Z - Understanding MFA in the Network and Adoption
Z Gauging by the Replies or lack there of on the post this is in reply to, most here only care that SFOR has MFA and the Deals and other $$ Aspects, but not what goes on behind the scenes in MFA and Networks and the technical aspects.
Which in many ways I can understand. This not to say there are some here who wish to understand more and put forth an Effort. For them I will try to keep things in-Depth yet simple to understand. At least I hope to.
This late night Midshift post means I won’t get a lot of Nonsence Replies from the, the, well you know. It will be read mostly by those following my Posts and replies to you.
Its about time to get down to Brass Tacks
Those technical aspects I mentioned, are what has delayed the rapid deployment of Multifactor Authentication.
Again, I will try, in terms most can understand, from what I know and understand from my understanding of Networking Management and trying to implement MFA.
Ever notice how 2FA was adopted quickly and implemented to make an immediate attempt to stop Cyber Hackers. Where MFA is sloooowly being adopted?
Intel Leapfrogging in its 7th Gen Processors is a good start, but probably can't have a huge effect until Network Legacy Equipment and Protocols have been modified / replaced. Although with the Urgent need, the Networking Industry is trying to revamp quickly with putting Band-Aids on Existing Network Hardware, which can be done by Local Network Engineers and Networkin Techs, until the Legacy Hardware can be replaced.
Just like most people don't really understand how a PC or Mobile Device does what it does, besides a cursory understanding. The same goes for the vast amount of Network Routers, Switches and other Networking Appliances, only at least a 10 times deeper understanding of what really transpires.
I'm going to try to quickly try to explain the MFA role in the Network and the difficulties of implementing.
When it comes to Security in managing a Network. This function is usually incorporated into enterprise networks through Authentication (verification of identity), Authorization (control of the access privileges) and Accounting (recording the actions for auditing) an “AAA” Security Framework.
Any device such as Routers, Servers, etc. that serve as a gateway to access Critical Infrastructure Resources must be able to adhere to and enforce the AAA Framework.
In most typical commercial two-factor authentication solutions they integrate with the AAA server using Radius Protocol.
Unfortunately two examples of these are RSA SecurID and ( Dare I say the nasty words) Duo Security.
Users receive a token card (which looks like a small calculator) or a have a mobile app that present one-time-use passcodes and other we know of, that are time-synchronized with the authentication server.
For MFA, enterprise solutions need to transition away from Radius Protocols and offer PAM Modules that can with relieve and easily be installed in General Purpose Machines and installing them into embedded Network Appliances such as Routers, Switches Access Gateways and Control Servers.
This is a new and complex challenge. Not only modifying the vast array of current Equipment, but the kicker being the technical collaboration between the Appliance and the Software Vendors.
During the next year or two, we will see those technologies coming together and making the transition of MFA simpler and less expensive, than is currently seen.
Normally I would have liked to see, instead of Regulations and Alliances governing the use if MFA, I would rather an Official International Standards Body such as the IEEE (Institute of Electrical and Electronics Engineers) create a MFA Standard and see and Industry Wide Battle it out for the best MFA Solution.
But since this was never begun and most likely due to the criticality and Non-forward thinking by the Network Vendors and the Urgent need for a Cyber Security Solution with the exponential growth in Hacking..........
And StrikeForce being more a decade ahead if the Industry in thinking about Cyber Security, and despite it Shouting the Alarm years in advance, we have the Status Que in Network Equipment.
As it sits, this is probably the best possible situation that exists for StrikeForce, as without a standard, OBBA looks to have been adapted as an Industry Standard gauging by the Very Long List of Patent infringement Vendors on StrikeForce Technologies IP.
Now, one might understand why DUO was one of the First to receive the Gift of a Notification of Patent Infringement letter from our CEO.
"Greetings and Salutations" WTF do you think your doing ? or perhaps something more politically correct.......LOL
This Transition of the Network Equipment plays in StrikeForce’s Favor, as it gives time for a few Lawsuits and Settlements to finalize and prove out as Who Owns the Ultimate MFA Solution, StrikeForce and OBBA.
Meanwhile we can watch as more and more Cyber Security Companies continue to make OOBA an Industry Standard, many Blindly, until the outcome of a few Patent Lawsuits is Emblazoned in Headlines across the Tech Industry.
Seemingly, coming out of nowhere in 15 short Months, the combined StrikeForce of the forward thinking of SFOR’s CTO, a CEO with a Great Background and MD coming out of JP Morgan, a few Law Firms of Law Firm’s that are above reproach and IP who’s Patents that have survived the magnifying glass of scrutiny in one prior Markman hearing and a Kickass Channel Partner, ACS getting itself in Bed With and Embedded in Industry Giants Products, an a Large DoD Contractor.
I Hope this helps some out there.
49'er
