Multi Factor Authentication for Z

Slides:



Advertisements
Similar presentations
© 2006 IBM Corporation SOA on your terms and our expertise Software WebSphere Process Integration STEW 5.2 P – How to run the End 2 End Demo.
Advertisements

Almaden Services Research Almaden Research Center, San Jose, CA 20 April 2006 Multifaceted approach to ontologizing the ONTOLOG content Rooted in pragmatism,
PRESENTED BY: FATIMA ALSALEH Credit Cards Fraud - skimmers -
Lecture 6 User Authentication (cont)
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Translation Strategy and Roadmap CCNA Discovery CCNA Exploration ITE:
EToken PRO Anywhere. Agenda  eToken PRO Anywhere Overview  Market background and target markets  Identifying the opportunity  Implementation and Pricing.
7 Effective Habits when using the Internet Philip O’Kane 1.
Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.
A Presentation for the Enterprise Architect © 2008 IBM Corporation IBM Technology Day - SOA SOA Governance Miroslav Petrek IT Software Architect
FIT3105 Smart card based authentication and identity management Lecture 4.
Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.
Your Interactive Guide to the Digital World Discovering Computers 2012.
Smart Card Deployment David Gautrey IT Manager – Microsoft New Zealaand Microsoft Corporation.
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
Certificate and Key Storage Tokens and Software
The Office of Information Technology Two-Factor Authentication.
Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.
Large-Scale, Cost-Effective, Progressive Authentication and Identify Management Solutions Enabling Security, Efficiency and Collaboration through Technology.
OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
By: Piyumi Peiris 11 EDO. Swipe cards are a common type of security device used by many people. They are usually a business-card-sized plastic card with.
Author of Record Digital Identity Management Sub-Workgroup October 24, 2012.
Bill Gates’ RSA 2006 Keynote presentation Questions and answers.
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.
NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
DATE: 3/28/2014 GETTING STARTED WITH THE INTEGRITY EASY PCI PROGRAM Presenter : Integrity Payment Systems Title: Easy PCI Program.
© NeoAccel, Inc. TWO FACTOR AUTHENTICATION Corporate Presentation.
Malicious Attack Corporate Awareness and Walk through Date 29 September 2011.
IBM Research – China, 2013 Mining Information Dependency in Outpatient Encounters for Chronic Disease Care Wen Sun, Weijia Shen, Xiang Li, Feng Cao, Yuan.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
PIN-on-Card New contact-less smart card with integrated PIN pad for secure user verification at unparalleled cost effectiveness.
© 2006 IBM Corporation Flash Copy Solutions im Windows Umfeld TSM for Copy Services Wolfgang Hitzler Technical Sales Tivoli Storage Management
Mobile Banking By: Chenyu Gong, Jalal Hafidi, Harika Malineni.
Nan Yang Chinese Terminologist Microsoft Language Excellence Shanghai, August 2008.
Understanding Text Corpora with Multiple Facets Lei Shi, Furu Wei, Shixia Liu, Xiaoxiao Lian, Li Tan and Michelle X. Zhou IBM Research.
© 2007 IBM Corporation SOA on your terms and our expertise Software WebSphere Process Server and Portal Integration Overview.
0 1 WHAT KEEPS USERS AWAY? 2 47% 46% 43% 39% 40% 50% 45% 34% 21% 15% 20% 19% 13% 26% 20% 12% I fear that my account information will be viewed by an unauthorized.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.
Payment and Wireless Technologies. Engineering Services. July 2015.
Securing SSH Admin Access
Building a Fully Trusted Authentication Environment
1 Data Access Control, Password Policy and Authentication Methods for Online Bank Md. Mahbubur Rahman Alam B. Sc. (Statistics) Dhaka University M. Sc.
© 2005 IBM Corporation Discovering the Value of SOA with WebSphere Process Integration SOA on your terms and our expertise Building a Services Oriented.
Luis Avila Tics. We have to recognize all the operating systems we have nowadays in the different smartphones Blackberry: Bb OS Iphone: iOS Nokia: symbian.
Cybersecurity Risk, Remediation, Response Nathan Gibson, CCE, CEH.
© Gottfried Heider 1 The Austrian Use Case: eCard The eCard Project: giving an electronic card to everyone for accessing personal health record From patients.
Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.
Data Security in the Cloud and Data Breaches: Lawyer’s Perspective Dino Tsibouris Mehmet Munur
VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.
Fraud Prevention and Detection. Know at what point your customer’s card was compromised Source as little as two to three cards which have experienced.
Security Systems | ST/SRM3-NA | 4/6/2016 © 2016 Robert Bosch LLC and affiliates. All rights reserved. 1 Ensure data security in a hyper-connected world.
Biometric ATM Created by:. Introduction Biometrics refers to the automatic identification of a person based on his physiological/behavioral characteristics.
Dhanapurti Annona IT Solutions Pvt. LtdConfidential and Proprietary 1 Annona IT Solutions Pvt Ltd.
Find International Driving Document Translator Online
A l a d d I n. c o m Strong Authentication and Beyond Budai László, IT Biztonságtechnikai tanácsadó.
CYBERSECURITY SOLUTIONS
AGENDA Introduction Kind of information smart card contain
RAD – 255 Certification Overview
Making a Holiday Special For All The Right Reasons
Joe, Larry, Josh, Susan, Mary, & Ken
2014: the year so far in cyber security
Security Barriers Asset Proper Access Attack Security System
CORPORATE OVERVIEW VANGUARD
Agenda Consumer ID theft issues Data breach trends Laws and regulations Assessing and mitigating your risk.
Adaptive Authentication
Cesar Lomeli.
Introduction to Geoinformatics L-10. Managing GIS
COUNTRIES NATIONALITIES LANGUAGES.
Who am I?. Information Security and You: Identity Theft and Credit Card Encryption.
Presentation transcript:

Multi Factor Authentication for Z Steven Ringelberg Vanguard Integrity Professionals go2vanguard.com

About Vanguard Founded: 1986 Business: Cybersecurity Experts for Large Enterprises Software, Professional Services, and Training Customers: 1,000+ Worldwide Over 20 distributors/resellers serving 50+ countries worldwide 3

Data Breaches Number of breaches and outside attacks increasing Continuing problem of insiders - malicious or by accident 4

“Target was certified as meeting the standard for payment card industry (PCI DSS) in September 2013. Nonetheless, we suffered a data breach…” now ex-chairman, ex-president, and ex-CEO of Target Corporation, Gregg Steinhafel (http://buswk.co/1lT9j0X) 6

Logica and Nordea Bank Mainframe Data Breaches Logica and Nordea Bank Mainframe breached in April 2013 7

Data Breaches Others: Home Depot Staples Anthem Health Insurance 7

Data Breaches: Two Themes Mandiant: 2014 Data Breach Report 100% of breaches examined included an exploitation of a user id and password that was compromised. 7

An Industry full of often confused terms Multi Factor Authentication An Industry full of often confused terms Multi-Factor Authentication is a method of requiring factors from the following three categories; Knowledge Factors Possession Factors Inherence Factors

Multi Factor Authentication Two-Factor Authentication Two-Step Verification Strong Authentication

Multi Factor Authentication Knowledge Factors Password PIN Number Mothers Maiden Name Favorite Potato Chip

Multi Factor Authentication Possession Factors Disconnected (RSA, ActivID, etc) Sequence-Based Tokens – Singular button, multiple depresses Time-Based Tokens – Change Every ‘x’ Seconds typically Challenge-Based Tokens – Small keypad to enter challenge code Mobile Phones Soft Token SMS one-time password

Multi Factor Authentication Possession Factors Connected Magnetic Strip – ATM Card, etc Contacts – SmartCard, EMV Credit Cards, USB – zPDT Key, RSA SecureID800, Wireless – RFID, Bluetooth, Proximity Other – Audio Port, iButtons, etc

Multi Factor Authentication Possession Factors Connected Magnetic Strip – ATM Card, etc Contacts – SmartCard, EMV Credit Cards, USB – zPDT Key, RSA SecureID800, Wireless – RFID, Bluetooth, Proximity Other – Audio Port, iButtons, etc

Inherence Factors Fingerprint Hand Topography Eye (Iris) Multi Factor Authentication Inherence Factors Fingerprint Hand Topography Eye (Iris)

Multi Factor Authentication Exposure Issues Phishing/Man-In-The-Middle Malware Session Hijacking Lost/Stolen

Exposure Issues Multi Factor Authentication Coding Flaws – Exposures in the Code of the applications, protocols, or other Example: Attackers Exploit the Heartbleed OpenSSL Vulnerability to Circumvent Multi-factor Authentication on VPNs http://www.pcworld.com/article/2095860/cybercriminals-compromise-home-routers-to-attack-online-banking-users.html http://www.darkreading.com/attacks-and-breaches/zeus-botnet-eurograbber-steals-$47-million/d/d-id/1107673? http://www.technologyreview.com/news/415371/real-time-hackers-foil-two-factor-security/ http://www.scmagazine.com/yahoo-session-hijacking-likely-culprit-of-android-spam/article/250454/ https://www.mandiant.com/blog/attackers-exploit-heartbleed-openssl-vulnerability-circumvent-multifactor-authentication-vpns/

US based Regulation and Guidance Multi Factor Authentication US based Regulation and Guidance NIST FIPS 201/HSPD-12 HIPPA NERC CIP NIST SP 800-63-2 PCI DSS FFIEC

Vendors – Multi Factor and Z Vanguard Integrity Professionals. Physical Tokens – Vanguard ez/Token “soft” Tokens – Vanguard Tokenless “Smart Cards” a/k/a “PIV Cards” a/k/a “CAC Cards” 33

Vanguard Software Services Training We provide you with the analytical tools that allows you to do an in-depth audit of your z/OS systems against multiple standards Provides detailed explanation, risk analysis, user action to correct Services We will execute z/OS system audits against multiple standards We will also remediate Training We will train you how to audit z/OS systems against multiple standards We will also train you to remediate 33

Questions? 35

Call 800-794-0014 or email us at info@go2vanguard.com For more information Call 800-794-0014 or email us at info@go2vanguard.com Thai Thank You English Arabic Gracias Spanish Obrigado Brazilian Portuguese Danke Grazie Korean German Italian Simplified Chinese Russian Merci French Japanese Traditional Chinese Hindi 37

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.