SlideShare uma empresa Scribd logo

Auth shield information security solution provider for banking sector in india

Transferir como PPT, PDF
AuthShield Labs
AuthShield Labs

AuthShield is a pioneer in the arena of catering Information security solution to businesses of different genres. Innovative features and convenience of services are two important aspects of this company.

Tecnologia
1 de 33
INFORMATION SECURITY “The threats from within are increasing on a daily basis. 78% of all information security breaches happen internally”
WELCOME TO – GREATER MUMBAI BANK 05/26/15PrivateandConfidential-INNEFULABS 2
PRESENTATION FORMAT  Current Architecture  Secure Architecture - INNEFU’s AuthShield 05/26/15 3 PrivateandConfidential-INNEFULABS
05/26/15PrivateandConfidential-INNEFULABS 4
CURRENT ASSETS  E-mail servers  Database servers  Core Banking Application / Application Servers  Intranet Applications  Web Applications 05/26/15 5 PrivateandConfidential-INNEFULABS
CURRENT ARCHITECTURE  Disparate Architecture  Servers on Public IP’s  No single Sign on  No DMZ  No Multifactor Authentication 05/26/15 6 PrivateandConfidential-INNEFULABS
INFORMATION SECURITY - CURRENT  Anti – Virus  Firewall  Unified Threat Management  People and Processes –  Security Policy  Processes to connect to the Internet  No authorization for Pen drives, CD’s, Laptops etc 05/26/15 7 PrivateandConfidential-INNEFULABS
INFORMATION SECURITY  Single Sign on, authentication and Authorization – Open LDAP / AD integrated with RADIUS  Virtual Private Network for critical Third party Applications  Multifactor Authentication for –  Net Banking  Core Banking Applications  Third Party Applications  Technical Audit – Vulnerability Assessment and Penetration testing 05/26/15 8 PrivateandConfidential-INNEFULABS
SINGLE SIGN ON 05/26/15 9 PrivateandConfidential-INNEFULABS
ADVANTAGES  User only has to remember a single password instead of multiple complex passwords  Reduces time spent re-entering passwords for the same identity  Increases security - Users select stronger passwords, since the need for multiple passwords and change synchronization is avoided  Security on all levels of entry/exit/access to systems without the inconvenience of re- prompting users 05/26/15 10 PrivateandConfidential-INNEFULABS
RADIUS SERVER 05/26/15 11 PrivateandConfidential-INNEFULABS
ADVANTAGES  Client Server Architecture  Once the user is authenticated, the client provides the user with access to appropriate network services  The Authentication Request is sent over the network from the RADIUS client to the RADIUS server  If the user name and password are correct, the server sends an Authentication Acknowledgment that includes information on the user's network system and service requirements. 05/26/15 12 PrivateandConfidential-INNEFULABS
VPN FOR THIRD PARTY APPLICATIONS 05/26/15 13 PrivateandConfidential-INNEFULABS
CONTD. 05/26/15 14 PrivateandConfidential-INNEFULABS
ADVANTAGES  Extended connections across multiple geographic locations without using a leased line  Improved security for exchanging data  Flexibility for remote offices and employees to use the business intranet over an existing Internet connection as if they're directly connected to the network  Savings in time and expense for employees to commute if they work from home  Improved productivity for remote employees 05/26/15 15 PrivateandConfidential-INNEFULABS
MULTIFACTOR AUTHENTICATION 05/26/15 16 PrivateandConfidential-INNEFULABS Point of Attack
IDENTITY THEFT  Fastest growing white collar crime  11 Million Americans affected in 2010-2011 • 900,000 new victims each year • Cost to businesses more than $50 billion • Cost per incident to company $6,383  Hours spent per victim resolving the problem as shown by identity theft statistics: 30  Irreparable loss to Company’s Brand/Image  Loss of Clientele 05/26/15 17 PrivateandConfidential-INNEFULABS
05/26/15PrivateandConfidential-INNEFULABS 18
POINT OF ATTACK  Customers  Vendors  Development Team  Power Users/Key Users/Super Users  Agents  End Users  Employees… 05/26/15 19 PrivateandConfidential-INNEFULABS
METHODS OF ATTACK  Phishing  Virus, Trojans, worms inside the company’s architecture or personal computer of users  LAN Attacks – Remote Sniffing  Web Vulnerabilities including SQL Injection, XSS attacks and Cookie capturing 05/26/15 20 PrivateandConfidential-INNEFULABS
ASSETS  Web Application  Application Servers  VPN/SSL  Intranet Applications  Database Servers  Local LAN / WiFi 05/26/15 21 PrivateandConfidential-INNEFULABS
MFID – MULTIFACTOR AUTHENTICATION  Map the physical identity of the user to the server  Identify the user based on –  Something he knows (user name / password)  Something in the users possessions 05/26/15 22 PrivateandConfidential-INNEFULABS
INNEFU’S AUTHSHIELD  Multi factor authentication system which uses either of the three authentication mechanisms Soft Token Hard token Mobile Token E-Token 05/26/15 23 PrivateandConfidential-INNEFULABS
HARD TOKEN – IDENTIFYING THE USER ON THE BASIS OF HIS KEY 05/26/15 24 PrivateandConfidential-INNEFULABS
PROTECT VPN AND CUSTOM MADE APPLICATIONS  Security device given to authorized users  The device displays a changing number that is typed in as a password  The password is based on a pre defined unbreakable randomized algorithm  Every time the user accesses a critical IT asset, the randomly generated number is matched with the server to verify users credentials 05/26/15 25 PrivateandConfidential-INNEFULABS
SOFT TOKEN – IDENTIFYING THE USER ON THE BASIS OF HIS PHONE NUMBER 05/26/15 26 PrivateandConfidential-INNEFULABS
MOBILE TOKEN – GENERATING TOKEN VIA MOBILE PHONES Innefu BlackBerry AuthShield for Web Clients– 05/26/15 27 PrivateandConfidential-INNEFULABS 1). User accesses the token generation application on his BB device 3). Request Forwarded to IAS 3). 2).Request Sent to BES 4). Token Generated 6). Access BES IAS Web Client – UN+PWD+TOKEN 5). Credentials Entered IAS & AD
PROTECT INTERNET BANKING  The OTP is sent either via SMS or the OTP is generated by the smart phone itself  The user use the OTP to log into any web application or intranet application  Works on all smart phones with GPRS enabled  The system does not depend on the memory or the processor usage of the phones 05/26/15 28 PrivateandConfidential-INNEFULABS
FEATURES  OS Independent Authentication Mechanism  Seamless Integration with the current business and security architecture  Works as a stand alone authentication mechanism or in connection with-  Microsoft AD  Firewall  VPN  Wi-Fi  Terminal services etc 05/26/15 29 PrivateandConfidential-INNEFULABS
CONTD.  Increases the log on security for critical applications  Unbreakable encryption on the lines of those used by US Government  Prevent identity theft by up to 99% 05/26/15 30 PrivateandConfidential-INNEFULABS
CONTD.  All logs are stored in a secured database (completely encrypted) for future analysis  Date and Time  User  Time Gap  Access to logs only available to Admin team  Privileges assigned to every users  IP Address of the user 05/26/15 31 PrivateandConfidential-INNEFULABS
TECHNICAL AUDIT  Vulnerability Assessment and Penetration testing  Internal Audit – Test all the IT assets of the organization with login privileges  External Audit – Test all the IT assets of the organization without login privileges  Identify all vulnerabilities  Penetration tests to remove false positives 05/26/15 32 PrivateandConfidential-INNEFULABS
THANK YOU QUESTIONS WELCOME AUTH-SHIELD LABS PVT. LTD http://auth-shield.com/ +91-11-47065864 / 66 contact@auth-shield.com 05/26/15PrivateandConfidential-INNEFULABS 33

Recomendados

SC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsSC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsForeScout Technologies
 
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365 Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365SecureAuth
 
BalaBit 2015: Control Your IT Staff
BalaBit 2015: Control Your IT StaffBalaBit 2015: Control Your IT Staff
BalaBit 2015: Control Your IT StaffSectricity
 
Secure enterprise mobility
Secure enterprise mobilitySecure enterprise mobility
Secure enterprise mobilityDATA SECURITY SOLUTIONS
 
Secure internet a6
Secure internet a6Secure internet a6
Secure internet a6niallmmackey
 
The Secure laptop - intro BXL
The Secure laptop - intro BXLThe Secure laptop - intro BXL
The Secure laptop - intro BXLSectricity
 
Transforming Smart Building Cybersecurity Strategy for the Age of IoT
Transforming Smart Building Cybersecurity Strategy for the Age of IoTTransforming Smart Building Cybersecurity Strategy for the Age of IoT
Transforming Smart Building Cybersecurity Strategy for the Age of IoTForescout Technologies Inc
 
How Secure Is Your Building Automation System?
How Secure Is Your Building Automation System? How Secure Is Your Building Automation System?
How Secure Is Your Building Automation System? Forescout Technologies Inc
 

Recomendados

SC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsSC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsForeScout Technologies
 
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365 Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365SecureAuth
 
BalaBit 2015: Control Your IT Staff
BalaBit 2015: Control Your IT StaffBalaBit 2015: Control Your IT Staff
BalaBit 2015: Control Your IT StaffSectricity
 
Secure enterprise mobility
Secure enterprise mobilitySecure enterprise mobility
Secure enterprise mobilityDATA SECURITY SOLUTIONS
 
Secure internet a6
Secure internet a6Secure internet a6
Secure internet a6niallmmackey
 
The Secure laptop - intro BXL
The Secure laptop - intro BXLThe Secure laptop - intro BXL
The Secure laptop - intro BXLSectricity
 
Transforming Smart Building Cybersecurity Strategy for the Age of IoT
Transforming Smart Building Cybersecurity Strategy for the Age of IoTTransforming Smart Building Cybersecurity Strategy for the Age of IoT
Transforming Smart Building Cybersecurity Strategy for the Age of IoTForescout Technologies Inc
 
How Secure Is Your Building Automation System?
How Secure Is Your Building Automation System? How Secure Is Your Building Automation System?
How Secure Is Your Building Automation System? Forescout Technologies Inc
 
The application security controller
The application security controllerThe application security controller
The application security controllerChris Swan
 
Bank ATM Security to Combat Physical and Logical Cyber Security Threats
Bank ATM Security to Combat Physical and Logical Cyber Security ThreatsBank ATM Security to Combat Physical and Logical Cyber Security Threats
Bank ATM Security to Combat Physical and Logical Cyber Security ThreatsMichelle Morgan-Nelsen
 
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkSecuring Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkIBM Security
 
Top 5 Reasons to Choose Adaptive SSO
Top 5 Reasons to Choose Adaptive SSOTop 5 Reasons to Choose Adaptive SSO
Top 5 Reasons to Choose Adaptive SSOSecureAuth
 
Secure Messaging Done Right
Secure Messaging Done RightSecure Messaging Done Right
Secure Messaging Done Right2sms, LLC
 
What’s the State of Your Endpoint Security?
What’s the State of Your Endpoint Security?What’s the State of Your Endpoint Security?
What’s the State of Your Endpoint Security?IBM Security
 
F-Secure Policy Manager - onsite security management with superior control
F-Secure Policy Manager - onsite security management with superior controlF-Secure Policy Manager - onsite security management with superior control
F-Secure Policy Manager - onsite security management with superior controlF-Secure Corporation
 
Security Trends in the Retail Industry
Security Trends in the Retail IndustrySecurity Trends in the Retail Industry
Security Trends in the Retail IndustryIBM Security
 
Zero Trust Cybersecurity for Microsoft Azure Cloud
Zero Trust Cybersecurity for Microsoft Azure Cloud Zero Trust Cybersecurity for Microsoft Azure Cloud
Zero Trust Cybersecurity for Microsoft Azure Cloud Block Armour
 
Passwordless is Possible - How to Remove Passwords and Improve Security
Passwordless is Possible - How to Remove Passwords and Improve Security Passwordless is Possible - How to Remove Passwords and Improve Security
Passwordless is Possible - How to Remove Passwords and Improve Security SecureAuth
 
Fortinet
FortinetFortinet
FortinetAsifur Rahman Asif
 
SecureTower General Info
SecureTower General InfoSecureTower General Info
SecureTower General InfoAnton Lishchuk
 
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteThe Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteIBM Security
 
Business Suite - Gain control of your IT security
Business Suite - Gain control of your IT securityBusiness Suite - Gain control of your IT security
Business Suite - Gain control of your IT securityF-Secure Corporation
 
Presentatie F-Secure 26062015
Presentatie F-Secure 26062015Presentatie F-Secure 26062015
Presentatie F-Secure 26062015SLBdiensten
 
Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-PracticesOctogence
 
HYPR: The Leading Provider of True Passwordless Security®
HYPR: The Leading Provider of True Passwordless Security®HYPR: The Leading Provider of True Passwordless Security®
HYPR: The Leading Provider of True Passwordless Security®HYPR
 
Attack Autopsy: A Study of the Dynamic Attack Chain
Attack Autopsy: A Study of the Dynamic Attack ChainAttack Autopsy: A Study of the Dynamic Attack Chain
Attack Autopsy: A Study of the Dynamic Attack ChainIBM Security
 
Fortinet Icon Library
Fortinet Icon LibraryFortinet Icon Library
Fortinet Icon LibraryFortinet
 
Fortinet Perspectiva Coporativa
Fortinet Perspectiva CoporativaFortinet Perspectiva Coporativa
Fortinet Perspectiva CoporativaSuministros Obras y Sistemas
 
Client Security - Best security for business workstations
Client Security - Best security for business workstationsClient Security - Best security for business workstations
Client Security - Best security for business workstationsF-Secure Corporation
 
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITYIDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITYForgeRock
 

Mais conteúdo relacionado

Mais procurados

The application security controller
The application security controllerThe application security controller
The application security controllerChris Swan
 
Bank ATM Security to Combat Physical and Logical Cyber Security Threats
Bank ATM Security to Combat Physical and Logical Cyber Security ThreatsBank ATM Security to Combat Physical and Logical Cyber Security Threats
Bank ATM Security to Combat Physical and Logical Cyber Security ThreatsMichelle Morgan-Nelsen
 
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkSecuring Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkIBM Security
 
Top 5 Reasons to Choose Adaptive SSO
Top 5 Reasons to Choose Adaptive SSOTop 5 Reasons to Choose Adaptive SSO
Top 5 Reasons to Choose Adaptive SSOSecureAuth
 
Secure Messaging Done Right
Secure Messaging Done RightSecure Messaging Done Right
Secure Messaging Done Right2sms, LLC
 
What’s the State of Your Endpoint Security?
What’s the State of Your Endpoint Security?What’s the State of Your Endpoint Security?
What’s the State of Your Endpoint Security?IBM Security
 
F-Secure Policy Manager - onsite security management with superior control
F-Secure Policy Manager - onsite security management with superior controlF-Secure Policy Manager - onsite security management with superior control
F-Secure Policy Manager - onsite security management with superior controlF-Secure Corporation
 
Security Trends in the Retail Industry
Security Trends in the Retail IndustrySecurity Trends in the Retail Industry
Security Trends in the Retail IndustryIBM Security
 
Zero Trust Cybersecurity for Microsoft Azure Cloud
Zero Trust Cybersecurity for Microsoft Azure Cloud Zero Trust Cybersecurity for Microsoft Azure Cloud
Zero Trust Cybersecurity for Microsoft Azure Cloud Block Armour
 
Passwordless is Possible - How to Remove Passwords and Improve Security
Passwordless is Possible - How to Remove Passwords and Improve Security Passwordless is Possible - How to Remove Passwords and Improve Security
Passwordless is Possible - How to Remove Passwords and Improve Security SecureAuth
 
SecureTower General Info
SecureTower General InfoSecureTower General Info
SecureTower General InfoAnton Lishchuk
 
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteThe Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteIBM Security
 
Business Suite - Gain control of your IT security
Business Suite - Gain control of your IT securityBusiness Suite - Gain control of your IT security
Business Suite - Gain control of your IT securityF-Secure Corporation
 
Presentatie F-Secure 26062015
Presentatie F-Secure 26062015Presentatie F-Secure 26062015
Presentatie F-Secure 26062015SLBdiensten
 
Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-PracticesOctogence
 
HYPR: The Leading Provider of True Passwordless Security®
HYPR: The Leading Provider of True Passwordless Security®HYPR: The Leading Provider of True Passwordless Security®
HYPR: The Leading Provider of True Passwordless Security®HYPR
 
Attack Autopsy: A Study of the Dynamic Attack Chain
Attack Autopsy: A Study of the Dynamic Attack ChainAttack Autopsy: A Study of the Dynamic Attack Chain
Attack Autopsy: A Study of the Dynamic Attack ChainIBM Security
 
Fortinet Icon Library
Fortinet Icon LibraryFortinet Icon Library
Fortinet Icon LibraryFortinet
 

Mais procurados (20)

The application security controller
The application security controllerThe application security controller
The application security controller
 
Bank ATM Security to Combat Physical and Logical Cyber Security Threats
Bank ATM Security to Combat Physical and Logical Cyber Security ThreatsBank ATM Security to Combat Physical and Logical Cyber Security Threats
Bank ATM Security to Combat Physical and Logical Cyber Security Threats
 
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkSecuring Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
 
Top 5 Reasons to Choose Adaptive SSO
Top 5 Reasons to Choose Adaptive SSOTop 5 Reasons to Choose Adaptive SSO
Top 5 Reasons to Choose Adaptive SSO
 
Secure Messaging Done Right
Secure Messaging Done RightSecure Messaging Done Right
Secure Messaging Done Right
 
What’s the State of Your Endpoint Security?
What’s the State of Your Endpoint Security?What’s the State of Your Endpoint Security?
What’s the State of Your Endpoint Security?
 
F-Secure Policy Manager - onsite security management with superior control
F-Secure Policy Manager - onsite security management with superior controlF-Secure Policy Manager - onsite security management with superior control
F-Secure Policy Manager - onsite security management with superior control
 
Security Trends in the Retail Industry
Security Trends in the Retail IndustrySecurity Trends in the Retail Industry
Security Trends in the Retail Industry
 
Zero Trust Cybersecurity for Microsoft Azure Cloud
Zero Trust Cybersecurity for Microsoft Azure Cloud Zero Trust Cybersecurity for Microsoft Azure Cloud
Zero Trust Cybersecurity for Microsoft Azure Cloud
 
Passwordless is Possible - How to Remove Passwords and Improve Security
Passwordless is Possible - How to Remove Passwords and Improve Security Passwordless is Possible - How to Remove Passwords and Improve Security
Passwordless is Possible - How to Remove Passwords and Improve Security
 
Fortinet
FortinetFortinet
Fortinet
 
SecureTower General Info
SecureTower General InfoSecureTower General Info
SecureTower General Info
 
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteThe Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
 
Business Suite - Gain control of your IT security
Business Suite - Gain control of your IT securityBusiness Suite - Gain control of your IT security
Business Suite - Gain control of your IT security
 
Presentatie F-Secure 26062015
Presentatie F-Secure 26062015Presentatie F-Secure 26062015
Presentatie F-Secure 26062015
 
Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-Practices
 
HYPR: The Leading Provider of True Passwordless Security®
HYPR: The Leading Provider of True Passwordless Security®HYPR: The Leading Provider of True Passwordless Security®
HYPR: The Leading Provider of True Passwordless Security®
 
Attack Autopsy: A Study of the Dynamic Attack Chain
Attack Autopsy: A Study of the Dynamic Attack ChainAttack Autopsy: A Study of the Dynamic Attack Chain
Attack Autopsy: A Study of the Dynamic Attack Chain
 
Fortinet Icon Library
Fortinet Icon LibraryFortinet Icon Library
Fortinet Icon Library
 
Fortinet Perspectiva Coporativa
Fortinet Perspectiva CoporativaFortinet Perspectiva Coporativa
Fortinet Perspectiva Coporativa
 

Semelhante a Auth shield information security solution provider for banking sector in india

Client Security - Best security for business workstations
Client Security - Best security for business workstationsClient Security - Best security for business workstations
Client Security - Best security for business workstationsF-Secure Corporation
 
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITYIDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITYForgeRock
 
IRJET- Enhancement in Netbanking Security
IRJET- Enhancement in Netbanking SecurityIRJET- Enhancement in Netbanking Security
IRJET- Enhancement in Netbanking SecurityIRJET Journal
 
Cyber security and cyber law
Cyber security and cyber lawCyber security and cyber law
Cyber security and cyber lawDivyank Jindal
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and riskEY
 
Anti-Fraud Datasheet
Anti-Fraud DatasheetAnti-Fraud Datasheet
Anti-Fraud DatasheetMani Rai
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksIBM Security
 
Pulse 2014.mobile first.security
Pulse 2014.mobile first.securityPulse 2014.mobile first.security
Pulse 2014.mobile first.securitySreeni Pamidala
 
IRJET- Graphical Secret Code in Internet Banking for Improved Security Transa...
IRJET- Graphical Secret Code in Internet Banking for Improved Security Transa...IRJET- Graphical Secret Code in Internet Banking for Improved Security Transa...
IRJET- Graphical Secret Code in Internet Banking for Improved Security Transa...IRJET Journal
 
Introduction to MessageSight - gateway to the internet of things and mobile m...
Introduction to MessageSight - gateway to the internet of things and mobile m...Introduction to MessageSight - gateway to the internet of things and mobile m...
Introduction to MessageSight - gateway to the internet of things and mobile m...Bernard Kufluk
 
IRJET- Phishing Attack based on Visual Cryptography
IRJET- Phishing Attack based on Visual CryptographyIRJET- Phishing Attack based on Visual Cryptography
IRJET- Phishing Attack based on Visual CryptographyIRJET Journal
 
Visibility and Automation for Enhanced Security
Visibility and Automation for Enhanced SecurityVisibility and Automation for Enhanced Security
Visibility and Automation for Enhanced Securitypatmisasi
 
The Future of Mobile Application Security
The Future of Mobile Application SecurityThe Future of Mobile Application Security
The Future of Mobile Application SecuritySecureAuth
 
3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart ThemIBM Security
 
Mitre ATT&CK by Mattias Almeflo Nixu
Mitre ATT&CK by Mattias Almeflo NixuMitre ATT&CK by Mattias Almeflo Nixu
Mitre ATT&CK by Mattias Almeflo NixuNixu Corporation
 
Cyber Security Challenges on Latest Technologies
Cyber Security Challenges on Latest TechnologiesCyber Security Challenges on Latest Technologies
Cyber Security Challenges on Latest TechnologiesIRJET Journal
 
Cybridge Secure Content Filter for SCADA Networks
Cybridge Secure Content Filter for SCADA NetworksCybridge Secure Content Filter for SCADA Networks
Cybridge Secure Content Filter for SCADA NetworksGeorge Wainblat
 

Semelhante a Auth shield information security solution provider for banking sector in india (20)

Client Security - Best security for business workstations
Client Security - Best security for business workstationsClient Security - Best security for business workstations
Client Security - Best security for business workstations
 
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITYIDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
 
IRJET- Enhancement in Netbanking Security
IRJET- Enhancement in Netbanking SecurityIRJET- Enhancement in Netbanking Security
IRJET- Enhancement in Netbanking Security
 
Cyber security and cyber law
Cyber security and cyber lawCyber security and cyber law
Cyber security and cyber law
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and risk
 
Anti-Fraud Datasheet
Anti-Fraud DatasheetAnti-Fraud Datasheet
Anti-Fraud Datasheet
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging Risks
 
Cybersecurity Slides
Cybersecurity SlidesCybersecurity Slides
Cybersecurity Slides
 
Pulse 2014.mobile first.security
Pulse 2014.mobile first.securityPulse 2014.mobile first.security
Pulse 2014.mobile first.security
 
IRJET- Graphical Secret Code in Internet Banking for Improved Security Transa...
IRJET- Graphical Secret Code in Internet Banking for Improved Security Transa...IRJET- Graphical Secret Code in Internet Banking for Improved Security Transa...
IRJET- Graphical Secret Code in Internet Banking for Improved Security Transa...
 
CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update Slides
 
Introduction to MessageSight - gateway to the internet of things and mobile m...
Introduction to MessageSight - gateway to the internet of things and mobile m...Introduction to MessageSight - gateway to the internet of things and mobile m...
Introduction to MessageSight - gateway to the internet of things and mobile m...
 
IRJET- Phishing Attack based on Visual Cryptography
IRJET- Phishing Attack based on Visual CryptographyIRJET- Phishing Attack based on Visual Cryptography
IRJET- Phishing Attack based on Visual Cryptography
 
Aensis Cyber_Sec 2017
Aensis Cyber_Sec 2017Aensis Cyber_Sec 2017
Aensis Cyber_Sec 2017
 
Visibility and Automation for Enhanced Security
Visibility and Automation for Enhanced SecurityVisibility and Automation for Enhanced Security
Visibility and Automation for Enhanced Security
 
The Future of Mobile Application Security
The Future of Mobile Application SecurityThe Future of Mobile Application Security
The Future of Mobile Application Security
 
3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them
 
Mitre ATT&CK by Mattias Almeflo Nixu
Mitre ATT&CK by Mattias Almeflo NixuMitre ATT&CK by Mattias Almeflo Nixu
Mitre ATT&CK by Mattias Almeflo Nixu
 
Cyber Security Challenges on Latest Technologies
Cyber Security Challenges on Latest TechnologiesCyber Security Challenges on Latest Technologies
Cyber Security Challenges on Latest Technologies
 
Cybridge Secure Content Filter for SCADA Networks
Cybridge Secure Content Filter for SCADA NetworksCybridge Secure Content Filter for SCADA Networks
Cybridge Secure Content Filter for SCADA Networks
 

Último

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 

Último (20)

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

Auth shield information security solution provider for banking sector in india

  • 1. INFORMATION SECURITY “The threats from within are increasing on a daily basis. 78% of all information security breaches happen internally”
  • 2. WELCOME TO – GREATER MUMBAI BANK 05/26/15PrivateandConfidential-INNEFULABS 2
  • 3. PRESENTATION FORMAT  Current Architecture  Secure Architecture - INNEFU’s AuthShield 05/26/15 3 PrivateandConfidential-INNEFULABS
  • 5. CURRENT ASSETS  E-mail servers  Database servers  Core Banking Application / Application Servers  Intranet Applications  Web Applications 05/26/15 5 PrivateandConfidential-INNEFULABS
  • 6. CURRENT ARCHITECTURE  Disparate Architecture  Servers on Public IP’s  No single Sign on  No DMZ  No Multifactor Authentication 05/26/15 6 PrivateandConfidential-INNEFULABS
  • 7. INFORMATION SECURITY - CURRENT  Anti – Virus  Firewall  Unified Threat Management  People and Processes –  Security Policy  Processes to connect to the Internet  No authorization for Pen drives, CD’s, Laptops etc 05/26/15 7 PrivateandConfidential-INNEFULABS
  • 8. INFORMATION SECURITY  Single Sign on, authentication and Authorization – Open LDAP / AD integrated with RADIUS  Virtual Private Network for critical Third party Applications  Multifactor Authentication for –  Net Banking  Core Banking Applications  Third Party Applications  Technical Audit – Vulnerability Assessment and Penetration testing 05/26/15 8 PrivateandConfidential-INNEFULABS
  • 10. ADVANTAGES  User only has to remember a single password instead of multiple complex passwords  Reduces time spent re-entering passwords for the same identity  Increases security - Users select stronger passwords, since the need for multiple passwords and change synchronization is avoided  Security on all levels of entry/exit/access to systems without the inconvenience of re- prompting users 05/26/15 10 PrivateandConfidential-INNEFULABS
  • 12. ADVANTAGES  Client Server Architecture  Once the user is authenticated, the client provides the user with access to appropriate network services  The Authentication Request is sent over the network from the RADIUS client to the RADIUS server  If the user name and password are correct, the server sends an Authentication Acknowledgment that includes information on the user's network system and service requirements. 05/26/15 12 PrivateandConfidential-INNEFULABS
  • 13. VPN FOR THIRD PARTY APPLICATIONS 05/26/15 13 PrivateandConfidential-INNEFULABS
  • 15. ADVANTAGES  Extended connections across multiple geographic locations without using a leased line  Improved security for exchanging data  Flexibility for remote offices and employees to use the business intranet over an existing Internet connection as if they're directly connected to the network  Savings in time and expense for employees to commute if they work from home  Improved productivity for remote employees 05/26/15 15 PrivateandConfidential-INNEFULABS
  • 17. IDENTITY THEFT  Fastest growing white collar crime  11 Million Americans affected in 2010-2011 • 900,000 new victims each year • Cost to businesses more than $50 billion • Cost per incident to company $6,383  Hours spent per victim resolving the problem as shown by identity theft statistics: 30  Irreparable loss to Company’s Brand/Image  Loss of Clientele 05/26/15 17 PrivateandConfidential-INNEFULABS
  • 19. POINT OF ATTACK  Customers  Vendors  Development Team  Power Users/Key Users/Super Users  Agents  End Users  Employees… 05/26/15 19 PrivateandConfidential-INNEFULABS
  • 20. METHODS OF ATTACK  Phishing  Virus, Trojans, worms inside the company’s architecture or personal computer of users  LAN Attacks – Remote Sniffing  Web Vulnerabilities including SQL Injection, XSS attacks and Cookie capturing 05/26/15 20 PrivateandConfidential-INNEFULABS
  • 21. ASSETS  Web Application  Application Servers  VPN/SSL  Intranet Applications  Database Servers  Local LAN / WiFi 05/26/15 21 PrivateandConfidential-INNEFULABS
  • 22. MFID – MULTIFACTOR AUTHENTICATION  Map the physical identity of the user to the server  Identify the user based on –  Something he knows (user name / password)  Something in the users possessions 05/26/15 22 PrivateandConfidential-INNEFULABS
  • 23. INNEFU’S AUTHSHIELD  Multi factor authentication system which uses either of the three authentication mechanisms Soft Token Hard token Mobile Token E-Token 05/26/15 23 PrivateandConfidential-INNEFULABS
  • 24. HARD TOKEN – IDENTIFYING THE USER ON THE BASIS OF HIS KEY 05/26/15 24 PrivateandConfidential-INNEFULABS
  • 25. PROTECT VPN AND CUSTOM MADE APPLICATIONS  Security device given to authorized users  The device displays a changing number that is typed in as a password  The password is based on a pre defined unbreakable randomized algorithm  Every time the user accesses a critical IT asset, the randomly generated number is matched with the server to verify users credentials 05/26/15 25 PrivateandConfidential-INNEFULABS
  • 26. SOFT TOKEN – IDENTIFYING THE USER ON THE BASIS OF HIS PHONE NUMBER 05/26/15 26 PrivateandConfidential-INNEFULABS
  • 27. MOBILE TOKEN – GENERATING TOKEN VIA MOBILE PHONES Innefu BlackBerry AuthShield for Web Clients– 05/26/15 27 PrivateandConfidential-INNEFULABS 1). User accesses the token generation application on his BB device 3). Request Forwarded to IAS 3). 2).Request Sent to BES 4). Token Generated 6). Access BES IAS Web Client – UN+PWD+TOKEN 5). Credentials Entered IAS & AD
  • 28. PROTECT INTERNET BANKING  The OTP is sent either via SMS or the OTP is generated by the smart phone itself  The user use the OTP to log into any web application or intranet application  Works on all smart phones with GPRS enabled  The system does not depend on the memory or the processor usage of the phones 05/26/15 28 PrivateandConfidential-INNEFULABS
  • 29. FEATURES  OS Independent Authentication Mechanism  Seamless Integration with the current business and security architecture  Works as a stand alone authentication mechanism or in connection with-  Microsoft AD  Firewall  VPN  Wi-Fi  Terminal services etc 05/26/15 29 PrivateandConfidential-INNEFULABS
  • 30. CONTD.  Increases the log on security for critical applications  Unbreakable encryption on the lines of those used by US Government  Prevent identity theft by up to 99% 05/26/15 30 PrivateandConfidential-INNEFULABS
  • 31. CONTD.  All logs are stored in a secured database (completely encrypted) for future analysis  Date and Time  User  Time Gap  Access to logs only available to Admin team  Privileges assigned to every users  IP Address of the user 05/26/15 31 PrivateandConfidential-INNEFULABS
  • 32. TECHNICAL AUDIT  Vulnerability Assessment and Penetration testing  Internal Audit – Test all the IT assets of the organization with login privileges  External Audit – Test all the IT assets of the organization without login privileges  Identify all vulnerabilities  Penetration tests to remove false positives 05/26/15 32 PrivateandConfidential-INNEFULABS
  • 33. THANK YOU QUESTIONS WELCOME AUTH-SHIELD LABS PVT. LTD http://auth-shield.com/ +91-11-47065864 / 66 contact@auth-shield.com 05/26/15PrivateandConfidential-INNEFULABS 33