Authentication

What questions should an organization ask about security and availability when contemplating a cloud computing model

New technologies emerge every day, but not all of them pay off, and adopting them too early might be risky for your organization.

This paper defines the different types of penetration tests, explains why the tests should be performed, details their benefits and even provides guidance for choosing the right vendor.

Ultra High Speed Internet, TV and local/long distance phone services combined into 1 superior service.

More and more companies are realizing that their corporate air waves are an asset that requires protection. Strong security policies have been created for wired networks. The same is now needed for the corporate air waves. This paper will discuss the compelling business reasons why an investment in wireless intrusion prevention should be made.

Companies are embracing wireless technologies to increase productivity, provide more flexible work arrangements for their employees, and work more closely with their business partners. Read this white paper to learn how SSL VPNs deliver a means of protecting every node, whether internal or external to the enterprise.

Network Access Control (NAC) solutions has arrived, with the support of some of the largest vendors in the IT/networking world, its own consortium, the excitement of users at organizations of all types and sizes, real available solutions, and significant revenue generated. Learn more in this white paper.

When the U.S. Congress passed the Health Insurance Portability and Accountability Act (HIPAA) of 1996, among the law's many provisions was the establishment of formal regulations designed to protect the confidentiality and security of patient information. In addition to mandating new policies and procedures, the HIPAA security regulations require mechanisms for controlling access to patient data on healthcare providers' information technology (IT) systems.

NitroSecurity's Security Event Aggregation and Correlation Engine (N-SEAC) is a patented, key differentiator of the NitroSecurity IPS solution. It allows enterprise customers the ability to collect and analyze threat information more efficiently and in an accurate and timely manner.

To successfully deploy Single Sign-On today, most organizations have a set of key requirements that must be met. Here are some tips on how focal Point can help organizations seeking Single Sign-On meet those requirements.

This paper is a synopsis of the presentations given at the Preventsys "CISO Breakfast Series," a succession of seminars given across North America in January and February 2005. The speakers for each breakfast consisted of security professionals and executives who provided their views on how to more effectively align information security with business initiatives.

Healthcare organizations are being targeted by financially motivated attackers that steal and sell valuable data, including identities and computing resources. This white paper defines the new threat, and outlines three important steps that providers can take to protect their critical systems.

Authentication technologies such as tokens and smart cards help meet the challenges of protecting sensitive data and securing application access. This white paper presents four cases in which an identity-based solution provides a compelling, low-cost alternative or complement to strong authentication technologies.

While IPSec VPN implementation has traditionally been viewed as expensive and time-consuming for large organizations, Quocirca has found that the next generation of IPSec VPN technologies has addressed these management headaches through automation, integrated security policy management, and centralized control.

In the past, authentication solutions were either easy to use and inexpensive, but insecure (such as username/password) or very secure but expensive or difficult to implement (such as OTP tokens and smart cards). Arcot offers a third option: WebFort, a software-only, two-factor authentication solution. It delivers the right balance of cost, convenience, and strength.

Solutions including one-time-password (OTP) generator tokens, do not offer the same level of protection as the ArcotID against attacks such as the man-in-the-middle attack. The ArcotID secure software credential provides protection against common Internet threats and several futuristic attacks that are becoming popular among fraudsters.

Man-in-the-Middle attacks can defeat most kinds of multi-factor authentication, including OTP tokens. Financial institutions, brokerages, and other likely targets of MITM attacks should consider the ability of their countermeasures to defeat MITM attacks, as these types of attacks will continue.

Password practices that improve security are by their nature burdensome to the user, resulting in passwords difficult to remember which are often changed about the same time they have finally become memorized. Yet password security remains a cornerstone of system security: as much as 80% of security breaches take place not through arcane hacking and virus attacks, but through system infiltration facilitated by use of a password.

For over a decade now, RADIUS servers have been a mainstay of dial-up and VPN access control. The rather inconspicuous RADIUS server, perhaps better known as that beige, general-purpose PC collecting dust in the corner of your data center, has proved sufficient for performing basic duties like validating passwords and granting network access.

Guests, contractors, vendors, business partners, and other temporary users require and expect certain level of network access within organizations that they visit. Corporate network access has been typically open; internal LAN connections have seldom required authentication. Today however, regulatory and other security concerns demand that organizations adopt a more secure posture towards these short-term users.

Increased pressure for cost-efficient administration, productive work environments and an array of strict government regulations are driving increased demand for integrated user Provisioning/SSO solutions that are affordable, easy to maintain and secure.

With so much of today's commerce being conducted electronically, providing staff with internet access has become a business necessity. The improper use of e-mail and instant messengers can lead to extremely expensive lawsuits, and the proliferation of mobile devices has made it considerably easier for errant employees to steal sensitive information. This white paper will detail the risks to which organizations that do not monitor their employees are exposed and explain the right way for organizations to go about monitoring.

At the Defcon security conference on August 2007, a hacker and Defcon staffer who goes by the name Zac Franken, showed how a small homemade device he calls "Gecko", which can perform a hack on the type of access card readers used on office doors throughout the country.

Swiping a card to gain access to a company building is now a perfectly accepted feature of everyday corporate life. Over the years, we have all grown familiar with the routine and the advantages it brings to access control. But where cards were once used exclusively to open doors, controlling who went where and when in a building, now they can be used for a wide variety of extra functions.

Developed by Borer in conjunction with AND-Group, the CruSafe software and hardware system provides a state-of-the-art safety system specifically developed to address the key requirement for real-time tracking of personnel. AND CruSafe is a state-of-the-art safety system which has been specifically developed to address the key requirement for real-time tracking of personnel (often known as POB- Personnel On Board). CruSafe has already been proven to reduce muster times by 70%.