Design, implementation and analysis of multi layer, Multi Factor Authentication (MFA) setup for webmail access in multi trust networks

The obvious advantages of Multi Factor Authentication (MFA) - in terms of enhanced identity theft protection and account hijacking protection - have resulted in its large scale adoption in various security sensitive web applications. In large organizations with different authentication related security policies for Intranet, Extranet and Internet users, varying and multiple authentication implementations are required for achieving security compliance. Layered MFA setups have evolved to facilitate variable authentication implementations in secured web applications. Deploying and handling multi layered, multi factor authentication setups based on Open source freeware solutions is a challenging task for any administrator. This paper presents our work related to design, implementation and integration of a multi layered, multi factor authentication setup for securing the webmail application at our centre, using various freeware open source tools. The implementation ensures fulfillment of varying authentication requirements for Intranet, Internet and Extranet webmail users. Detailed analysis of the implemented setup in terms of compliance to authentication related security policies of our centre have also been presented.