0 1 WHAT KEEPS USERS AWAY? 2 47% 46% 43% 39% 40% 50% 45% 34% 21% 15% 20% 19% 13% 26% 20% 12% I fear...
-
Upload
patrick-black -
Category
Documents
-
view
212 -
download
0
Transcript of 0 1 WHAT KEEPS USERS AWAY? 2 47% 46% 43% 39% 40% 50% 45% 34% 21% 15% 20% 19% 13% 26% 20% 12% I fear...
![Page 1: 0 1 WHAT KEEPS USERS AWAY? 2 47% 46% 43% 39% 40% 50% 45% 34% 21% 15% 20% 19% 13% 26% 20% 12% I fear that my account information will be viewed by an unauthorized.](https://reader035.fdocuments.net/reader035/viewer/2022070403/56649f2a5503460f94c44987/html5/thumbnails/1.jpg)
2
![Page 2: 0 1 WHAT KEEPS USERS AWAY? 2 47% 46% 43% 39% 40% 50% 45% 34% 21% 15% 20% 19% 13% 26% 20% 12% I fear that my account information will be viewed by an unauthorized.](https://reader035.fdocuments.net/reader035/viewer/2022070403/56649f2a5503460f94c44987/html5/thumbnails/2.jpg)
WHAT KEEPS USERS AWAY?
3
47%46%
43%39%
40%
50%45%
34%
21%15%
20%19%
13%26%
20%12%
I fear that my account information will be
viewed by an unauthorized party
I prefer dealing with people
I do not want to pay a fee
I do not find online banking
valuable
2008
2007
2006
2005
0% 10% 20% 30% 40% 50% 60%
©Javelin Strategy and Research, August 2008
![Page 3: 0 1 WHAT KEEPS USERS AWAY? 2 47% 46% 43% 39% 40% 50% 45% 34% 21% 15% 20% 19% 13% 26% 20% 12% I fear that my account information will be viewed by an unauthorized.](https://reader035.fdocuments.net/reader035/viewer/2022070403/56649f2a5503460f94c44987/html5/thumbnails/3.jpg)
Identity Fraud – Evolution and Solutions
![Page 4: 0 1 WHAT KEEPS USERS AWAY? 2 47% 46% 43% 39% 40% 50% 45% 34% 21% 15% 20% 19% 13% 26% 20% 12% I fear that my account information will be viewed by an unauthorized.](https://reader035.fdocuments.net/reader035/viewer/2022070403/56649f2a5503460f94c44987/html5/thumbnails/4.jpg)
AgendaAttack vectors
– Phishing
– Man-in-the-middle (MITM) attacks
– MalwareSolutions
– One-time passwords
– Transaction signatures
– Endpoint assessmentSummary
5
![Page 5: 0 1 WHAT KEEPS USERS AWAY? 2 47% 46% 43% 39% 40% 50% 45% 34% 21% 15% 20% 19% 13% 26% 20% 12% I fear that my account information will be viewed by an unauthorized.](https://reader035.fdocuments.net/reader035/viewer/2022070403/56649f2a5503460f94c44987/html5/thumbnails/5.jpg)
Phishing
6
![Page 6: 0 1 WHAT KEEPS USERS AWAY? 2 47% 46% 43% 39% 40% 50% 45% 34% 21% 15% 20% 19% 13% 26% 20% 12% I fear that my account information will be viewed by an unauthorized.](https://reader035.fdocuments.net/reader035/viewer/2022070403/56649f2a5503460f94c44987/html5/thumbnails/6.jpg)
Pharming
7
http://www
http://wwwhttp://www
User
Websitewww.nicebank.com
Fake Websitewww.n1cebank.com
Attacker
DNS Server(Local or ISP)
![Page 7: 0 1 WHAT KEEPS USERS AWAY? 2 47% 46% 43% 39% 40% 50% 45% 34% 21% 15% 20% 19% 13% 26% 20% 12% I fear that my account information will be viewed by an unauthorized.](https://reader035.fdocuments.net/reader035/viewer/2022070403/56649f2a5503460f94c44987/html5/thumbnails/7.jpg)
Smishing
8
![Page 8: 0 1 WHAT KEEPS USERS AWAY? 2 47% 46% 43% 39% 40% 50% 45% 34% 21% 15% 20% 19% 13% 26% 20% 12% I fear that my account information will be viewed by an unauthorized.](https://reader035.fdocuments.net/reader035/viewer/2022070403/56649f2a5503460f94c44987/html5/thumbnails/8.jpg)
Vishing
9
![Page 9: 0 1 WHAT KEEPS USERS AWAY? 2 47% 46% 43% 39% 40% 50% 45% 34% 21% 15% 20% 19% 13% 26% 20% 12% I fear that my account information will be viewed by an unauthorized.](https://reader035.fdocuments.net/reader035/viewer/2022070403/56649f2a5503460f94c44987/html5/thumbnails/9.jpg)
11
Two factor authenticationSomething the user hasStrengths
– Compromised user credentials less valuable for attacker
– Break down the traditional economic model of phishing attacks
![Page 10: 0 1 WHAT KEEPS USERS AWAY? 2 47% 46% 43% 39% 40% 50% 45% 34% 21% 15% 20% 19% 13% 26% 20% 12% I fear that my account information will be viewed by an unauthorized.](https://reader035.fdocuments.net/reader035/viewer/2022070403/56649f2a5503460f94c44987/html5/thumbnails/10.jpg)
12
Types of one-time-passwordsCounter-based one-time passwordsTime-based one-time passwordsChallenge-based one-time passwordsMutual authentication one-time passwordsOut-of-Band one-time passwords
![Page 11: 0 1 WHAT KEEPS USERS AWAY? 2 47% 46% 43% 39% 40% 50% 45% 34% 21% 15% 20% 19% 13% 26% 20% 12% I fear that my account information will be viewed by an unauthorized.](https://reader035.fdocuments.net/reader035/viewer/2022070403/56649f2a5503460f94c44987/html5/thumbnails/11.jpg)
OATH (Open Authentication)A group of technology and industry leaders
– 60+ members
– Open and royalty-free specifications
– Promote interoperability
Benefits– Standardization drives down cost
– Prevents “vendor lock-in”
![Page 12: 0 1 WHAT KEEPS USERS AWAY? 2 47% 46% 43% 39% 40% 50% 45% 34% 21% 15% 20% 19% 13% 26% 20% 12% I fear that my account information will be viewed by an unauthorized.](https://reader035.fdocuments.net/reader035/viewer/2022070403/56649f2a5503460f94c44987/html5/thumbnails/12.jpg)
MITM / MITB attacks
14
Man-in-the-middle attack
End-User“John”
1. “John”, “psd”
BrowserNetBankingServer
Banking Trojan
2. OTP
3. $500 to Bob
1. “John”, “pswd”
2. OTP
3. $500 to Bob
1. “John”, “pswd”
2. OTP
3. $5000 to Bill
End-User’s Computer
Man-in-the-browser attack
WebServerEnd-User MITM
![Page 13: 0 1 WHAT KEEPS USERS AWAY? 2 47% 46% 43% 39% 40% 50% 45% 34% 21% 15% 20% 19% 13% 26% 20% 12% I fear that my account information will be viewed by an unauthorized.](https://reader035.fdocuments.net/reader035/viewer/2022070403/56649f2a5503460f94c44987/html5/thumbnails/13.jpg)
Transaction Signing Soft TokensSignature = cryptographic Message Authentication Code
15
On Internet BankingOn the software token
Enter Account no
0243758
Enter Amount
0243758
500.00
Generate Signature
0243758
500.00
afcbff100
Seal Transaction with Signature
0243758
500.00
afcbff100
Transaction signature stored in Audit Log for verification
![Page 14: 0 1 WHAT KEEPS USERS AWAY? 2 47% 46% 43% 39% 40% 50% 45% 34% 21% 15% 20% 19% 13% 26% 20% 12% I fear that my account information will be viewed by an unauthorized.](https://reader035.fdocuments.net/reader035/viewer/2022070403/56649f2a5503460f94c44987/html5/thumbnails/14.jpg)
Risk levels (NIST SP 800-63-1)
16
Minimal
High
Medium
Low
KB
A
OT
P
PK
I
OO
B
![Page 15: 0 1 WHAT KEEPS USERS AWAY? 2 47% 46% 43% 39% 40% 50% 45% 34% 21% 15% 20% 19% 13% 26% 20% 12% I fear that my account information will be viewed by an unauthorized.](https://reader035.fdocuments.net/reader035/viewer/2022070403/56649f2a5503460f94c44987/html5/thumbnails/15.jpg)
17
Security Industry in 2001
Security Industry in 2011
![Page 16: 0 1 WHAT KEEPS USERS AWAY? 2 47% 46% 43% 39% 40% 50% 45% 34% 21% 15% 20% 19% 13% 26% 20% 12% I fear that my account information will be viewed by an unauthorized.](https://reader035.fdocuments.net/reader035/viewer/2022070403/56649f2a5503460f94c44987/html5/thumbnails/16.jpg)
18
Trojans / Malware
![Page 17: 0 1 WHAT KEEPS USERS AWAY? 2 47% 46% 43% 39% 40% 50% 45% 34% 21% 15% 20% 19% 13% 26% 20% 12% I fear that my account information will be viewed by an unauthorized.](https://reader035.fdocuments.net/reader035/viewer/2022070403/56649f2a5503460f94c44987/html5/thumbnails/17.jpg)
Endpoint AssessmentEndpoint Security Assessment
Session Clean-Up
19
POLICY
Personal FirewallAnti-VirusSpywarePatches
Inventory Device usingFile ScanProcess ScanRegistry ScanOS Scan
Compare device scan with access policy
SCAN COMPARE
AllowPartial PassDecline
![Page 18: 0 1 WHAT KEEPS USERS AWAY? 2 47% 46% 43% 39% 40% 50% 45% 34% 21% 15% 20% 19% 13% 26% 20% 12% I fear that my account information will be viewed by an unauthorized.](https://reader035.fdocuments.net/reader035/viewer/2022070403/56649f2a5503460f94c44987/html5/thumbnails/18.jpg)
20
SummarySophistication of identity fraud schemes is increasing Authentication deployments are converging to:
– Hybrid solutions: >1 authentication method per end-user
– Risk-based authentication
– Endpoint security assessmentChoose a technology that
– Does not lock you in
– Provides entire solution – from authentication to endpoint assessment to abolishment