Whitepaper on AuthShield Two Factor Authentication and Access integration with Microsoft outlook using any Mail Exchange Servers

Similar documents
Whitepaper on AuthShield Two Factor Authentication with ERP Applications

Securing corporate assets with two factor authentication

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

A brief on Two-Factor Authentication

BE SAFE ONLINE: Lesson Plan

Research Article. Research of network payment system based on multi-factor authentication

MODERN THREATS DRIVE DEMAND FOR NEW GENERATION MULTI-FACTOR AUTHENTICATION

E-commerce. business. technology. society. Kenneth C. Laudon Carol Guercio Traver. Second Edition. Copyright 2007 Pearson Education, Inc.

What are the common online dangers?

SPEAR PHISHING TESTING METHODOLOGY

Security Awareness for Social Media in Business. Scott Wright

Online Cash Manager Security Guide

Keystroke Encryption Technology Explained

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

Proven. Trusted.

E Commerce and Internet Security

Protect Yourself. Who is asking? What information are they asking for? Why do they need it?

Enhanced Security for Online Banking

Contents Security Centre

Don t Fall Victim to Cybercrime:

National Cyber Security Month 2015: Daily Security Awareness Tips

Security A to Z the most important terms

Ed Ferrara, MSIA, CISSP Fox School of Business

SCADA SYSTEMS AND SECURITY WHITEPAPER

Chapter 9: Network and Internet Security

E-BUSINESS THREATS AND SOLUTIONS

How TraitWare TM Can Secure and Simplify the Healthcare Industry

Remote Access Securing Your Employees Out of the Office

Internet threats: steps to security for your small business

Moving Beyond User Names & Passwords Okta Inc. info@okta.com

When you listen to the news, you hear about many different forms of computer infection(s). The most common are:

Fraud Detection and Prevention. Timothy P. Minahan Vice President Government Banking TD Bank

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Moving Beyond User Names & Passwords

Who Controls Your Information in the Cloud?

Whitepaper MODERN THREATS DRIVE DEMAND FOR NEW GENERATION TWO-FACTOR AUTHENTICATION

Top 10 Tips to Keep Your Small Business Safe

Advanced Biometric Technology

DIGITAL LIFE E-GUIDE How to Protect your Smartphone

E-Commerce: Attacks and Preventative Strategies. The majority of not only our nation, but most of the world, is performing and conducting

Desktop and Laptop Security Policy

Securing Virtual Desktop Infrastructures with Strong Authentication

Secure Web Access Solution

Conducting an Phishing Campaign

The Key to Secure Online Financial Transactions

Best Practices Guide to Electronic Banking

Protecting Online Customers from Man-inthe-Browser and Man-in-the-Middle Attacks

white paper 5 Steps to Secure Internet SSO Overview

White Paper Preventing Man in the Middle Phishing Attacks with Multi-Factor Authentication

SonicWALL Security Quick Start Guide. Version 4.6

User Authentication for Software-as-a-Service (SaaS) Applications White Paper

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

Welcome Guide for MP-1 Token for Microsoft Windows

Malware & Botnets. Botnets

Protecting your business from fraud

Corporate Account Take Over (CATO) Guide

ADAPTIVE USER AUTHENTICATION

IDENTITY & ACCESS. Providing Cost-Effective Strong Authentication in the Cloud. a brief for cloud service providers

Online security. Defeating cybercriminals. Protecting online banking clients in a rapidly evolving online environment. The threat.

Deutsche Bank db easynet. Secure method of use of the db easynet e-banking system

Presented by: Islanders Bank

How to reduce the cost and complexity of two factor authentication

MEASURES TO ENHANCE MARITIME SECURITY. Industry guidelines on cyber security on board ships. Submitted by ICS, BIMCO, INTERTANKO and INTERCARGO

RSA Authentication Manager 7.1 Security Best Practices Guide. Version 2

Alexander Nikov. 9. Information Assurance and Security, Protecting Information Resources. Learning Objectives. You re on Facebook? Watch Out!

Boston University Security Awareness. What you need to know to keep information safe and secure

Welcome to this ACT webinar

SECURE YOUR DATA EXCHANGE WITH SAFE-T BOX

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Ultra-strong authentication to protect network access and assets

DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C

Scams and Schemes LESSON PLAN UNIT 1. Essential Question What is identity theft, and how can you protect yourself from it?

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

PROTECT YOUR FINANCIAL TRANSACTIONS

PRIVACY POLICY. I. Introduction. II. Information We Collect

Phishing Activity Trends

Hard vs. Soft Tokens Making the Right Choice for Security

Dynamic Query Updation for User Authentication in cloud Environment

Phishing Activity Trends Report June, 2006

Practical guide for secure Christmas shopping. Navid

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment

ACH fraud: The problem Why ACH? Why now? Security evolution How to protect ACH. Combating the Newest Attack Method ACH Fraud Webinar agenda

INTERNET & COMPUTER SECURITY March 20, Scoville Library. ccayne@biblio.org

Draft Technical Specifications for Multilevel Security Authentication Device

MIGRATION GUIDE. Authentication Server

IDRBT Working Paper No. 11 Authentication factors for Internet banking

Beyond passwords: Protect the mobile enterprise with smarter security solutions

Identity Theft 101 and Beyond. Bryan Stanwood, CPCU, ARM, CIC, AAI Partner, pureprm LLC and The Virtuoso! Experience

OCT Training & Technology Solutions Training@qc.cuny.edu (718)

Why SMS for 2FA? MessageMedia Industry Intelligence

Laptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice

Top tips for improved network security

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

CHECK POINT Mobile Security Revolutionized. [Restricted] ONLY for designated groups and individuals

How to Identify Phishing s

Intelligent Security Design, Development and Acquisition

Managed Security Services

Guide to Evaluating Multi-Factor Authentication Solutions

External Authentication with Windows 2003 Server with Routing and Remote Access service Authenticating Users Using SecurAccess Server by SecurEnvoy

Transcription:

Whitepaper on AuthShield Two Factor Authentication and Access integration with Microsoft outlook using any Mail Exchange Servers By INNEFU Labs Pvt. Ltd

Table of Contents 1. Overview... 3 2. Threats to account passwords... 4 2.1 Social Engineering or Password Sharing... 4 2.2 Reuse Logins... 5 2.3 Identity thefts Phishing... 5 2.4 Virus, worms, Trojans... 6 3. Protecting Mail Accounts... 6 3.1 Two Factor Authentication: Why do you need it?... 6 3.1.1 Hard Token... 7 3.1.2 Soft Token... 8 3.1.3 Mobile Token... 8 3.2 Integration Architecture for AuthShield with web access to a Mail exchange server... 10 3.3 Integration Architecture for AuthShield with Microsoft Outlook... 11 4. Features... 12 5. Advantages of using AuthShield... 13 6. About Us... 14

1. Overview The Internet Revolution has changed the way, people communicate with each other. Letters, couriers, registered post etc have become obsolete in the age where large volumes of documents can be immediately transferred via emails at a click of a button. Free or paid mail services have become a warehouse of personal information where everything from personal and professional mails, chats, contacts etc are stored. Email is still the safest bet when information has to be spread in large number of people. While an email address is necessary to log into almost every popular social media forum from facebook to twitter to LinkedIn, business transactions including proposals, RFP s etc are frequently transferred on mails as well. A mail account today has become one of the most important IT assets of an individual, literally defining one s identity on the internet. In such a situation, an unauthorized access to one s mail accounts can have unforeseeable ramifications not just for an individual but also for a complete organization leakage of financial and marketing data, R&D papers, IP of a company, HR policies etc ensures that more than one organization will get affected by an unauthorized access to an account of a key personnel.

This has lead to unfortunate set of circumstances where rival companies hire groups of cyber criminals to target digital information of key personnel s on the opposite side. Over the last few years stealing digital India is specifically targeted in roughly information from user s accounts has 10 percent of the world's phishing evolved from local ad-hoc hacking attacks scams designed to lure online users to into an internationally coordinated fraud on a massive scale. With thousands of people look-alike Web sites, where they are tricked into providing their personal in an organization unaware of the security account numbers, user names. implications or know how of protecting passwords and more. their mail accounts, it becomes important for the organizations involved to protect their digital identity. 2. Threats to account passwords 2.1 Social Engineering or Password Sharing Most people end up sharing their passwords with their friends or colleagues. The act may be deliberate or accidental. But the fact remains that a user seldom even remembers the number of people the account details may have been shared with. At the same time, passwords are not changed at frequent interval, giving an outsider unlimited access to an account. Occasionally, users also fall prey to common social engineering techniques and end up revealing answers to their security questions thereby providing intruders a chance to gain unauthorized access to the account

2.2 Reuse Logins A user on the net usually has more than one account. Most users end up using same or similar passwords in multiple accounts leading to a possibility where an inadvertent leak may lead to providing access to multiple accounts 2.3 Identity thefts Phishing One Phishing attack at a Bank / Online Portal / store/ BPO etc can lead to a loss of thousands of accounts in one step Acquire details such as credentials to Mail servers, SSL VPN s, Windows Logon, other critical applications etc by masquerading as a trustworthy entity. Such an information breach by authorized personnel either intentionally or accidentally, can cause irreparable damage to an organization.

2.4 Virus, worms, Trojans Keyloggers, remote sniffers, worms and other types of Trojans have been used since the evolution of the internet to steal user s identity. Most data is accessed from stolen computers and laptops or by hackers capturing data on unprotected networks. "According to a survey carried out 70% of people reuse their passwords in multiple accounts. Less than 2% users have passwords that are complex enough and long enough to resist a combination of dictionary, rainbow and brute-force attacks" 3. Protecting Mail Accounts When your organization banks on you, what do you bank on? Prevention is always better than cure. It is truer today than ever before when the theft is conducted on the net with no physical threats and with less cost to the perpetrator of the crime. The only challenge that remains is to cover ones tracks and considering the massive flow of information on the net almost on a daily basis, it is not much difficult either. 3.1 Two Factor Authentication: Why do you need it? Phishers try to obtain personal information such as your password or PIN-code by The best way to beat a thief is to think like one

pretending to be a legitimate entity. Using Phishing, static passwords can be easily hacked providing fraudsters easy access your personal accounts, files and confidential information. Innefu s AuthShield - Two Factor Authentication maps the physical identity of the user to the server and increases the security of financial and other critical systems. Integrating Stronger User Authentication system not only helps prevent Online Credit Card fraud, Card Cloning, Identity theft but also helps in the capture of habitual cyber criminals. AuthShield authenticates and verifies the user based on something only the user has (mobile phone/ land line/ hard token) something only the user knows (user id and password) AuthShield technology uses a dual mode of identification where along with the user id and password, verification is done through a secure randomly generated one time password (OTP). This is provided to the user through - 3.1.1 Hard Token AuthShield s hard token is a security device given to authorized users who keep them in their possession. To verify a transaction using second factor of authentication, the device displays a changing number that is typed in as a

password. The new number is based on a pre defined unbreakable randomized algorithm. Thereby, the hard token enables the server to authenticate the digital identity of the sender using a hardware device apart from his user name and password. 3.1.2 Soft Token On verifying user information an OTP is sent to the user s phone via SMS/ automated call. The One time password is generated using a combination of multiple unbreakable encryption algorithms. The algorithm generates an unbreakable one time password every time the user logs onto a DMZ (De militarized zone) as specified by the IT architecture. 3.1.3 Mobile Token AuthShield s mobile token is an application installed on smart phones which generates an OTP for the user on the

phone itself. The password is based on a pre defined unbreakable randomized algorithm. The architecture remains similar to a Hard Token except that the user only has to carry his mobile phone. Thereby, the device enables the server to authenticate the digital identity of the sender using a mobile phone apart from his user name and password.

3.2 Integration Architecture for AuthShield with web access to a Mail exchange server (1) (4) AuthShield s Agent installed on Server Mail Exchange Server (2) (3) (5) LDAP Server / AD / Database Server Process AuthShield server agent is installed on the client s Mail Exchange server The user enters his user name and password AuthShield agent installed on client s server prompts the user to enter his One Time Password provided to him via either Hard token, mobile token, Soft Token or SMS Token User name and OTP are then authenticated by AuthShield server

In case the user name and OTP are correct, user name and password are sent as they have been entered by the user to the Database/LDAP/AD server for verification 3.3 Integration Architecture for AuthShield with Microsoft Outlook (1) (4) AuthShield s Agent installed on Server Mail Exchange Server (2) (3) (5) LDAP Server / AD / Database Server

Process AuthShield server agent is installed on the client s Mail exchange server The user enters his password followed by the OTP generated by his hard token or mobile token AuthShield agent breaks the password entered by the user in two part o Password o OTP User name and OTP are then authenticated by AuthShield server In case the user name and OTP are correct, user name and password are sent as they have been entered by the user to the Database/LDAP/AD server for verification 4. Features OS Independent Authentication Mechanism Seamless Integration with the current business and security architecture Increases the log on security for Mails 99% security from Phishing attacks and identity thefts Unbreakable encryption on the lines of those used by US Government Logs are maintained to fix responsibility in case of an unlawful event.

5. Advantages of using AuthShield For Users Using INNEFU s two factor authentication can help prevent- Online credit card fraud Phishing Card cloning Unauthorized access to data by employees. For the organization OS Independent Authentication Mechanism Seamless Integration with the current business and security architecture Increases the log on security for critical applications. According to a recent survey across ten cities in India, overwhelming 84% internet users indicated that they would like to use two factor authentications (2FA) to protect their identity

6. About Us The world today revolves around information. Information today is the energy that plays a critical role in our personal lives and drives our businesses. As we move further into this digital age, it has become imperative to not just protect our information from outsiders but to also draw intelligence from the vast amount information available to us. Internet is the new playground for unwanted elements of society intent on committing terrorist or espionage activities, financial frauds or identity thefts. Keeping this in mind, it has become imperative to not only prevent these acts but also be in a position to intercept, monitor and block Internet communication to draw intelligence out of them. INNEFU is a research oriented Information Security consulting group specializing in meeting the Information Security needs of the consumer via specialized products and services. We believe in innovating and creating the latest technologies to combat the rapidly growing menace of hacking and reduce dependency on human factors. We offer a complete gamut of Information Security services under one roof which includes our patented and patent pending products like 99% Secure - Cyber Cafe Surveillance, Tactical Internet Interception, Multi Factor Authentication, Link analysis and Pattern Matching and services like complete corporate security process management, web application security and managed security services.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information