After hack, security of RSA Secur. ID authentication tokens in the hands of customers - - GCNAfter hack, security of RSA Secur. ID tokens in the hands of customers. Company says users safe if they protect their data; offers advice on how to do it. By William Jackson. Mar 2. 3, 2. 01. 1In the wake of last week’s security breach that apparently compromised information about RSA Secur.
Offerings: RSA SecurID Hardware Authenticators are available in a variety of convenient form factors that serve different functions. RSA SecurID 200 Authenticator.
ID, the company has temporarily halted distribution of the token used for two- factor authentication and warned customers to take addition precautions to secure information about tokens now in use. In a new online Secure. Care note to customers, RSA, the Security Division of EMC, said that the Secur. ID continues to be an effective tool for authentication of end users accessing sensitive resources, but apparently only if customer data remains secure. Whoever attacked RSA has certain information” about the product, “but not enough to complete a successful attack without obtaining additional information that is only held by our customers,” the company said. Related coverage: Hackers gain access to RSA's Secur. ID security tokens.
New cyber threats emerging, and IPv. The note goes on to advise customers to lock down Secur. ID Authentication Manager databases, review recent logs for unusually high rates of failed authentication attempts, establish strong PIN and lockout policies, and educate help desks and users about avoiding social engineering attempts to gain information.
RSA still is holding details about the breach and what information was compromised close to the vest, but analysts and researchers said the exploit by an Advanced Persistent Threat should not come as a surprise and that it probably does not significantly change the security equation of Secur. ID. “Certainly these types of attacks are pretty pervasive” against high- value targets, said Jon Oltsik, an analyst with the Enterprise Strategy Group. Someone wanted access to Secur. ID source code and they got it. It has been rumored that the source code or the seed numbers used with the Secur. ID algorithm to generate one- time passcodes was compromised in the breach. But even the worst- case scenario for the breach does not enable a direct attack against the product, said Russ Cooper, senior researcher with Verizon’s RISK security analysis team.
The ability to perform a brute force attack may become slightly easier,” by removing some of the entropy or degree of randomness from the process, Cooper said. We’re taking a couple of trailing 9s off of the 9.
EMC's RSA Security division says the security of the company's two-factor SecurID tokens could be at risk following a sophisticated cyber-attack on the company.
Secur. ID. “They would still have to compromise a user in some significant way,” which is what the RSA recommendations is intended to prevent or mitigate. RSA announced March 1. Secur. ID. “Our investigation has led us to believe that the attack is in the category of an Advanced Persistent Threat,” RSA executive chairman Art Coviello said in announcing the breach.
Advanced Persistent Threats, or APTs, are a broad class of computer attacks that typically use sophisticated and often multiple exploits to quietly breach system defenses. The goal of such an attack usually is not to disrupt the system’s operations, but to remain hidden and quietly gather information for as long as possible without attracting attention. Although APTs are not new, they have gained a high profile in the past year with the revelation of their use against Google and other companies to obtain proprietary source code, and Coviello warned about the danger of these threats at last month’s RSA Security Conference. RSA has been briefing customers under nondisclosure agreements on the incident, but has not released any details of the breach itself. A company spokesperson said it will share appropriate information at the appropriate time with appropriate parties, but details of the breach might never become public. Providing additional specific information about the nature of the attack .
RSA Secur. ID implementations,” the company said in its most recent advisory. The security of Secur. ID relies on the complete operation of the scheme to generate a new passcode for a user every 6. Personal Identity Number, and not on the secrecy of any one piece of information. To compromise a Secur. ID deployment an attacker would need information about the token, the corporate customer, the individual user and the user’s PIN, the company said. Although a direct attack using all of this information is unlikely, indirect attacks leveraging some exposed information are possible.
- After RSA's SecurID system was hacked in March, that stolen information led to a breach at Lockheed Martin. The company is now offering new tokens.
- And RSA official responds to Gen. Keith Alexander's telling Congress this week that Chinese attackers were behind the SecurID breach last year.
- EMC's RSA Security division says the security of the company's two-factor SecurID tokens could be at risk following a sophisticated cyber-attack on the.
Such an attack would most likely use some combination of techniques against back- end servers, networks and user machines, and social engineering techniques against the customer’s help desk and end users.