Page 30 - Cyber Warnings
P. 30
A browser-based secure portal has an attack surface of approximately 6 billion devices with
browsers. An organization with 100,000 known users is granting secure portal access to 3 billion
devices.
Reducing access to only known users would improve cyber security for this organization by
3,000,000% blocking 2,999,900,000 devices from ever accessing their secure portal!
In 2000 the Federal Reserve and the FFIEC recommended that two-factor authentication be
required for all online financial transactions, both retail and commercial. It has yet to be
required! Instead, revisions to that recommendation have lowered the requirements. They got it
right and then for commercial expediency, they ignored their own advice.
Two-factor authentication is “something you have and something you know”. Anything less is
multi-factor authentication, which is not close to the same thing. Chip & PIN credit cards provide
two-factor authentication.
The Chip in the credit card makes the something you have unique. The PIN is the something
you know. Allowing cellphones to duplicate credit cards nullifies this security improvement.
It is time for a real solution! Cyber Safety Harbor provides an access method that provides two-
factor authentication, controls the attack surface and removes public access.
Using a serialized CyberID token as the only access method to secure portals provides
“something” you have and limits access to only known users.
The solution to our cyber crisis is not as difficult to understand as most people think. All we need
is to do is agree on certain undisputable facts:
1. Every computer must be considered compromised. (a basic security assumption)
2. The term “secure public” server is an oxymoron that can no longer be ignored. If a server
is “secure” then is has “Known Users” who have a right to access. If a server is “public”
everyone has access.
3. Data falls into three major categories: “Open” data, “Protected” data and “Secure” data.
a. “Open” data is any data available without log in access. “Protected” data is data
that requires security but does not have a Known User group.
b. “Protected” data would include all data gathered, processed and stored on retail
websites.
c. “Secure” data has only Known Users. “Secure” data would include data retained
by Insurance and Financial organizations where every client is known.
Understanding theses three facts is required to address the cyber security issues organizations
are currently facing. Standards must be deployed. Cyber Safety Harbor has done just that. The
six Standards set by SecureAxcess technology and Cyber ID communities:
“Secure data can only be accessed through a non-browser method.” Browsers are
installed applications that facilitate access to termination points on the Internet, websites.
In additions “plugins can further compromise a browser.
30 Cyber Warnings E-Magazine – April 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
