Tips

Tips

Web authentication and access control

• Combination of new, old tech driving remote access security

  The massive shift to home-based workforces left IT vulnerable to unexpected threats, but organizations are combining old and new strategies to maintain remote access security.  Continue Reading

• The pros and cons of biometric authentication

  Hoping for a passwordless future? Multifactor authentication using biometrics may be the answer. Consider the pros, cons and implications of biometric authentication before deploying.  Continue Reading

• 3 key identity management tips to streamline workflows

  Organizations must audit IAM processes to ensure that opportunities to streamline workflows are not missed. Use these identity management tips to get started.  Continue Reading

• Using digital identity management to gain and retain trust

  Enterprise identity and access management strategies must include processes for managing and securing three types of digital identity. Learn how.  Continue Reading

• Top 4 essential identity and access management best practices

  Now is the time to shore up the who, what and where of network identities. Adopt these four critical identity and access management best practices to bolster your infosec program.  Continue Reading

• SSL certificate best practices for 2020 and beyond

  SSL/TLS security is continuously improving, and there are steps site owners should take to ensure the safety of their SSL certificates, websites and users. Read on to learn more.  Continue Reading

• The benefits of IAM can far outweigh the costs

  Identity and access management is a critical piece of enterprise information security. But the benefits of IAM go beyond illuminating who -- and what -- might be using your network.  Continue Reading

• How automated patch management using SOAR can slash risk

  Learn how to use security orchestration, automation and response, also known as SOAR, to ease the hassle of mundane tasks related to patch management.  Continue Reading

• Automating incident response with security orchestration

  Security orchestration, automation and response technology is now seen as a key aid to security pros attempting to thwart an onslaught of cyberattacks.  Continue Reading

• Plugging the cybersecurity skills gap with security automation

  Security automation and response promises to help alleviate the shortage of qualified cybersecurity pros. Learn how SOAR helps security teams work smarter, not harder.  Continue Reading

• The evolution of the Let's Encrypt certificate authority

  Certificate authorities work differently since the open source Let's Encrypt project went into effect. Expert Fernando Gont explains how both CAs and Let's Encrypt operate.  Continue Reading

• Updating TLS? Use cryptographic entropy for more secure keys

  Cryptographic entropy is necessary to secure session encryption keys in TLS 1.2, but RSA key transport is not supported in TLS 1.3. Discover the causes for concern with Judith Myerson.  Continue Reading

• For effective customer IAM, bundle security and performance

  CIAM can verify identity, manage access and deliver a smooth experience for customers. Get an expert's insights on how to tackle customer IAM now.  Continue Reading

• Enterprises should reconsider SMS-based 2FA use after breach

  A Reddit breach was triggered by threat actors intercepting SMS messages used to authenticate employees to access sensitive data. Learn why enterprises should reconsider SMS for 2FA.  Continue Reading

• What about enterprise identity management for 'non-users'?

  Identity and access management for service, machine and application accounts is as important as it is for individuals, so be sure your IAM strategy considers so-called non-users.  Continue Reading

• Why a zero-trust network with authentication is essential

  Zero-trust networks are often deemed compromised and untrusted, making authentication variables essential to security. Expert Matthew Pascucci explains a zero-trust security model.  Continue Reading

• How machine learning-powered password guessing impacts security

  A new password guessing technique takes advantage of machine learning technologies. Expert Michael Cobb discusses how much of a threat this is to enterprise security.  Continue Reading

• Use caution with OAuth 2.0 protocol for enterprise logins

  Many apps are using the OAuth 2.0 protocol for both authentication and authorization, but technically it's only a specification for delegated authorization, not for authentication.  Continue Reading

• Learn how to identify and prevent access control attacks

  Once an attacker has gained entry to a network, the consequences can be severe. Find out how the right access control tools can help prevent that from happening.  Continue Reading

• Common web application login security weaknesses and how to fix them

  Flawed web application login security can leave an enterprise vulnerable to attacks. Expert Kevin Beaver reviews the most common mistakes and how to fix them.  Continue Reading

• Why authorization management is paramount for cybersecurity readiness

  After enterprise identities are authenticated, an authorization management system should monitor how resources are being used. Expert Peter Sullivan explains how it can work.  Continue Reading

• How to use hashcat to address authentication vulnerabilities

  Authentication vulnerabilities are a constant problem, but testing tools like hashcat can make a significant difference. Expert Joe Granneman discusses hashcat and password cracking.  Continue Reading

• A safe password system? Here's how

  News of the death of the password system is premature, despite the security vulnerabilities of this authentication method. Learn how to create a safe password system.  Continue Reading

• How to limit privileged accounts and boost security

  Too many privileged accounts can result in access abuse in enterprises. Expert Mike O. Villegas discusses which account privileges should be limited to reduce security incidents.  Continue Reading

• The enterprise potential of behavioral biometrics

  Biometric authentication has quickly evolved to include behavioral identifiers. Expert Michael Cobb explores the benefits of behavioral biometric technology for enterprises.  Continue Reading

• Microsoft Edge security features raise the bar in Web browser safety

  Learn about the new and improved security features in the upcoming Microsoft Edge browser, including on-by-default sandboxes, Passport and HTML5.  Continue Reading

• The benefits of open source identity management software

  Organizations are often looking to minimize costs without compromising on security. Expert Randall Gamby examines the benefits of open source identity management software.  Continue Reading

• Adaptive authentication: An introduction to risk-based authentication

  Enterprise use of adaptive authentication is growing internally and for Web applications. Brad Causey details the allure of risk-based authentication.  Continue Reading

• Intro to two-factor authentication in Web authentication scenarios

  The Web's top brands are implementing two-factor authentication for consumer Web authentication. Learn 2FA benefits, burdens and how to get started.  Continue Reading

• SSL certificate management: Avoiding common mistakes

  Errors are bound to occur when SSL certificate management is handled manually. Learn how to avoid these common mistakes.  Continue Reading

• Alternatives to password-reset questions tackle social networking cons

  With so much personal information available on the Internet, finding the answers to someone's password-reset questions can be quite easy. In this tip, learn about alternatives to the password-reset question option that can lead to more secure ...  Continue Reading

• Vista WIL: How to take control of data integrity levels

  In the past, Windows users could tweak NTFS permissions and decide who should have access to important data. With the introduction of the Windows Vista operating system, however, the Windows Integrity Levels (WIL) feature seeks to address previous ...  Continue Reading

• The dangers of granting system access to a third-party provider

  Granting system access to a third-party provider is a risk that can introduce security threats and technical and business dangers into your enterprise. In this tip, security expert Joel Dubin discusses the potential threats involved with granting ...  Continue Reading

• Employee profiling: A proactive defense against insider threats

  Employee profiling is one technique to combat malicious insiders, but organizations should tread carefully. As identity and access management expert Joel Dubin writes, protecting data and systems against insiders with criminal intentions requires a ...  Continue Reading

• Extranet security strategy considerations

  Extranets can be beneficial for conducting e-commerce, but if they aren't properly secured, they can pose serious risks to you, your business partners and customers. In this tip, our network security expert, Mike Chapple, provides four tactics for ...  Continue Reading

• IIS security: Configure Web server permissions for better access control

  Updating user access controls as business portfolios expand can help protect confidential data. Learn how to secure user access controls and keep your greatest asset under lock and key by configuring IIS Web server permissions, in this tip by ...  Continue Reading

• Secure data transmission methods

  The main purpose of this tip is to explore secure data transmission options that are available to help meet regulatory and legal requirements.  Continue Reading

• How to secure session tokens

  Dos and don'ts for protecting session IDs for users of e-commerce Web sites.  Continue Reading

• Limiting the risk and liability of federated identities

  You'll learn the legal issues involved in federated identity and how to best manage them.  Continue Reading

• Top six steps for a secure Web server

  Looking for a secure Web server checklist? You're in luck. In this tip, Mike Chapple provides six simple actions you can take to make your Web server more secure.  Continue Reading

• ASP.NET authentication: Three new options for Web services

  Web developers migrating to ASP.NET find themselves faced with additional authentication options available for use in Web services.  Continue Reading

• Mnemonic-based passwords

  SearchSecurity member Mark Farrar offers an alternative method for creating passwords.  Continue Reading