INFORMATION SECURITY“The threats from within are increasing on a daily basis. 78% of all information security breaches happen internally”

WELCOME TO – GREATER MUMBAI BANK

04

/15

/23

Priv

ate

and C

onfidentia

l - INN

EFU

LAB

S

2

PRESENTATION FORMAT

Current Architecture Secure Architecture - INNEFU’s AuthShield

04

/15

/23

3

Priv

ate

and C

onfidentia

l - INN

EFU

LAB

S

04

/15

/23

Priv

ate

and C

onfidentia

l - INN

EFU

LAB

S

4

CURRENT ASSETS

E-mail servers Database servers Core Banking Application / Application

Servers Intranet Applications Web Applications

04

/15

/23

5

Priv

ate

and C

onfidentia

l - INN

EFU

LAB

S

CURRENT ARCHITECTURE

Disparate Architecture Servers on Public IP’s No single Sign on No DMZ No Multifactor Authentication

04

/15

/23

6

Priv

ate

and C

onfidentia

l - INN

EFU

LAB

S

INFORMATION SECURITY - CURRENT

Anti – Virus

Firewall

Unified Threat Management

People and Processes –

Security Policy Processes to connect to the Internet No authorization for Pen drives, CD’s, Laptops

etc

04

/15

/23

7

Priv

ate

and C

onfidentia

l - INN

EFU

LAB

S

INFORMATION SECURITY

Single Sign on, authentication and Authorization – Open LDAP / AD integrated with RADIUS

Virtual Private Network for critical Third party Applications

Multifactor Authentication for – Net Banking Core Banking Applications Third Party Applications

Technical Audit – Vulnerability Assessment and Penetration testing

04

/15

/23

8

Priv

ate

and C

onfidentia

l - INN

EFU

LAB

S

SINGLE SIGN ON

04

/15

/23

9

Priv

ate

and C

onfidentia

l - INN

EFU

LAB

S

ADVANTAGES

User only has to remember a single password instead of multiple complex passwords

Reduces time spent re-entering passwords for the same identity

Increases security - Users select stronger passwords, since the need for multiple passwords and change synchronization is avoided

Security on all levels of entry/exit/access to systems without the inconvenience of re-prompting users

04

/15

/23

10

Priv

ate

and C

onfidentia

l - INN

EFU

LAB

S

RADIUS SERVER

04

/15

/23

11

Priv

ate

and C

onfidentia

l - INN

EFU

LAB

S

ADVANTAGES

Client Server Architecture Once the user is authenticated, the client

provides the user with access to appropriate network services

The Authentication Request is sent over the network from the RADIUS client to the RADIUS server

If the user name and password are correct, the server sends an Authentication Acknowledgment that includes information on the user's network system and service requirements.

04

/15

/23

12

Priv

ate

and C

onfidentia

l - INN

EFU

LAB

S

VPN FOR THIRD PARTY APPLICATIONS

04

/15

/23

13

Priv

ate

and C

onfidentia

l - INN

EFU

LAB

S

CONTD.

04

/15

/23

14

Priv

ate

and C

onfidentia

l - INN

EFU

LAB

S

ADVANTAGES

Extended connections across multiple geographic locations without using a leased line

Improved security for exchanging data Flexibility for remote offices and employees

to use the business intranet over an existing Internet connection as if they're directly connected to the network

Savings in time and expense for employees to commute if they work from home

Improved productivity for remote employees

04

/15

/23

15

Priv

ate

and C

onfidentia

l - INN

EFU

LAB

S

MULTIFACTOR AUTHENTICATION

04

/15

/23

16

Priv

ate

and C

onfidentia

l - INN

EFU

LAB

S

Point of Attack

IDENTITY THEFT Fastest growing white collar crime

11 Million Americans affected in 2010-2011

900,000 new victims each year

Cost to businesses more than $50 billion

Cost per incident to company $6,383

Hours spent per victim resolving the problem as shown by identity theft statistics: 30

Irreparable loss to Company’s Brand/Image

Loss of Clientele

04

/15

/23

17

Priv

ate

and C

onfidentia

l - INN

EFU

LAB

S

04

/15

/23

Priv

ate

and C

onfidentia

l - INN

EFU

LAB

S

18

POINT OF ATTACK

Customers Vendors Development Team Power Users/Key Users/Super Users Agents End Users Employees…

04

/15

/23

19

Priv

ate

and C

onfidentia

l - INN

EFU

LAB

S

METHODS OF ATTACK

Phishing

Virus, Trojans, worms inside the company’s architecture or personal computer of users

LAN Attacks – Remote Sniffing

Web Vulnerabilities including SQL Injection, XSS attacks and Cookie capturing

04

/15

/23

20

Priv

ate

and C

onfidentia

l - INN

EFU

LAB

S

ASSETS

Web Application

Application Servers

VPN/SSL

Intranet Applications

Database Servers

Local LAN / WiFi

04

/15

/23

21

Priv

ate

and C

onfidentia

l - INN

EFU

LAB

S

MFID – MULTIFACTOR AUTHENTICATION

Map the physical identity of the user to the server

Identify the user based on – Something he knows (user name / password) Something in the users possessions

04

/15

/23

22

Priv

ate

and C

onfidentia

l - INN

EFU

LAB

S

INNEFU’S AUTHSHIELD

Multi factor authentication system which uses either of the three authentication mechanisms

Soft TokenHard tokenMobile TokenE-Token

04

/15

/23

23

Priv

ate

and C

onfidentia

l - INN

EFU

LAB

S

HARD TOKEN – IDENTIFYING THE USER ON THE BASIS OF HIS KEY

04

/15

/23

24

Priv

ate

and C

onfidentia

l - INN

EFU

LAB

S

PROTECT VPN AND CUSTOM MADE APPLICATIONS

Security device given to authorized users

The device displays a changing number that is typed in as a password

The password is based on a pre defined unbreakable randomized algorithm

Every time the user accesses a critical IT asset, the randomly generated number is matched with the server to verify users credentials

04

/15

/23

25

Priv

ate

and C

onfidentia

l - INN

EFU

LAB

S

SOFT TOKEN – IDENTIFYING THE USER ON THE BASIS OF HIS PHONE NUMBER

04

/15

/23

26

Priv

ate

and C

onfidentia

l - INN

EFU

LAB

S

MOBILE TOKEN – GENERATING TOKEN VIA MOBILE PHONES

Innefu BlackBerry AuthShield for Web Clients– 04

/15

/23

27

Priv

ate

and C

onfidentia

l - INN

EFU

LAB

S

1). User accesses the token generation application on his BB device

3). Request Forwarded to IAS

3).

2).Request Sent to BES

4). Token Generated

6). Access

BES

IAS

Web Client –UN+PWD+TOKEN

5). Credentials Entered

IAS & AD

PROTECT INTERNET BANKING

The OTP is sent either via SMS or the OTP is generated by the smart phone itself

The user use the OTP to log into any web application or intranet application

Works on all smart phones with GPRS enabled

The system does not depend on the memory or the processor usage of the phones

04

/15

/23

28

Priv

ate

and C

onfidentia

l - INN

EFU

LAB

S

FEATURES

OS Independent Authentication Mechanism

Seamless Integration with the current business and security architecture

Works as a stand alone authentication mechanism or in connection with- Microsoft AD Firewall VPN Wi-Fi Terminal services etc

04

/15

/23

29

Priv

ate

and C

onfidentia

l - INN

EFU

LAB

S

CONTD.

Increases the log on security for critical applications

Unbreakable encryption on the lines of those used by US Government

Prevent identity theft by up to 99%

04

/15

/23

30

Priv

ate

and C

onfidentia

l - INN

EFU

LAB

S

CONTD.

All logs are stored in a secured database (completely encrypted) for future analysis Date and Time User Time Gap

Access to logs only available to Admin team

Privileges assigned to every users

IP Address of the user

04

/15

/23

31

Priv

ate

and C

onfidentia

l - INN

EFU

LAB

S

TECHNICAL AUDIT

Vulnerability Assessment and Penetration testing Internal Audit – Test all the IT assets of the

organization with login privileges External Audit – Test all the IT assets of the

organization without login privileges

Identify all vulnerabilities

Penetration tests to remove false positives

04

/15

/23

32

Priv

ate

and C

onfidentia

l - INN

EFU

LAB

S

THANK YOUQUESTIONS WELCOME

AUTH-SHIELD LABS PVT. LTD

http://auth-shield.com/

+91-11-47065864 / 66

contact@auth-shield.com

04

/15

/23

Priv

ate

and C

onfidentia

l - INN

EFU

LAB

S

33