Whitepaper on AuthShield Two Factor Authentication with ERP Applications

Similar documents
Whitepaper on AuthShield Two Factor Authentication and Access integration with Microsoft outlook using any Mail Exchange Servers

Securing corporate assets with two factor authentication

Hard vs. Soft Tokens Making the Right Choice for Security

A brief on Two-Factor Authentication

SCADA SYSTEMS AND SECURITY WHITEPAPER

BE SAFE ONLINE: Lesson Plan

Keystroke Encryption Technology Explained

Securing Virtual Desktop Infrastructures with Strong Authentication

IDENTITY & ACCESS. Providing Cost-Effective Strong Authentication in the Cloud. a brief for cloud service providers

Remote Access Securing Your Employees Out of the Office

Proven. Trusted.

IDRBT Working Paper No. 11 Authentication factors for Internet banking

Security A to Z the most important terms

Internet threats: steps to security for your small business

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

National Cyber Security Month 2015: Daily Security Awareness Tips

Dynamic Query Updation for User Authentication in cloud Environment

MODERN THREATS DRIVE DEMAND FOR NEW GENERATION MULTI-FACTOR AUTHENTICATION

RSA SecurID Two-factor Authentication

9. Information Assurance and Security, Protecting Information Resources. Janeela Maraj. Tutorial 9 21/11/2014 INFO 1500

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

Beyond passwords: Protect the mobile enterprise with smarter security solutions

How to reduce the cost and complexity of two factor authentication

Guide to Evaluating Multi-Factor Authentication Solutions

White Paper Preventing Man in the Middle Phishing Attacks with Multi-Factor Authentication

The Key to Secure Online Financial Transactions

Protecting Yourself from Identity Theft

Don t Fall Victim to Cybercrime:

DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

Research Article. Research of network payment system based on multi-factor authentication

FORBIDDEN - Ethical Hacking Workshop Duration

Welcome Guide for MP-1 Token for Microsoft Windows

SECURE YOUR DATA EXCHANGE WITH SAFE-T BOX

Brainloop Cloud Security

Moving Beyond User Names & Passwords

Ultra-strong authentication to protect network access and assets

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

VoiceTrust Whitepaper. Employee Password Reset for the Enterprise IT Helpdesk

ITAR Compliance Best Practices Guide

Detailed Description about course module wise:

Advanced Biometric Technology

Franchise Data Compromise Trends and Cardholder. December, 2010

Moving Beyond User Names & Passwords Okta Inc. info@okta.com

Managed Security Services

Online security. Defeating cybercriminals. Protecting online banking clients in a rapidly evolving online environment. The threat.

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

Top tips for improved network security

STRONGER AUTHENTICATION for CA SiteMinder

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np

Protecting your business from fraud

The Information Security Problem

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

Loophole+ with Ethical Hacking and Penetration Testing

Information Security for Modern Enterprises

Common Remote Service Platform (crsp) Security Concept

SecurityMetrics Vision whitepaper

Corporate Account Take Over (CATO) Guide

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 10 Authentication and Account Management

Protecting Online Customers from Man-inthe-Browser and Man-in-the-Middle Attacks

Ed Ferrara, MSIA, CISSP Fox School of Business

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com

A Security Survey of Strong Authentication Technologies

Business Internet Banking / Cash Management Fraud Prevention Best Practices

Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard

ADVANCE AUTHENTICATION TECHNIQUES

A Secure Authenticate Framework for Cloud Computing Environment

Online Cash Management Security: Beyond the User Login

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment

How to Prevent It What to Do If You Are a Victim

Secure Data Exchange Solution

AB 1149 Compliance: Data Security Best Practices

Cybersecurity Best Practices

RSA Authentication Manager 7.1 Security Best Practices Guide. Version 2

Ultra-strong authentication to protect network access and assets

Ultra-strong authentication to protect network access and assets

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief

Enhanced Security for Online Banking

Innovative Defense Strategies for Securing SCADA & Control Systems

What are the common online dangers?

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

When you listen to the news, you hear about many different forms of computer infection(s). The most common are:

Strong Authentication for Secure VPN Access

Business ebanking Fraud Prevention Best Practices

XYPRO Technology Brief: Stronger User Security with Device-centric Authentication

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

Mobile Identity: Improved Cybersecurity, Easier to Use and Manage than Passwords. Mika Devonshire Associate Product Manager

Two-Factor Authentication: Guide to FEXCO CFX SMS/APP Verification

Transcription:

Whitepaper on AuthShield Two Factor Authentication with ERP Applications By INNEFU Labs Pvt. Ltd

Table of Contents 1. Overview... 3 2. Threats to account passwords... 4 2.1 Social Engineering or Password Sharing... 4 2.2 Reuse Logins... 4 2.3 Identity thefts Phishing... 5 2.4 Virus, worms, Trojans... 5 3. Protecting Mail Accounts... 6 3.1 Two Factor Authentication: Why do you need it?... 6 3.1.1 Hard Token... 7 3.1.2 Soft Token... 8 3.1.3 Mobile Token... 8 3.2 Integration Architecture for AuthShield with web access to a Mail exchange server... Error! Bookmark not defined. 3.3 Integration Architecture for AuthShield with Microsoft Outlook... Error! Bookmark not defined. 4. Features... 10 5. Advantages of using AuthShield... 11 6. About Us... 12

1. Overview ERP applications are used across thousands of different industries all over the planet. 70% of the companies in the world today use ERP s to manage their operations. The ERP delivers a comprehensive set of integrated, cross-functional business processes. A large number of companies today use ERP to improve productivity and insight, alignment of strategies and operations, reduce costs and support changing industry requirements. With the rapid growing importance of ERP in an organization daily work processes, it has become one of the most critical targets for an attacker trying to harm the organization. With organizations moving away from the security of a private network to the cloud, new threats are constantly emerging and evolving online. Access to ERP provides immediate access to complete enterprise information as SAP databases are usually shared by several functions in different functional units participating in the same business process. Access to ERP may lead to leakage of HR or financial data, corporate secrets or in certain cases even SCADA systems.

Most of the ERP breaches are caused due to a single factor of authentication which users use to log into ERP. As per a recent report released in a security conference in 2013, 22% of ERP vulnerabilities arise from Missing Authorization check. In such an environment it has become critical to secure ERP s with Two Factor Authentication. 2. Threats to account passwords 2.1 Social Engineering or Password Sharing Most people end up sharing their passwords with their friends or colleagues. The act may be deliberate or accidental. But the fact remains that a user seldom even remembers the number of people the account details may have been shared with. At the same time, passwords are not changed at frequent interval, giving an outsider unlimited access to an account. Occasionally, users also fall prey to common social engineering techniques and end up revealing answers to their security questions thereby providing intruders a chance to gain unauthorized access to the account 2.2 Reuse Logins A user on the net usually has more than one account. Most users end up using same or similar passwords in multiple accounts "According to a survey carried out 70% of people reuse their passwords in multiple accounts. Less than 2% users have passwords that are complex enough and long enough to resist a combination of dictionary, rainbow and brute-force attacks"

leading to a possibility where an inadvertent leak may lead to providing access to multiple accounts 2.3 Identity thefts Phishing One Phishing attack at a Bank / Online Portal / store/ BPO etc can lead to a loss of thousands of accounts in one step Acquire details such as credentials to ERP and other critical applications etc by masquerading as a trustworthy entity. Such an information breach by authorized personnel either intentionally or accidentally, can cause irreparable damage to an organization. 2.4 Virus, worms, Trojans Keyloggers, remote sniffers, worms and other types of Trojans have been used since the evolution of the internet to steal user s identity. Most data is accessed from stolen computers and laptops or by hackers capturing data on unprotected networks.

3. Protecting ERP Accounts When your organization banks on you, what do you bank on? Prevention is always better than cure. It is truer today than ever before when the theft is conducted on the net with no physical threats and with less cost to the perpetrator of the crime. The only challenge that remains is to cover ones tracks and considering the massive flow of information on the net almost on a daily basis, it is not much difficult either. The best way to beat a thief is to think like one 3.1 Two Factor Authentication: Why do you need it? Phishers try to obtain personal information such as your password or PIN-code by pretending to be a legitimate entity. Using Phishing, static passwords can be easily hacked providing fraudsters easy access your personal accounts, files and confidential information. Innefu s AuthShield - Two Factor Authentication maps the physical identity of the user to the server and increases the security of financial and other critical systems. Integrating Stronger User Authentication system not only helps

prevent Online Credit Card fraud, Card Cloning, Identity theft but also helps in the capture of habitual cyber criminals. AuthShield authenticates and verifies the user based on something only the user has (mobile phone/ soft token/ hard token) something only the user knows (user id and password) AuthShield technology uses a dual mode of identification where along with the user id and password, verification is done through a secure randomly generated one time password (OTP). This is provided to the user through - 3.1.1 Hard Token AuthShield s hard token is a security device given to authorized users who keep them in their possession. To verify a transaction using second factor of authentication, the device displays a changing number that is typed in as a password. The new number is based on a pre defined unbreakable randomized algorithm. Thereby, the hard token enables the server to authenticate the digital identity of the sender using a hardware device apart from his user name and password.

3.1.2 SMS Token On verifying user information an OTP is sent to the user s phone via SMS/ automated call. The One time password is generated using a combination of multiple unbreakable encryption algorithms. The algorithm generates an unbreakable one time password every time the user logs onto a DMZ (De militarized zone) as specified by the IT architecture. 3.1.3 Mobile Token AuthShield s mobile token is an application installed on smart phones which generates an OTP for the user on the phone itself. The password is based on a pre defined unbreakable randomized algorithm. The architecture remains similar to a Hard Token except that the user only has to carry his mobile phone. Thereby, the device enables the server to authenticate the digital identity of the sender using a mobile phone apart from his user name and password.

3.1.2 Soft Token Application installed on the system generates a One Time Password using a combination of multiple unbreakable encryption algorithms. The user has to enter a Pin to generate the OTP on the desktop / laptop itself. 4. Integration with ERP

Process Changes made to the authentication module of the application User enters his User name and Password User Name and Password are authenticated by LDAP After due validation, User name and OTP is forwarded to the IAS server which authenticates the request 5. Features OS Independent Authentication Mechanism Seamless Integration with the current business and security architecture 99% security from Phishing attacks and identity thefts Unbreakable encryption on the lines of those used by US Government Logs are maintained to fix responsibility in case of an unlawful event.

6. Advantages of using AuthShield For Users Using INNEFU s two factor authentication can help prevent- Online credit card fraud Phishing Card cloning Unauthorized access to data by employees. For the organization OS Independent Authentication Mechanism Seamless Integration with the current business and security architecture Increases the log on security for critical applications. According to a recent survey across ten cities in India, overwhelming 84% internet users indicated that they would like to use two factor authentications (2FA) to protect their identity

6. About Us The world today revolves around information. Information today is the energy that plays a critical role in our personal lives and drives our businesses. As we move further into this digital age, it has become imperative to not just protect our information from outsiders but to also draw intelligence from the vast amount information available to us. Internet is the new playground for unwanted elements of society intent on committing terrorist or espionage activities, financial frauds or identity thefts. Keeping this in mind, it has become imperative to not only prevent these acts but also be in a position to intercept, monitor and block Internet communication to draw intelligence out of them. INNEFU is a research oriented Information Security consulting group specializing in meeting the Information Security needs of the consumer via specialized products and services. We believe in innovating and creating the latest technologies to combat the rapidly growing menace of hacking and reduce dependency on human factors. We offer a complete gamut of Information Security services under one roof which includes our patented and patent pending products like 99% Secure - Cyber Cafe Surveillance, Tactical Internet Interception, Multi Factor Authentication, Link analysis and Pattern Matching and services like complete corporate security process management, web application security and managed security services.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information