Presentation is loading. Please wait.

Presentation is loading. Please wait.

Authentication 2.0: User Generated Security

Published byPhilip Basil Norton Modified over 6 years ago

Similar presentations

Presentation on theme: "Authentication 2.0: User Generated Security"— Presentation transcript:

1 Authentication 2.0: User Generated Security
Bring Your Own Token (BYOT) Selahaddin Karatas CEO SolidPass

2 “Why do I rob banks? Because that is where the money is…” -Jesse James
Technology has changed – danger hasn’t “Why do I rob banks? Because that is where the money is…” -Jesse James

3 Game of Thrones 10 years ago. today?

4 MitB, DNS Cache Poisoning
Threat Mutations Phishing & Pharming External MitM, MitMO, MitB, DNS Cache Poisoning Internal Inside Job

5 The Threat Landscape in 2011
92% from external agents

6 81% involved hacking & / malware

7 A Few Examples Of Emerging Threats
The Mobile threat APTs (Advanced Persistent Threats) Hacktivism Cyber War Manipulated SEO The Cloud Malware Rogue Certificates Social Networks Embedded Hardware Shortened URLs Poisoned QR codes Digital Virtual Currencies A Few Examples Of Emerging Threats

8 Mobile devices (BYOD) Mobile browsers Mobile malware Mobile banking
The Mobile Threats Mobile devices (BYOD) Mobile browsers Mobile malware Mobile banking

9 Attacks on Mobile Users
Android malware takes off Attacks on Mobile Users The wording of the mobile app app needs a little clarification.

10 Social-engineering (re-engineered)

11 Our personal credentials are everywhere…literally
Facebook, Linkedin, iPhone apps like Path steal contacts from your address book, “No Permissions” Android apps harvest and export device data…

12 Zeus in the Mobile – ZitMo
From Phishing to MITM Zeus in the Mobile – ZitMo Looks good? Look again…

13 Zeus moves to the cloud Researchers discovered a new version of Zeus malware that targets users of cloud-based payroll services. 1. Zeus captures a screenshot of the service provider’s login page when a user infected with the Trojan visits the site 2. This image records the employee’s username, password, company number and the icon needed to bypass the provider’s image-based authentication system.

14 Out of band SMS is not enough
An attack used by the SpyEye Trojan circumvents mobile SMS security measures used by many banks….

15 SpyEye Trojan in the news
The crafty SpyEye trojan can adjust victim’s balance and create fake online bank statements too to keep the victim unaware of the fraud.

16 Remote Access Attack Vectors
The attackers got in via a VPN or remote access connection in 55% of the breaches investigated by Trustwave SpiderLabs in 2011

17 The solution is Out of band and offline authentication, preferably Challenge-Response based

18 Securing the Digital Realm
Business Applications Web Applications Network Applications Online Banking E-Government E-commerce Extranet Intranet Strong Authentication RADIUS SaaS Custom Custom Applications With Web Services & Integrated into Mobile Apps…

19 With challenge-response, user authenticates server & server authenticates user
Employ Challenge - Response for logins in order to obtain user authentication Making sure the right user has the correct key…

20 Use more than static username & password
Strong authentication with Microsoft OWA Use more than static username & password

21 Embed it where possible The BYOT model - user generated authentication
BYOT model: outsource the hardware to the end-user Embed it where possible The BYOT model - user generated authentication

22 Thank you @solidpass

Download ppt "Authentication 2.0: User Generated Security"

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
McAfee One Time Password

McAfee One Time Password
HQ in Israel Threat research, security operations center 24/7. In-depth understanding and insight into how cyber crime works. Over 10 million online identities.

HQ in Israel Threat research, security operations center 24/7. In-depth understanding and insight into how cyber crime works. Over 10 million online identities.
WYSI WYG Peter Stancik Security Evangelist

WYSI WYG Peter Stancik Security Evangelist
Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO.

Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO.
Digital DNA Server Login People ®. Login People ˃ IT security vendor ˃ Patented Digital DNA ® technology innovation Digital DNA Server Multi-factor Authentication.

Digital DNA Server Login People ®. Login People ˃ IT security vendor ˃ Patented Digital DNA ® technology innovation Digital DNA Server Multi-factor Authentication.
#AVeSPresents AVeS Cyber Security Confidence in your Digital Information 2014/09/25 Charl Ueckermann Managing Director AVeS Cyber Security Lex Informatica.

#AVeSPresents AVeS Cyber Security Confidence in your Digital Information 2014/09/25 Charl Ueckermann Managing Director AVeS Cyber Security Lex Informatica.
Emerging Trends: Cyber Threats Bryan Sheppard Cyber Security Defense Center.

Emerging Trends: Cyber Threats Bryan Sheppard Cyber Security Defense Center.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
ZeuS MitMo Mikel Gastesi 2011-02-25 S21sec e-crime analyst

ZeuS MitMo Mikel Gastesi S21sec e-crime analyst
1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.

1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.
IT security By Tilly Gerlack.

IT security By Tilly Gerlack.
Authentication for Office 365 Erik Notermans Country Manager Central and Northern Europe.

Authentication for Office 365 Erik Notermans Country Manager Central and Northern Europe.
The evolution of eCrime and the remote banking channels Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas.

The evolution of eCrime and the remote banking channels Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas.
CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.

CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.
A practical overview on how the bad guys adopt and circumvent security initiatives Commercial – in - Confidence Alex Shipp Imagineer.

A practical overview on how the bad guys adopt and circumvent security initiatives Commercial – in - Confidence Alex Shipp Imagineer.
Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?

Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?
Free, online, technical courses Take a free online course. Microsoft Virtual Academy.

Free, online, technical courses Take a free online course. Microsoft Virtual Academy.
Financial Sector Cyber Attacks Malware Types & Remediation Best Practices

Financial Sector Cyber Attacks Malware Types & Remediation Best Practices
MobileSecurity Vulnerability Assessment Tools for the Enterprise Mobile Security Vulnerability Assessment Tools for the Enterprise Integrating Mobile/BYOD.

MobileSecurity Vulnerability Assessment Tools for the Enterprise Mobile Security Vulnerability Assessment Tools for the Enterprise Integrating Mobile/BYOD.

Similar presentations

Ads by Google