Mark Diodati

A member of the Gartner Blog Network

Mark Diodati
Research VP
6 years at Gartner
21 years IT industry

Mark Diodati is a Research Vice President with Gartner's IT Professionals research and advisory service. His focus topics include mobility, authentication, cloud idenitity, federation, directory services, provisioning, identity services, Active Directory interoperability, Web access management…Read Full Bio

Coverage Areas:

The Seed and The Damage Done: RSA SecurID

by Mark Diodati  |  June 2, 2011  |  Comments Off

The fallout from the March attack on RSA has arrived. Per the news agencies—and the excellent blog post by Bob Cringely—several large defense contractors (Lockheed Martin, L-3, and potentially Northrop Grumman) were attacked using the information stolen in the March attack. The tokens associated with the stolen information should now be considered compromised. Recent events indicate that it’s very likely that the stolen information can be used to mount attacks on other RSA customers, and not just defense contractors.

RSA SecurID customers should demand replacement tokens, and the delivered tokens must be manufactured after implementation of RSA’s post-attack security procedures. Until RSA customers receive the replacement tokens and endure the subsequent pain and suffering of distributing them, customers should follow RSA’s instructions that were received after the initial attack.

While we are talking about the protection of SecurID token information, the attack vector that organizations dismiss at their peril is the on-premises secure storage of the token information. I have seen many seed record CDs (OK, floppies back in the day) on the desks of system administrators or sitting on top of the SecurID server. Also, the token information can be retrieved out of the server by the knowledgeable SecurID system administrator.

The reputation of the RSA SecurID OTP technology may be badly tarnished due to this attack. However, the real damage is limited to the token information that was stolen. In other words, tokens created by RSA after the attack should not be vulnerable, assuming that RSA’s new precautions are effective. By the way, did you notice that most of RSA’s competitors were publically quiet after the March attack? You can bet that that they were shoring up their OTP security. We’ll be talking about stronger authentication at the Catalyst Conference.

Gartner Links

Other Links

Comments Off

Category: Uncategorized     Tags: