1 / 21

Multi Factor Authentication for Z Steven Ringelberg Vanguard Integrity Professionals

Multi Factor Authentication for Z Steven Ringelberg Vanguard Integrity Professionals go2vanguard.com. About Vanguard. Founded: 1986 Business: Cybersecurity Experts for Large Enterprises Software, Professional Services, and Training Customers: 1,000+ Worldwide.

danad
Download Presentation

Multi Factor Authentication for Z Steven Ringelberg Vanguard Integrity Professionals

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Multi Factor Authentication for Z Steven Ringelberg Vanguard Integrity Professionals go2vanguard.com

  2. About Vanguard • Founded: 1986 • Business: Cybersecurity Experts for Large Enterprises • Software, Professional Services, • and Training • Customers: 1,000+ Worldwide Over 20 distributors/resellers serving 50+ countries worldwide 3

  3. Data Breaches Number of breaches and outside attacks increasing Continuing problem of insiders - malicious or by accident 4

  4. “Target was certified as meeting the standard for payment card industry (PCI DSS) in September 2013. Nonetheless, we suffered a data breach…” now ex-chairman, ex-president, and ex-CEO of Target Corporation, Gregg Steinhafel (http://buswk.co/1lT9j0X) 6

  5. Data Breaches Logica and Nordea Bank Mainframe breached in April 2013 7

  6. Data Breaches Others: Home Depot Staples Anthem Health Insurance 7

  7. Data Breaches: Two Themes Mandiant: 2014 Data Breach Report 100% of breaches examined included an exploitation of a user id and password that was compromised. 7

  8. Multi Factor Authentication An Industry full of often confused terms Multi-Factor Authentication is a method of requiring factors from the following three categories; Knowledge Factors Possession Factors Inherence Factors

  9. Multi Factor Authentication Two-Factor Authentication Two-Step Verification Strong Authentication

  10. Multi Factor Authentication Knowledge Factors Password PIN Number Mothers Maiden Name Favorite Potato Chip

  11. Multi Factor Authentication Possession Factors Disconnected (RSA, ActivID, etc) Sequence-Based Tokens – Singular button, multiple depresses Time-Based Tokens – Change Every ‘x’ Seconds typically Challenge-Based Tokens – Small keypad to enter challenge code Mobile Phones Soft Token SMS one-time password

  12. Multi Factor Authentication Possession Factors Connected Magnetic Strip – ATM Card, etc Contacts – SmartCard, EMV Credit Cards, USB – zPDT Key, RSA SecureID800, Wireless – RFID, Bluetooth, Proximity Other – Audio Port, iButtons, etc

  13. Multi Factor Authentication Possession Factors Connected Magnetic Strip – ATM Card, etc Contacts – SmartCard, EMV Credit Cards, USB – zPDT Key, RSA SecureID800, Wireless – RFID, Bluetooth, Proximity Other – Audio Port, iButtons, etc

  14. Multi Factor Authentication Inherence Factors Fingerprint Hand Topography Eye (Iris)

  15. Multi Factor Authentication Exposure Issues Phishing/Man-In-The-Middle Malware Session Hijacking Lost/Stolen

  16. Multi Factor Authentication Exposure Issues Coding Flaws – Exposures in the Code of the applications, protocols, or otherExample: Attackers Exploit the Heartbleed OpenSSL Vulnerability to Circumvent Multi-factor Authentication on VPNs http://www.pcworld.com/article/2095860/cybercriminals-compromise-home-routers-to-attack-online-banking-users.html http://www.darkreading.com/attacks-and-breaches/zeus-botnet-eurograbber-steals-$47-million/d/d-id/1107673? http://www.technologyreview.com/news/415371/real-time-hackers-foil-two-factor-security/ http://www.scmagazine.com/yahoo-session-hijacking-likely-culprit-of-android-spam/article/250454/ https://www.mandiant.com/blog/attackers-exploit-heartbleed-openssl-vulnerability-circumvent-multifactor-authentication-vpns/

  17. Multi Factor Authentication US based Regulation and Guidance NIST FIPS 201/HSPD-12 HIPPA NERC CIP NIST SP 800-63-2 PCI DSS FFIEC

  18. Vendors – Multi Factor and Z Vanguard Integrity Professionals. • Physical Tokens – Vanguard ez/Token • “soft” Tokens – Vanguard Tokenless • “Smart Cards” a/k/a “PIV Cards” a/k/a “CAC Cards” 33

  19. Vanguard Software We provide you with the analytical tools that allows you to do an in-depth audit of your z/OS systemsagainst multiple standards • Provides detailed explanation, risk analysis, user action to correct Services We will execute z/OS system audits against multiple standards • We will also remediate Training • We will train you how to audit z/OS systems against multiple standards • We will also train you to remediate 33

  20. Questions? 35

  21. For more information Call 800-794-0014 or email us at info@go2vanguard.com Hindi Thai Traditional Chinese Gracias Brazilian Portuguese Spanish Obrigado Russian Korean Simplified Chinese Thank You English Arabic Danke Grazie German Italian Merci French Japanese 37

More Related