Protecting Identities in a hacker's world

Mar 31, 2017 | by James Mandelbaum

creating-cybercriminal-833x388

Imagine being in a place where everyone around you is smarter than you and are, in fact, admitted hackers. Welcome to protecting the identities behind Black Hat Asia 2017's infrastructure.

RSA Booth at Black Hat Asia 2017

With a large contingency of attendees at this year's conference there is a constant need to protect the identities of the team maintaining and monitoring the conference's critical infrastructure. RSA provides the Operational Intelligence for visibility into the network utilizing RSA NetWitness® Suite for the past couple of years. This year, we have the opportunity to implement RSA SecurID® Access at the conference.

RSA, tasked with secure identity management for the Black Hat NOC Team, provides non-repudiation for all team members such that critical changes to the environment can be traced back to the individual committing the change. RSA deployed RSA SecurID Access to protect all network infrastructure utilizing a combination of SAML and RADIUS with NOC Team members using the RSA Enhanced SecurID Authenticator.

In today's world, tied to our smart phones, it makes sense to leverage it to provide a clean and secure authentication method. With RSA SecurID Access the smart phone provides a convenient and secure experience for the NOC team to access their critical infrastructure. Imagine the experience where you login to the device or application using your standard user name and password and your phone asks if that is actually you logging in. This process provides what we refer to "Identity Assurance" - Is it really you?

We accomplish this byleveraging a SAML assertion into the web interfaces of the devices and LDAP attributes to determine the authorization levels of those users. This allows for the different user types to have full read-write or read-only capabilities based on their role. By utilizing SAML we can add users as needed and dynamically provide access to the infrastructure with full audit capabilities.

RSA SecurID Access is a great addition to the security solutions at Black Hat Asia. With the visibility RSA NetWitness provides into the network activity, RSA SecurID closes the gap on security and convenience. With Black Hat USA happening July 22-27 in Las Vegas, we look forward to expanding the use cases with RSA SecurID Access to provide a robust secure infrastructure.

Tags: James Mandelbaum, Archive, Identity, Hacker, RSA SecurID Access