Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Vasco - DSS @Vilnius 2010


Published on

Vasco Data Security did great presentation about importance of securing the access where static password is the weakest link.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Vasco - DSS @Vilnius 2010

  1. 1. ”Psst…I know your password” Hans Liljedahl Channel Manager Nordic & Baltic Region VASCO Data SecurityVASCO Data Security 1
  2. 2. The Authentication CompanyVASCO Data Security 2
  3. 3. VASCO update VASCO, the Full Option, All-Terrain Authentication Company VDSI - Financially healthy & profitable. Top-100 fastest growing IT- companies in the world.VASCO Data Security 3
  4. 4. Corporate Profile: VASCO Worldwide VASCO Offices VASCO sales presenceVASCO Data Security 4
  5. 5. Full option, All terrain Verticals & segmentsVASCO Data Security 5
  6. 6. Full Option & All-Terrain All-Terrain = All applications/technologies Healthcare Automotive B-to-B Social Security E-brokerage E-banking E-commerce E-government Publishing Industry Education Online gaming VASCO’s products are used in over 50 applicationsVASCO Data Security 6
  7. 7. Banking References • Over 1500 international financial institutions put their trust in VASCO’s solutions & deployments.VASCO Data Security 7
  8. 8. VASCO Enterprise Security CustomersVASCO Data Security 8
  9. 9. Tools on internet...VASCO Data Security 9
  10. 10. Your identity… on line 32 million user passwords exposedVASCO Data Security 10
  11. 11. Your identity…on lineVASCO Data Security 11
  12. 12. TOP 20 of passwords usedVASCO Data Security 12
  13. 13. TOP 20 of passwords usedVASCO Data Security 13
  14. 14. Human Behaviour… 42% used lowercase letters from "a to z“ only 6% mixed alpha-numeric and other characters many of the top 20 passwords used were names nearly 2,000 of the passwords were only 6 characters long the longest password was 30 characters – “lafaroleratropezoooooooooooooo”VASCO Data Security 14
  15. 15. Hacking on line resourcesVASCO Data Security 15
  16. 16. Hacking on line resourcesVASCO Data Security 16
  17. 17. In the news….VASCO Data Security 17
  18. 18. In the news….VASCO Data Security 18
  19. 19. High Tech Fraud Schemes On the global black market (Symantec, • Your e-mail password is worth $4.00 • Your credit card number is worth $0.40 • Your social security number is worth $1.00 • Your bank account is worth $10.00 • Your level 70 undead rogue with quest blues and a flying mount is worth $425.00VASCO Data Security 19
  20. 20. PhishingVASCO Data Security 20
  21. 21. QUIZ • Do you recognize this? • How many (different) passwords do you have to remember? • Do you write down your passwords (or keep them in a file)? • Is your static password at least 8 characters long ? is it a combination of numbers, symbols and letters? • How often do you (have to) change your passwords? • Have you ever given your password to someone else? • Passwords can be guessed, stolen, hacked, … • Password Sharing, Shoulder Surfing...... • How can I be sure that you are really the one you say you are?VASCO Data Security 21
  22. 22. PASSWORD CHECKER rTyx*pK2%9 http://www.howsecureismypassword.netVASCO Data Security 22
  23. 23. Cheapest solution... I’m safe for 17.000 years…. my password is rTyx*pK2%9 invented by xxx today forgotten by xxx tomorrow So, call help desk…or use smart technologyVASCO Data Security 23
  24. 24. So, what about your (on-line) business?VASCO Data Security 24
  25. 25. The Password Challenge User 1: “I have to remember about 20 passwords…” User 2: “I have to change them every 30 days” User 3: “All should be different so if one password is compromised all others are not.”VASCO Data Security 25
  26. 26. The Staff Authentication Challenge: CEO: „Employees use passwords of their colleagues to get access to information they are not entitled to see!“VASCO Data Security 26
  27. 27. The Staff Authentication Challenge: Sales Director: Authentication Challenge The Mobile Staff „My team needs access to the corporate network and their e-mail wherever they are. It should be very efficient when they are in the office and very safe when they are somewhere out, especially when using an Internet Cafe.”VASCO Data Security 27
  28. 28. The Staff Authentication Challenge: General Manager:and Access Challenge The Data Protection „The laptop of my closest staff member was stolen out of the car recently. I‘m extremely alarmed that the sensitive data on it finds its way to our competition.”VASCO Data Security 28
  29. 29. The Staff Authentication Challenge: Marketing: Authentication Challenge The Cloud „We need to reliably authenticate our customers when they access our online services. “VASCO Data Security 29
  30. 30. The Staff Authentication Challenge: CTO The weakest link…. „We have invested $$ in Firewalls, VPN, SSL-VPN, online applications, anti spam, anti-virus, content filtering, web traffic management tools, etc… But the weakest link is the colleague ! “VASCO Data Security 30
  31. 31. Why are you a potential cybercrime victim? You are connected and as a consequence you have: • an infrastructure to test a virus • a server connected to the web for storage of illegal content • a temporary system for illegal activities (spamming, botnet, …) • bandwidth to share • information which is valuable on the black market (Personal, financial or business info)VASCO Data Security 31
  32. 32. So…Why not use smart technology instead?VASCO Data Security 32
  33. 33. Strong User Authentication Pin code: ‘1234’VASCO Data Security 34
  34. 34. 1000x login screens… • Whenever you need to type username and password, replace it by a better solution!VASCO Data Security 35
  35. 35. Replacing static passwords with OTP HANS LILJEDAHL r°5w^Tyx*pK2%9 blacky1 342601 PIN +VASCO Data Security 36
  36. 36. OTP generation: HOW? Kdp 872003 DES/3DES/AES TimeVASCO Data Security 38
  37. 37. The concept: GENERATION of OTP •Digipass calculates One Time Passwords (OTP) •One time passwords cannot be reused, stolen or hacked OTP Encryption Algorithm Key TimeVASCO Data Security 39
  38. 38. The concept: VALIDATION of OTP Client Side Server Side Internet Encryption Algorithm Encryption Algorithm Key Time Key Time • Need for Secure Transport & Secure Storage of secret key • Need for Synchronization of timeVASCO Data Security 40
  39. 39. The concept: GENERATION of Electronic Signatures •Digipass calculates Electronic Signature •MITMA countermeasure OTP Encryption Algorithm Key Time Data fieldsVASCO Data Security 41
  40. 40. Authentication – It’s a trade off… Standards Deployment OTP / Signature Helpdesk Procedures Price User Friendliness User Acceptance Portability Customer typeVASCO Data Security 42
  41. 41. IDENTIKEY Server- The Brain & the Heart Front-End Integration Web-based Command Administration Line TCL • User & DIGIPASS Administration • Reporting Apache Tomcat Webserver SOAP SOAP SEAL Customer Web Applications Back-End Authentication SEAL RADIUS LDAP RADIUS IIS Web via Windows API Applications via Custom API ODBC LDAP/LDAPS SEAL-S AD U&C PostgreSQL AD RADIUS Client Datastore Directory Windows Desktop Login UnConnected Connected Server Login Terminal Server LoginVASCO Data Security 43
  42. 42. Remote Site: Server Solutions Vasco has multiple solutions to protect your network and applications: SOFTWARE HARDWARE SERVICES Plugins: •Microsoft IAS •Juniper SBR •Novell NMAS •Imprivata •AEP •RACF •SiteminderVASCO Data Security 44
  43. 43. DIGIPASS AS A SERVICE DIGIPASS as a Service is a managed authentication solution DIGIPASS as a Service offers security for multiple applications: •SaaS solutions •online gaming •e-learning applications •online subscription services (e.g. magazines and newspapers) •licensed services •e-government applications •e-healthcare systems •e-commerce applications •e-banking applications •online insurances applications •intranet/ extranetVASCO Data Security 45
  44. 44. CLIENT SIDE: DIGIPASS Factory DIGIPASS GO range with e- DIGIPASS e-signature devices signature capability DIGIPASS Software range DIGIPASS PKI range for authentication using digital DIGIPASS card reader range for authentication using signatures electronic and digital signaturesVASCO Data Security 46
  45. 45. DIGIPASS FOR MOBILEVASCO Data Security 47
  46. 46. Ačiū! Hans.Liljedahl@vasco.comVASCO Data Security 48