210 likes | 228 Vues
Explore the importance of Multi Factor Authentication (MFA) in preventing data breaches and cyber threats. Learn about the various factors and methods of MFA to secure your systems effectively. Get insights into recent breaches and regulatory guidance.
E N D
Multi Factor Authentication for Z Steven Ringelberg Vanguard Integrity Professionals go2vanguard.com
About Vanguard • Founded: 1986 • Business: Cybersecurity Experts for Large Enterprises • Software, Professional Services, • and Training • Customers: 1,000+ Worldwide Over 20 distributors/resellers serving 50+ countries worldwide 3
Data Breaches Number of breaches and outside attacks increasing Continuing problem of insiders - malicious or by accident 4
“Target was certified as meeting the standard for payment card industry (PCI DSS) in September 2013. Nonetheless, we suffered a data breach…” now ex-chairman, ex-president, and ex-CEO of Target Corporation, Gregg Steinhafel (http://buswk.co/1lT9j0X) 6
Data Breaches Logica and Nordea Bank Mainframe breached in April 2013 7
Data Breaches Others: Home Depot Staples Anthem Health Insurance 7
Data Breaches: Two Themes Mandiant: 2014 Data Breach Report 100% of breaches examined included an exploitation of a user id and password that was compromised. 7
Multi Factor Authentication An Industry full of often confused terms Multi-Factor Authentication is a method of requiring factors from the following three categories; Knowledge Factors Possession Factors Inherence Factors
Multi Factor Authentication Two-Factor Authentication Two-Step Verification Strong Authentication
Multi Factor Authentication Knowledge Factors Password PIN Number Mothers Maiden Name Favorite Potato Chip
Multi Factor Authentication Possession Factors Disconnected (RSA, ActivID, etc) Sequence-Based Tokens – Singular button, multiple depresses Time-Based Tokens – Change Every ‘x’ Seconds typically Challenge-Based Tokens – Small keypad to enter challenge code Mobile Phones Soft Token SMS one-time password
Multi Factor Authentication Possession Factors Connected Magnetic Strip – ATM Card, etc Contacts – SmartCard, EMV Credit Cards, USB – zPDT Key, RSA SecureID800, Wireless – RFID, Bluetooth, Proximity Other – Audio Port, iButtons, etc
Multi Factor Authentication Possession Factors Connected Magnetic Strip – ATM Card, etc Contacts – SmartCard, EMV Credit Cards, USB – zPDT Key, RSA SecureID800, Wireless – RFID, Bluetooth, Proximity Other – Audio Port, iButtons, etc
Multi Factor Authentication Inherence Factors Fingerprint Hand Topography Eye (Iris)
Multi Factor Authentication Exposure Issues Phishing/Man-In-The-Middle Malware Session Hijacking Lost/Stolen
Multi Factor Authentication Exposure Issues Coding Flaws – Exposures in the Code of the applications, protocols, or otherExample: Attackers Exploit the Heartbleed OpenSSL Vulnerability to Circumvent Multi-factor Authentication on VPNs http://www.pcworld.com/article/2095860/cybercriminals-compromise-home-routers-to-attack-online-banking-users.html http://www.darkreading.com/attacks-and-breaches/zeus-botnet-eurograbber-steals-$47-million/d/d-id/1107673? http://www.technologyreview.com/news/415371/real-time-hackers-foil-two-factor-security/ http://www.scmagazine.com/yahoo-session-hijacking-likely-culprit-of-android-spam/article/250454/ https://www.mandiant.com/blog/attackers-exploit-heartbleed-openssl-vulnerability-circumvent-multifactor-authentication-vpns/
Multi Factor Authentication US based Regulation and Guidance NIST FIPS 201/HSPD-12 HIPPA NERC CIP NIST SP 800-63-2 PCI DSS FFIEC
Vendors – Multi Factor and Z Vanguard Integrity Professionals. • Physical Tokens – Vanguard ez/Token • “soft” Tokens – Vanguard Tokenless • “Smart Cards” a/k/a “PIV Cards” a/k/a “CAC Cards” 33
Vanguard Software We provide you with the analytical tools that allows you to do an in-depth audit of your z/OS systemsagainst multiple standards • Provides detailed explanation, risk analysis, user action to correct Services We will execute z/OS system audits against multiple standards • We will also remediate Training • We will train you how to audit z/OS systems against multiple standards • We will also train you to remediate 33
Questions? 35
For more information Call 800-794-0014 or email us at info@go2vanguard.com Hindi Thai Traditional Chinese Gracias Brazilian Portuguese Spanish Obrigado Russian Korean Simplified Chinese Thank You English Arabic Danke Grazie German Italian Merci French Japanese 37