: Implementing MFA in the Real World
Technical requirements
Understanding the business side of cybersecurity
Cybersecurity policy
Strengthening cybersecurity
Cybersecurity is a never-ending process
Are password managers a solution for password risks?
Identifying alternatives to passwords
Strategies for implementing MFA
Eliminating passwords should be the goal
Get the right people
Focus on three use cases
Summary
Chapter 11: The Future of (Multi-Factor) Authentication
Technical requirements
Introducing the Web3 ecosystem
Exploring digital identity in Web3
Understanding login mechanisms
Implementing decentralized solutions
Product trends
Verifiable Credentials and Microsoft Entra Verified ID
Identity management convergence in ForgeRock Identity Cloud
Are passkeys (almost) the perfect phishing-resistant MFA?
Passkey management
Continuous authentication
What lies ahead
Summary
Appendix A – Installing the Java Software Development Kit
Installing the Java SDK on Windows
Using the installer on Windows
Installing the Java SDK manually on Windows
Installing the Java SDK on a Mac
Using Homebrew to install OpenJDK 11 on a Mac
Installing the Java SDK manually on a Mac (or Linux)
Testing the install of the Java JDK
Summary
Appendix B – Custom App Integration with Azure AD
Technical requirements
Enabling SSO for custom web applications
Add a non-gallery enterprise application
Assign a user account to the SAML Springtest application
Enabling SSO for Acme’s Azure AD SAML Toolkit application
Configure SSO in the SAML Springtest app
Testing the new custom app
Testing SSO with Acme’s Azure AD SAML Toolkit application and the Springtest app
Summary
Appendix C – Installing Apache Tomcat Software
Installing Apache Tomcat
Installing Apache Tomcat on Windows using the installer
Installing Apache Tomcat 9 on a Mac
Using Homebrew to install Apache Tomcat 9 on a Mac
Installing Apache Tomcat 9 manually on a Mac (or a Linux server)
Summary
Index
Other Books You May Enjoy
Cover
Title Page
Copyright and Credit
Dedicated
Contributors
Table of Contents
Preface
Part 1: Introduction
Chapter 1: On the Internet, Nobody Knows You’re a Dog
Identity and digital identity
Workforce identity
Customer identity
Additional authentication and security controls
What are authentication factors?
Summary
Chapter 2: When to Use Different Types of MFA
Not all MFA is created equal – when to use different types of MFA
Why use MFA then?
Different types of MFA
SIM swap and why SMSs and voice messages are the weakest authenticator factor types to use
What can the service provider do?
What can the user do?
MFA fatigue – also known as MFA push spam
What can the service provider do?
Phishing-resistant MFA
Keeping up with bad actors – good sources for up-to-date information on MFA and related topics
Cybersecurity and Infrastructure Security Agency
National Institute of Standards and Technology
National Security Agency
Summary
Part 2: Implementing Multifactor Authentication
Chapter 3: Preventing 99.9% of Attacks – MFA with Azure AD and Duo
Technical requirements
Azure AD setup
Enabling SAML-based SSO for enterprise applications
Adding an enterprise application
Assigning a user account to the Acme’s Azure AD SAML Toolkit application
Enabling SAML-based SSO for the Acme’s Azure AD SAML Toolkit application
Configuring SSO for the Acme’s Azure AD SAML Toolkit application
Testing SSO in the Acme’s Azure AD SAML Toolkit application
MFA on Azure AD
Disabling default security
CA policies
Configuring the conditions for MFA
Testing Azure AD MFA
Enabling combined security information registration in Azure AD
What is Duo and why use it?
Integrating Duo and Microsoft Azure AD
Using the Duo custom control
Testing Duo
Summary
Chapter 4: Implementing Workforce and Customer Authentication Using Okta
Technical requirements
Workforce Identity with Okta
Creating a Workforce Identity account
Signing into your Workforce Identity account for the first time
Configuring Okta
The essentials
Configuring authenticators
Requiring MFA to access Okta Workforce Identity apps
Customer Identity with Okta
Customer Identity administration
Testing Okta’s Customer Identity solution
Requiring MFA to access Okta Customer Identity apps
Summary
Chapter 5: Access Management with ForgeRock and Behavioral Biometrics
Technical requirements
Experiencing ForgeRock
Creating a ForgeRock software platform account
Signing into your backstage account for the first time
Installing ForgeRock Access Manager
Configuring ForgeRock’s Access Manager (openam)
Using openam
Protecting a Java application using openam
Installing the Tomcat Java Agent
Protecting a web application
Testing the Java Agent
Introducing Authentication Trees
Installing a Duo authentication node
Configuring authentication with a Duo authentication node
Configuring self-registration in openam
Testing self-registration and MFA
What are behavioral biometrics?
Installing BehavioSec
Configuring authentication with BehavioSec
Testing authentication with BehavioSec and Duo
Summary
Chapter 6: Federated SSO with PingFederate and 1Kosmos
Technical requirements
Experiencing Ping Identity’s PingFederate
Installing PingFederate
Configuring Ping Identity’s PingFederate
Deploying sample applications in PingFederate
What is passwordless MFA?
Integrating BlockID and PingFederate
Testing authentication with BlockID
Summary
Chapter 7: MFA and the Cloud – Using MFA with Amazon Web Services
Technical requirements
AWS IAM
An AWS account is not a user account
Workforce identities on AWS
AWS IAM Identity Center (successor to AWS Single Sign-on)
Customer Identity and Access Management on AWS
AWS Cognito
Summary
Chapter 8: Google Cloud Platform and MFA
Technical requirements
Google Cloud Identity
Setting up Cloud Identity
Managing user accounts and administrative functions
Setting up MFA in Cloud Identity
Testing MFA enforcement in Cloud Identity
Google Cloud Identity Platform
BeyondCorp
Summary
Chapter 9: MFA without Commercial Products – Doing it All Yourself with Keycloak
Technical requirements
What is Keycloak?
Running Keycloak using Docker
Running Keycloak using Java
Keycloak administration
Using Keycloak for SSO
Creating and deploying sample applications in Keycloak
Keycloak and MFA
MFA with required OTP
MFA with OTP or passwordless WebAuthn
Summary
Part 3: Proven Implementation Strategies and Deploying Cutting-Edge Technologies
Chapter 10: Implementing MFA in the Real World
Technical requirements
Understanding the business side of cybersecurity
Cybersecurity policy
Strengthening cybersecurity
Cybersecurity is a never-ending process
Are password managers a solution for password risks?
Identifying alternatives to passwords
Strategies for implementing MFA
Eliminating passwords should be the goal
Get the right people
Focus on three use cases
Summary
Chapter 11: The Future of (Multi-Factor) Authentication
Technical requirements
Introducing the Web3 ecosystem
Exploring digital identity in Web3
Understanding login mechanisms
Implementing decentralized solutions
Product trends
Verifiable Credentials and Microsoft Entra Verified ID
Identity management convergence in ForgeRock Identity Cloud
Are passkeys (almost) the perfect phishing-resistant MFA?
Passkey management
Continuous authentication
What lies ahead
Summary
Appendix A – Installing the Java Software Development Kit
Installing the Java SDK on Windows
Using the installer on Windows
Installing the Java SDK manually on Windows
Installing the Java SDK on a Mac
Using Homebrew to install OpenJDK 11 on a Mac
Installing the Java SDK manually on a Mac (or Linux)
Testing the install of the Java JDK
Summary
Appendix B – Custom App Integration with Azure AD
Technical requirements
Enabling SSO for custom web applications
Add a non-gallery enterprise application
Assign a user account to the SAML Springtest application
Enabling SSO for Acme’s Azure AD SAML Toolkit application
Configure SSO in the SAML Springtest app
Testing the new custom app
Testing SSO with Acme’s Azure AD SAML Toolkit application and the Springtest app
Summary
Appendix C – Installing Apache Tomcat Software
Installing Apache Tomcat
Installing Apache Tomcat on Windows using the installer
Installing Apache Tomcat 9 on a Mac
Using Homebrew to install Apache Tomcat 9 on a Mac
Installing Apache Tomcat 9 manually on a Mac (or a Linux server)
Summary
Index
Other Books You May Enjoy
- Author / Uploaded
- Marco Fanti
![Look Both Ways: Help Protect Your Family on the Internet [1 ed.]
9780735623477, 0735623473](https://ebin.pub/img/200x200/look-both-ways-help-protect-your-family-on-the-internet-1nbsped-9780735623477-0735623473.jpg)
