Shift to Adaptive Authentication

You must have heard the terms two-factor authentication and multi-factor authentication, used for improving security and protecting web logins and accounts from malicious attack and data breaches. However, organizations are seeking better solutions to ensure higher user-satisfaction rate along with stronger security for their assets. Adaptive authentication is an advanced and excellent methodology for authenticating users based on machine-learning and data analytics to deliver great user-experience in addition to reliable security.

What is Adaptive Authentication?

As briefed above, adaptive authentication is a machine-learning based security solution which is driven by certain parameters to benefit users with easy, engaging, simplified, and yet stronger security authentication.

Adaptive authentication is not a separate solution or application, rather it’s an integral part of 2FA or any other Multi-factor authentication solution. During adaptive authentication, different parameters and user-attributes are taken into consideration to identify the risk and the credibility of the login attempt. Positive results during adaptive authentication grant direct access to users without letting them undergo token based second-factor authentication. However, if the login attempt is found to be suspicious, based on multiple risk-identifying factors, then it is further subjected to second-factor authentication where the user needs to present hardware or software token, or discredited entirely.

What parameters are considered during adaptive authentication?

Given below are some of the most used parameters and user-attributes to authenticate the veracity of a user’s login. Based on the following factors, a user may be granted direct access or may be subjected to 2nd-factor authentication check.

  • User-Behaviour
  • Login Time
  • Device and other software/hardware resources being used for access
  • IP address of the login
  • Geographical location of user’s login

The attributes mentioned above, with the aid of machine learning tools and algorithms, are being used to evaluate and assess the credibility of the login attempt. Some more parameters and attributes may also be added to the list to ensure a stronger authentication check.

Why is Adaptive authentication getting popular?

The primary and maybe the single-most reason behind the hype of adaptive authentication is the ease of authentication, which the users are finding to be pretty useful and engaging. Although second-factor authentication has been proven to deliver stronger security, some users find the authentication procedure very tiresome and frustrating because of the second-factor authentication that takes place each time they try to log in.

Adaptive authentication is a very useful mechanism that lets genuine and authorized user gain direct access to their account without performing the 2nd-factor authentication unless the user tries to log in from some unusual location, IP address, using unconventional software, or hardware devices in odd timings.

Thus, Adaptive authentication, not only ensures productive machine learning based security check, but also increases and maintains user-interests and thereby delivers higher satisfaction rate.

At present, very few network security solution providers, e.g.  REVE Secure, are delivering adaptive authentication features with their 2FA or MFA solution to ensure a high level of security, but not at the cost of the user’s interest and experience.

Two-Factor Authentication for LINUX SSH

Before learning the two-factor authentication for Linux SSH, let’s have a small overview of Linux. Linux servers are one of the widest and most popular servers used by the organizations across the world. They constitute about 67% of all the public facing servers. They are one of the best and most efficient servers that can carry out the large volumes of web processes and transactions at a very low downtime.

Linux servers are highly reliable and scalable. They use SSH protocol to ensure secure login or access to remote servers. However, SSH involves the usage of the password, and a solely password-based authentication invites security threats and breaches. Passwords these days are no longer secure, for they can be hacked, cracked, or stolen using multiple methods.

Since Linux servers process large amounts of data that is mostly confidential, e.g. financial data, they are a large and favourable target to hackers and attackers. Protecting SSH logins merely with passwords may put your or an organization’s data at risk.

FairWare Ransomware targeting LINUX computers
FairWare Ransomware targeting LINUX computers

Click SSH security to read and learn more about the Linux SSH.

Why Two-Factor Authentication for LINUX SSH?

SSH or Secure Shell is a protocol that enables a user to log-in and access remotely located systems & servers securely, over an unsecured network. SSH itself not only encrypts the remote sessions but also delivers better authentication using cryptographic keys- a public key and private key.

As such, the combination of password and the cryptographic keys may seem to be a viable and stronger authentication option but it’s not, and the reason could be any of the following:

  • Cryptographic key (private key) may not be password protected and could be easily stolen.
  • Use of a simple password by the user in encrypting & protecting the private key.
  • System or device where the user has saved or stored the private key may be vulnerable to theft.

As discussed above, passwords are no longer effective to keep your servers protected from intrusion or other types of different security breaches. In addition, the introduction of concepts like BYOD (Bring Your Own Device) have brought more risk to the Linux servers by granting privilege to employees in accessing organization’s network, server and data using their personal devices like laptops, tablets and smartphones, which may be used as a gateway by attackers because of their comparably lower security levels in comparison to a server.

Two-Factor Authentication: Improving LINUX SSH security

Adopting and implementing two-factor authentication in Linux SSH enforces the server to double-check the authenticity of a user. With 2FA, user’s identity is verified and validated, using “what the user knows” and “what the user has”.

Two Factor Authentication for LINUX SSH
Two Factor Authentication for LINUX SSH

What does a user knows, is username and password.

What a user may have, is security token/code.

2FA places token-based authentication as a secure doorway between a user and the protected server. Anyone can knock on it but only the authorized user can open this door with a secret code.

Is it beneficial to secure all servers using 2FA?

Implementing 2FA protection has always proven to be beneficial irrespective of individual or organizational needs. 2FA may be implemented across all servers present within an organization, but that may create complexity in managing, accessing, and using those servers.

It is pertinent to mention that most servers are already protected and secured by the different types of versatile network security tools, such as firewalls and VPNs. However, all these network security methods may avoid and prevent intrusion only within the organization’s network boundaries.

Public-facing servers (usually very few) can be accessed and explored by any user remotely, over a maybe unsecured network, using SSH outside the organization’s secured network. As such these public-facing servers are most prone to intrusion & data-theft and require utmost protection. Thus, implementation of 2FA may be restricted to public facing servers only.

In conclusion, it may be stated that servers are meant for storing and executing large amount of business & organizational data. Therefore, expecting fullest protection of servers merely with a password is not less than a fool’s paradise. Two-factor authentication is one of the easiest and most convenient ways to ensure guaranteed and multi-layered protection to Linux servers.