Four steps to take if your business depends on RSA SecurID tokens

Businesses should reassess the risks to their assets from two-factor authentication hack

With the theft of sensitive data about RSA's SecurID technology, large businesses should reassess the risks to the assets the two-factor authentication deployment is supposed to protect, a risk management expert advises.

"You have to ask yourself if you are a big enough shop that you could be a target," says John Pironti, president of IP Architects, a security consulting firm. That's because attackers who might make use of the stolen information will look for victims that have the richest cache of data to loot, he says.

GET THE DETAILS: The RSA Hack FAQ

Whereas before the theft businesses might have had a high degree of confidence that SecurID was a strong authentication protection, now they should consider that it might be compromised, Pironti says.

RSA hasn't detailed what was stolen, but the fact that the company made a public announcement -- including a filing with the Security and Exchange Commission -- indicates that some fundamental piece of the technology has fallen into attackers' hands, he says, and businesses need to take specific steps:

1. Update their threat and vulnerability analysis to elevate SecurID as a potential vulnerability. Many businesses regarded the technology as solid and not representing a significant source of vulnerability, Pironti says.

2. Pore over logs looking for failed login attempts using false user names.

3. Monitor failed SecurID attempts, something that might not have been done because the technology was trusted. In general, security personnel should pay more attention to the activities of employees using SecurID.

4. Consider alternatives to go to if it turns out SecurID has in fact been compromised. In that case businesses should start looking for a third factor for authentication such as smartcards, biometrics or digital certificates and perhaps consider migrating away from SecurID, he says.

Worst case: Thieves stole the master key to RSA's pseudo-random number generator and can manufacture phony ones to break into corporate networks, Pironti says.

So far there's no evidence that has happened, but if it does, businesses need to have a fallback plan for what they will do, Pironti says. "The system would still require a user name and password, but now you have reduced confidence that this is the person who they say it is," he says.

Because of the capital and operational costs of deploying SecurID, it is almost always used to protect access to businesses' most valued assets and high-value transactions, Pironti says, so anything protected by it is a likely target.

He leans toward believing the thieves stole something fundamental to how SecurID works, not something that could be used against particular customers or particular environments. Otherwise RSA would have kept the incident low-key, contacting only those customers affected. The general announcement indicates that any SecurID customer faces a new risk, he says.

He says he hasn't heard about any increase in compromised networks that are protected by SecureID. "There haven't been spikes in public breach activity," he says.

Pironti has been telling his clients that stealing core security technology is a prime target of attackers because that can undermine the security of vast amounts of data and transactions. "It's a great business opportunity from a hacker's standpoint," he says.

Read more about wide area network in Network World's Wide Area Network section.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags cybercrimelegalrsaETAI

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tim Greene

Network World
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?