Auth shield information security solution provider for banking sector in india
-
Upload
authshield-labs -
Category
Technology
-
view
39 -
download
3
Transcript of Auth shield information security solution provider for banking sector in india
INFORMATION SECURITY“The threats from within are increasing on a daily basis. 78% of all information security breaches happen internally”
WELCOME TO – GREATER MUMBAI BANK
04
/15
/23
Priv
ate
and C
onfidentia
l - INN
EFU
LAB
S
2
PRESENTATION FORMAT
Current Architecture Secure Architecture - INNEFU’s AuthShield
04
/15
/23
3
Priv
ate
and C
onfidentia
l - INN
EFU
LAB
S
04
/15
/23
Priv
ate
and C
onfidentia
l - INN
EFU
LAB
S
4
CURRENT ASSETS
E-mail servers Database servers Core Banking Application / Application
Servers Intranet Applications Web Applications
04
/15
/23
5
Priv
ate
and C
onfidentia
l - INN
EFU
LAB
S
CURRENT ARCHITECTURE
Disparate Architecture Servers on Public IP’s No single Sign on No DMZ No Multifactor Authentication
04
/15
/23
6
Priv
ate
and C
onfidentia
l - INN
EFU
LAB
S
INFORMATION SECURITY - CURRENT
Anti – Virus
Firewall
Unified Threat Management
People and Processes –
Security Policy Processes to connect to the Internet No authorization for Pen drives, CD’s, Laptops
etc
04
/15
/23
7
Priv
ate
and C
onfidentia
l - INN
EFU
LAB
S
INFORMATION SECURITY
Single Sign on, authentication and Authorization – Open LDAP / AD integrated with RADIUS
Virtual Private Network for critical Third party Applications
Multifactor Authentication for – Net Banking Core Banking Applications Third Party Applications
Technical Audit – Vulnerability Assessment and Penetration testing
04
/15
/23
8
Priv
ate
and C
onfidentia
l - INN
EFU
LAB
S
SINGLE SIGN ON
04
/15
/23
9
Priv
ate
and C
onfidentia
l - INN
EFU
LAB
S
ADVANTAGES
User only has to remember a single password instead of multiple complex passwords
Reduces time spent re-entering passwords for the same identity
Increases security - Users select stronger passwords, since the need for multiple passwords and change synchronization is avoided
Security on all levels of entry/exit/access to systems without the inconvenience of re-prompting users
04
/15
/23
10
Priv
ate
and C
onfidentia
l - INN
EFU
LAB
S
RADIUS SERVER
04
/15
/23
11
Priv
ate
and C
onfidentia
l - INN
EFU
LAB
S
ADVANTAGES
Client Server Architecture Once the user is authenticated, the client
provides the user with access to appropriate network services
The Authentication Request is sent over the network from the RADIUS client to the RADIUS server
If the user name and password are correct, the server sends an Authentication Acknowledgment that includes information on the user's network system and service requirements.
04
/15
/23
12
Priv
ate
and C
onfidentia
l - INN
EFU
LAB
S
VPN FOR THIRD PARTY APPLICATIONS
04
/15
/23
13
Priv
ate
and C
onfidentia
l - INN
EFU
LAB
S
CONTD.
04
/15
/23
14
Priv
ate
and C
onfidentia
l - INN
EFU
LAB
S
ADVANTAGES
Extended connections across multiple geographic locations without using a leased line
Improved security for exchanging data Flexibility for remote offices and employees
to use the business intranet over an existing Internet connection as if they're directly connected to the network
Savings in time and expense for employees to commute if they work from home
Improved productivity for remote employees
04
/15
/23
15
Priv
ate
and C
onfidentia
l - INN
EFU
LAB
S
MULTIFACTOR AUTHENTICATION
04
/15
/23
16
Priv
ate
and C
onfidentia
l - INN
EFU
LAB
S
Point of Attack
IDENTITY THEFT Fastest growing white collar crime
11 Million Americans affected in 2010-2011
900,000 new victims each year
Cost to businesses more than $50 billion
Cost per incident to company $6,383
Hours spent per victim resolving the problem as shown by identity theft statistics: 30
Irreparable loss to Company’s Brand/Image
Loss of Clientele
04
/15
/23
17
Priv
ate
and C
onfidentia
l - INN
EFU
LAB
S
04
/15
/23
Priv
ate
and C
onfidentia
l - INN
EFU
LAB
S
18
POINT OF ATTACK
Customers Vendors Development Team Power Users/Key Users/Super Users Agents End Users Employees…
04
/15
/23
19
Priv
ate
and C
onfidentia
l - INN
EFU
LAB
S
METHODS OF ATTACK
Phishing
Virus, Trojans, worms inside the company’s architecture or personal computer of users
LAN Attacks – Remote Sniffing
Web Vulnerabilities including SQL Injection, XSS attacks and Cookie capturing
04
/15
/23
20
Priv
ate
and C
onfidentia
l - INN
EFU
LAB
S
ASSETS
Web Application
Application Servers
VPN/SSL
Intranet Applications
Database Servers
Local LAN / WiFi
04
/15
/23
21
Priv
ate
and C
onfidentia
l - INN
EFU
LAB
S
MFID – MULTIFACTOR AUTHENTICATION
Map the physical identity of the user to the server
Identify the user based on – Something he knows (user name / password) Something in the users possessions
04
/15
/23
22
Priv
ate
and C
onfidentia
l - INN
EFU
LAB
S
INNEFU’S AUTHSHIELD
Multi factor authentication system which uses either of the three authentication mechanisms
Soft TokenHard tokenMobile TokenE-Token
04
/15
/23
23
Priv
ate
and C
onfidentia
l - INN
EFU
LAB
S
HARD TOKEN – IDENTIFYING THE USER ON THE BASIS OF HIS KEY
04
/15
/23
24
Priv
ate
and C
onfidentia
l - INN
EFU
LAB
S
PROTECT VPN AND CUSTOM MADE APPLICATIONS
Security device given to authorized users
The device displays a changing number that is typed in as a password
The password is based on a pre defined unbreakable randomized algorithm
Every time the user accesses a critical IT asset, the randomly generated number is matched with the server to verify users credentials
04
/15
/23
25
Priv
ate
and C
onfidentia
l - INN
EFU
LAB
S
SOFT TOKEN – IDENTIFYING THE USER ON THE BASIS OF HIS PHONE NUMBER
04
/15
/23
26
Priv
ate
and C
onfidentia
l - INN
EFU
LAB
S
MOBILE TOKEN – GENERATING TOKEN VIA MOBILE PHONES
Innefu BlackBerry AuthShield for Web Clients– 04
/15
/23
27
Priv
ate
and C
onfidentia
l - INN
EFU
LAB
S
1). User accesses the token generation application on his BB device
3). Request Forwarded to IAS
3).
2).Request Sent to BES
4). Token Generated
6). Access
BES
IAS
Web Client –UN+PWD+TOKEN
5). Credentials Entered
IAS & AD
PROTECT INTERNET BANKING
The OTP is sent either via SMS or the OTP is generated by the smart phone itself
The user use the OTP to log into any web application or intranet application
Works on all smart phones with GPRS enabled
The system does not depend on the memory or the processor usage of the phones
04
/15
/23
28
Priv
ate
and C
onfidentia
l - INN
EFU
LAB
S
FEATURES
OS Independent Authentication Mechanism
Seamless Integration with the current business and security architecture
Works as a stand alone authentication mechanism or in connection with- Microsoft AD Firewall VPN Wi-Fi Terminal services etc
04
/15
/23
29
Priv
ate
and C
onfidentia
l - INN
EFU
LAB
S
CONTD.
Increases the log on security for critical applications
Unbreakable encryption on the lines of those used by US Government
Prevent identity theft by up to 99%
04
/15
/23
30
Priv
ate
and C
onfidentia
l - INN
EFU
LAB
S
CONTD.
All logs are stored in a secured database (completely encrypted) for future analysis Date and Time User Time Gap
Access to logs only available to Admin team
Privileges assigned to every users
IP Address of the user
04
/15
/23
31
Priv
ate
and C
onfidentia
l - INN
EFU
LAB
S
TECHNICAL AUDIT
Vulnerability Assessment and Penetration testing Internal Audit – Test all the IT assets of the
organization with login privileges External Audit – Test all the IT assets of the
organization without login privileges
Identify all vulnerabilities
Penetration tests to remove false positives
04
/15
/23
32
Priv
ate
and C
onfidentia
l - INN
EFU
LAB
S
THANK YOUQUESTIONS WELCOME
AUTH-SHIELD LABS PVT. LTD
http://auth-shield.com/
+91-11-47065864 / 66
04
/15
/23
Priv
ate
and C
onfidentia
l - INN
EFU
LAB
S
33