Security Management Strategies for the CIOEmail Alerts
-
Information Security Decisions Session Downloads
Session Downloads from Information Security Decisions 2006 Conference. Session Downloads
-
How to build an identity and access management architecture
Regardless of your company's size, managing identity can be a huge undertaking that requires the efficient oversight of many moving parts. In this lesson, guest instructor Richard Mackey, principal with consultancy SystemExperts, helps you put togeth... Identity and Access Manag
-
Controlling Web access with Apache
How to meet access control requirements with Apache and IIS Web servers. Book Chapter
-
Lesson/Domain 2 -- Security School: Training for CISSP Certification
SearchSecurity.com Security School webcasts are focused on CISSP training. Each lesson corresponds to a specific domain in the CISSP exam's "Common Body of Knowledge." School
-
Authentication and access
This tip describes levels of authentication and various access methods. Perspective
-
Infosec Know IT All Trivia: Authentication
Test your knowledge of authentication methods with our Infosec Know IT All Trivia. Quiz
-
Network role-based security
Read Chapter 16, Network Role-Based Security from the book "Network Security: The Complete Reference" written by Roberta Bragg, Mark Rhodes-Ousley and Keith Strassberg. Book Chapter
-
GlobalSign hack update: Certificate authority finds no rogue certs
Following a breach to a GlobalSign Web server, an extensive investigation found no evidence of an infiltration of its digital certificate infrastructure and no leakage of its certificate keys. News | 15 Dec 2011
-
RSA responds to SecurID attack, plans security token replacement
Following a retooling of its manufacturing and supply chain management processes, RSA plans to replace security tokens for high risk customers. News | 07 Jun 2011
-
CA to acquire Arcot Systems for SaaS identity management
CA said Arcot's software as a service delivery model could help accelerate its delivery of CA identity and access management technologies from the cloud. Article | 30 Aug 2010
-
Intel-McAfee marriage could fuel renewed chip security interest
Hardware-based security is in use at some enterprises and gains in virtualization are predicted on the horizon, but the technology has seen slow adoption. Article | 26 Aug 2010
-
Companies falling behind on IT access governance, survey finds
Too many employees are given access to systems they don't need, according to a survey conducted by the Ponemon Institute. Article | 20 Apr 2010
-
Yahoo login credentials at risk to hijacking attack
Cybercriminals target Yahoo and other hosting services using a new phishing campaign to hijack accounts and commit bank fraud. Article | 07 Dec 2009
-
Group to shed light on secure identity management threats
Identity management technologies are struggling to keep pace with constantly evolving nature of attacks, according to the Center for Applied Identity Management Research (CAIMR). Article | 27 Oct 2009
-
Kaminsky reveals key flaws in X.509 SSL certificates at Black Hat
Researcher Dan Kaminsky returned to Black Hat with new research on X.509 certificates, explaining an attack method that could enable malicious hackers to spoof legitimate SSL certificates.. Article | 29 Jul 2009
-
IBM USB banking device stops keyloggers, malware
A new USB stick, developed by IBM researchers, sets up a secure banking connection bypassing computer software and drivers. News | 29 Oct 2008
-
Sun launches open source OpenSSO for identity management
Sun integrates access management, federation and secure Web services in its new OpenSSO Enterprise Article | 30 Sep 2008
- See More: News on Web Authentication and Access Control
-
Alternatives to password-reset questions tackle social networking cons
With so much personal information available on the Internet, finding the answers to someone's password-reset questions can be quite easy. In this tip, learn about alternatives to the password-reset question option that can lead to more secure Interne... Tip
-
How to use single sign-on for Web access control to prevent malware
Web-based applications are popping up everywhere, and new worms and viruses are being developed just as quickly to exploit them. In this IAM expert tip, David Griffeth explains how to use single sign-on with multifactor authentication to keep malware... Tip
-
Vista WIL: How to take control of data integrity levels
In the past, Windows users could tweak NTFS permissions and decide who should have access to important data. With the introduction of the Windows Vista operating system, however, the Windows Integrity Levels (WIL) feature seeks to address previous ac... Tip
-
Enterprise security in 2008: Assessing access management
Access management troubles were hardly few and far between in 2007, and according to IAM expert Joel Dubin, access management challenges aren't going away in 2008. In this tip, Dubin outlines this year's key issues, including remote access, provisio... Tip
-
The dangers of granting system access to a third-party provider
Granting system access to a third-party provider is a risk that can introduce security threats and technical and business dangers into your enterprise. In this tip, security expert Joel Dubin discusses the potential threats involved with granting acc... Tip
-
Employee profiling: A proactive defense against insider threats
Employee profiling is one technique to combat malicious insiders, but organizations should tread carefully. As identity and access management expert Joel Dubin writes, protecting data and systems against insiders with criminal intentions requires a m... Tip
-
Extranet security strategy considerations
Extranets can be beneficial for conducting e-commerce, but if they aren't properly secured, they can pose serious risks to you, your business partners and customers. In this tip, our network security expert, Mike Chapple, provides four tactics for lo... Tip
-
IIS security: Configure Web server permissions for better access control
Updating user access controls as business portfolios expand can help protect confidential data. Learn how to secure user access controls and keep your greatest asset under lock and key by configuring IIS Web server permissions, in this tip by SearchS... Tip
-
Secure data transmission methods
The main purpose of this tip is to explore secure data transmission options that are available to help meet regulatory and legal requirements. Tip
-
Layered access control: 6 top defenses that work
Security guru Joel Snyder introduces six strategies for building layered security in networks in this presentation from Information Security Decisions. Tip
- See More: Tips on Web Authentication and Access Control
-
Privilege access management: User account provisioning best practices
Broad user account provisioning can give users too much access. Randall Gamby offers privilege access management advice to prevent 'privilege creep.' Answer
-
MDM architecture considerations for enterprise identity management
Randall Gamby details which enterprise identity management features to look for when evaluating products as the basis for an MDM architecture. Answer
-
Enterprise user de-provisioning best practices: How to efficiently revoke access
Misplaced or stagnant employee access can be dangerous; Randall Gamby details user provisioning best practices for setting up a system to combat this risk. Answer
-
The pros and cons of delivering Web pages over an SSL connection
An SSL connection can help secure Web browsing, but can affect website performance. Michael Cobb explains the pros and cons of an SSL connection. Answer
-
OAuth 2.0: Pros and cons of using the federation protocol
Learn the advantages and disadvantages of using Open Authorization for Web application authentication. Answer
-
Insufficient authorization: Hardening Web application authorization
Insufficient authorization errors can lead to Web app compromises and data loss. Learn how to fix these authorization errors. Answer
-
How to use Wget commands and PHP cURL options for URL retrieval
When TCP or HTTP connections aren't behaving as expected, free tools like Wget and cURL can help with URL retrieval. Learn more in this expert response from Anand Sastry. Ask the Expert
-
Can DHCP management tools be used to manage user account permissions?
Learn more about whether using DHCP management tools is an effective way to manage user account permissions, and what other options might be, in this expert response from Randall Gamby. Ask the Expert
-
How to set up Apache Web server access control
If you're hoping to allow or deny Apache Web server access based on IP address, check out this expert response from Randall Gamby. Ask the Expert
-
Creating a secure intranet with secure file access management
Is it possible to allow employees to access sensitive information via an intranet securely? In this expert response, Randall Gamby explains how Web access management software might help. Ask the Expert
- See More: Expert Advice on Web Authentication and Access Control
-
risk-based authentication (RBA)
Risk-based authentication (RBA) is a method of applying varying levels of stringency to authentication processes based on the likelihood that access to a given system could result in its being compromised. As the level of risk increases, the authenti... Definition
-
multifactor authentication (MFA)
Multifactor authentication (MFA) is a security system in which more than one form of authentication is implemented to verify the legitimacy of a transaction... (Continued) Definition
-
authentication, authorization, and accounting (AAA)
Authentication, authorization, and accounting (AAA) is a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services. Definition
-
user account provisioning
User account provisioning is a business process for creating and managing access to resources in an information technology (IT) system. To be effective, an account provisioning process should ensure that the creation of accounts and provisioning of ... Definition
-
knowledge-based authentication (KBA)
Knowledge-based authentication (KBA) is an authentication scheme where the user is asked to answer at least one "secret" question during an online registration process. Definition
-
identity chaos (password chaos)
Identity chaos (sometimes called password chaos) is a situation in which users have multiple identities and passwords across a variety of networks, applications, computers and/or computing devices. Definition
-
anonymous Web surfing (Web anonymizer, SafeWeb)
Anonymous Web surfing allows a user to visit Web sites without allowing anyone to gather information about which sites the user visited. Definition
-
walled garden
On the Internet, a walled garden is an environment that controls the user's access to Web content and services. Definition
-
access log
An access log is a list of all the requests for individual files that people have requested from a Web site. Definition
-
Best practices: Identity management - Part 2
Do you know how to optimize your identity management? Learn how In part 2 of Best practices: Identity management where experts Kelly Manthey and Peter Gyurko discuss how using case studies involving a Fortune 500 bank. Video
-
What is identity management?
Do you know what identity management is and how to properly manage it? This expert video featuring Kelly Manthey and Peter Gyurko explores the role of identity mangement and how it can benefit your enterprise. Video
-
Countdown - Top 5 Technologies on the Leading Edge of Authentication
Authentication technologies have made great strides as of late, and the timing couldn't be better: privilege creep, insider abuse and numerous other issues are causing enterprises to turn to innovative techniques to solve emerging problems. In this p... Podcast
-
risk-based authentication (RBA)
Risk-based authentication (RBA) is a method of applying varying levels of stringency to authentication processes based on the likelihood that access to a given system could result in its being compromised. As the level of risk increases, the authenti... Definition
-
multifactor authentication (MFA)
Multifactor authentication (MFA) is a security system in which more than one form of authentication is implemented to verify the legitimacy of a transaction... (Continued) Definition
-
Privilege access management: User account provisioning best practices
Broad user account provisioning can give users too much access. Randall Gamby offers privilege access management advice to prevent 'privilege creep.' Answer
-
MDM architecture considerations for enterprise identity management
Randall Gamby details which enterprise identity management features to look for when evaluating products as the basis for an MDM architecture. Answer
-
Enterprise user de-provisioning best practices: How to efficiently revoke access
Misplaced or stagnant employee access can be dangerous; Randall Gamby details user provisioning best practices for setting up a system to combat this risk. Answer
-
GlobalSign hack update: Certificate authority finds no rogue certs
Following a breach to a GlobalSign Web server, an extensive investigation found no evidence of an infiltration of its digital certificate infrastructure and no leakage of its certificate keys. News
-
The pros and cons of delivering Web pages over an SSL connection
An SSL connection can help secure Web browsing, but can affect website performance. Michael Cobb explains the pros and cons of an SSL connection. Answer
-
OAuth 2.0: Pros and cons of using the federation protocol
Learn the advantages and disadvantages of using Open Authorization for Web application authentication. Answer
-
Insufficient authorization: Hardening Web application authorization
Insufficient authorization errors can lead to Web app compromises and data loss. Learn how to fix these authorization errors. Answer
-
RSA responds to SecurID attack, plans security token replacement
Following a retooling of its manufacturing and supply chain management processes, RSA plans to replace security tokens for high risk customers. News
- See More: All on Web Authentication and Access Control
About Web Authentication and Access Control
Get tips and tricks on Web access authentication and control. Learn when restricting Web access is necessary and how Web application IAM techniques like single sign-on can thwart hacker attacks and threats.