INFORMATION SECURITY

The threats from within are increasing on a

daily basis. 78% of all information security
breaches happen internally

05/26/15

Private and Confdential - INNEFU LABS

WELCOME TO GREATER
MUMBAI BANK

PRESENTATION FORMAT
05/26/15

Current Architecture
Secure Architecture - INNEFUs AuthShield

Private and Confdential - INNEFU LABS

05/26/15
Private and Confdential - INNEFU LABS

CURRENT ASSETS
05/26/15

E-mail servers
Database servers
Core Banking Application / Application Servers
Intranet Applications
Web Applications

Private and Confdential - INNEFU LABS

CURRENT ARCHITECTURE
05/26/15

Disparate Architecture
Servers on Public IPs
No single Sign on
No DMZ
No Multifactor Authentication

Private and Confdential - INNEFU LABS

INFORMATION SECURITY CURRENT

Firewall

Unifed Threat Management

People and Processes

Security

Policy
Processes to connect to the Internet
No authorization for Pen drives, CDs, Laptops etc

Private and Confdential - INNEFU LABS

Anti Virus

05/26/15

INFORMATION SECURITY

Single Sign on, authentication and Authorization

Open LDAP / AD integrated with RADIUS
Virtual Private Network for critical Third party
Applications
Multifactor Authentication for
Net

Banking
Core Banking Applications
Third Party Applications

Technical Audit Vulnerability Assessment and

Penetration testing

Private and Confdential - INNEFU LABS

05/26/15

SINGLE SIGN ON

05/26/15
Private and Confdential - INNEFU LABS

ADVANTAGES

Reduces time spent re-entering passwords for the

same identity
Increases security - Users select stronger
passwords, since the need for multiple passwords
and change synchronization is avoided
Security on all levels of entry/exit/access to systems
without the inconvenience of re-prompting users

Private and Confdential - INNEFU LABS

User only has to remember a single password

instead of multiple complex passwords

05/26/15

10

RADIUS SERVER

05/26/15
Private and Confdential - INNEFU LABS

11

ADVANTAGES
05/26/15
Private and Confdential - INNEFU LABS

Client Server Architecture

Once the user is authenticated, the client
provides the user with access to appropriate
network services
The Authentication Request is sent over the
network from the RADIUS client to the RADIUS
server
If the user name and password are correct, the
server sends an Authentication Acknowledgment
that includes information on the user's network
system and service requirements.

12

VPN FOR THIRD PARTY

APPLICATIONS

05/26/15
Private and Confdential - INNEFU LABS

13

CONTD.

05/26/15
Private and Confdential - INNEFU LABS

14

ADVANTAGES
05/26/15
Private and Confdential - INNEFU LABS

Extended connections across multiple geographic

locations without using a leased line
Improved security for exchanging data
Flexibility for remote offices and employees to use
the business intranet over an existing Internet
connection as if they're directly connected to the
network
Savings in time and expense for employees to
commute if they work from home
Improved productivity for remote employees

15

MULTIFACTOR AUTHENTICATION

05/26/15

Point of Attack

Private and Confdential - INNEFU LABS

16

IDENTITY THEFT

11 Million Americans affected in 2010-2011

900,000 new victims each year

Cost to businesses more than $50 billion

Cost per incident to company $6,383

Hours spent per victim resolving the problem as shown by identity

theft statistics: 30

Private and Confdential - INNEFU LABS

Fastest growing white collar crime

05/26/15

Irreparable loss to Companys Brand/Image

Loss of Clientele

17

05/26/15
Private and Confdential - INNEFU LABS

18

POINT OF ATTACK
05/26/15
Private and Confdential - INNEFU LABS

Customers
Vendors
Development Team
Power Users/Key Users/Super Users
Agents
End Users
Employees

19

METHODS OF ATTACK

Virus, Trojans, worms inside the companys

architecture or personal computer of users
LAN Attacks Remote Sniffing
Web Vulnerabilities including SQL Injection,
XSS attacks and Cookie capturing

Private and Confdential - INNEFU LABS

Phishing

05/26/15

20

ASSETS

Application Servers

VPN/SSL

Intranet Applications

Database Servers

Local LAN / WiFi

Private and Confdential - INNEFU LABS

Web Application

05/26/15

21

MFID MULTIFACTOR
AUTHENTICATION

Identify

the user based on

Something

he knows (user name / password)

Something in the users possessions

Private and Confdential - INNEFU LABS

the physical identity of the user to the

server

05/26/15

Map

22

INNEFUS AUTHSHIELD

Soft

Token
Hard token
Mobile Token
E-Token

Private and Confdential - INNEFU LABS

factor authentication system which uses

either of the three authentication mechanisms

05/26/15

Multi

23

HARD TOKEN IDENTIFYING THE USER

ON THE BASIS OF HIS KEY
05/26/15
Private and Confdential - INNEFU LABS

24

PROTECT VPN AND CUSTOM MADE

APPLICATIONS

The device displays a changing number that is

typed in as a password
The password is based on a pre defned
unbreakable randomized algorithm
Every time the user accesses a critical IT asset,
the randomly generated number is matched with
the server to verify users credentials

Private and Confdential - INNEFU LABS

Security device given to authorized users

05/26/15

25

05/26/15

SOFT TOKEN IDENTIFYING THE

USER ON THE BASIS OF HIS PHONE
NUMBER

Private and Confdential - INNEFU LABS

26

MOBILE TOKEN GENERATING TOKEN

VIA MOBILE PHONES
4). Token Generated
5). Credentials Entered

2).Request Sent to BES

BES
1). User accesses the token generation
application on his BB device

IAS & AD

3). Request Forwarded to IAS

3).

Private and Confdential - INNEFU LABS

Web Client
UN+PWD+TOKEN

05/26/15

Innefu BlackBerry AuthShield for Web Clients

27

IAS
6). Access

PROTECT INTERNET BANKING

The user use the OTP to log into any web

application or intranet application
Works on all smart phones with GPRS enabled
The system does not depend on the memory or
the processor usage of the phones

Private and Confdential - INNEFU LABS

The OTP is sent either via SMS or the OTP is

generated by the smart phone itself

05/26/15

28

FEATURES
Independent Authentication Mechanism

Integration with the current business

and security architecture

Works

as a stand alone authentication

mechanism or in connection with Microsoft
Firewall

AD

VPN

Wi-Fi

Terminal

services etc

Private and Confdential - INNEFU LABS

Seamless

05/26/15

OS

29

CONTD.

Unbreakable

encryption on the lines of those

used by US Government

Prevent identity theft by up to 99%

Private and Confdential - INNEFU LABS

the log on security for critical

applications

05/26/15

Increases

30

CONTD.

Date

and Time

Time

Gap

User

Access to logs only available to Admin team

Privileges assigned to every users

IP Address of the user

Private and Confdential - INNEFU LABS

All logs are stored in a secured database

(completely encrypted) for future analysis

05/26/15

31

TECHNICAL AUDIT

Internal

Audit Test all the IT assets of the

organization with login privileges
External Audit Test all the IT assets of the
organization without login privileges

Identify all vulnerabilities

Penetration tests to remove false positives

Private and Confdential - INNEFU LABS

Vulnerability Assessment and Penetration

testing

05/26/15

32

AUTH-SHIELD LABS PVT. LTD

http://auth-shield.com/
+91-11-47065864 / 66

contact@auth-shield.com

33

Private and Confdential - INNEFU LABS

QUESTIONS WELCOME

05/26/15

THANK YOU