Authentication 2.0: User Generated Security

Slides:



Advertisements
Similar presentations
Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Advertisements

McAfee One Time Password
HQ in Israel Threat research, security operations center 24/7. In-depth understanding and insight into how cyber crime works. Over 10 million online identities.
WYSI WYG Peter Stancik Security Evangelist
Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO.
Digital DNA Server Login People ®. Login People ˃ IT security vendor ˃ Patented Digital DNA ® technology innovation Digital DNA Server Multi-factor Authentication.
#AVeSPresents AVeS Cyber Security Confidence in your Digital Information 2014/09/25 Charl Ueckermann Managing Director AVeS Cyber Security Lex Informatica.
Emerging Trends: Cyber Threats Bryan Sheppard Cyber Security Defense Center.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
ZeuS MitMo Mikel Gastesi S21sec e-crime analyst
1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.
IT security By Tilly Gerlack.
Authentication for Office 365 Erik Notermans Country Manager Central and Northern Europe.
The evolution of eCrime and the remote banking channels Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas.
CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.
A practical overview on how the bad guys adopt and circumvent security initiatives Commercial – in - Confidence Alex Shipp Imagineer.
Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?
Free, online, technical courses Take a free online course. Microsoft Virtual Academy.
Financial Sector Cyber Attacks Malware Types & Remediation Best Practices
MobileSecurity Vulnerability Assessment Tools for the Enterprise Mobile Security Vulnerability Assessment Tools for the Enterprise Integrating Mobile/BYOD.
WEB SERVER SOFTWARE FEATURE SETS
Panel: Engineering Discipline in Cyber Security Steve Orrin, Chief Technologist, Intel Federal, Intel Coporation.
Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.
Transaction Generators: Root Kits for Web By: Collin Jackson, Dan Bonch, John Mitchell Presented by Jeff Wheeler.
VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.
Secure Authentication Solution. Keypasco – the company Keypasco was founded in 2010 by specialists with over 20 years of experience within online security.
NADAV PELEG HEAD OF MOBILE SECURITY The Mobile Threat: Consumer Devices Business Risks David Parkinson MOBILE SECURITY SPECIALIST, NER.
©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Securing Your Data in Endpoint and Mobile Environments Frank Suijten Security.
E-Commerce & Bank Security By: Mark Reed COSC 480.
©2015 Check Point Software Technologies Ltd. 1 [Restricted] ONLY for designated groups and individuals CHECK POINT MOBILE THREAT PREVENTION.
Millions of Dollars Lost. MAN IN THE BROWSER. TABLE OF CONTENTS Introduction Brief Examples of Man in the middle Defining MitB From Infection to Pay Day.
NewCo Logo Keystroke Guard The technology that everybody needs October 15 th, 2014.
1© Copyright 2012 EMC Corporation. All rights reserved. Next Generation Authentication Bring Your Own security impact Tim Dumas – Technology Consultant.
Dan Boneh COM-260 Computer & Network Security Course overview.
Internet Vulnerabilities & Criminal Activity Internet Forensics 12.1 April 26, 2010 Internet Forensics 12.1 April 26, 2010.
November 14, 2016 bit.ly/nercomp_defendingyourdata16
What is Cloud Computing?
Protect your Digital Enterprise
Barracuda SSL VPN Remote, Authenticated Access to Applications and Data.
ArchPass Duo Presentation
Barracuda SSL VPN Remote, Authenticated Access to Applications and Data Version 2.6 | July 2014.
Barracuda SSL VPN Remote, Authenticated Access to Applications and Data.
IT Security Awareness Day October 19, 2016
[Internal Use] for Check Point employees​
Do you know who your employees are sharing their credentials with
IT Security  .
The Game has Changed… Ready or Not! Andrew Willetts Technologies, Inc.
“The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the chance of his not.
Phishing is a form of social engineering that attempts to steal sensitive information.
Online Banking Security
BOMGAR REMOTE SUPPORT Karl Lankford
Financial Institutions Identity Based Security
Myths About Web Application Security That You Need To Ignore.
CIS 502 Education for Service-- tutorialrank.com
Extended Authentication Protocol (EAP) Vulnerabilities exploited through Rogue Access Points Stephen Cumella.
Company Overview & Strategy
Spear Phishing Ways to Minimize its Risks
Threat landscape financial sector
Operación Emmental David Sancho FTR team 5/11/14
Office 365 Integration Enables WebUntis Users to Sign in Using Office 365 Account Information and to Export WebUntis Timetables Directly to Outlook OFFICE.
How to Set up Remote Access to Personal U: drive
BluVault Provides Secure and Cost-Effective Cloud Endpoint Backup and Recovery Using Power of Microsoft OneDrive Business and Microsoft Azure OFFICE 365.
The main cause for that are the famous phishing attacks, in which the attacker directs users to a fake web page identical to another one and steals the.
Presentation slide for courses, classes, lectures et al.
Active Man in the Middle Attacks
Threat Landscape Update
Unit 6.10 – L3 Internet Security
Founded in 2002, Credit Abuse Resistance Education (CARE) educates high school and college students on the responsible use of credit and other fundamentals.
Presentation transcript:

Authentication 2.0: User Generated Security Bring Your Own Token (BYOT) Selahaddin Karatas CEO SolidPass

“Why do I rob banks? Because that is where the money is…” -Jesse James Technology has changed – danger hasn’t “Why do I rob banks? Because that is where the money is…” -Jesse James

Game of Thrones 10 years ago. today?

MitB, DNS Cache Poisoning Threat Mutations Phishing & Pharming External MitM, MitMO, MitB, DNS Cache Poisoning Internal Inside Job

The Threat Landscape in 2011 92% from external agents

81% involved hacking & / malware

A Few Examples Of Emerging Threats The Mobile threat APTs (Advanced Persistent Threats) Hacktivism Cyber War Manipulated SEO The Cloud Malware Rogue Certificates Social Networks Embedded Hardware Shortened URLs Poisoned QR codes Digital Virtual Currencies A Few Examples Of Emerging Threats

Mobile devices (BYOD) Mobile browsers Mobile malware Mobile banking The Mobile Threats Mobile devices (BYOD) Mobile browsers Mobile malware Mobile banking  

Attacks on Mobile Users Android malware takes off Attacks on Mobile Users The wording of the mobile app app needs a little clarification.

Social-engineering (re-engineered)

Our personal credentials are everywhere…literally Facebook, Linkedin, iPhone apps like Path steal contacts from your address book, “No Permissions” Android apps harvest and export device data…

Zeus in the Mobile – ZitMo From Phishing to MITM Zeus in the Mobile – ZitMo Looks good? Look again…

Zeus moves to the cloud Researchers discovered a new version of Zeus malware that targets users of cloud-based payroll services. 1. Zeus captures a screenshot of the service provider’s login page when a user infected with the Trojan visits the site 2. This image records the employee’s username, password, company number and the icon needed to bypass the provider’s image-based authentication system.

Out of band SMS is not enough An attack used by the SpyEye Trojan circumvents mobile SMS security measures used by many banks….

SpyEye Trojan in the news The crafty SpyEye trojan can adjust victim’s balance and create fake online bank statements too to keep the victim unaware of the fraud.

Remote Access Attack Vectors The attackers got in via a VPN or remote access connection in 55% of the breaches investigated by Trustwave SpiderLabs in 2011

The solution is Out of band and offline authentication, preferably Challenge-Response based

Securing the Digital Realm Business Applications Web Applications Network Applications Online Banking E-Government E-commerce Extranet Intranet Strong Authentication RADIUS SaaS Custom Custom Applications With Web Services & Integrated into Mobile Apps…

With challenge-response, user authenticates server & server authenticates user Employ Challenge - Response for logins in order to obtain user authentication Making sure the right user has the correct key…

Use more than static username & password Strong authentication with Microsoft OWA Use more than static username & password

Embed it where possible The BYOT model - user generated authentication BYOT model: outsource the hardware to the end-user Embed it where possible The BYOT model - user generated authentication

Thank you Selahaddin.karatas@solidpass.com @solidpass

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.