AuthShield is a pioneer in the arena of catering Information security solution to businesses of different genres. Innovative features and convenience of services are two important aspects of this company.
6. CURRENT ARCHITECTURE
Disparate Architecture
Servers on Public IP’s
No single Sign on
No DMZ
No Multifactor Authentication
05/26/15
6
PrivateandConfidential-INNEFULABS
7. INFORMATION SECURITY -
CURRENT
Anti – Virus
Firewall
Unified Threat Management
People and Processes –
Security Policy
Processes to connect to the Internet
No authorization for Pen drives, CD’s, Laptops etc
05/26/15
7
PrivateandConfidential-INNEFULABS
8. INFORMATION SECURITY
Single Sign on, authentication and Authorization
– Open LDAP / AD integrated with RADIUS
Virtual Private Network for critical Third party
Applications
Multifactor Authentication for –
Net Banking
Core Banking Applications
Third Party Applications
Technical Audit – Vulnerability Assessment and
Penetration testing
05/26/15
8
PrivateandConfidential-INNEFULABS
10. ADVANTAGES
User only has to remember a single password
instead of multiple complex passwords
Reduces time spent re-entering passwords for the
same identity
Increases security - Users select stronger
passwords, since the need for multiple passwords
and change synchronization is avoided
Security on all levels of entry/exit/access to
systems without the inconvenience of re-
prompting users
05/26/15
10
PrivateandConfidential-INNEFULABS
12. ADVANTAGES
Client Server Architecture
Once the user is authenticated, the client
provides the user with access to appropriate
network services
The Authentication Request is sent over the
network from the RADIUS client to the RADIUS
server
If the user name and password are correct, the
server sends an Authentication Acknowledgment
that includes information on the user's network
system and service requirements.
05/26/15
12
PrivateandConfidential-INNEFULABS
13. VPN FOR THIRD PARTY
APPLICATIONS
05/26/15
13
PrivateandConfidential-INNEFULABS
15. ADVANTAGES
Extended connections across multiple geographic
locations without using a leased line
Improved security for exchanging data
Flexibility for remote offices and employees to
use the business intranet over an existing
Internet connection as if they're directly
connected to the network
Savings in time and expense for employees to
commute if they work from home
Improved productivity for remote employees
05/26/15
15
PrivateandConfidential-INNEFULABS
17. IDENTITY THEFT
Fastest growing white collar crime
11 Million Americans affected in 2010-2011
• 900,000 new victims each year
• Cost to businesses more than $50 billion
• Cost per incident to company $6,383
Hours spent per victim resolving the problem as shown by identity
theft statistics: 30
Irreparable loss to Company’s Brand/Image
Loss of Clientele
05/26/15
17
PrivateandConfidential-INNEFULABS
19. POINT OF ATTACK
Customers
Vendors
Development Team
Power Users/Key Users/Super Users
Agents
End Users
Employees…
05/26/15
19
PrivateandConfidential-INNEFULABS
20. METHODS OF ATTACK
Phishing
Virus, Trojans, worms inside the company’s
architecture or personal computer of users
LAN Attacks – Remote Sniffing
Web Vulnerabilities including SQL Injection,
XSS attacks and Cookie capturing
05/26/15
20
PrivateandConfidential-INNEFULABS
21. ASSETS
Web Application
Application Servers
VPN/SSL
Intranet Applications
Database Servers
Local LAN / WiFi
05/26/15
21
PrivateandConfidential-INNEFULABS
22. MFID – MULTIFACTOR
AUTHENTICATION
Map the physical identity of the user to the
server
Identify the user based on –
Something he knows (user name / password)
Something in the users possessions
05/26/15
22
PrivateandConfidential-INNEFULABS
23. INNEFU’S AUTHSHIELD
Multi factor authentication system which uses
either of the three authentication mechanisms
Soft Token
Hard token
Mobile Token
E-Token
05/26/15
23
PrivateandConfidential-INNEFULABS
24. HARD TOKEN – IDENTIFYING THE USER ON
THE BASIS OF HIS KEY
05/26/15
24
PrivateandConfidential-INNEFULABS
25. PROTECT VPN AND CUSTOM MADE
APPLICATIONS
Security device given to authorized users
The device displays a changing number that is
typed in as a password
The password is based on a pre defined
unbreakable randomized algorithm
Every time the user accesses a critical IT asset,
the randomly generated number is matched with
the server to verify users credentials
05/26/15
25
PrivateandConfidential-INNEFULABS
26. SOFT TOKEN – IDENTIFYING THE USER ON
THE BASIS OF HIS PHONE NUMBER
05/26/15
26
PrivateandConfidential-INNEFULABS
27. MOBILE TOKEN – GENERATING TOKEN
VIA MOBILE PHONES
Innefu BlackBerry AuthShield for Web Clients–
05/26/15
27
PrivateandConfidential-INNEFULABS
1). User accesses the token generation
application on his BB device
3). Request Forwarded to IAS
3).
2).Request Sent to BES
4). Token Generated
6). Access
BES
IAS
Web Client –
UN+PWD+TOKEN
5). Credentials Entered
IAS & AD
28. PROTECT INTERNET BANKING
The OTP is sent either via SMS or the OTP is
generated by the smart phone itself
The user use the OTP to log into any web
application or intranet application
Works on all smart phones with GPRS enabled
The system does not depend on the memory or
the processor usage of the phones
05/26/15
28
PrivateandConfidential-INNEFULABS
29. FEATURES
OS Independent Authentication Mechanism
Seamless Integration with the current business
and security architecture
Works as a stand alone authentication
mechanism or in connection with-
Microsoft AD
Firewall
VPN
Wi-Fi
Terminal services etc
05/26/15
29
PrivateandConfidential-INNEFULABS
30. CONTD.
Increases the log on security for critical
applications
Unbreakable encryption on the lines of those
used by US Government
Prevent identity theft by up to 99%
05/26/15
30
PrivateandConfidential-INNEFULABS
31. CONTD.
All logs are stored in a secured database
(completely encrypted) for future analysis
Date and Time
User
Time Gap
Access to logs only available to Admin team
Privileges assigned to every users
IP Address of the user
05/26/15
31
PrivateandConfidential-INNEFULABS
32. TECHNICAL AUDIT
Vulnerability Assessment and Penetration
testing
Internal Audit – Test all the IT assets of the
organization with login privileges
External Audit – Test all the IT assets of the
organization without login privileges
Identify all vulnerabilities
Penetration tests to remove false positives
05/26/15
32
PrivateandConfidential-INNEFULABS