Predefined risk profiles

Predefined risk profiles are pre-configured on an appliance with Advanced Access Control. The risk engine uses the active risk profile to calculate risk scores for incoming requests.

Predefined risk profile types

Predefined risk profiles:
  • Are tailored for specific scenarios.
  • Can be cloned.
  • Cannot be modified.
To choose the most appropriate risk profile, you must determine your security priority. You can also create your own risk profile.

Depending on your environment, choose one of the following scenarios:

Upgrading to an IBM® Security Verify Access appliance with Advanced Access Control
By default, a risk profile that is named Default is set to active. The Default profile includes all the risk profile attributes with weights set to 0. The risk score for this profile is always 0. The Default profile is a sample profile. It is not intended for a production environment. Before you use Security Verify Access, choose another risk profile or create your own.
Performing a new installation of an IBM Security Verify Access appliance with Advanced Access Control
By default, the Browser risk profile is set as the default risk profile. If the Browser risk profile does not suit the needs of your environment, you must choose another risk profile or create your own.
You can choose one of the following predefined risk profiles for the risk engine to use as a filter when it calculates the risk score:
Behavior
Determines a risk score by comparing the time of the current request with the time that the user usually tries to access the resource.
The following table contains the attributes and corresponding weight values that are included in the Behavior risk profile.
Attribute Weight
accessTime 50
browserPlugins 10
deviceFonts 10
http:userAgent 10
Browser
Determines a risk score by comparing the attributes from the requesting browser with the browsers that the user is known to use.
The following table contains the attributes and corresponding weight values that are included in the Browser risk profile.
Attribute Weight
browserPlugins 50
deviceFonts 50
http:accept 30
http:acceptEncoding 50
http:acceptLanguage 50
http:userAgent 50
Device
Determines a risk score by comparing the attributes from the requesting device with the devices that are associated with the user.
The following table contains the attributes and corresponding weight values that are included in the Device risk profile.
Attribute Weight
browserPlugins 30
colorDepth 50
deviceFonts 50
deviceLanguage 50
devicePlatform 50
screenAvailableHeight 50
screenAvailableWidth 50
screenHeight 50
screenWidth 50
Location
Determines a risk score by comparing the location of the incoming request with the locations that the user is known to log in from.
The following table contains the attributes and corresponding weight values that are included in the Location risk profile.
Attribute Weight
geoLocation 50
geoCity 10
geoCountryCode 10
geoRegionCode 10

Usage scenarios

The following example usage scenarios demonstrate risk score calculation in predefined risk profiles.

Each scenario assumes that the administrator wrote a policy, which specifies that:
  • Any risk score at or below 40 is permitted.
  • Any risk score above 40 is denied.

Scenario 1: Behavior risk profile

The risk engine uses risk profile information in the following table to calculate the risk score.
Attributes Weight values Incoming device fingerprint values Registered device fingerprint values
accessTime 50 2013-05-07T03:25:13Z 2013-05-06T04:00:39Z, 2013-05-13T03:05:20Z,2013-05-20T03:15:22,2013-05-27T03:26:05Z, 2013-06-03T03:42:45Z
browserPlugins 10 Shockwave Flash,Chrome Remote Desktop Viewer,Widevine Content Decryption Module,Native Client,Chrome PDF Viewer,Java(TM) Plug-in 1.7.0,Citrix Receiver for Linux Shockwave Flash,Chrome Remote Desktop Viewer,Native Client, Chrome PDF Viewer, Conference Plugin, AmazonMP3DownloaderPlugin, Google Update
deviceFonts 10 Andale Mono,Arial Black,Arial,Bitstream Charter,Century Schoolbook L,Comic Sans MS,Courier 10 Pitch,Courier New,DejaVu Sans Mono,DejaVu Sans,DejaVu Serif,Dingbats,Georgia, Impact,Khmer OS System,Khmer OS,Liberation Mono,Liberation Sans,Liberation Serif,Lohit Bengali,Lohit Gujarati,Lohit Punjabi,Lohit Tamil,Luxi Mono,Luxi Sans,Luxi Serif,Meera,Nimbus Mono L,Nimbus Roman No9 L,Nimbus Sans L,Standard Symbols L,Tahoma,Times New Roman,Trebuchet MS,URW Bookman L,URW Chancery L,URW Gothic L,URW Palladio L,UnBatang,UnDotum,Verdana, Waree,Webdings Aharoni,Andalus,Angsana New, AngsanaUPC,Aparajita,Arabic Typesetting,Arial Black,Arial, Batang,BatangChe,Browallia New,BrowalliaUPC,Calibri, Cambria Math,Cambria,Candara, Comic Sans MS,Consolas, Constantia,Corbel,Cordia New,CordiaUPC,Courier 10 Pitch,Courier New,David, DilleniaUPC,DokChampa, Dotum,DotumChe,Ebrima, Estrangelo Edessa,EucrosiaUPC, Euphemia,FangSong,FrankRuehl, Franklin Gothic Medium,LilyUPC, Lucida Bright,Lucida Console, Lucida Sans Typewriter,Tahoma, Times New Roman,Traditional Arabic,Wingdings
http:userAgent 10 Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.2 Safari/537.36 Mozilla/5.0 (X11; Linux i686 (x86_64)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.110 Safari/537.36
Results:
  • None of the device fingerprint values match except for the incoming device fingerprint value and existing device fingerprint value for accessTime.
  • Because all of the attributes except for accessTime have mismatched values, the collective weight of the mismatched attributes is 30.
  • The total weight of all of the attributes is 80. The accessTime attribute has a weight value of 50. The http:userAgent attribute, browserPlugins attribute, and deviceFonts attribute each have weight values of 10.
  • According to the risk score calculation formula: (30/80)×100=38. Therefore, the risk score is 38.
  • Authentication is permitted because the risk score is below 40.

Scenario 2: Browser risk profile

The risk engine uses risk profile information in the following table to calculate the risk score.
Attributes Weight values Incoming device fingerprint values Registered device fingerprint values
browserPlugins 50 Shockwave Flash,Chrome Remote Desktop Viewer,Widevine Content Decryption Module,Native Client,Chrome PDF Viewer,Java(TM) Plug-in 1.7.0,Citrix Receiver for Linux Shockwave Flash,Chrome Remote Desktop Viewer,Native Client, Chrome PDF Viewer, Conference Plugin, AmazonMP3DownloaderPlugin, Google Update
deviceFonts 50 Andale Mono,Arial Black,Arial,Bitstream Charter,Century Schoolbook L,Comic Sans MS,Courier 10 Pitch,Courier New,DejaVu Sans Mono,DejaVu Sans,DejaVu Serif,Dingbats,Georgia, Impact,Khmer OS System,Khmer OS,Liberation Mono,Liberation Sans,Liberation Serif,Lohit Bengali,Lohit Gujarati,Lohit Punjabi,Lohit Tamil,Luxi Mono,Luxi Sans,Luxi Serif,Meera,Nimbus Mono L,Nimbus Roman No9 L,Nimbus Sans L,Standard Symbols L,Tahoma,Times New Roman,Trebuchet MS,URW Bookman L,URW Chancery L,URW Gothic L,URW Palladio L,UnBatang,UnDotum,Verdana, Waree,Webdings Aharoni,Andalus,Angsana New, AngsanaUPC,Aparajita,Arabic Typesetting,Arial Black,Arial, Batang,BatangChe,Browallia New,BrowalliaUPC,Calibri, Cambria Math,Cambria,Candara, Comic Sans MS,Consolas, Constantia,Corbel,Cordia New,CordiaUPC,Courier 10 Pitch,Courier New,David, DilleniaUPC,DokChampa, Dotum,DotumChe,Ebrima, Estrangelo Edessa,EucrosiaUPC, Euphemia,FangSong,FrankRuehl, Franklin Gothic Medium,LilyUPC, Lucida Bright,Lucida Console, Lucida Sans Typewriter,Tahoma, Times New Roman,Traditional Arabic,Wingdings
http:accept 30 text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
http:acceptEncoding 50 gzip,deflate,sdch gzip,deflate,sdch
http:acceptLanguage 50 en-US,en;q=0.8 en-US,en;q=0.8,es;q=0.6
http:userAgent 50 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36 Mozilla/5.0 (X11; Linux i686 (x86_64)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.110 Safari/537.36
Results:
  • None of the device fingerprint values match except for the incoming device fingerprint value and existing device fingerprint value for http:accept and http:acceptEncoding.
  • Because all of the attributes except for http:accept and http:acceptEncoding have mismatched values, the collective weight of the mismatched attributes is 200.
  • The total weight of all of the attributes is 280. The http:accept attribute has a weight value of 30. The browserPlugins attribute, deviceFonts attribute, http:acceptEncoding attribute, http:acceptLanguage attribute, and http:userAgent attribute each have weight values of 50.
  • According to the risk score calculation formula: (200/280)×100=71. Therefore, the risk score is 71.
  • Authentication is denied because the risk score is above 40.

Scenario 3: Device risk profile

The risk engine uses risk profile information in the following table to calculate the risk score.
Attribute names Weight values Incoming device fingerprint values Registered device fingerprint values
browserPlugins 30 Shockwave Flash,Chrome Remote Desktop Viewer,Widevine Content Decryption Module,Native Client,Chrome PDF Viewer,Java(TM) Plug-in 1.7.0,Citrix Receiver for Linux Shockwave Flash,Chrome Remote Desktop Viewer,Native Client, Chrome PDF Viewer, Conference Plugin, AmazonMP3DownloaderPlugin, Google Update
colorDepth 50 24 32
deviceFonts 50 Andale Mono,Arial Black,Arial,Bitstream Charter,Century Schoolbook L,Comic Sans MS,Courier 10 Pitch,Courier New,DejaVu Sans Mono,DejaVu Sans,DejaVu Serif,Dingbats,Georgia, Impact,Khmer OS System,Khmer OS,Liberation Mono,Liberation Sans,Liberation Serif,Lohit Bengali,Lohit Gujarati,Lohit Punjabi,Lohit Tamil,Luxi Mono,Luxi Sans,Luxi Serif,Meera,Nimbus Mono L,Nimbus Roman No9 L,Nimbus Sans L,Standard Symbols L,Tahoma,Times New Roman,Trebuchet MS,URW Bookman L,URW Chancery L,URW Gothic L,URW Palladio L,UnBatang,UnDotum,Verdana, Waree,Webdings Aharoni,Andalus,Angsana New, AngsanaUPC,Aparajita,Arabic Typesetting,Arial Black,Arial, Batang,BatangChe,Browallia New,BrowalliaUPC,Calibri, Cambria Math,Cambria,Candara, Comic Sans MS,Consolas, Constantia,Corbel,Cordia New,CordiaUPC,Courier 10 Pitch,Courier New,David, DilleniaUPC,DokChampa, Dotum,DotumChe,Ebrima, Estrangelo Edessa,EucrosiaUPC, Euphemia,FangSong,FrankRuehl, Franklin Gothic Medium,LilyUPC, Lucida Bright,Lucida Console, Lucida Sans Typewriter,Tahoma, Times New Roman,Traditional Arabic,Wingdings
deviceLanguage 50 en-US en-US
devicePlatform 50 Linux x86_64 Win-32
screenAvailable Height 50 1025 870
screenAvailable Width 50 1920 1600
screenHeight 50 1080 900
screenWidth 50 1920 1600
Results:
  • None of the device fingerprint values match except for the incoming device fingerprint value and existing device fingerprint value for deviceLanguage.
  • Because all of the attributes except for deviceLanguage have mismatched values, the collective weight of the mismatched attributes is 380.
  • The total weight of all of the attributes is 430. The browserPlugins attribute has a weight value of 30. The following attributes have weight values of 50:
    • colorDepth
    • deviceFonts
    • deviceLanguage
    • devicePlatform
    • screenAvailableHeight
    • screenAvailableWidth
    • screenHeight
    • screenWidth
  • According to the risk score calculation formula: (380/430)×100=88. Therefore, the risk score is 88.
  • Authentication is denied because the risk score is above 40.

Scenario 4: Location risk profile

The risk engine uses risk profile information in the following table to calculate the risk score.
Attributes Weight values Incoming device fingerprint values Registered device fingerprint values
geoCity 10 Austin Austin
geoCountryCode 10 US US
geoLocation 50 30.2861, -97.739321, 10 30.274722, -97.740556, 13
geoRegionCode 10 TX TX
Results:
  • All of the device fingerprint values match. The geoLocation attribute contains the values that the risk engine uses to calculate the distance between the incoming device fingerprint and the registered device fingerprint. In this instance, the distance between the two device fingerprints is 1.27 km.
  • Because all of the device fingerprint values match, the total weight of the mismatched attributes is 0.
  • The total weight of all of the attributes is 80. The geoLocation attribute has a weight value of 50. The geoCity attribute, geoCountryCode attribute, and geoRegionCode attribute each have weight values of 10.
  • According to the risk score calculation formula: (0/80)×100=0. Therefore, the risk score is 0.
  • Authentication is permitted because the risk score is below 40.