Transcript of Authentication final
- 1. #mfa_uncovered Multifactor Authentication Ronald Isherwood
Kevin Miller @virtualfat @millzee69
- 2. Who? Ronnie Isherwood Technology evangelist, presenter,
author & editor Chairman (BCS Jersey) Founder (Jersey Techfair)
#mfa_uncovered
- 3. Who? Kevin Miller Founder / Director Consultant
#mfa_uncovered
- 4. Agenda Why do we need authentication? A brief history of
authentication What is Multi-factor (MFA) authentication? Common
authentication risks MFA Challenges MFA in the cloud or on premise
Whats next Compliance and Reporting MFA Conclusion Q&A
#mfa_uncovered
- 5. Why do we need authentication? #mfa_uncovered
- 6. Brief Authentication History 6 The Compatible Time-Sharing
System (CTSS) Worlds first computing password Fernando Corbato
Photo: MIT Museum #mfa_uncovered
- 7. Brief Authentication History 7 #mfa_uncovered 1996 Secure
Dynamics acquired RSA Data Security & RSA SecurID firmly
established as Global Leader 1986 the first SecurID 2fa card sold!
Allan Scherr - credited with the earliest documented case of
password theft in 1962 On March 17, 2011, RSA's SecurID
compromised!
- 8. What is Multi-factor authentication? #mfa_uncovered
- 9. Common authentication risks #mfa_uncovered 9 One password to
rule them all: Malicious Software Man in the browser attack Man in
the middle attack Account recovery
- 10. MFA Challenges 10 Business challenges: - The business may
think that because theres never been a security breach, theres no
need for it. Cost? - User acceptance, overcoming resistance Cost? -
Supporting processes already in place, are new ones required? Cost?
- Initial increased support calls Cost? - commitment to ongoing
maintenance & training Cost? #mfa_uncovered
- 11. MFA Challenges 11 Technical challenges to consider -
Hardware and software requirements - Implementation, training and
maintenance POC, staff, configuration and acceptance testing, -
Requires knowledge of systems being protected OWA, Citrix
Storefront, Vmware, RDP, websites etc. - Scalability, high
availability and disaster recovery - Post administration, device
and user management - Reporting #mfa_uncovered
- 12. MFA in the cloud or on premise 12 #mfa_uncovered
- 13. What's next? Windows 10 13 Windows 10 new features: Windows
Hello - Face recognition - Requires camera such as Intel RealSense
3D Camera (F200) Windows Passport - helps securely authenticate to
applications, websites and networks on your behalf, no password
sent #mfa_uncovered
- 14. What's next? iOS 9 & OS X 10.11 14 Apple is introducing
a revamped two-factor authentication system #mfa_uncovered
- 15. Compliance & Reporting 15 MFA - part of the solution
when applications have regulatory requirements such as: NIST 800-63
Level 3, HIPAA, PCI DSS Is it monitored? Is there alerting? Logs
kept and for how long? Systems policies enforced?
#mfa_uncovered
- 16. Shameless plug! 16 #mfa_uncovered
- 17. MFA Conclusion 17 Understand your business Your data -
Secure data at its source (database), file server & email Entry
points - The weakest link is the Achilles heel Using integral or
cloud solution, decide level of responsibility. - Consider risks,
reputation, costs and compliance. #mfa_uncovered 260b+ Globally
lost (annually) to cybercrime of which the UK accounts for
10%!
- 18. Another shameless plug! 18 #mfa_uncovered
- 19. Questions? Thank you! #mfa_uncovered Ronnie Isherwood Kevin
Miller @virtualfat @millzee69