Security Management Strategies for the CIOEmail Alerts
-
Using IAM, password and provisioning management tools for compliance
Provisioning and password management tools can ease complexity, reduce help desk calls and save money. But they also have an added benefit: they can help with your compliance woes. Identity and Access Manag
-
IAM Security School quick quiz
Quiz
-
Endpoint security protection: Policies for endpoint control
In this lesson, guest instructor Ben Rothke, Director of Security Technology Implementation for a large financial services company, provides tactics for endpoint security, policies for controlling endpoints and insight as to where endpoint security t... Identity and Access Manag
-
How to break into a computer that is right at your fingertips
Stressing the importance of physical security, Joel Dubin explains how a hacker can bypass a BIOS password and break into a computer. Book Chapter
-
Spy vs. Spy
Excerpt from Chapter 6 of Spies Among Us: How to Stop the Spies, Terrorists, Hackers, and Criminals You Don't Even Know You Encounter Every Day. Book Chapter
-
SAP Security Learning Guide
This guide pulls SAP security information from both SearchSecurity.com and its sister site, SearchSAP.com, to provide the most comprehensive resource around for all aspects of making your SAP system bulletproof. Learning Guide
-
Lesson/Domain 2 -- Security School: Training for CISSP Certification
SearchSecurity.com Security School webcasts are focused on CISSP training. Each lesson corresponds to a specific domain in the CISSP exam's "Common Body of Knowledge." School
-
Passwords: Do you speak Geek?
Test your knowledge of password-related terminology. Quiz
-
Infosec Know IT All Trivia: Secure passwords
Strengthen your passwords with the information you'll learn taking our trivia. Quiz
-
Verizon data breach report shows weak passwords at root of 2011 data breaches
Weak and default passwords are at the root of many data security breaches investigated by Verizon in 2011. News | 07 Mar 2012
-
Morto worm, an old-school Internet worm, spreading via RDP
Security firms say the Morto worm isn’t a Trojan, but an Internet worm that spreads via Windows Remote Desktop Protocol (RDP). News | 29 Aug 2011
-
Poor password management leads to Twitter hacks
FoxNews.com and PayPal UK Twitter accounts get hijacked by anonymous groups. News | 06 Jul 2011
-
HBGary Federal hack highlights botched authentication, SQL injection vulns
Website errors and poor authentication processes are among the technical lessons learned from the HBGary Federal hacking fiasco, security consultant says. News | 23 Feb 2011
-
Lieberman integrates SIEM tools with Enterprise Random Password Manager
Lieberman has announced a new version of Enterprise Random Password Manager that integrates with ArcSight ESM, RSA enVision and Q1 Labs QRadar. Article | 15 Feb 2011
-
Lessons learned: The Lincoln National case of shared passwords
An incident involving shared passwords at the financial services firm illustrates the critical need to control user access. Article | 26 Apr 2010
-
Knowledge-based authentication treads lightly on privacy issues
Expanding use of verification questions prompts concerns about privacy issues, but businesses say KBA has been vital in reducing fraud. Article | 10 Feb 2010
-
Torrent phishing scheme trips up Twitter users
Latest attack prompts warning to change your passwords. Check out these popular password management programs now. News | 04 Feb 2010
-
Customers risk online banking fraud by reusing bank credentials
Trusteer study shows many use their Internet banking password to login to other websites, opening the door to potential online banking fraud Article | 02 Feb 2010
-
Microsoft, security firms warn of password meltdown
An increase in online shopping this season would be a boon to cybercriminals, who are conducting phishing and drive-by attacks in an attempt to profit from the holiday spirit. Article | 01 Dec 2009
- See More: News on Password Management and Policy
-
Android security settings and controls for Android enterprise security
Can Androids ever be secure enough for corporate use? Learn about Android security controls to enable effective Android enterprise security. Tip
-
Privileged user access management: How to avoid access creep
One of the most difficult areas of privileged user access management is avoiding access creep. John Burke covers how to keep privileged users in check. Tip
-
Using an IAM maturity model to hone identity and access management strategy
Forrester Research’s Andras Cser discusses how to use an IAM maturity model to assess your identity and access management strategy. Tip
-
Alternatives to password-reset questions tackle social networking cons
With so much personal information available on the Internet, finding the answers to someone's password-reset questions can be quite easy. In this tip, learn about alternatives to the password-reset question option that can lead to more secure Interne... Tip
-
Making the case for enterprise IAM centralized access control
Central access to multiple applications and systems can raise the level of security while getting rid of lots of red tape, so how do you go about creating central access management? In this tip, IAM expert David Griffeth explains the steps. Tip
-
Best practices for a privileged access policy to secure user accounts
Enterprises need to secure accounts belonging to actual users by reviewing and monitoring their privileged access. Tip
-
Security book chapter: The Truth About Identity Theft
Jim Stickley, author of The Truth About Identity Theft, explains how easy it really is to hack a password. Tip
-
Recovering lost passwords with Cain & Abel
In his latest screencast, Peter Giannoulis of The AcademyPro.com demonstrates how to use the Cain & Abel tool to decipher or track down lost passwords.. Tip
-
Identity and access management 2009: Staff cuts, insider threats
Identity and access management in 2009 will be drastically different from 2008, most notably because staff reductions may result in a new crop of malicious attackers. In this tip, David Griffeth explains how to deal with growing outsider and insider ... Tip
-
ID and password authentication: Keeping data safe with management and policies
Learn how to improve authentication and avoid password hacking with management policies that enforce password expiration, length and complexity requirements. Tip
- See More: Tips on Password Management and Policy
-
Image-based authentication: Viable alternative authentication method?
Randall Gamby addresses the criticisms of image-based authentication and considers if it's a viable enterprise alternative authentication method. Answer
-
Minimum password length best practices: Are 14-character passwords necessary?
Should all enterprises mandate 14-character passwords, or are passwords alone not enough? IAM expert Randall Gamby offers his minimum password length best practices. Answer
-
Credential validation for an enterprise password storage vault
Randall Gamby offers advice on the credential validation process for an enterprise password storage system. Answer
-
Utilizing a hash function algorithm to help secure data
Learn how a hash function algorithm -- specifically a one-way hash function of the Dynamic SHA-2 algorithm -- can help protect important documents using a variety of hashes to confuse malicious code. Ask the Expert
-
Is a touchscreen virtual keyboard good for keeping passwords secure?
Recently, touchscreen virtual keyboards have been showing up on sites as an added security measure. What are the pros and cons of these virtual keyboards, and are they capable of stopping keylogging? Ask the Expert
-
Password encryption program: Best practices and alternatives
If you want to create password encryption code, check out these best practices from IAM expert Randall Gamby. He also offers alternatives to encrypting, such as using Kerberos or Federation SAML. Ask the Expert
-
HIPAA password policy: Managing Windows stored usernames and passwords
Under HIPAA, is it allowable to store Windows usernames and passwords? In this expert response, Ernie Hayden discusses managing access for companies that must be HIPAA compliant. Ask the Expert
-
Account lockout policy: Addressing too many failed login attempts
Learn how to create account lockout policies that details how many failed login attempts should be allowed before a password lock out in order to prevent a password dictionary attack. Ask the Expert
-
Creating a password-reset program with corporate text messaging
Learn how to use corporate text messaging as the cornerstone of an enterprise password-reset program in this expert response from Randall Gamby. Ask the Expert
-
Password security vaults: Is SSO authentication better?
Password security vaults may be able to aid users in remembering many different passwords, but are they the most secure solutions? IAM expert Randall Gamby gives his recommendations on setting password technology policy. Ask the Expert
- See More: Expert Advice on Password Management and Policy
-
onboarding and offboarding
In identity management, onboarding is the addition of a new employee to an organization's identity and access management (IAM) system. Definition
-
war dialer
A war dialer is a computer program used to identify the phone numbers that can successfully make a connection with a computer modem. Definition
-
TACACS (Terminal Access Controller Access Control System)
TACACS (Terminal Access Controller Access Control System) is an older authentication protocol common to UNIX networks that allows a remote access server to forward a user's logon password to an authentication server to determine whether access can be... Definition
-
shadow password file
In the Linux operating system, a shadow password file is a system file in which encryption user password are stored so that they aren't available to people who try to break into the system. Definition
-
salt
In password protection, salt is a random string of data used to modify a password hash. Definition
-
session replay
Session replay is a scheme a cracker uses to masquerade as an authorized user on an interactive Web site... (Continued) Definition
-
passphrase
A passphrase is a string of characters longer than the usual password (which is typically from four to 16 characters long) that is used in creating a digital signature (an encoded signature that proves to someone that it was really you who sent a mes... Definition
-
password
A password is an unspaced sequence of characters used to determine that a computer user requesting access to a computer system is really that particular user. Definition
-
masquerade
In general, a masquerade is a disguise. Definition
-
logon (or login)
In general computer usage, logon is the procedure used to get access to an operating system or application, usually in a remote computer. Definition
- See More: Definitions on Password Management and Policy
-
The business case for enterprise password management
Spyro Malaspinas discusses the importance of enterprise password management and how your business can benefit from implementing good identity management practices. Video
-
PCI compliance requirement 2: Defaults
PCI pros Diana Kelley and Ed Moyle review Requirement 2 of the Payment Card Industry Data Security Standard: Defaults. Video
-
PCI compliance requirement 8: Unique IDs
In a nutshell, Requirement 8 of the Payment Card Industry Data Security Standard calls for individual identification for anyone and everyone who has access to cardholder data. Video
-
Smart shopper: What to look for in password management and provisioning
Password management vendors are getting into the full-blown provisioning game, and traditional vendors are adding Windows logon extensions to facilitate self-service-a hallmark of a password management-only solutions in the past. As these two markets... Podcast
-
Image-based authentication: Viable alternative authentication method?
Randall Gamby addresses the criticisms of image-based authentication and considers if it's a viable enterprise alternative authentication method. Answer
-
Verizon data breach report shows weak passwords at root of 2011 data breaches
Weak and default passwords are at the root of many data security breaches investigated by Verizon in 2011. News
-
Android security settings and controls for Android enterprise security
Can Androids ever be secure enough for corporate use? Learn about Android security controls to enable effective Android enterprise security. Tip
-
Minimum password length best practices: Are 14-character passwords necessary?
Should all enterprises mandate 14-character passwords, or are passwords alone not enough? IAM expert Randall Gamby offers his minimum password length best practices. Answer
-
Privileged user access management: How to avoid access creep
One of the most difficult areas of privileged user access management is avoiding access creep. John Burke covers how to keep privileged users in check. Tip
-
Credential validation for an enterprise password storage vault
Randall Gamby offers advice on the credential validation process for an enterprise password storage system. Answer
-
Morto worm, an old-school Internet worm, spreading via RDP
Security firms say the Morto worm isn’t a Trojan, but an Internet worm that spreads via Windows Remote Desktop Protocol (RDP). News
-
Poor password management leads to Twitter hacks
FoxNews.com and PayPal UK Twitter accounts get hijacked by anonymous groups. News
-
Using an IAM maturity model to hone identity and access management strategy
Forrester Research’s Andras Cser discusses how to use an IAM maturity model to assess your identity and access management strategy. Tip
-
HBGary Federal hack highlights botched authentication, SQL injection vulns
Website errors and poor authentication processes are among the technical lessons learned from the HBGary Federal hacking fiasco, security consultant says. News
- See More: All on Password Management and Policy
About Password Management and Policy
Discover how to succeed in password management. Learn how to implement a password policy, software and tools, how to choose the right password length and when to change your password. Also, get advice on password cracking software, tools and programs.