GuardianKey integration for painless high-security

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
pauloangelo
Posts: 4
Joined: Wed Aug 30, 2017 2:10 am

GuardianKey integration for painless high-security

Postby pauloangelo » Sat Mar 30, 2019 8:42 pm

Hi all,

We are trying to integrate Zimbra with GuardianKey. However, we have doubts related to the best way to do this and the best point in the Zimbra’s code for this integration.

GuardianKey is a solution to protect systems against authentication attacks. It uses Machine Learning and analyses the user's behavior, threat intelligence and psychometrics (or behavioral biometrics). The protected system (in the concrete case, Zimbra) must send an event via REST for the GuardianKey on each login attempt. More info at https://guardiankey.io .

The best way to integrate would be on having a hook in the procedure that process the user credentials submission in Zimbra (the script that receives the POST), something such as:

Code: Select all

if(<POST IN AUTH FORM>) {
  boolean loginFailed =  checkLoginInKeyCloak();
  GuardianKeyEvent event = createEventForGuardianKey(username,loginFailed);
  boolean GuardianKeyValidation = checkGuardianKeyViaREST(event); 
  if(GuardianKeyValidation){
     // Allow access
  } else {
     // Deny access
  }
}


Where is the best place to create this integration? Is there a way to create a hook for this purpose? Should we create an extension?

Any help is welcome.

Thank you in advance.

Best regards,

Paulo Angelo


User avatar
stefaniu.criste
Posts: 38
Joined: Wed Feb 12, 2014 5:40 am
Location: Romania
ZCS/ZD Version: 8.8.8_GA_1728 20180614052922 201806
Contact:

Re: GuardianKey integration for painless high-security

Postby stefaniu.criste » Mon Apr 01, 2019 9:06 am

Why should a provider send some (sensitive) data to be analyzed by a 3rd party provider, when Zimbra has builtin 2-factor authentication ?
Stefaniu Criste - managing partner
Hangar Hosting - a safe place for your business
proudly delivering Zimbra services in Romania
phoenix
Ambassador
Ambassador
Posts: 26162
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: GuardianKey integration for painless high-security

Postby phoenix » Mon Apr 01, 2019 12:28 pm

stefaniu.criste wrote:....when Zimbra has builtin 2-factor authentication ?
That would be the Network Edition that has 2FA built in, the Open Source version has this: https://github.com/Zimbra-Community/zimbra-foss-2fa
Regards

Bill

Rspamd: A high performance spamassassin replacement

If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168
pauloangelo
Posts: 4
Joined: Wed Aug 30, 2017 2:10 am

Re: GuardianKey integration for painless high-security

Postby pauloangelo » Mon Apr 01, 2019 11:42 pm

stefaniu.criste wrote:Why should a provider send some (sensitive) data to be analyzed by a 3rd party provider, when Zimbra has builtin 2-factor authentication ?


Hi Stefaniu,

The required information is, basically, the client IP and username, which is not more than that required by many services. Also, there is a privacy policy. Even then, GuardianKey has an on-premise edition for those users that prefer to not send such a data.

The GuardianKey's approach is a bit different from 2FA. It uses contextual data, psychometrics and intelligence to detect attacks. It is not required a token or a mobile phone previously configured. GMail, Facebook, and many other service providers are using such approaches.

regards,

PA
pauloangelo
Posts: 4
Joined: Wed Aug 30, 2017 2:10 am

Re: GuardianKey integration for painless high-security

Postby pauloangelo » Tue Apr 02, 2019 12:23 am

phoenix wrote:
stefaniu.criste wrote:....when Zimbra has builtin 2-factor authentication ?
That would be the Network Edition that has 2FA built in, the Open Source version has this: https://github.com/Zimbra-Community/zimbra-foss-2fa


Hi Phoenix,

I had a good insight with your reply!

GuardianKey can be combined with a 2FA. A second factor can be required only if the attack risk is above a predefined threshold.

I'm going to see if it is possible to implement GuardianKey in a fork of the "zimbra-foss-2fa" code.

Thanx!

PA

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 28 guests