Академический Документы
Профессиональный Документы
Культура Документы
(On-Premise) 7.1
Bait Credentials Setup and
Implementation Guide
Contact Information
Go to the RSA corporate website for regional Customer Support telephone and fax numbers:
www.emc.com/domains/rsa/index.htm
Trademarks
RSA, the RSA Logo, eFraudNetwork and EMC are either registered trademarks or trademarks of EMC Corporation in the
United States and/or other countries. All other trademarks used herein are the property of their respective owners. For a list of
EMC trademarks, go to www.emc.com/legal/emc-corporation-trademarks.htm#rsa.
License agreement
This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and
may be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice
below. This software and the documentation, and any copies thereof, may not be provided or otherwise made available to any
other person.
No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any
unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability.
This software is subject to change without notice and should not be construed as a commitment by EMC.
Note on encryption technologies
This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption
technologies, and current use, import, and export regulations should be followed when using, importing or exporting this
product.
Distribution
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.
EMC believes the information in this publication is accurate as of its publication date. The information is subject to change
without notice.
Copyright 2013 EMC Corporation. All Rights Reserved. Published in the USA.
July 2013
RSA Adaptive Authentication (On-Premise) 7.1 Bait Credentials Setup and Implementation
Contents
Preface................................................................................................................................... 5
About This Guide................................................................................................................ 5
RSA Adaptive Authentication (On-Premise) Documentation ............................................ 5
Support and Service ............................................................................................................ 6
Before You Call Customer Support............................................................................. 6
Contents 3
RSA Adaptive Authentication (On-Premise) 7.1 Bait Credentials Setup and Implementation
Preface
Preface 5
Security Best Practices Guide. Provides recommendations for configuring your
network and RSA Adaptive Authentication (On-Premise) securely.
Web Services API Reference Guide. Describes RSA Adaptive Authentication
(On-Premise) web services API methods and parameters. This guide also
describes how to build your own web services clients and applications using web
services API to integrate and utilize the capabilities of Adaptive Authentication
(On-Premise).
Whats New. Highlights new features and enhancements in RSA Adaptive
Authentication (On-Premise) 7.1.
Workflows and Processes Guide. Describes the workflows and processes that
allow end users to interact with your system and that allow your system to interact
with RSA Adaptive Authentication (On-Premise).
Baiting Process
The following figure shows the baiting process.
General Guidelines
You can use the failed logon attempt event type in one of the following ways:
Only for bait credentials if you maintain a bait credentials list that you check
against. RSA recommends this option as it provides the clearest separation
between bait and other logon attempts.
For any failed logon even if the logon does not use bait credentials. This option
may allow for additional fraud detection beyond bait credentials (in a future
release or risk model), such as credential harvesting and others.
Note: Both RSA Adaptive Authentication and RSA FraudAction project managers
must be involved in this process.
Note: This setup procedure is required when bait credentials are used for the first time
and every time the previous list of bait credentials is fully employed. The
recommended list size is generally a function of the number of attacks.
Note: RSA Adaptive Authentication customers do not typically send real website
logon names for security reasons. Instead, you send mapped values using methods
such as hashing or encryption. Similarly, mapping is required between bait credentials
as used by the RSA FraudAction service and those used by RSA Adaptive
Authentication.
Customer Setup
After the list of credentials is created and signed off by you, you must ensure that the
credentials are not used for legitimate customers. Specifically, you must identify and
handle logon attempts with bait credentials by fraudsters and prevent assigning the
bait credentials to genuine accounts that are created. This can be done using one of the
following methods:
You can create actual accounts from the signed-off list of credentials. Setup is
required to create the accounts and you can make either of the following
application changes:
Block these accounts at logon using some vague error message designed not
to alert the fraudster. The purpose of this is to enable the collection of
fraudulent data regarding IP addresses, payees, and other information.
Make these accounts appear as real ones to mislead fraudsters when they log
on. This offers greater fraud detection benefit. Any critical actions such as
payments or credit profile changes are not executed, but appear to be so to the
fraudster.
You can create a reserve list of accounts and credentials that cannot be used for
accounts. Setup is required to create this list of accounts and application changes
are required to check the account against the list of bait credentials before the
actual logon flow is processed.
Note: When creating a User Id list, you must name the list baits_list.