Download Uri Rivner, RSA Security, Anatomy of an attack, 1 st April 2011 - C-cure

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
Document related concepts
no text concepts found
Transcript 
ActivIdentity “D2D Security”
Emma Cabban – Channel Manager Northern Europe
Fredrik Pahlsson – Security Consultant EMEA
Agenda
•
•
•
•
ActivIdentity – Who are we
The Real World - Advanced Persistent Threat
Introducing CMS Appliance
Omnikey Readers
ActivIdentity Quick Facts
Mission
Provide strong authentication and credential management
to confidently establish a person’s identity when interacting
digitally.
Vision
To make every digital interaction trustworthy.
Founded
June 1987
Employees
237
Revenue
$57.7 million (FY10)
Patents
200+
Customers
2,500+
And now part of the Assa Abloy Group…
• Assa Abloy, global leader in door opening systems, was created in 1994 from
the merger between Assa (Swedish company, separated from Securitas AB)
and Abloy Oy (Finnish company), followed by a series of acquisitions in the
United States, Australia, Great Britain, the Netherlands, France, Norway,
Sweden and Spain.
• Today, Assa Abloy comprises 150 brands, such as Fichet, Vachette, Mul-TLock, Yale for locks.
• HID Global is an ASSA ABLOY Group brand
• Assa Abloy Group has some 30,000 employees in over 40 countries in 5
Divisions
• HID Global (including ActivIdentity): 2400 employees
• In 2010 HID Global finalized the acquisition of ActivIdentity:
http://www.actividentity.com/company/acquisitionnews
Introducing ActivIdentity
December 2010
“ActivIdentity will become the centre of gravity for Digital
Identity Assurance within HID” Tony Ball, HID Senior VP
Identity and Access Management
Employees
Revenue
Patents
Customers
220
$60 million
200+
2,500+
Advanced Persistent Threat
New types of attacks aimed at social networking, Web 2.0 and mobile
apps
Legacy authentication systems becoming ineffective
Defending the perimeter no longer protects corporate data and networks
Summary
• Today strong authentication is mainly deployed to secure the perimeter of an
enterprise
• But, mobile computing, sophisticated malware and popularity of social
networks are making it increasingly difficult to keep the perimeter secure
• Once inside the perimeter, the only thing that stands between an attacker and
the data he is trying to steal is a static password
• Securing cloud applications is as import as securing internal systems
• Enterprise’s need to look beyond just One Time Password tokens
• ActivIdentity has solutions
The history of enterprise security
Perimeter
Desktops
File Servers
Cloud based
applications
Email
Database Servers
Remote
Access
Web Servers
Email Servers
Web
2.0
Securing the perimeter is …
?
A. No longer worth the effort
B. Still important, but not enough
C. The kind of thing that people talk
about at conferences, which sort of
makes sense at the time but is pretty
irrelevant once you’ve go back to
doing a real days work
Real World
RSA Breach – Feb 2011
http://blogs.rsa.com/rivner/anatomy-of-an-attack/
• The first thing is seek publicly available information about specific employees –
social media sites are always a favorite.
• The two emails were sent to two small groups of employees; The email subject
line read “2011 Recruitment Plan.” The spreadsheet contained a zero-day
exploit that installs a backdoor through an Adobe Flash vulnerability
• the next step is to install some sort of a remote administration tool that allows
the attacker to control the machine. In our case the weapon of choice was a
Poison Ivy variant. now the attacker starts digital shoulder surfing
• The next phase is moving laterally inside the network. The initial entry points
are not strategic enough for the attackers; they need users with more access,
more admin rights to relevant services and servers, etc.
• The attacker first harvested access credentials from the compromised users
(user, domain admin, and service accounts). They performed privilege
escalation on non-administrative users in the targeted systems, and then
moved on to gain access to key high value targets, which included process
experts and IT and Non-IT specific server administrators.
Perimeter Security – still important but not enough
“the point about APTs being, first and foremost, a new attack doctrine built to
circumvent the existing perimeter and endpoint defenses. “
Uri Rivner, RSA Security, Anatomy of an attack, 1st April 2011
Compromise spreads due to weak authentication
Desktops
File Servers
Cloud based
applications
Email
Database Servers
VPN
Access
Web Servers
Email Servers
Web browsing
Once inside the perimeter
were able to access, the AD server and extract the servers SAM file.
“ We
We then successfully cracked all of the passwords in that file,
We found that the same credentials were used across multiple systems.
As such, we were not only able to access desktops and servers, but also
able to access Cisco devices, etc.
“
NetraGuard, Hacking your bank
“ The next phase is moving laterally inside the network. The initial entry
points are not strategic enough for the attackers; they need users with
more access, more admin rights to relevant services and servers, etc.
RSA Breach
“
Information is stolen from the enterprise
Desktops
File Servers
Cloud based
applications
Email
Database Servers
VPN
Access
Web Servers
Email addresses /
key data /
corporate IP
Email Servers
Web browsing
Advanced
persistent
threat
Insecure
perimeter
Poison
ivy
VNC
cracking
tool
malware
What am
I going to
wear
Personal
mobile
phones
Weak
passwords
Securing individual compartments helps limit the impact of hull breaches
We can help
Implementing strong authentication across the
enterprise ensures
– Malware on infected machines can’t capture
passwords to gain access to critical servers
“We found that the same credentials were used across multiple systems”
– There’s no password file to steal
“ We were able to access, the AD server and extract the servers SAM file. “
Summary
• Today strong authentication is mainly deployed to secure the perimeter of an
enterprise
• But, mobile computing, sophisticated malware and popularity of social
networks are making it increasingly difficult to keep the perimeter secure
• Once inside the perimeter, the only thing that stands between an attacker and
the data he is trying to steal is a static password
• Securing cloud applications is as import as securing internal systems
• Enterprise’s need to look beyond just One Time Password tokens
• ActivIdentity has solutions
How can we help…..
Fredrik Pahlsson – Technical Consultant
EMEA
Introducing the ActivID CMS Appliance
21
Confidential © 2009 ActivIdentity
Proposed Solution – Door to Desktop
• Replace passwords with smart cards or secure USB tokens:
– Proven: supported since Windows 2000 and millions of users today!
– Better for users, fewer credentials to remember
– Familiar ATM-like user experience plus government-grade security
– Enables more secure and simpler authentication to applications supporting
PKI
• Enables Door to Desktop with a multi function smart card
• Use an appliance to get benefits quickly and easily
– 30 minute installation
– Manage the life cycle of authentication devices
– Self service for end-users
22
External Use © 2009 ActivIdentity
CMS Appliance Solution Consists Of…
• ActivIdentity ActivID CMS Appliance
– ActivIdentity ActivID CMS-Lite software
– Embedded Certification Authority
– Embedded HSM (RealSec)
– Embedded database
• ActivIdentity ActivID ActivClient
• Smart Card or ActivKey SIM secure USB token
• ActivIdentity SecureLogin SSO (optional)
23
External Use © 2009 ActivIdentity
ActivIdentity ActivID CMS Usability
• Easy for end users
– ATM-like PIN usage well understood
– Faster, simpler than handling multiple credentials, password rules
– Web-based self service for quick resets
• More efficient for IT Help Desk
– Enhanced productivity with single platform to issue and manage devices
and credentials
– Fewer calls because of self-service resets
• Easier for IT Admins
– Appliance pre-configuration of database, HSM, CA & profiles
– Streamlines & automates much of credential management
– Proven technology used to issue millions of highly secure credentials
24
External Use © 2009 ActivIdentity
ActivIdentity ActivID CMS Appliance & Physical access card
• Crescendo C800: One card for PACS & IT Systems
– Smart card chip for IT access
– Contactless antenna for physical access
– iClass, MIFARE Classic, MIFARE DESFire (all with optional Prox 2nd
antenna)
– One credential to carry means more convenience for end-users and less
card forgotten at home
25
Confidential © 2011ActivIdentity
CMS Appliance Unique Selling Points
Issue & Manage Smart Cards
with certificates
PIV-C Support
30-minute install
Pre-configured HSM,
database, PKI CA
Works out of box with Win7
& Mac OS
Simple bundle with award
winning middleware
OMNIKEY Reader Portfolio
Desktop
Reader
3- Series
5-Series
Mobile
Reader
4- Series
6- Series
Embedded
Reader
Chipsets
Reader boards
Desktop Readers - Contact
7121 Biometrics
3121 USB
Primary Markets:
• Corporate ID
• Government
• Service related
(Banking, Insurance, etc.)
• Public Service
• Industry with IT workplace
• GSA approved
• Standing Bases variants
Primary Markets:
• Public Safety &
Administration/Government
(eg Police, Border control)
• Loyalty & Payment
• High security companies
User Benefits:
• Two-Factor –authentication
3821 USB Pinpad
Primary Markets:
3021 USB
Primary Markets
• Public Service
• Insurance
• Loyalty
User Benefits:
•
•
•
•
Small form factor
Platform interoperability
PC and Laptop logon
GSA Approved
• Commercial and Public
• Transactions/service
• Contractual/Legal
• eBusiness
• eGovernment
User Benefits:
• Enables use of digital signatures
• Limits transactional risks &
PIN theft
Desktop Readers - Contactless
Primary Markets:
5321 USB
Primary Markets:
• Service related
(Banking, Insurance, etc.)
• Commercial
• Government
5321 CLi USB
• Physical and Logical Access
Convergence
• Health Care
User Benefits:
• Plug & Play HID iCLASS
reader
User Benefits:
• Heterogeneous environments
• Convergence of Contact and
Contactless technology
5325 CL USB Prox
5325 USB Prox
Primary Markets:
• Physical and Logical Access
Convergence
• Health Care
User Benefits:
• Plug & Play HID Prox reader
• Enables converged access
solutions in PROX
environements
Primary Markets:
• Physical and Logical Access
Convergence Prox
• Health Care
User Benefits:
• Plug & Play HID Prox reader
• Enables converged access
solutions in PROX
environements
Desktop Readers: 5321 CR
Summary
• New design line
• Water- and dust-proof
• iCLASS & 13.56MHz cards
Features & functions
• USB 2.0 support
• Stylish design
• Broad contactless support
13.56MHz cards incl. iCLASS and
Mifare DESfire
• TAA compliant
• No edges and grooves for easy
cleaning
• IP67 protection class
Customer benefits
•
•
•
•
•
Mitigation of germs
Easy to clean and disinfect
Stands rough environment
Suitable for representative area
Easy administration due to
OMNIKEY driver platform
Mobile Readers
6121 USB
Primary Markets:
• Service related
(Banking, Insurance, etc.)
• Sales organizations
• Government
User Benefits:
• SIM-sized SCR for
ultra-mobile PKI applications
6321 USB
Primary Markets:
• Service related
(Banking, Insurance, etc.)
• Sales organizations
• Physical and Logical Access
Convergence
User Benefits:
• Easy to install
• Contact & Contactless Interface
Mobile Readers
4040 PCMCIA
Primary Markets:
• Corporate ID
• Mobile Service Industry
(Banking, Insurance, etc.)
• Sales organizations
• Government
User Benefits:
4321 Express Card
• Enables convenient contact
authentication for mobile users
• Platform interoperability
Mobile Readers: 6221 MicroSD
Summary
Versatile mobile dongle-sized
SIM-sized contact reader &
Micro SD in a single device
Features & functions
• Compound Device
(internal USB Hub)
• Key Ring
• Hot-plug Driver available
• Easy administration due to
OMNIKEY driver platform
Customer benefits
• Convenient form factor for mobile
users
• Allows combination of strong
authentication and portable
encryption in single device
• Allows standards-based access to
cards for software programmers
Thank you
35 Confidential © 2011 ActivIdentity
Related documents
Southeastern Michigan State Employees Federal Credit Union
Southeastern Michigan State Employees Federal Credit Union
84 4 6.5 21 Perimeter cm Side Length 72 3 7 5 Perimeter
84 4 6.5 21 Perimeter cm Side Length 72 3 7 5 Perimeter
Here is the Original File
Here is the Original File
Math 60 ~ Test 1 Review
Math 60 ~ Test 1 Review
(1.5) Practice. Square Roots. Compare and Order Real Numbers
(1.5) Practice. Square Roots. Compare and Order Real Numbers
Geometry Shapes and Formulas Triangle
Geometry Shapes and Formulas Triangle
Presentation: Many kinds of clients and servers
Presentation: Many kinds of clients and servers
BUS 352 Week 4 Discussion 2 (Security components)
BUS 352 Week 4 Discussion 2 (Security components)
Slide 1
Slide 1
Chap 11: Network Security Topologies
Chap 11: Network Security Topologies