07 Jun Layered Security – Two locks are better than one
Redundant security has been a tried and true method of decreasing or deterring breaches for hundreds of years.
The Romans did it. Their forts were never guarded by just a single soldier. There would be at least two soldiers per wall, or more depending on the size of the structure being guarded. Fast forward a bit to the banks of the 18th and 19th centuries. Money was held in a locked safe that was kept in a locked cage that was surrounded by a locked building. Now fast forward even further to today. Some of our most precious and sensitive data is behind a digital wall being guarded by a single lock. How secure does that seem to you?
That single security layer needs reinforcing significantly, especially noting the recent and common hacking and ransomware attacks around the world affecting major companies
Multi-factor authentication (MFA), two-factor authentication (2FA), or the use of secondary verification systems after a password has been entered, has been around for a while now. If you have ever worked in the enterprise space, you may have at one point or another been issued a token (most likely an RSA token) which will remotely generate a code that will grant you access to your company’s network. It’s very similar to what banks give out to their personal and business online banking customers. That is on top of your usual login password. The mainstream was exposed to 2FA when Google launched its Authenticator app which utilised a multi-factor authentication system called 2-Step Verification to heighten security for its Google accounts.
The pace at which cybercriminals are evolving is staggering at times. Just when the security community has isolated a security threat, more complex attacks organically grown from previous threats begin. Take Office 365 for example. Microsoft now offers its flagship suite of products on a whole host of operating platforms. Desktops, tablets, smartphones and phablets, can all access Office 365. For added convenience multiple people can easily access and edit the same document in real time. This is great but remember that cybercriminals also benefit from this ease of use and access. All they have to do is get past a single gatekeeper and they obtain access to your data.
After noticing a significant amount of client accounts easily being breached by hackers and fraudsters using phishing or direct hacks, Microsoft launched multi-factor authentication, called Azure Multi-Factor Auth.
Integrated into the Office 365 suite, once setup and enabled, azure multi-factor auth will require a user to enter their office 365 username and password but will then be given one of several options to process their verification:
Through a command-prompt and question sequence an automated voice message will verify the user’s identity.
Same process as a phone call, but through SMS messaging.
Mobile App Notification
Receive a notification through Microsoft’s Azure Authenticator app.
Mobile App Verification Code
Enter a code through the native mobile app.
3rd Party OATH Tokens
A physical random key generator which is similar to the RSA tokens used in the enterprise space.
In today’s high-paced, “I want it now”, high-consumption society, it is easy to see why so many people may sneer at the notion of having to enter a second password. But they do so at their own peril. If you think about it, layering is not a foreign concept to humans. If it gets cold, we add another layer of clothing. If we get into a car with air bags, we still put on our seat belts. Most houses not only have a lock on the door but a deadbolt and an alarm system as well. Some even have CCTV! Layering provides a feeling of safety as well as enabling proactive security measures and we should treat our digital property in the same regards.
MFA and 2FA is already being delivered and supported by Microsoft, Google, Dropbox as well as many other third party software companies like Duo Security which can protect Remote Desktop Connections, Terminal Servers and even Content Management Systems with Two-Factor Authentication. Multi-factor authentication will soon not only be an absolutely necessity, but a cross-industry security standard.
Latest posts by David Share (see all)
- Achieving HM Cyber Essentials through Self-Assessment - August 14, 2017
- Basics of the General Data Protection Regulations (GDPR) - July 11, 2017
- CASB: The Final Cloud Security Solution - June 26, 2017