How to improve Web access controls

BROWSE BY TAG Identity Management and Access Control,   Web Authentication and Access Control,   Enterprise Identity and Access Management,   Expert Archive: Identity Management and Access Control,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Identity Management and Access Control Is Identity Management as a Service (IDaaS) a good idea? How to log in to multiple servers with federated single sign-on (SSO) How to confirm the receipt of an email with security protocols Learn about enterprise strategy for server virtualization single sign-on Employee information security awareness training for new IAM systems Can you combine RFID tag technology with GPS to track stolen goods? Is there a free enterprise-caliber password-management tool? Cryptosystem attacks that do not involve obtaining the decryption key Can any firm or organization get a digital signature certificate? Should the CTO have domain administrator access? Web Authentication and Access Control Group to shed light on secure identity management threats How to confirm the receipt of an email with security protocols Schneier-Ranum Face-Off: Is Perfect Access Control Possible? Kaminsky reveals key flaws in X.509 SSL certificates at Black Hat Changing times for identity management How to use single sign-on for Web access control to prevent malware IBM USB banking device stops keyloggers, malware Can mutual authentication beat phishing or man-in-the-middle attacks? Could someone place a rootkit on an internal network through a router? Sun launches open source OpenSSO for identity management Expert Archive: Identity Management and Access Control Enterprise password management policy: Finding the balance How to conduct a periodic user access review for account privileges Options for a mechanical door security system on a server room door Comparing access control mechanisms and identity management techniques User provisioning and SSO for PeopleSoft- and Unix-based products Could someone place a rootkit on an internal network through a router? Should a new user have to confirm an email address to gain access? Can home PCs provide a way for viruses and spyware to enter a corporate LAN? What should an enterprise look for in a password token and a vendor? Using batch files for temporary user access to the local admin group

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary access log  (SearchSecurity.com) anonymous Web surfing  (SearchSecurity.com) authentication, authorization, and accounting  (SearchSecurity.com) identity chaos  (SearchSecurity.com) knowledge-based authentication  (SearchSecurity.com) multifactor authentication (MFA)  (SearchSecurity.com) walled garden  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

To provide granular access to specific Internet sites for specific users, you need to augment your existing proxy server, or firewall, with a Web filtering appliance. While you can tune proxies and firewalls to block certain kinds of traffic and Web sites, they don't work as well for individual user profiles.

Web filtering products, such as Websense, Blue Coat and 8e6, operate as appliances meshed into your firewall system, but unlike firewalls, they are deployed to block specific content. You can tailor Web filters to your company's particular policies for employee Internet use. They can use white and black lists to control what users can and cannot access.

The obvious targets, like pornography and gambling sites, would most likely be on most companies' hit list for the deployment of Web filtering proxies. However, if your company has a policy against employees accessing personal email accounts on company time, these products can do the job.

Again, unlike firewall rules, which are based on traffic, these products can be adjusted to allow selective access to individual employees or groups of employees that may need special access for business reasons. Websense, for example, has a User Service software component that calls your directory service, whether Active Directory (AD) or LDAP, to filter users based on any size and type of organizational unit from domains down to individual users. Blue Coat and 8e6 both offer similar user authentication schemes in their products that work with AD and LDAP, as well.

Although these filtering products don't store profiles, they do work with the profiles in your existing authentication systems to allow or block individual and group access. That's why it's important to check how these products work with your directory services, before purchasing one.

For More Information