• Banks may soon require new online authentication steps

    Posted January 25, 2011 - 3:10 pm

    The Federal Financial Institutions Examination Council (FFIEC) could soon release new guidelines for banks to use when authenticating users to online banking transactions.
  • Forrester: Web 2.0 means paying more attention to security, not less

    Posted January 13, 2011 - 6:42 pm

    Holes are opening all over enterprise IT infrastructures, which rely on end-users' memories, not good systems, for good authentication plans.
  • Leveraging Active Directory as your single source for authentication and authorization

    Posted December 22, 2010 - 10:35 pm

    As the role of Active Directory evolves and becomes a central component of your infrastructure, consider the following steps to improve your security posture and your ability to facilitate productive business.
  • Too much access? Privileged Identity Management can help

    Posted November 18, 2010 - 11:01 pm

    Privileged identity management (PIM) products automate control over administrative accounts, which typically put too much power in too many people's hands with too little accountability. They address the security, operational and compliance issues posed by the widely shared administrative accounts and passwords, excessive administrative rights, poor separation of duties, embedded passwords in legacy applications and scripts, and poor or nonexistent privileged-password rotation. They also provide individual accountability and an audit trail to prove that policies and controls are actually being enforced.
  • Review

    Network access control authentication: Are you ready for 802.1X?

    Posted June 21, 2010 - 4:25 pm

    In the NAC products we tested, authentication varies from very strong to very weak, and every point in-between. When starting down your path of evaluating NAC products, decide very early what kind of authentication mechanism you want, if any.
  • Symantec to buy VeriSign's authentication business

    Posted May 20, 2010 - 9:33 am

    Symantec will pay US$1.28 billion to acquire VeriSign's security business.
  • Cloud-based identity management gets a boost

    Posted May 19, 2010 - 11:40 am

    Giving network managers a way to provide access, single sign-on and provisioning controls in cloud-computing environments got a boost today from both Novell and a much smaller competitor, start-up Symplified.
  • Two-factor authentication through Windows Server 2008 NPS

    Posted May 10, 2010 - 11:19 am

    Increasingly, whether due to regulatory requirements or a basic recognition that static passwords just don't provide adequate security, organizations are implementing some form of strong authentication. Like all new efforts, before you start you want to be reasonably assured that you will succeed. In this tutorial we will document how to add two-factor authentication to various Microsoft remote access solutions through the Windows Server 2008 Network Policy Server. For two-factor authentication, we will be using the WiKID Strong Authentication Server - Enterprise Edition. WiKID is a dual-sourced, software-based two-factor authentication system. While the document is product specific, the process is typically the same no matter the products.
  • Researchers find way to zap RSA security scheme

    Posted March 6, 2010 - 10:57 pm

    Three University of Michigan computer scientists say they have found a way to exploit a weakness in RSA security technology used to protect everything from media players to smartphones and e-commerce servers.
  • Security B-Sides: Perfect Authentication Remains Elusive

    Posted March 3, 2010 - 10:30 pm

    For years, leaders of the security industry have warned that passwords have outlived their usefulness. Users pick easy-to-crack passwords like the name of a dog or a favorite movie. They're written on post-it notes and left sticking to the monitor for all to see.
  • RSA and Verisign Partner for Cloud-Based Offering

    Posted October 15, 2009 - 2:19 pm

    RSA and VeriSign are working together to provide organizations with the mutual benefit of an expanded VeriSign Identity Protection (VIP) Service through the availability of RSA SecurID two-factor authentication technology for more choice in one-time password (OTP) authentication. VIP is a managed, shared authentication solution that provides its users with a single one-time password (OTP) authentication device to securely access multiple Web sites.
  • Social Networking a Tool for More Secure ID Management?

    Posted September 18, 2009 - 11:13 pm

    At Digital ID World 2009, a Facebook platform engineer says social networking sites can be used to actually improve identity and access management. Why wasn't he laughed off stage by the skeptical security crowd before him? Read on.
  • Data Debauchery That Happens in Vegas Doesn't Stay There

    Posted September 15, 2009 - 8:56 pm

    Organizations love to collect data on people, often in the name of identity and access control. But more often than not, the information gathering fails to improve security. In fact, it often makes matters worse.
  • Survey: IT pros are optimistic about bigger budgets next year

    Posted July 6, 2009 - 9:05 pm

    While most IT network professionals report modest cutbacks in spending this year vs. last year, they seem optimistic that will change for the better next year, according to an early look at an ongoing study from The Info Pro consultancy.
  • 5 Mergers for a Less Aggravating IT Security Industry

    Posted June 22, 2009 - 11:00 am

    There's a school of thought that says that consolidation is actually making the security industry a less aggravating place. After all, most IT shops would rather see security baked into the larger IT infrastructure provided by the likes of Microsoft, Cisco and others than spend money on a growing array of bolt-on devices.
  • Intel, Oracle, PayPal back ID technology interop group

    Posted June 17, 2009 - 11:20 am

    The Kantara Initiative, formed to promote interoperability among identity verification applications and services, launched on Wednesday with big-name backers like Oracle, Intel, eBay's PayPal, AOL, CA, Novell, Fidelity Investments, Liberty Alliance, Boeing, Internet Society and British Telecom.
  • It's the Information, Stupid

    Posted June 8, 2009 - 10:08 am

    The people in an organization are closest to the critical data, so when it comes to data leakage they can be security's best friend or its worst enemy.
  • Hackers claim $10,000 prize for breaking into StrongWebmail

    Posted June 4, 2009 - 4:50 pm

    Voice-based authentication software company Telesign last week challenged hackers to break into the Web mail account of StrongWebmail CEO Darren Berkovitz and report back details from his June 26 calendar entry. Now, a group of security researchers claims to have done just that.
  • Study: Secret questions don't safeguard passwords

    Posted May 19, 2009 - 1:20 pm

    Free e-mail providers often present a so-called "secret question" as a verification mechanism to reset an account password. But the answer is often easily guessable by other people who know the account holder, according to a new study to be released during the IEEE Symposium on Security and Privacy.
  • How SCAP Brought Sanity to Vulnerability Management

    Posted May 18, 2009 - 10:32 am

    With the proliferation of vulnerability assessment products and services, we have begun to create a different problem. Any organization that maintains a reasonably sized infrastructure or Web presence can easily end up with many different applications, services and tools to maintain and monitor their vulnerabilities.
  • Review

    Microsoft NAP: NAC for the rest of us?

    Posted May 14, 2009 - 4:53 pm

    Microsoft NAP is an effective network gatekeeper for Windows endpoints, but initial configuration is complex, policies are basic, and reporting is absent.
  • When NAC meets NAP

    Posted May 14, 2009 - 9:59 am

    Complete and seamless integration across Cisco NAC, Microsoft NAP, and other network access control solutions remains a distant dream, but signs of progress emerge.
  • Sun ties identity app to Google, Amazon cloud platforms

    Posted April 23, 2009 - 4:42 pm

    Sun Wednesday tied its identity federation software to Google Apps and added its directory and Web application server to the cloud platform t is building for developers to build and test applications.
  • Botnets: Reasons It's Getting Harder to Find and Fight Them

    Posted April 20, 2009 - 10:11 am

    Botnets have long used a variety of configurations, in part to disguise their control mechanisms. But as user-friendly but insecure applications continue to become available -- especially social networking programs -- hackers have an ever growing number of security holes to choose from. They're also getting smarter about building resilient architectures, according to botnet hunters who have monitored recent activity. Here are four reasons the botnet fight is getting harder, and what to do about it:
  • Google offers top tip to help beat bots

    Posted April 17, 2009 - 12:01 pm

    Google has put a new spin on the 'CAPTCHA' used to control access to Web sites: ask visitors to identify the tops of a series of randomly rotated images.
Join us:






Join today!

See more content
Ask a Question