Company XYZ has decided to make use of a cloud-based service that requires mutual, certificate-based
authentication with its users. The company uses SSL-inspecting IDS at its network boundary and is
concerned about the confidentiality of the mutual authentication. Which of the following model prevents
the IDS from capturing credentials used to authenticate users to the new service or keys to decrypt that
communication?
A.
Use of OATH between the user and the service and attestation from the company domain
B.
Use of active directory federation between the company and the cloud-based service
C.
Use of smartcards that store x.509 keys, signed by a global CA
D.
Use of a third-party, SAML-based authentication service for attestation
isn’t that D?
0
0
Federated identities relates to being able to access resources on diverse networks.
0
0
The federation server uses Secure Sockets Layer (SSL) server authentication certificates to secure Web services traffic for communication with Web clients or the federation server proxy
https://technet.microsoft.com/en-us/library/cc730660(v=ws.11).aspx
Looking this over, all of them use an SSL or TLS based encryption in some way or another. SAML uses XML encryption. I suspect that the correct answer must be D.
2
0
In my opinion, the only way to protect the communication is to define a SSL Inspection Bypass. You can do that for any website.
0
0