Out-Of-Band Authentication at Work

Posted by Christina Cardella on 1 April 2019
Find me on:

As the world changes and evolves, security experts are doing their best to expose the discrepancies in the modern threat landscape. A phrase that is becoming more and more popular is out-of-band management. But what does this mean? 

As the name itself implies, out-of-band management (OOBM) is primarily used when talking about IT and access control infrastructure put in place by organizations. This management method involves creating an alternate and dedicated connection to a system that is separate from the actual network that the system runs on. This security management tactic allows the system administrator to ensure there is a solid trust boundary in place when accessing the management function of a system. It can also be used to allow a system administrator to monitor and manage servers and other network attached equipment by remote access control- regardless of whether the machine is powered on, or whether an operating system has been previously installed. In short, this is a method of remotely managing the wide area network components of a network by using a secondary serial communication link.  

BioConnect can Help with your OOBM

When and Where Would you Need OOBM? 

OOBM is a strategic security tactic that every data center or remote working site should have in place when they want to improve upon their overall performance, support upgrades to their systems and reduce the amount of downtime and outages they could potentially face. 

However, OOBM has other practical applications, like adding an extra layer of security to two-factor authentication.  

Out of Band Management for Authentications 

Out-of-band authentication (OOBA) is a type of two-factor authentication that requires a user to have a secondary method of verification of their identity on a separate communication channel entirely. Also, in most cases, this is layered upon the traditional username and password. This high-security method is often seen in financial institutions.  

Using a second authentication channel combined with two points of authentication makes it significantly more difficult for an attacker to intercept and redirect the authentication process, often referred to as the man-in-the-middle attack. This is much more secure than a single channel because it would require the attacker to hack into and disrupt two different communication channels.  

Learn More about BioConnect's OOBA Solution

OOBA as The Best Security to Protect Against Threats 

An example of OOBA is a high-risk money transaction. When a user needs to verify their identity with 2-factor authentication. The user would most likely start on their laptop, enter their banking username and password, then they would receive a step-up notification on their phone (the secondary communication channel) to confirm their identity (second factor of authentication).  

Two-factor authentication and layered security have been highlighted in the final FFIEC authentication guidance as critical steps that institutions should take in order to protect their customers who conduct high-risk transactions. 

Current methods, such as passwords and challenge questions, are weak authenticators. Passwords can be easily stolen or intercepted by phishing attacks or malware. 

How BioConnect ID Provides you with Strong OOBA 

In-band authentication, even if it is two-factor authentication, is still subject to attacks. The MFA, multi-factor authentication, aspect can be an OTP, one-time passcode. OTP’s can come from a token, an SMS message or a variety of other means. The idea is that you take your given OTP code and you use it on your device. The problem with this is that many cyber-attacks use malware to infect your device and is now able to track and record everything you now do on your device, including entering your OTP. When you enter your OTP, the malware simply grabs that code and hand delivers it to a cybercriminal who will use it to masquerade as you from now on.  

In-band token-based approach, mentioned above, can’t help you if your device has been infected by a form of malware. Where the magic of out-of-band happens is that the entire transaction takes place on another device, separate from the potentially infected device.  

BioConnect ID provides out-of-band biometric verification. We send a push notification via our app and we ask you to step-up with a biometric authentication from your phone, therefore, bringing another device into the mix and adding a protective layer from cybercriminals.

Talk to a BioConnect Team Member about OOBA