RBA

 RISK BASED AUTHENTICATION:

RBA is a form of strong authentication that calculates a risk score for any given access attempt in real time, based on a predefined set of rules. Users are then presented with authentication options appropriate to that risk level.   

Risk scores are based on a number of contextual factors related to the access attempt, including:

  • Login Device: Is this a registered or known device? Is there an associated fingerprint that can verify the device?
  • IP Reputation: Is this a known or suspect IP address or subnet associated with bad actors?
  • User Identity Details: Is the user’s information being presented the same as the information stored in the directory or user store?
  • Geolocation: Is the user’s current geographic location known to be good or bad? Are there certain locations to which you simply need to block access or should access only be granted if at a specific facility?
  • Geovelocity: Does the user's location and time of login make sense given the time and location of the last login attempt? I.e., you can’t log in in San Francisco at 1:00 PM PST if you just logged in from Boston at 2:30 PM EST.

Risk scores also can and should include other actors, such as:

  • Personal Characteristics: Time with company, role or job levels, history of security incidents and certifications, granted entitlements, etc. I.e., if a user fails to pass an internal security certification exam or falls prey to an internal phishing test, the user is automatically required to “step up” to two-factor authentication.
  • Application or Data Sensitivity: How critical or sensitive is the target system or data being accessed? Do certain systems mandate a second or third form of authentication? For example, an intern should not have access to any financial systems.
  • Number of Attempts: Fail three times and your account is locked until you call support.



STRONG AUTHENTICATION TECHNIQUES:

  • Push authentication: Push authentication is usually combined with the use of a password, but can be used in lieu of a password. Instead, users verify their identity by responding to a push notification that is sent to their mobile devices.

  • PushOne Time Password (OTP) and Time Bases One Time Password (TOTP)

  • FIDO U2F tokens: U2F tokens are typically used for VPN authentication, web-based access, and Windows logon. The user simply inserts his or her U2F token into a USB slot (optional NFC and Bluetooth tokens are available), enters or confirms his or her username when logging into RapidIdentity, then presses the U2F token button, and enters a password or PIN.

  • Smart card with PKI: Particularly if cards are already in use for facility access or other purposes.

  • Fingerprint Biometrics:  Bio-metric authentication.
---------------------------------------------------------------------To be continued



No comments:

Post a Comment

Subscribe to: Post Comments (Atom)