Access Control is the allocation of resources to users as determined by their access rights.
Access Control is the allocation of resources to users as determined by their access rights.
During multi-factor and two-factor authentication processes a device may be used for one time password generation or OTP transmission. Known as an authentication token and ranging from a proprietary device to a regular mobile phone these tokens are used for out-of-band authentication. Many times when discussing the cost of authentication security the token is mentioned due to the costs associated with hardware creation and network expenses. Downsides to tokens are that they can be misplaced, stolen or broken.
A tool used by hackers to bypass or get around a security system easier often without anyone knowing. Some viruses can create a backdoor that will allow an attacker to access and take control of your computer.
Biometric authentication is when biological measurements, such as the distance between mapped out points on fingerprints or in the retina, are used as identifying factors while authenticating a user. During mutli and two-factor authentication processes biometrics could be considered the “something you are” factor. However the high cost associated with this type of authentication along with the nature of scanning makes it less desirable.
A method of attack whereby that attacker, often with the help of a program, will try all possibilities of a password one by one. Most logins often have a limit on the amount of times one can enter a wrong password to prevent such an attack. If an attack is offline, however, such as trying to access encrypted materials or a password protected file, the attacker can take as long as he desires.
Denial of Service Attack (DOS) is a type of cyber attack where the goal is preventing users from accessing a system by disrupting the ability of the system to provide service. This usually occurs on the internet where an attacker may bring down a webserver by sending massive communication requests to a website which eventually consumes all the webserver’s resources and crashes it, thereby preventing users from accessing the site.
A Digital Signature validates the authenticity of a digital message or document as coming from the original sender ususally through the use of a public/private key encryption system. The private key is used to encrypt the hash of a message and only the corresponding public key can decrypt it. If the hashes match the message is validated. Likewise only the private key can decrypt the a message encrypted by the corresponding public key. Digital signatures are considered an equivalent of a hand signature and anyone who uses a digital signature with a message can not repudiate the fact that they sent the message.
Domain Hijacking occurs when an attacker blocks a website’s DNS server and replaces it with his own. The attackers may use the domain to perform illegal activities such as a phishing scheme.
Federal legislation FERPA (Family Educational Rights and Privacy Act of 1974) requires protection to be in place for personally identifiable information (PII) of students. If a school receives federal funding they are required by government regulatory compliance of FERPA to protect their student’s private info.
Standing for Federal Financial Institutions Examinations Council, the FFIEC was formed in 1979 and maintains financial institution standards for security, accountability and consistency. The council creates uniform principles for supervising financial institutions through regulatory compliance. These principles are created for federal examination by the FRB, FDIC, NCUA, OCC, MAIC and CFPB.
A barrier, either hardware or software based, in a network designed to prevent unauthorized communication between computers to keep the network more secure. The firewall analyzes the incoming and outgoing data to see whether transmission is allowed as determined by its settings. Software based firewalls are commonly used on personal computers as a shield against attacks or unwanted communication on the internet.
Hacking is utilizing information or techniques to gain access to confidential systems or networks through bypassing security. Hackers are not always synonymous with sophisticated computer users however. Sometimes the hacking is done by a person privy to confidential information that may be used to defraud security. Traditional hacking is done many times by someone with computer knowledge looking to fraudulently access a system for personal gain or pleasure and often leads to data breach. Common hacking phrases are malware, phishing and pharming.
A hash is the value or key of a string of characters converted using a hashing algorithm. The hash value is shorter and fixed in length allowing for faster indexing when used in databases. In digital signatures, hashes of a message are compared to validate that the original message was not tampered with.
The Health Insurance Portability and Accountability Act known as HIPAA for short is a set of government regulations for healthcare patient privacy. Created in 1996 the act requires certain precautions be taken when storing, transferring or accessing confidential patient data. Electronic medical records (EMR) have been causing the HIPAA Security Rule guidelines to expand due to new technology and new forms of data breech.
See DynaPass HIPAA Compliance
See DynaPass Two-Factor Authentication
Malware is a term used to describe malicious software such as worms, viruses, backdoors, trojans and rootkits which are created by an attacker to either collect data or disrupt the flow of information, sometimes disabling a users computer altogether. Malware that steals data is a major issue when it comes to authentication and has been a large part of recent data breaches since many factors of authentication are transmitted to and from our computers.
Man-in-the-middle attacks are just what they sound like, an attacker places themselves between a sender and receiver intercepting information, changing the information along the way or using it to access confidential data. Man-in-the-middle attacks can take place without a user ever knowing, malware can be utilized to gain access to the device and eventually stolen information is used to access more sensitive data such as bank records.
Any authentication solution that delivers any factor of the identification process through a mobile device is utilizing mobile authentication. This could be a one-time password transmitted through SMS text message or even email. Even an application on a mobile device that generates an OTP offline is also considered to be mobile authentication.
A one-time password (OTP) is a password that is only valid for one session or transaction. Unlike traditional static passwords, one-time passwords are not vulnerable to replay attacks. This means that if a potential intruder manages to record an OTP that was already used to log into a service or to conduct a transaction, he or she will not be able to use it again since the password is no longer valid. One-time password generations are random which make them hard to predict. There are different ways to make the user aware of an OTP. Some systems use electronic tokens that the user carries that generate a one-time password and show them using a small display. Other systems focus on software that run on a user’s mobile phone and there are systems that generate one-time passwords on the server side and then send them to the user using an out-of-band channel such as SMS messaging.
See DynaPass Two-Factor Authentication
See DynaPass One-time Password
Authentication that requires utilizing a separate network for transmission of identification factors is considered out-of-band. An example would be during two-factor authentication when a user logs into an online banking account. When a bank account holder logs into the banks website from their home computer with traditional login credentials a one-time password may be delivered to their mobile phone through SMS text message. This mobile OTP is an out-of-band authentication solution because it utilizes the cellular phone company’s network for transmission as opposed to the network which established the connection.
Different from a password, a pass code is a numeric only version. The most common pass code used by almost everyone is a PIN for an ATM, the personal identification number is purely numeric. Pass codes do not offer a high level of security because the process for brute force cracking is much easier.
The term pharming refers to hijacking a website through redirecting the DNS or changing the host file to direct traffic to a fraudulent site. It is used in online identity theft to steal information and has been used to target e-commerce and online banking websites. Pharming is a play on the word farming, as phishing is play on the word fishing.
In internet security phishing refers to a cyber attack where criminals identify themselves fraudulently as a company you do business with through emails, on websites or even through hacked software. An attacker will illegally brand their website or correspondence, possibly with a large corporations branding, and solicit information that can be used during an authentication process. Phishing is a play on the word fishing because hackers are baiting the victim into divulging confidential information which could be used for data breaches. Due to phishing attacks companies will add a warning to any information sent to customers or during login which disclaims anyone from or associated with the business asking for private data.
An authentication device often used as a second factor (something the user has) to verify a person’s identity. Some businesses such as banks or online subscriptions may give users a usb device to attach to their computer or a device which generates a one-time password used when logging into an application or website.
All passwords are not created equally and a weak password could be easy to hack or crack. A strong password can protect against hacker attacks and social engineering by consisting of more characters than usual and utilizing different cases, symbols and numbers. By breaking up whole words a password could become more secure as well as utilizing both case types. For example the password “authentication” could be cracked fairly easily, however the password “Auth3nticati0n$” would be extremely difficult to hack, crack or figure out through personal information making it a strong password.
Two Factor Authentication (TFA or 2FA) is also called strong authentication and is a security process which requires two independent mechanisms for authentication. Two factor authentication implies the use of two out of the three factors to assert an entity’s identity to another entity. The three factors are: Something you know, like a Personal Identification Number (PIN); Something you have, like a mobile device for receiving a one time password or ATM card; Something you are, like a face scan, iris scan or your fingerprint. Two factor authentication is used generally in electronic computer authentication where stronger means of authentication is needed to protect sensitive data. For example, electronic personal health information (ePHI) on a computer accessed by many different individuals can be exposed and can result in HIPAA fines and violations for the medical institution. Two factor authentication can be used in these instances to decrease the probability of a non authorized user to access this information.
During the two-factor authentication process which utilizes “something you have,” the two-factor authentication token refers to a physical property such as a USB token or a smart card that a user has. A commonly used two factor authentication token is a USB token that a user can stick into a computer via the USB drive to authenticate themselves. Two Factor authentication tokens can be useful for organizations that have employees who need to access company data stored in different forms such as websites and company applications where tokens can be easy and convenient to use instead of remembering multiple static passwords.
User authentication refers to identifying a user or entity and verifying that they are allowed access to restricted access. The most common way of identifying a user is through the use of a username and static password. Sometimes this refers to the CAPTCHA process of authenticating a user as human. In network security, user authentication refers to identifying a user along with which level of authorization their account may receive.
Web access management refers to security controls used to identify a user for authorized accessibility remotely. The process for web access management begins with authentication of the user based on a policy. At this point the system will usually log the user’s access for reporting, auditing and optional single sign-on accessibility.