Caution urged in wake of RSA security breach
No need for panic, but keep eye on RSA products, analysts say
Computerworld - The relatively scant information released by EMC's RSA security group on Thursday in connection with the theft of SecurID authentication technology code is fueling considerable speculation about the nature of the breach and its impact on enterprises.
Several security analysts today urged companies that are using SecurID to review their authentication measures and to shore them up if necessary. Until RSA releases further details on the breach it is best to assume that SecurID is vulnerable, they added.
"Don't panic," said Rich Mogull, an analyst with Securosis. "Until we know the attacker, what was lost, the vector of a potential attack," and the extent to which SecurID may have been compromised, it's hard to make a risk assessment, Mogull said.
But for the moment at least, enterprises should assume that SecurID is no longer an effective second factor of authentication, he said. "Review passwords tied to SecurID accounts and make sure they are strong," Mogull said. "Consider disabling accounts that don't use a password or PIN and set password attempt lockouts."
In an embarrassing admission for a security company, RSA said on Thursday that unknown intruders had stolen information relating to its SecurID technology in what it described as "extremely sophisticated cyber attack against RSA".
The company expressed confidence that the stolen information would not enable a direct attack against SecurID. But it added that the information could potentially be used to reduce the effectiveness of the technology.
SecurID is used for two-factor authentication purposes. The technology is available from RSA in the form of hardware and software tokens that are capable of generating random one-time passwords every 60 seconds.
The technology is designed to be used in conjunction with passwords to deliver a second layer of authentication for accessing systems and networks. Over 25,000 enterprises, many of them in the financial sector and government, currently use SecurID tokens to protect access to high-value applications and data.
Though RSA has not disclosed which or how much SecurID information was stolen, the mere fact that the company is warning of reduced effectiveness is troubling, said John Pescatore, an analyst with Gartner.
Is RSA listening?
That statement guarantees that the breach is a "big deal for SecurID users," Pescatore said.
"SecurID tokens are very expensive and users dislike them, but they have always been a strong replacement for reusable passwords," he said. "[But] if the security provided is at risk, the pain may be more than the gain."
Pescatore dismissed RSA's claim that it was the victim of a sophisticated Advanced Persistent Threat (APT) attack, a kind of low, slow highly targeted attack most commonly associated with Chinese hackers.
- Step Out of the Bull's-Eye Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe.
- Do More With Less: How CARFAX Consolidated Their Security Solutions Through a consolidated F5 solution, CARFAX cut site downtime to zero, secures its data, and deployed a high-performance infrastructure to support its rapid...
- F5 Data Center Firewall Aces Performance Test F5's BIG-IP 10200v with Advanced Firewall Manager (AFM) can handle traffic at 80-Gbps rates while screening and protecting tens of millions of connections...
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Data Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!