15 Tactical Improvements to IT Security Virtual Keyboard, Two Factor Authentication, Active...
-
Upload
kelly-barrett -
Category
Documents
-
view
214 -
download
1
Transcript of 15 Tactical Improvements to IT Security Virtual Keyboard, Two Factor Authentication, Active...
1
Tactical Improvements to IT Security
Virtual Keyboard, Two Factor Authentication, Active Confirmation and FAA Access to CPS Online
Ganesh Reddy
2
Tactical Improvements to IT Security
Quick fixes and high impact improvements that can be implemented in a short timeframe to enhance the IT security
Virtual Keyboard• Implement technologies appropriate for Federal Student Aid that evade potential
"key logging"
Two-Factor Authentication (T-FA)• Implement Two-Factor Authentication solution for privileged users to access
National Student Loan Data System (NSLDS) from internet
Active Confirmation• Assess current state of access controls for partners and deploy an “active
confirmation” process
FAA Access to CPS Online Login• Enhance current state of access to limit use of Personal Identifying Information
(PII)
3
Virtual Keyboard
4
Keylogging – Virtual Keyboard
Keylogging (Keystroke logging) is a method of capturing and recording user keystrokes. Some of the common technologies used to evade keylogging include:
Anti-spyware Monitoring what programs are running Firewall Network Monitors Automatic form filler programs Alternative keyboard layouts One-time passwords Smartcards Virtual keyboards
Virtual keyboards are provided on the application login page and do not require end users acquire additional software
5
Keylogging – Virtual Keyboard
6
Keylogging – Virtual Keyboard
7
Virtual Keyboard at Federal Student Aid
8
Federal Student Aid Virtual Keyboard Features
Virtual keyboards are provided on the Security Architecture (SA) login page and do not require end users acquire additional software. Some of the features of Federal Student Aid Virtual Keyboard include:
Highly effective in evading “Key Logging” Widely used by many financial institutions Least expensive technology to deploy (even for 50 million users) Does not require any new hardware or software on client machines Does not require any changes to the applications Available to all applications that use SA Works in conjunction with the existing keyboard Usage is optional but can be made mandatory based on security policy Keys can entered by mouse click or by leaving mouse on the key for 2 seconds Virtual keyboard randomly shifts on the screen Supports multiple keyboard layouts (US and Dvork)
9
Two-Factor Authentication
10
T-FA Implementation Objectives
Federal Student Aid is implementing Two-Factor Authentication (T-FA) for privileged users to access Federal Student Aid systems from the internet to enhance the security of its information systems
11
What is Two-Factor Authentication?
Two-Factor Authentication (T-FA) uses two pieces of information and processes (two different methods) to authenticate a person's identity for security purposes.
Authentication factors are generally classified into three categories:
Something the user has
• ID card, security token, software token, phone, or cell phone
Something the user knows
• password, pass phrase, or personal identification number
Something the user is
• fingerprint or retinal pattern, voice recognition, or another biometric identifier
Two-Factor Authentication requires the use of solutions from two of the three categories of factors.
12
T-FA Technologies
Some of the common technologies used as the second factor authentication in concert with User ID and Password include:
Hardware Tokens - generate a constantly changing one-time password to enable authentication.
Software Tokens on PCs - enable authentication with computer as second factor authenticator.
Software Tokens on Mobile Devices - allow authentication from smart phones and PDAs.
Smart Cards - enable authentication as well as of physical access.
USB Tokens - enable authentication without the need to key in a token code (can be plugged into a standard USB port).
Biometric Devices - enable authentication according to the physical characteristics of a user (fingerprint and retina scans).
13
Federal Student Aid T-FA Features
Two-Factor Authentication solution features:
Reliable, scalable, available, and meets sub-second performance standards
Compatible and interoperable with Federal Student Aid Standards
Integrates seamlessly with existing Federal Student Aid architectures
Supports web applications and does not require client-side software
Compliant with NIST, FIPS and other federal T-FA standards
Has ongoing operations and maintenance product support
Based on mature technology with a broad installed market base
14
Active Confirmation
15
What is Active Confirmation?
Active confirmation is the process of a Designated Point Administrator (DPA) reviewing users' access privileges on a establish time schedule and confirming these users' privileges. This will help ensure an updated and secure environment for system accessibility.
The Federal Student Aid DPAs will be required to review their list of users who access Federal Student Aid systems and confirm that each individual continues to be a valid user. This will be done on a periodic basis.
16
“Active Confirmation” Process
The DPA Roster Placed in all “Primary” TG Number mailboxes
Provided a list of employees that currently possess TG numbers
Requires validation or deletion of TG Numbers assigned to your organization in the SAIG Enrollment Web site
The FAA Roster Placed in mailboxes of Primary TG Numbers of organizations
Provided a list of employees at your organization who are currently enrolled for access to FAA Access to CPS Online services
Requires validation or deletion of FAA Users assigned to your organization in the SAIG Enrollment Web site
17
FAA Access to CPS Online
18
FAA Access to CPS Online Login
Enhance current state of access to limit use of Personal Identifying Information (PII)
New FAA Access to CPS Online Login
First Time Registration
Self Service Password Reset
Implementation Schedule
19
Current FSA Web Enroll Site Login
Currently: Enter SSN and DOB on the login page to access the Student Aid Internet WebEnroll Site
20
Current FAA Access to CPS Online Login
Currently:Enter SSN, first 2 letters of last name, DOB, and PIN on the FAA Access to CPS Online login page to access the application
21
New FAA Access to CPS Online Login
FAA Access to CPS Online Registration link can be accessed from the FAA Access Login page
22
FSA SA Registration – Confirm Identity
Confirm your identity by entering the FSA provided Unique Identifier
23
Confirm or update your current Email addressYour name retrieved from SAIG Participation Management System cannot be updated
SA Registration - E-mail Address
24
SA Registration - Select a Password
Select a password and choose any three Challenge Response Questions and provide answers
These questions will be used to reset your password
25
SA Registration – Confirm Role
Confirm the Role retrieved from SAIG Participation Management enrollment system
26
SA Registration - Confirmation
Confirm the registration information
27
SA Registration - Acknowledgement
System confirms successful Registration You will receive your User ID in the email
28
Forgot Password
If you forget your password, the “Forgot Password” link can be used to reset your password. This link is located on the Login Page.
29
Forgot Password
Provide your User ID to retrieve your challenge questions
30
Answer Challenge Question
You will be prompted to answer one of the Challenge Response Questions to confirm your identity
31
Enter New Password
Provide a new password - this will replace your old password
32
New Password Confirmation
Your password has been changed
33
FAA Access to CPS Online Login
Enter User ID and password on the FAA Access to CPS Online Login page to access the application
fafsa.ed.gov/FOTWWebApp/faa/faa.jsp
34
Password Policies
Password Policy• Expires every 90 days
• Complex alpha-numeric passwords
• Answer challenge questions to reset password
Password Lockout• 3 unsuccessful login attempts
• Can still use “Forgot Password” application
• Login disabled for 30 minutes
35
Questions?
36
We appreciate your feedback and comments. We can be reached at:
• [email protected]• [email protected]
Contact Information