Advisory Note: „RSA SecurID – how to act after the hack? “ - 70344

Report Details

As reported extensively in the media, hackers in march of this year successfully attacked the data center of EMC Corp’s RSA security division, obtaining copies of security information for RSA’s SecurID key fob system, a token-based mechanism for creating OTPs (One time passwords) in a two-factor authentication approach used extensively by companies and government agencies around the world.

Now, two large military contractors, Lockheed Martin and L-3 Communications, have reported that they have been victims of security breaches based on data obviously stolen from RSA. A third military contractor, Northrop Grumman, another RSA customer, abruptly closed down remote access to its network and instituted a “domain name and password reset across the entire organization”, according to a press statement.

This considerably ups the ante on RSA and its customers, many of whom rightfully are demanding more information and guidance on how they can protect themselves from what is obviously a highly sophisticated group of attackers. Can we continue to use SecurID, or do we need an alternative, many have been asking, including a number of KuppingerCole clients.

While RSA understandably refuses to discuss details of the attack – after all, hackers read press releases, too - there can be no doubt that the attackers leveraged a known conceptual weakness of RSA SecurID, namely the central storage of so called ‘seeds’ in their own backend. However, bashing RSA won’t help. For customers, the real question is: What can I do to protect my systems and the sensitive information stored there?

Throwing out SecureID and starting anew is not an option for most user organizations. Short term, a number of organizational measures such as adding additional authentication such as use of domain password (if feasible) can reduce the risk of attack without calling for costly replacement of the SecurID tokens is use today. Mid-term, however, customers need to review their authentication strategies with an eye towards moving up to true a versatile authentication approach. The ultimate goal, KuppingerCole believes, is to be able to move back and forth between different authentication mechanisms freely and flexibly without the need to modify the applications themselves.


Date Title Price
Jun 10, 2011

Advisory Note: „RSA SecurID – how to act after the hack? “ - 70344

As reported extensively in the media, hackers in march of this year successfully attacked the data center of EMC Corp’s RSA security division, obtaining copies of security information for RSA’s SecurID key fob system, a token-based mechanism for creating OTPs (One time…

free Get Access