StoneBlog.stonesoft.com

“The Adventures of Antti Pilvinen” - A story by the RoarinPenguin

DISCLAIMER: All facts, people and companies in this story are fictional and do not have links with any real situation.

The warm temperature of that Monday in Oulu made the start of the week much better than in previous weeks for all of the Finnish people living there, except one – Matti Palovalli.

The start of the week could mean something a bit more for him than warmth, given the “burning news” of the last few weeks about the RSA breach and Comodo.

FinnDime Oy recently made a large adoption of SSL certificates when Matti decided to enable the usage of Google Apps to an internal group of people for testing and benchmarking, which was so far looking very promising. Moreover, they had been using the SecurID technology for at least eight years now, trusting the concept that hardware-based strong authentication was the best possible method despite the usability issues. But, what to do now? How can a password capture by a man-in-the-middle attack be avoided? Where is the assurance that authenticated access is for real?

Luckily, this Monday morning all these worrisome questions could very well be answered, since later in the morning he has a meeting with Antti Pilvinen and Juhani Kiviportti from ASPF to discuss the situation and try to eventually find a solution. Still, concern about the impact on FinnDime’s IT budget and infrastructure was not a secondary issue…oh, if only Stonesoft would offer authentication! Matti was already very satisfied about the perimeter and internal network defense from the StoneGate SMC, IPS and Firewall/VPN, (a decision made recently but that had already paid off enormously and brought him a rewarding bonus in salary as well as the “internal public” congratulations from Mikko Kovinrikas), but as far as he knew there was no solution for authentication.

Two hours later, his face completely changed expressions, with a shining smile standing out while looking at the presentation from Antti’s iPad about the new Stonesoft strategy for authentication. He had never before realized the power within the StoneGate SSL VPN! And now, Antti was saying that he discovered from a Stonesoft sales rep the week before that they will soon announce a full-featured innovative Authentication Server integrated with the StoneGate Management Center, capable of performing radius based authentication that even sends a one-time password to mobile devices! What great news!

They ended the meeting by planning a nice evolution of the current StoneGate platform implementation: first, they will enable HTTPS inspection on the StoneGate Firewall/VPN and IPS to prevent a malicious attack from being masked within encrypted communication. Then, they planned the rollout of the StoneGate SSL VPN for remote access to selected FinnDime applications, protecting access with a WebPad and digital certificates they will send to external users. Finally, they decided to become one of the early adopters of the StoneGate Authentication Server as soon as it becomes available (Antti told him Stonesoft will treat early adopters particularly… kind) to centralize authentication for SSL VPN, applications, StoneGate mobile IPSec VPN and for several other elements of FinnDime’s infrastructure.

Plus, they will get rid of all their hardware tokens, along with the related usability and security issues stemming from the recent breach.

The integrated reporting and statistical capabilities of the StoneGate Management Center, which would allow him to immediately justify the investment to Mikko and the rest of top management, were just icing on the cake!

As Victor Hugo said: nothing is more powerful of an idea whose time has come!