May 24, 2022

Multi-factor Authentication (MFA) Part 3


See maturity 1 in our previous blog

See maturity 2 in our previous blog

Points 1-5 continue to apply and won’t be mentioned here, the key differences here are lying within point 6,7 and 8.  I’ve highlighted the differences from Maturity 2.

 

  1. “Multi-factor authentication is used to authenticate users accessing important data repositories. “
  2. “Multi-factor authentication is verifier impersonation resistant and uses either: something users have and something users know, or something users have that is unlocked by something users know or are.”
  3. “Successful and unsuccessful multi-factor authentications are centrally logged and protected from unauthorised modification and deletion, monitored for signs of compromise, and actioned when cyber security events are detected.”

 

6.      Multi-factor authentication is used to authenticate users accessing important data repositories.

This one speaks more to the policies and procedures in place for a client.  An organisation must classify and label the data with metadata or physical labels before it can require the authentication to access the important data repository.  Calibre One is happy to consult on how to write a policy and can help in a data discovery effort, but ultimately the security and classification of data is the responsibility of your organisation.  After data has been classified and labelled, the location it is stored at needs to be verified against its ability to challenge for MFA.  SharePoint in Office 365 can be configured with Azure AD and conditional access to challenge for MFA.

7.      Multi-factor authentication is verifier impersonation resistant and uses either: something users have and something users know, or something users have that is unlocked by something users know or are.

This one while sounding complex is relatively straightforward.  Purchase an SSL certificate (non-wildcard), or use an authentication provider, like Azure Active Directory, that is secured by a SSL Certificate, which provides a Cryptographic guarantee that the identity provider is who it says it is.  Non-Repudiation is a core tenet of Cyber-Security.

8.      Successful and unsuccessful multi-factor authentications are centrally logged and protected from unauthorised modification and deletion, monitored for signs of compromise, and actioned when cyber security events are detected.

This refers to using a Bastion host to store and analyse the logs from several services and using SIEM services to aggregate and correlate information using Artificial Intelligence to identify signs of attack.  C1 offer SIEM as a service and can provide secure logging with a managed security service.  Alternatively, there are SIEM services out there such as Microsoft Sentinel, Splunk and Elastic that offer alternatives to consider.

 

If you do need help, please reach out to C1, we’re happy to assist!

 

 





Source link

Leave a Reply

Your email address will not be published.