RSA is the encryption and network security division of EMC, assisting top organizations to solve complex IT security challenges. RSA’s products and mission consist of a combinations of business-critical controls, encryption, and tokenization to secure access to organizations IS infrastructure. The Security Division offers a wide range of two-factor authentication solutions to help organizations assure user identities and meet regulatory compliance requirements. The authentication keys come in a variety of forms such as hardware and software authenticators that can be applied to a range of computer devices.
RSA SecurID Technology
SecurID is based on password and pin, a double layered access authentication principle. This technology is noted to have a more reliable level of user passwords. The cryptographic technology has the ability to automatically changes passwords every 60 seconds. The top benefit of SecurID helps positively identify users before they access critical confidential data systems. Each authenticator possesses a special symmetric key that is combined with an algorithm to create rapid one-time passwords (OTP). The OTP’s are stored in the Authentication Manager server for optimal security. OTP’s are established and known to the user – the PIN acts as a back-up layer which makes it extremely difficult for hackers to exploit. Strengthening vulnerabilities in access control mechanism with a layered technology, makes SecurID access keys a worthwhile product.
Despite RSA’s specialization in IT security products for top organizations world-wide, on March 17, 2011 the company fell victim to a common cyber-attack leaving client’s and RSA’s IS infrastructures vulnerable to further exploits. Executive Chairmen, Art Coviello revealed a spear-phishing attack compromised RSA’s network by simple common tactics. Hackers found vulnerability on RSA’s SecurID products by manipulating an employee’s email account. The “zero-day” exploit used an Excel spreadsheet coded with malware which corrupted an Adobe Flash file. The email based attack exposed the company’s internal networks providing hackers an opportunity to access confidential data from approximately 35,000 organizations. Attackers discovered information on RSA’s SecurID products which are applied to PC’s, USB’s, phones, and key phobes (RSA). Coviello confirmed the attack did result in a data breach and specific information was extracted from RSA’s systems (Coviello 2011). However, there was no evidence that SecurID client’s confidential information was obtained even though SecurID two-factor technology was directly attacked.
Having access to the internal networks and the SecurID source code can potentially give cyber criminals a small gateway to exploit users but there will still be more probing to commence to completely break the seed record encryption created by RSA’s special...