-
Information Security Decisions Session Downloads
Session Downloads from Information Security Decisions 2006 Conference. Session Downloads
-
How to build an identity and access management architecture
Regardless of your company's size, managing identity can be a huge undertaking that requires the efficient oversight of many moving parts. In this lesson, guest instructor Richard Mackey, principal with consultancy SystemExperts, helps you put togeth... Identity and Access Manag
-
Controlling Web access with Apache
How to meet access control requirements with Apache and IIS Web servers. Book Chapter
-
Lesson/Domain 2 -- Security School: Training for CISSP Certification
SearchSecurity.com Security School webcasts are focused on CISSP training. Each lesson corresponds to a specific domain in the CISSP exam's "Common Body of Knowledge." School
-
Authentication and access
This tip describes levels of authentication and various access methods. Perspective
-
Infosec Know IT All Trivia: Authentication
Test your knowledge of authentication methods with our Infosec Know IT All Trivia. Quiz
-
Network role-based security
Read Chapter 16, Network Role-Based Security from the book "Network Security: The Complete Reference" written by Roberta Bragg, Mark Rhodes-Ousley and Keith Strassberg. Book Chapter
-
GlobalSign hack update: Certificate authority finds no rogue certs
Following a breach to a GlobalSign Web server, an extensive investigation found no evidence of an infiltration of its digital certificate infrastructure and no leakage of its certificate keys. News | 15 Dec 2011
-
RSA responds to SecurID attack, plans security token replacement
Following a retooling of its manufacturing and supply chain management processes, RSA plans to replace security tokens for high risk customers. News | 07 Jun 2011
-
CA to acquire Arcot Systems for SaaS identity management
CA said Arcot's software as a service delivery model could help accelerate its delivery of CA identity and access management technologies from the cloud. Article | 30 Aug 2010
-
Intel-McAfee marriage could fuel renewed chip security interest
Hardware-based security is in use at some enterprises and gains in virtualization are predicted on the horizon, but the technology has seen slow adoption. Article | 26 Aug 2010
-
Companies falling behind on IT access governance, survey finds
Too many employees are given access to systems they don't need, according to a survey conducted by the Ponemon Institute. Article | 20 Apr 2010
-
Yahoo login credentials at risk to hijacking attack
Cybercriminals target Yahoo and other hosting services using a new phishing campaign to hijack accounts and commit bank fraud. Article | 07 Dec 2009
-
Group to shed light on secure identity management threats
Identity management technologies are struggling to keep pace with constantly evolving nature of attacks, according to the Center for Applied Identity Management Research (CAIMR). Article | 27 Oct 2009
-
Kaminsky reveals key flaws in X.509 SSL certificates at Black Hat
Researcher Dan Kaminsky returned to Black Hat with new research on X.509 certificates, explaining an attack method that could enable malicious hackers to spoof legitimate SSL certificates.. Article | 29 Jul 2009
-
IBM USB banking device stops keyloggers, malware
A new USB stick, developed by IBM researchers, sets up a secure banking connection bypassing computer software and drivers. News | 29 Oct 2008
-
Sun launches open source OpenSSO for identity management
Sun integrates access management, federation and secure Web services in its new OpenSSO Enterprise Article | 30 Sep 2008
- See More: News on Web Authentication and Access Control
-
Alternatives to password-reset questions tackle social networking cons
With so much personal information available on the Internet, finding the answers to someone's password-reset questions can be quite easy. In this tip, learn about alternatives to the password-reset question option that can lead to more secure Interne... Tip
-
How to use single sign-on for Web access control to prevent malware
Web-based applications are popping up everywhere, and new worms and viruses are being developed just as quickly to exploit them. In this IAM expert tip, David Griffeth explains how to use single sign-on with multifactor authentication to keep malware... Tip
-
Vista WIL: How to take control of data integrity levels
In the past, Windows users could tweak NTFS permissions and decide who should have access to important data. With the introduction of the Windows Vista operating system, however, the Windows Integrity Levels (WIL) feature seeks to address previous ac... Tip
-
Enterprise security in 2008: Assessing access management
Access management troubles were hardly few and far between in 2007, and according to IAM expert Joel Dubin, access management challenges aren't going away in 2008. In this tip, Dubin outlines this year's key issues, including remote access, provision... Tip
-
The dangers of granting system access to a third-party provider
Granting system access to a third-party provider is a risk that can introduce security threats and technical and business dangers into your enterprise. In this tip, security expert Joel Dubin discusses the potential threats involved with granting acc... Tip
-
Employee profiling: A proactive defense against insider threats
Employee profiling is one technique to combat malicious insiders, but organizations should tread carefully. As identity and access management expert Joel Dubin writes, protecting data and systems against insiders with criminal intentions requires a m... Tip
-
Extranet security strategy considerations
Extranets can be beneficial for conducting e-commerce, but if they aren't properly secured, they can pose serious risks to you, your business partners and customers. In this tip, our network security expert, Mike Chapple, provides four tactics for lo... Tip
-
IIS security: Configure Web server permissions for better access control
Updating user access controls as business portfolios expand can help protect confidential data. Learn how to secure user access controls and keep your greatest asset under lock and key by configuring IIS Web server permissions, in this tip by SearchS... Tip
-
Secure data transmission methods
The main purpose of this tip is to explore secure data transmission options that are available to help meet regulatory and legal requirements. Tip
-
Layered access control: 6 top defenses that work
Security guru Joel Snyder introduces six strategies for building layered security in networks in this presentation from Information Security Decisions. Tip
- See More: Tips on Web Authentication and Access Control
-
Enterprise user de-provisioning best practices: How to efficiently revoke access
Misplaced or stagnant employee access can be dangerous; Randall Gamby details user provisioning best practices for setting up a system to combat this risk. Answer
-
The pros and cons of delivering Web pages over an SSL connection
An SSL connection can help secure Web browsing, but can affect website performance. Michael Cobb explains the pros and cons of an SSL connection. Answer
-
OAuth 2.0: Pros and cons of using the federation protocol
Learn the advantages and disadvantages of using Open Authorization for Web application authentication. Answer
-
Insufficient authorization: Hardening Web application authorization
Insufficient authorization errors can lead to Web app compromises and data loss. Learn how to fix these authorization errors. Answer
-
How to use Wget commands and PHP cURL options for URL retrieval
When TCP or HTTP connections aren't behaving as expected, free tools like Wget and cURL can help with URL retrieval. Learn more in this expert response from Anand Sastry. Ask the Expert
-
Can DHCP management tools be used to manage user account permissions?
Learn more about whether using DHCP management tools is an effective way to manage user account permissions, and what other options might be, in this expert response from Randall Gamby. Ask the Expert
-
How to set up Apache Web server access control
If you're hoping to allow or deny Apache Web server access based on IP address, check out this expert response from Randall Gamby. Ask the Expert
-
Creating a secure intranet with secure file access management
Is it possible to allow employees to access sensitive information via an intranet securely? In this expert response, Randall Gamby explains how Web access management software might help. Ask the Expert
-
Manage access to social networking sites with an acceptable use policy
Social networking sites can cause security issues, but sites like Twitter and Facebook can also open up significant business opportunities. Learn how to manage employee access to social networking sites to make sure only those employees who need acce... Ask the Expert
-
IT business justification to limit network access
Are you hoping to limit network access at your organization, but aren't sure how to go about creating an IT business justification for a proxy server? In this expert response, Randall Gamby explains what a proxy server can do, including how to explai... Ask the Expert
- See More: Expert Advice on Web Authentication and Access Control
-
user account provisioning
User account provisioning is a business process for creating and managing access to resources in an information technology (IT) system. To be effective, an account provisioning process should ensure that the creation of accounts and provisioning of a... Word
-
knowledge-based authentication (KBA)
Knowledge-based authentication (KBA) is an authentication scheme where the user is asked to answer at least one "secret" question during an online registration process. Word
-
multifactor authentication (MFA)
Multifactor authentication (MFA) is a security system in which more than one form of authentication is implemented to verify the legitimacy of a transaction... (Continued) Word
-
identity chaos (password chaos)
Word
-
anonymous Web surfing (Web anonymizer, SafeWeb)
Word
-
walled garden
Word
-
authentication, authorization, and accounting (AAA)
Word
-
access log
Word
-
Best practices: Identity management - Part 2
Do you know how to optimize your identity management? Learn how In part 2 of Best practices: Identity management where experts Kelly Manthey and Peter Gyurko discuss how using case studies involving a Fortune 500 bank. Video
-
What is identity management?
Do you know what identity management is and how to properly manage it? This expert video featuring Kelly Manthey and Peter Gyurko explores the role of identity mangement and how it can benefit your enterprise. Video
-
Countdown - Top 5 Technologies on the Leading Edge of Authentication
Authentication technologies have made great strides as of late, and the timing couldn't be better: privilege creep, insider abuse and numerous other issues are causing enterprises to turn to innovative techniques to solve emerging problems. In this p... Podcast
-
Enterprise user de-provisioning best practices: How to efficiently revoke access
Misplaced or stagnant employee access can be dangerous; Randall Gamby details user provisioning best practices for setting up a system to combat this risk. Answer
-
GlobalSign hack update: Certificate authority finds no rogue certs
Following a breach to a GlobalSign Web server, an extensive investigation found no evidence of an infiltration of its digital certificate infrastructure and no leakage of its certificate keys. News
-
The pros and cons of delivering Web pages over an SSL connection
An SSL connection can help secure Web browsing, but can affect website performance. Michael Cobb explains the pros and cons of an SSL connection. Answer
-
OAuth 2.0: Pros and cons of using the federation protocol
Learn the advantages and disadvantages of using Open Authorization for Web application authentication. Answer
-
Insufficient authorization: Hardening Web application authorization
Insufficient authorization errors can lead to Web app compromises and data loss. Learn how to fix these authorization errors. Answer
-
RSA responds to SecurID attack, plans security token replacement
Following a retooling of its manufacturing and supply chain management processes, RSA plans to replace security tokens for high risk customers. News
-
Best practices: Identity management - Part 2
Do you know how to optimize your identity management? Learn how In part 2 of Best practices: Identity management where experts Kelly Manthey and Peter Gyurko discuss how using case studies involving a Fortune 500 bank. Video
-
What is identity management?
Do you know what identity management is and how to properly manage it? This expert video featuring Kelly Manthey and Peter Gyurko explores the role of identity mangement and how it can benefit your enterprise. Video
-
user account provisioning
User account provisioning is a business process for creating and managing access to resources in an information technology (IT) system. To be effective, an account provisioning process should ensure that the creation of accounts and provisioning of a... Word
-
CA to acquire Arcot Systems for SaaS identity management
CA said Arcot's software as a service delivery model could help accelerate its delivery of CA identity and access management technologies from the cloud. Article
- See More: All on Web Authentication and Access Control
About Web Authentication and Access Control
Get tips and tricks on Web access authentication and control. Learn when restricting Web access is necessary and how Web application IAM techniques like single sign-on can thwart hacker attacks and threats.