Monday, June 17, 2013

Keeping the bad guys out

In the middle ages, people who had valuable assets to protect built castles, like this one at Beaumaris in Anglesey. You'll notice there's a moat and a substantial curtain wall. Inside the wall there would have been armed guards and finally the fortified stronghold of the keep.

Where am I going with this ? I think it's a great example of defence in depth - multiple layers of protection around the valuable resources.

Today, rather than unruly Celts, businesses are concerned about protecting their assets from online attacks. We wrote recently about phishing attacks, designed to trick you into disclosing your passwords, and you've probably seen examples over the past few months of spammy messages generated by hacked twitter and yahoo accounts. Part of the problem is that many online accounts don't have defense in depth like Beaumaris castle; they rely on passwords as the sole means of authentication, so if the the password is compromised, the attack gets away with the spoils.

Banks and bigger enterprises have for sometime been supplementing password access with a code generator - a key fob or chip and PIN card reader that generates a one-time code that you must enter as well as the password to gain access to you account. You have used one of these yourself. Popular internet sites with sensitive data and reputations to protect are now also beginning to use similar schemes. With these, rather than a dedicated device, its possible to use you smartphone as the code generator, or receive a code by text.

The theory behind this is called Multi-Factor Authentication, where as well as a password (something you know), authentication requires the presentation of something you have, like a card reader, or something you are - usually based on biometric data like a finger-print scan. Even if your password is compromised, the second factor, which has a separate existence keeps your data safe. As with all security systems, is not infallible, but does offer very strong protection.

Much of our computing activity has moved to the cloud already and the rest will probably head in that direction eventually. So if you have critical or sensitive information residing on line, consider the use of multi-factor authentication as an extra layer of defense. Google, Dropbox, Facebook and others all offer this security mechanism now.

2 comments:

  1. NAZA A complete online betting website is open for service. Mobile online casino The advantages of the web are Register for the first time, the minimum deposit is only 100 baht,

    ReplyDelete
  2. igoal A complete online betting website is open for service Online on mobile The advantages of the web are Register for the first time, the minimum deposit is only 100 baht, make a deposit-withdrawal, no minimum, 24 hours a day, complete, convenient, can be played via any smartphone. Our website is 100% safe.

    ReplyDelete