As the news of network security breaches reaches more eyes and ears, thanks to high profile cases where millions of passwords were compromised, both consumers and regulatory agencies are putting increasing pressure on those in charge of enterprise security to step up their defenses.
The issue for network administrators is that they are playing a continuous game of "catch-up," as newer exploits are developed by highly sophisticated cyber gangs in order to keep their profitable fraud rings going as soon as earlier exploits are patched. Smart phones and tablets present an even greater challenge, as most of these devices lack the same malware defenses as their more robust cousins, desktops and laptops.
All of this has led many businesses to shift to more robust authentication and authorization schemes, such as:
Transaction Authentication
Simply put, transaction authentication looks for logical flaws when comparing known data about a user with the details of the current transaction. For example, if a user that lives in the U.S. purchases several big ticket items while logged in from an IP address determined to be from a foreign country, this is cause for concern and would require extra verification steps to ensure the purchase is not fraudulent.
Biometrics
Biometrics literally means "measuring life," and refers to the use of known and recorded physical traits of a user to authenticate their identity, as no two individuals share the same exact physical traits. Common schemes include:
Tokens
Tokens are physical devices that are used to access secure systems. They can be in the form of a card, a dongle, or a RFID chip. One common token used in authentication schemes today is the RSA secureID token, which provides an OTP (one time password) on its LED screen which users must input along with their normal username/password to access a network.
Tokens make it harder for a hacker to access an account, as they must possess not only the login credentials, which can easily be obtained with a keylogger, but also the much harder-to-obtain physical device in order to gain access.
Multi-Factor Authentication
MFA is really a blanket term that describes an authentication scheme that uses two or more independent sources to verify an identity, like:
Out-of-band authentication
OOB uses a completely separate channel, such as a mobile device, to authenticate a transaction originated from a computer. Any transaction that crosses a threshold, such as a large money transfer, would trigger a phone call, text, or notification on a specialized application informing the user that further authorization is needed for a transaction to go through. Requiring two channels makes it quite difficult for a hacker to steal money, as they would need to compromise two separate systems (cell phone and computer) in order to pull off a heist.
The increase in cybercrime necessitates an increase in security measures. Fortunately, the above authentication methods make it much harder for criminal gangs to exploit their targets, which saves millions per year in lost revenue and productivity.
The issue for network administrators is that they are playing a continuous game of "catch-up," as newer exploits are developed by highly sophisticated cyber gangs in order to keep their profitable fraud rings going as soon as earlier exploits are patched. Smart phones and tablets present an even greater challenge, as most of these devices lack the same malware defenses as their more robust cousins, desktops and laptops.
All of this has led many businesses to shift to more robust authentication and authorization schemes, such as:
Transaction Authentication
Simply put, transaction authentication looks for logical flaws when comparing known data about a user with the details of the current transaction. For example, if a user that lives in the U.S. purchases several big ticket items while logged in from an IP address determined to be from a foreign country, this is cause for concern and would require extra verification steps to ensure the purchase is not fraudulent.
Biometrics
Biometrics literally means "measuring life," and refers to the use of known and recorded physical traits of a user to authenticate their identity, as no two individuals share the same exact physical traits. Common schemes include:
- Voice recognition
- Fingerprints
- Face scanning and recognition
- Eyeprints, such as retina and iris scans
Tokens
Tokens are physical devices that are used to access secure systems. They can be in the form of a card, a dongle, or a RFID chip. One common token used in authentication schemes today is the RSA secureID token, which provides an OTP (one time password) on its LED screen which users must input along with their normal username/password to access a network.
Tokens make it harder for a hacker to access an account, as they must possess not only the login credentials, which can easily be obtained with a keylogger, but also the much harder-to-obtain physical device in order to gain access.
Multi-Factor Authentication
MFA is really a blanket term that describes an authentication scheme that uses two or more independent sources to verify an identity, like:
- Something possessed, as in a physical token or telephone.
- Something known, such as a password or mother's maiden name.
- Something inherent, like a biometric trait mentioned earlier.
Out-of-band authentication
OOB uses a completely separate channel, such as a mobile device, to authenticate a transaction originated from a computer. Any transaction that crosses a threshold, such as a large money transfer, would trigger a phone call, text, or notification on a specialized application informing the user that further authorization is needed for a transaction to go through. Requiring two channels makes it quite difficult for a hacker to steal money, as they would need to compromise two separate systems (cell phone and computer) in order to pull off a heist.
The increase in cybercrime necessitates an increase in security measures. Fortunately, the above authentication methods make it much harder for criminal gangs to exploit their targets, which saves millions per year in lost revenue and productivity.
About
