Date post: | 04-Jun-2015 |
Category: |
Technology |
Upload: | netwayclub |
View: | 162 times |
Download: | 1 times |
Beyond Password: Enforce Advanced Security with Authentication Model
2Factor Authentication
Agenda ● The Risk● An Introduction to VIP Authentication Services● Testimonials● Demo
The Risks IMPORTANCE OFRISK MANAGEMENTWORLDWIDE
SECURITY STANDARD
LOSS & DAMAGE
Intrusion in Cloud Provider's’ infrastructure
Compliance with Data Protection Regulation
Application level Network Security
SMS Trojans: Common threats for smartphones
Online Vulnerabilities
Employee Data Theft
The Risks
Source: http://go.eset.com/us/resources/white-papers/Trends_for_2013_preview.pdf
Penetration Testing By ACIS Research LabAll of 8 systems of Internet Banking and Mobile Banking having been studied fail to detect the attack by SSLStripGuard. High risks of being compromised for username and password.
The Risks
Source: http://www.acisonline.net/article/?p=35
8 Failed toDetect the Attack
1 withDynamic URL
2 withLonger than 10 Mins OTP
3 SystemsNot Display Person’s Name
Only 1 system can do Dynamic URL every time the OTP is generated, making it secured from being attacked by Zeus Liked Trojan Program.
2 systems have duration of OTP longer than 10 minutes, increasing higher possibility to be hacked for the OTP.
3 systems do not display the name of the person being transferred to, even the transfer to the same bank.
Only solution needed is 2-Factor Authentication for sign-in system beforeonline transaction.
Thailand Percentage of Scanned sites hosting malware: 11% of 153,633 sites
The Risks
Source: http://www.google.com/transparencyreport/safebrowsing/malware/#region=TH&period=365&size=LARGE&attack&asn=9931&aggregation=RATE&page=1
Malware Distribution by Autonomous System (AS)
TYPE OF SITES DETECTED:
● Attack Site are used by hackers to intentionally host and distribute malicious software.
● Compromised Site are legitimate sites that are hacked to include content from attack sites.
Targeted Attacks in 2012
42%INCREASE
Average Number of Identities Exposed Per Breach in 2012
604,826
Web AttacksBlocked Per Day
2011 2012
190,370
Mobile MalwareFamilies Increase2011-2012
58%
247,350
Source: Cisco
Attacks by Size of Targeted Organization
To provide perspectives about potential risks in 2013, Protiviti and North Carolina State University’s ERM Initiative surveyed more than 200 business executives to obtain their views about those risks that in 2013 may significantly affect profitability and funding objectives of their organizations. Overall, most executives rate the business environment as significantly risky.
http://poole.ncsu.edu/erm/http://www.protiviti.com/toprisks
Both Operations and Strategies are affected.
Plans To Add Risk Management Resources
THE COSTS ?OF THESE
WHAT ARE
Lowest per capita cost
● Public sector organizations = $81 ● Retailers = $78
Source: http://www.law.com/jsp/lawtechnologynews/PubArticleLTN.jsp?id=1202603594623&What_to_Do_About_High_Data_Breach_Costs#ixzz2YuoiqogS
THE COSTS$5.4 M$188 Each
$3.03 M
NOTICE
63%
Total cost of a data breach incident in the U.S. is $5.4 million, or approximately $188 for every exposed record.
Lost business costs, such as abnormal turnover of customers, reputational harm and diminished goodwill, associated with a data breach averaged over $3.03 million in the U.S.
Notification costs are a leading driver of total breach response costs, and giving notice too soon can raise that cost even higher.
Although the most expensive breaches were those caused by malicious attacks by hackers or criminal insiders, the majority of breaches — 63 percent — resulted from either negligence or system glitches.
Per capita costs associated with data breaches were highest in heavily regulated industries: (1) healthcare, (2) financial, and (3) pharmaceutical businesses.
$233
$215
$207
HEALTHCARE
FINANCIAL BUSINESS
PHARMACEUTICALS
$136 OVERALL MEAN
IT’S TIME FOR IT SERVICE PROVIDERTO ADDRESS THE ADVERSE IMPACT OF CYBER THREATS ON OUR INDUSTRY
IT IS BEING ADVANCED EACH YEAR. AND IT’S TIME TO THINK ABOUTIDENTITY MANAGEMENT
An Introduction to VIP Authentication Service
SECURITY MODEL
Confi
denti
ality Integrity
Availability
ISMS : Compile : ISO 27001:2005
NetworkHostApplication
Data{Information Security Management Systems
BUSINESS APPLICATION WITH DATA CENTER{ {
BUSINESS VALUES
SCALABILITY COMPLIANCE IDENTITY MULTIPLE LAYERS● สามารถขยายตอ่ยอดอ
อกไปไดท้กุขนาดไมว่า่จะเป็นองคก์รขนาดใหญห่รอืขนาดเล็ก
● ปรับเปลยีนยอดการใชง้านไดต้ามความตอ้งการการใชง้าน
● ปกป้องทชีอ่งทางการเขา้ถงึ
● ปฏบิตัติามขอ้กําหนดนโยบายองคก์รไดอ้ยา่งเครง่ครัด
● นโยบายใชง้านองิตามบทบาทผูใ้ชง้าน
● ไดม้าตรฐานความปลอดภัยระดบัโลก
● สนับสนุน single sign-on
● การตวัตนของพนักงานได ้อยา่งคลอ่งตวัทงัเขา้ใหม่และลาออก ไมว่า่จะเป็นบทบาทใดในองคก์ร
● ปรับแตไ่ดค้ลอ่งตวัเพราะเป็นแบบ cloud-based
● ปกป้องไดห้ลากหลายระดับทงัระดบั core ไปจนถงึ endpoint
● เพมิคา่ใชจ้า่ยตามจํานวนตัวตนทเีขา้ใชง้าน
ABOUT RVGLOBALSOFT PLATFORM
Overseas business
PRODUCT ANGLE: Product VIP and SSL and more ....SEGMENT ANGLE: Regional Boundary …RESELLING BUSINESS: Reselling Solutions for Providers (for oneself & for customers)
Positioning
PRODUCT ROADMAP● CMS● Apps● Billing System ● And more ...
Product Roadmap
Testimonials “ปัจจุบัน การรักษาความปลอดภัยของขอ้มูลบน Web Site โดยใชเ้พียง Login/Password นัน้ คงไมเ่พียงพอ ระบบรักษาความปลอดภัยของ Symantec VIP ท่ีผมเลือกใชใ้นปัจจุบัน
ทาํให้ผมม่ันใจไดว้า่ ขอ้มูลสาํคัญในระบบจะไมส่ามารถ Access ไดโ้ดยบุคคลท่ีไมเ่ก่ียวขอ้งอีกตอ่ไป”
WHM WordPressDEMO
● Security for individual servers.● Specifically for control panel.● WHM/cPanel as Protection at Root
Server Level
● Security for WordPress at user level
● Prevent hackers to hack across servers