Authentication and Authorization Methodologies
Authentication and Authorization MethodologiesIn our generation digital environment is highly vulnerable to attacks such as hackers and spammers. Therefore, implementing authentication and authorization are the most vital factors should be put in place when it comes to the security of information. The system meant for authentication purpose in any organization must be integrated in a manner that guarantees customers security of their data. Organizations led by Chief Executive Officer (CEO), Chief Information Officer (CIO) together with their team of staffs have a greater responsibility of making use of authentication and authorization as a top prior to ensure security of the databases.
, this could be organizations planning/management data, their clients data or partners. This context focuses on options for the authentication and authorization methodologies but particularly for the Navy Federal Credit Union the organization of choice and finally, recommend on how to mitigate the impacts of risks from vulnerabilities.
Roles of Employed by Navy Federal Credit Union Regarding Data Security.
Accounts existence are scattered across the internet. Each and every one of those accounts is has potential vulnerability to attacks and can interfere with confidentiality of vital data. The Navy Federal Credit Union has employed creation of unique username and password when users are creating their accounts. Their systems also incorporate password reset as well as change of username in case one has forgotten any of the later or suspects information leak. Moreover, the organization ensure their ATMs used by their customers are safe from phishing and others attacks. Their entrusted staffs are ever alert and constantly keep monitoring systems for possible suspicious occurrence.
Common Attacks Against Access Control Methods
Although Navy Federal Credit Union has put in place security measures to control access of data as explained above, there are still vulnerabilities. For instance, they have not yet established a formal password policy that is able to meet the organizations regulatory requirement. Instead, makes it optional for its clients to choose their passwords that are at times inconvenient and unreliable due to their weak status. Moreover, the organization uses a single-factor authentication which compromises the clients personal information such as the social security number, income, account transaction payment history, account information and account balance. The Navy Federal Credit Union uses a single Sign-On technology where the user is assigned into a single screen name which results in the logging in or unlocking of multiple webpages/sites and applications. Integrated systems with the ability to monitor the accessibility or permissions attracts vulnerability to attack due to the use of single authentication protocol. For instance, the system incorporate password reset feature, unauthorized person might gat an opportunity to predict a current or future password in the process of changing it via single authentication. It has been proven that regular changing of passwords does more harm than good, furthermore, this act is ineffective as a means of securing data.
Countermeasures to Reduce Vulnerabilities and Mitigate Potential Attacks on Access Methods.
Two-factor authentication is greatly recommended where an account is secured by two different locks with different factors before access is granted. Rather than the password, the two-factor authentication adds an added security. It can be a number of questions which have to be provided with the right answers in order to validate the actual account owner. An SMS message can be sent to your phone number, as a secret key. The organization should also put in place a password policy in the context of mandatory password expiration to increase the security (Wanger et al., 2015).
All the servers in the organization should use Active networks as they involve fast dynamics of varying element configuration because of the downloading and performing of Active Applications (AAs). These changes are required to be automated in order to launch an AA, on the other hand, the system that automates configuration should also be updated as new AA is launched. Conclusively, the self-configuring network automates configuration management (Kim, 2013).
The Navy Federal Union should react in ad-hoc fashion with a response plan in the aim of limiting data breach as much as possible. The Computer Security Incidence Response Team (CSIRT) can as well coordinate response effort through a number of ways including the identification of target attacks. Determining the threat severity through Geo IP services, intelligence and reputation feed and Virus Total. Verifying the infection if any and finally containing the threat (Tondel et al., 2014)
Globally, organizations encounter various risks associated with different threats, regardless of the nature or state of threat, it is up to the administrators of the organization to responsibly limit and contain the risks from respective threats. With the objective of improving IT security through vulnerability management, the Navy Federal Union or any other organizations should determine their scope. Identify the asset owners, manage expectations, work with single authoritative source and finally formulate policies, business, systems and customers are better protected when there is well integrated vulnerability management process
Kim, H., & Feamster, N. (2013). Improving network management with software defined networking. IEEE Communications Magazine, 51(2), 114-119.
Tondel, I. A., Line, M. B., & Jaatun, M. G. (2014). Information security incident management: Current practice as reported in the literature. Computers & Security, 45, 42-57.
Wang, D., He, D., Wang, P., & Chu, C. H. (2015). Anonymous two-factor authentication in distributed systems: certain goals are beyond attainment. IEEE Transactions on Dependable and Secure Computing, 12(4), 428-442.