Cutting the Phishing Line with User Authorization

Written by

Identity theft is still a problem in the 21st century. More and more areas of our lives are being supported by IT. Banking, e-business and education are just some areas in which an individual’s identity is used in virtual and digital reality.

Imagine a real-world situation in which two people – user X and user Y – are colleagues who perform duties to support each other.

If one of them has more abilities, knowledge or permissions, the unfortunate result may be user X exploiting an advantage over user Y, and vice versa.

In the virtual world it can look quite similar. User X and user Y may have different permission levels, one broader or narrower than the other. So, if user Y would like to check data to which only X has access, what might happen? Most likely, user Y will go to any lengths to secure the same access level as X – which may trigger an attempt to steal the identity of user X’s account. This example gives us an overview of the source of the identity theft problem. Unfortunately, the ‘possession effect’ (the term comes from psychology) is hard-wired into human nature, and generates attempts to impersonate others. Luckily, we can defend against this by implementing a basic authentication mechanism.

"In order to use IT resources, you have to go through a procedure involving authentication, authorization and accounting (AAA)"

Users Authorization and the Response by Cyber-Criminals

In order to use IT resources, you have to go through a procedure involving authentication, authorization and accounting (AAA).

Authentication

This is a process in which pre-defined identities are verified. This happens even when we turn on a computer and the operating system asks the user for a password. On this basis, the user’s identity is verified.

As the password might be seen by an authorized person, two-factor authentication, which combines two verification methods, is used. This usually involves entering a pre-defined password and a one-time password that is generated by an additional token.

Authorization

This is the stage at which you are authorized to use specific network resources. Validation tasks are carried out, telling us which resources we have access to.

Accounting

This is an active stage (it takes place continuously), during which access to resources is restricted or controlled. This allows data to be protected against unauthorized reading. This stage is the foundation for the security of protected resources.

The above procedure is the core of the RADIUS (Remote Authentication Dial-in User Service) protocol, which implements the assumptions of the AAA concept on a large scale. The professional literature provides detailed information about how the aforementioned AAA steps are carried out.

Cyber-criminals are well aware of this, and have created a form of attack that acts as a gateway for extorting data and hijacking user identities. This attack mechanism is called ‘Phishing’, and includes, among other things, theft of data required to access systems based on computer solutions.

Unfortunately, you can easily fall victim to such an attack. For example, windows appearing to be legitimate log-in systems for banking, corporate or certification systems may open in the form of pop-ups. 

"Phishing attacks are becoming increasingly sophisticated"

Phishing attacks are becoming increasingly sophisticated and use a variety of techniques based on socio-technical approaches. In most cases, fraudsters try to force recipients, based on their unawareness, to provide their access data. These messages are created in three streams:

  • Request Stream – the user is asked to enter their login and password to confirm that an update has been installed for the software that is installed on their system
  • Intimidation Stream – users are threatened with closure of their account if they do not follow instructions which, in the most frequent cases, involve providing their user name and system password
  • Information Stream – the rules of the particular service, e.g. access to the internet, are displayed to the user. If the user does not confirm acceptance of these rules, they will be disconnected from their resources. Of course, such confirmation also requires system login and password details.

What links all these streams is the same goal – to get the user’s password and login, which is in effect the user’s identity and the permissions assigned thereto. In such a situation, it is important to read messages carefully. It is our duty to learn how to be cautious when providing our access data – this is our main line of defense. In addition, we can use antivirus software with anti-phishing filters. Large information processing systems are used by different people. The priority is that each of them should have an individual and unique identifier to maintain control over data. In the event of an incident, it is always easier to find leaks in the system on the basis of unique users (if all the users had access to data from the same account with the same rights, it would most likely result in data leakage outside the company).

It is important that the mechanisms of authentication, authorization and accounting work without errors. Unfortunately, there is no single, universal dedicated solution. Successful hacking attacks are commonly facilitated by incorrectly developed solutions for controlling access to operations carried out in the IT system. Each AAA system needs to be individually designed for the environment in which it is to be used, in accordance with a given company's ecosystem.

Learn more about integrated enterprise IT security solutions by Comarch.

Brought to you by

What’s hot on Infosecurity Magazine?