Viewing posts tagged Information Security
Why Information Security Breaches may matter to stock prices
Posted by: admin 9 years, 5 months ago
I've been chewing on the this post since @dearestleader's BSidesATL talk and since reading this HBR piece.
Why Information Security Breaches may matter to stock prices
Posted by: admin 9 years, 5 months ago
I've been chewing on the this post since @dearestleader's BSidesATL talk and since reading this HBR piece.
Seven common misconceptions about two-factor authentication
Posted by: admin 9 years, 9 months ago
We get a lot of questions from enterprises as they deploy two-factor authentication. There are a good number of misconceptions out there about how to do it. Here's are six that we see frequently as enterprises first start to think about two-factor authentication:
Belts and Suspenders Security
Posted by: admin 9 years, 9 months ago
I continue to be astounded that one server without two-factor authentication caused the JP Morgan breach. If a sophisticated organization like a major US financial institution can get hacked like that, what are the chances for everyone else? If you were an incoming CIO or CISO, what can you do to avoid such a disaster?
Obviously, JP Morgan is reviewing the status of all their servers (for a start). As I mentioned before, automation and infrastructure as code will help create idempotent servers so you can be sure that they meet security requirements . Any servers outside that level of management, should be segmented and brought in line eventually. But I think it will increasingly make sense for servers to have two-factor authentication for remote access and administrator rights. This is simple to do on *nix servers as services that use PAM - ie sshd, sudo, login etc can all easily require two-factor authentication. Copying these configuration files via management tools is quite simple. By using RADIUS as the authentication protocol, you can perform authorization in Active Directory or LDAP. If I were going into Sony, I would require two-factor authentication for egress as well.
Certainly, this would break some things. But that's the idea. The breaks should show you were you have issues. You need to address those issues.
More on the security concerns for SSH and Key Management
Posted by: admin 10 years, 2 months ago
We've blogged previously about the potential compliance issues around SSH keys and about the risks of poor SSH key management. A recent Forrester survey (PDF warning!) revealed:
Recent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)