September 01, 2006
£60 per user for 1,000 uers
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Large range of authentication methods; can add single sign-on
- Weaknesses: Application and server support not as good as other products
- Verdict: Great when combined with ESSO, but support could be better
The OneSign appliance from Imprivata is a 1U rack-mountable server with two fast ethernet ports. The first port connects to your network, while the second is used to link to a second appliance for redundancy.
The appliances can run both enterprise network authentication (ENA) for two-factor authentication to a network and enterprise single sign-on (ESSO), which requires a license upgrade and can be used to control access to a wide range of applications.
In this case we're focusing on the ENA. As it uses an appliance it is ready to run straight out of the box and all you have to do is apply an IP address using the front panel. Management from then on is performed through the web interface.
It's one of the easiest products we've come across in this test and very simple to set up. First, you need to select your user's data source, which can be any LDAP directory, including Active Directory. Once you have synchronised your user list, you can start applying security policies to each user or group.
A policy states the forms of authentication that each user has to use to log on, including finger print readers, proximity cards, Vasco tokens and smart cards.
You can also link OneSign to other token authorities, such as SecurID, but this is only going to be worth the money if you're trying to implement single sign-on with your existing infrastructure.
The second part of the puzzle is the OneSign agent, which sits on Windows PCs. You can make it available for installation or distribute it using your normal software.
If you use the built-in authentication methods, the first time your users log on, they'll have to register their token or fingerprints. This means there's very little management involved in getting your users up and running.
Where it falls down is that you can't extend its protection to other services, such as Outlook web access or remote VPN access, so you may need another system for this purpose. The upcoming version 3.5 will support Radius, we're told, and will facilitate such integration.
If you opt for ESSO as well, though, your users can apply the same authentication methods for logging onto your enterprise applications, as controlled by the policies you configure. It is with the combination of ENA and ESSO where OneSign excels, providing one simple management platform for network and application log-on.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry