Predefined risk profiles
Predefined risk profiles are pre-configured on an appliance with Advanced Access Control. The risk engine uses the active risk profile to calculate risk scores for incoming requests. Predefined risk profiles are tailored for specific scenarios, can be cloned, and cannot be modified. To choose the most appropriate risk profile, we must determine the security priority. We can also create our own risk profile. Depending on the environment, choose one of the following scenarios:
- Upgrade to an ISAM appliance with Advanced Access Control
- By default, a risk profile that is named Default is set to active. The Default profile includes all the risk profile attributes with weights set to 0. The risk score for this profile is always 0. The Default profile is a sample profile. It is not intended for a production environment. Before we use Security Verify Access, choose another risk profile or create our own.
- Performing a new installation of an ISAM appliance with Advanced Access Control
- By default, the Browser risk profile is set as the default risk profile. If the Browser risk profile does not suit the needs of the environment, we must choose another risk profile or create our own.
Predefined risk profiles for the risk engine to use to calculate the risk scores:
- Behavior
- Determine a risk score by comparing the time of the current request with the time the user usually tries to access the resource.
Attribute Weight accessTime 50 browserPlugins 10 deviceFonts 10 http:userAgent 10
- Browser
- Determine a risk score by comparing the attributes from the requesting browser with the browsers the user is known to use.
Attribute Weight browserPlugins 50 deviceFonts 50 http:accept 30 http:acceptEncoding 50 http:acceptLanguage 50 http:userAgent 50
- Device
- Determine a risk score by comparing the attributes from the requesting device with the devices associated with the user.
Attribute Weight browserPlugins 30 colorDepth 50 deviceFonts 50 deviceLanguage 50 devicePlatform 50 screenAvailableHeight 50 screenAvailableWidth 50 screenHeight 50 screenWidth 50
- Location
- Determine a risk score by comparing the location of the incoming request with the locations the user is known to log in from.
Attribute Weight geoLocation 50 geoCity 10 geoCountryCode 10 geoRegionCode 10
Usage scenarios
The following example usage scenarios demonstrate risk score calculation in predefined risk profiles.
Each scenario assumes the administrator wrote a policy, which specifies that:
- Any risk score at or below 40 is permitted.
- Any risk score above 40 is denied.
Scenario 1: Behavior risk profile
Attributes Weight values Incoming device fingerprint values Registered device fingerprint values accessTime 50 2013-05-07T03:25:13Z 2013-05-06T04:00:39Z, 2013-05-13T03:05:20Z, 2013-05-20T03:15:22, 2013-05-27T03:26:05Z, 2013-06-03T03:42:45Z browserPlugins 10 Shockwave Flash, Chrome Remote Desktop Viewer, Widevine Content Decryption Module, Native Client, Chrome PDF Viewer, Java Plug-in 1.7.0, Citrix Receiver for Linux Shockwave Flash, Chrome Remote Desktop Viewer, Native Client, Chrome PDF Viewer, Conference Plugin, AmazonMP3DownloaderPlugin, Google Update deviceFonts 10 Andale Mono, Arial Black, Arial, Bitstream Charter, Century Schoolbook L, Comic Sans MS, Courier 10 Pitch, Courier New, DejaVu Sans Mono, DejaVu Sans, DejaVu Serif, Dingbats, Georgia, Impact, Khmer OS System, Khmer OS, Liberation Mono, Liberation Sans, Liberation Serif, Lohit Bengali, Lohit Gujarati, Lohit Punjabi, Lohit Tamil, Luxi Mono, Luxi Sans, Luxi Serif, Meera, Nimbus Mono L, Nimbus Roman No9 L, Nimbus Sans L, Standard Symbols L, Tahoma, Times New Roman, Trebuchet MS, URW Bookman L, URW Chancery L, URW Gothic L, URW Palladio L, UnBatang, UnDotum, Verdana, Waree, Webdings Aharoni, Andalus, Angsana New, AngsanaUPC, Aparajita, Arabic Typesetting, Arial Black, Arial, Batang, BatangChe, Browallia New, BrowalliaUPC, Calibri, Cambria Math, Cambria, Candara, Comic Sans MS, Consolas, Constantia, Corbel, Cordia New, CordiaUPC, Courier 10 Pitch, Courier New, David, DilleniaUPC, DokChampa, Dotum, DotumChe, Ebrima, Estrangelo Edessa, EucrosiaUPC, Euphemia, FangSong, FrankRuehl, Franklin Gothic Medium, LilyUPC, Lucida Bright, Lucida Console, Lucida Sans Typewriter, Tahoma, Times New Roman, Traditional Arabic, Wingdings http:userAgent 10 Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.2 Safari/537.36 Mozilla/5.0 (X11; Linux i686 (x86_64)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.110 Safari/537.36 Results:
- None of the device fingerprint values match except for the incoming device fingerprint value and existing device fingerprint value for accessTime.
- Because all of the attributes except for accessTime have mismatched values, the collective weight of the mismatched attributes is 30.
- The total weight of all of the attributes is 80. The accessTime attribute has a weight value of 50. The http:userAgent attribute, browserPlugins attribute, and deviceFonts attribute each have weight values of 10.
- According to the risk score calculation formula: (30/80)×100=38. Therefore, the risk score is 38.
- Authentication is permitted because the risk score is below 40.
Scenario 2: Browser risk profile
Attributes Weight values Incoming device fingerprint values Registered device fingerprint values browserPlugins 50 Shockwave Flash, Chrome Remote Desktop Viewer, Widevine Content Decryption Module, Native Client, Chrome PDF Viewer, Java Plug-in 1.7.0, Citrix Receiver for Linux Shockwave Flash, Chrome Remote Desktop Viewer, Native Client, Chrome PDF Viewer, Conference Plugin, AmazonMP3DownloaderPlugin, Google Update deviceFonts 50 Andale Mono, Arial Black, Arial, Bitstream Charter, Century Schoolbook L, Comic Sans MS, Courier 10 Pitch, Courier New, DejaVu Sans Mono, DejaVu Sans, DejaVu Serif, Dingbats, Georgia, Impact, Khmer OS System, Khmer OS, Liberation Mono, Liberation Sans, Liberation Serif, Lohit Bengali, Lohit Gujarati, Lohit Punjabi, Lohit Tamil, Luxi Mono, Luxi Sans, Luxi Serif, Meera, Nimbus Mono L, Nimbus Roman No9 L, Nimbus Sans L, Standard Symbols L, Tahoma, Times New Roman, Trebuchet MS, URW Bookman L, URW Chancery L, URW Gothic L, URW Palladio L, UnBatang, UnDotum, Verdana, Waree, Webdings Aharoni, Andalus, Angsana New, AngsanaUPC, Aparajita, Arabic Typesetting, Arial Black, Arial, Batang, BatangChe, Browallia New, BrowalliaUPC, Calibri, Cambria Math, Cambria, Candara, Comic Sans MS, Consolas, Constantia, Corbel, Cordia New, CordiaUPC, Courier 10 Pitch, Courier New, David, DilleniaUPC, DokChampa, Dotum, DotumChe, Ebrima, Estrangelo Edessa, EucrosiaUPC, Euphemia, FangSong, FrankRuehl, Franklin Gothic Medium, LilyUPC, Lucida Bright, Lucida Console, Lucida Sans Typewriter, Tahoma, Times New Roman, Traditional Arabic, Wingdings http:accept 30 text/html, application/xhtml+xml, application/xml;q=0.9, */*;q=0.8 text/html, application/xhtml+xml, application/xml;q=0.9, */*;q=0.8 http:acceptEncoding 50 gzip, deflate, sdch gzip, deflate, sdch http:acceptLanguage 50 en-US, en;q=0.8 en-US, en;q=0.8, es;q=0.6 http:userAgent 50 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36 Mozilla/5.0 (X11; Linux i686 (x86_64)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.110 Safari/537.36 Results:
- None of the device fingerprint values match except for the incoming device fingerprint value and existing device fingerprint value for http:accept and http:acceptEncoding.
- Because all of the attributes except for http:accept and http:acceptEncoding have mismatched values, the collective weight of the mismatched attributes is 200.
- The total weight of all of the attributes is 280. The http:accept attribute has a weight value of 30. The browserPlugins attribute, deviceFonts attribute, http:acceptEncoding attribute, http:acceptLanguage attribute, and http:userAgent attribute each have weight values of 50.
- According to the risk score calculation formula: (200/280)×100=71. Therefore, the risk score is 71.
- Authentication is denied because the risk score is above 40.
Scenario 3: Device risk profile
Attribute names Weight values Incoming device fingerprint values Registered device fingerprint values browserPlugins 30 Shockwave Flash, Chrome Remote Desktop Viewer, Widevine Content Decryption Module, Native Client, Chrome PDF Viewer, Java Plug-in 1.7.0, Citrix Receiver for Linux Shockwave Flash, Chrome Remote Desktop Viewer, Native Client, Chrome PDF Viewer, Conference Plugin, AmazonMP3DownloaderPlugin, Google Update colorDepth 50 24 32 deviceFonts 50 Andale Mono, Arial Black, Arial, Bitstream Charter, Century Schoolbook L, Comic Sans MS, Courier 10 Pitch, Courier New, DejaVu Sans Mono, DejaVu Sans, DejaVu Serif, Dingbats, Georgia, Impact, Khmer OS System, Khmer OS, Liberation Mono, Liberation Sans, Liberation Serif, Lohit Bengali, Lohit Gujarati, Lohit Punjabi, Lohit Tamil, Luxi Mono, Luxi Sans, Luxi Serif, Meera, Nimbus Mono L, Nimbus Roman No9 L, Nimbus Sans L, Standard Symbols L, Tahoma, Times New Roman, Trebuchet MS, URW Bookman L, URW Chancery L, URW Gothic L, URW Palladio L, UnBatang, UnDotum, Verdana, Waree, Webdings Aharoni, Andalus, Angsana New, AngsanaUPC, Aparajita, Arabic Typesetting, Arial Black, Arial, Batang, BatangChe, Browallia New, BrowalliaUPC, Calibri, Cambria Math, Cambria, Candara, Comic Sans MS, Consolas, Constantia, Corbel, Cordia New, CordiaUPC, Courier 10 Pitch, Courier New, David, DilleniaUPC, DokChampa, Dotum, DotumChe, Ebrima, Estrangelo Edessa, EucrosiaUPC, Euphemia, FangSong, FrankRuehl, Franklin Gothic Medium, LilyUPC, Lucida Bright, Lucida Console, Lucida Sans Typewriter, Tahoma, Times New Roman, Traditional Arabic, Wingdings deviceLanguage 50 en-US en-US devicePlatform 50 Linux x86_64 Win-32 screenAvailable Height 50 1025 870 screenAvailable Width 50 1920 1600 screenHeight 50 1080 900 screenWidth 50 1920 1600 Results:
- None of the device fingerprint values match except for the incoming device fingerprint value and existing device fingerprint value for deviceLanguage.
- Because all of the attributes except for deviceLanguage have mismatched values, the collective weight of the mismatched attributes is 380.
- The total weight of all of the attributes is 430. The browserPlugins attribute has a weight value of 30. The following attributes have weight values of 50:
- colorDepth
- deviceFonts
- deviceLanguage
- devicePlatform
- screenAvailableHeight
- screenAvailableWidth
- screenHeight
- screenWidth
- According to the risk score calculation formula: (380/430)×100=88. Therefore, the risk score is 88.
- Authentication is denied because the risk score is above 40.
Scenario 4: Location risk profile
Attributes Weight values Incoming device fingerprint values Registered device fingerprint values geoCity 10 Austin Austin geoCountryCode 10 US US geoLocation 50 30.2861, -97.739321, 10 30.274722, -97.740556, 13 geoRegionCode 10 TX TX Results:
- All of the device fingerprint values match. The geoLocation attribute contains the values the risk engine uses to calculate the distance between the incoming device fingerprint and the registered device fingerprint. In this instance, the distance between the two device fingerprints is 1.27 km.
- Because all of the device fingerprint values match, the total weight of the mismatched attributes is 0.
- The total weight of all of the attributes is 80. The geoLocation attribute has a weight value of 50. The geoCity attribute, geoCountryCode attribute, and geoRegionCode attribute each have weight values of 10.
- According to the risk score calculation formula: (0/80)×100=0. Therefore, the risk score is 0.
- Authentication is permitted because the risk score is below 40.
Parent topic: Risk profiles