Wednesday 21 October 2009
The many faces of e-Crime Video
The many faces of e-Crime, what are the risks to small businesses
http://streamingportal.multistream.co.uk/ecrimewales2009/eng_webcast_pres05.htm
http://streamingportal.multistream.co.uk/ecrimewales2009/eng_webcast_pres05.htm
Wednesday 29 July 2009
Influenza A H1N1 and strong authentication?
What is the relationship between influenza and strong authentication? – “Remote Working”
Or in techie speak - translates to the implementation of a remote access solution! If you are following or looking at government or business forums they recommend the use of implementing a number of measures. So what????
One of the measures that are being described is the implementation of remote working solutions to enable working from home.
In all cases no one is highlighting the possible risks to remote access systems by way of gaining access with weak username and passwords? So here's a clarification. Today there are a lot of remote access technologies. As SSL VPN, IPSEC VPN, Citrix, etc ...
But we have a big problem business have and should use Two Factor Authentication. But you say I can just use a username and static password? Technically yes!
But do you think this is a good idea. The risks are far too GREAT. It is so easy to steal or guess someone’s password. Please refer to a number of my blog postings on stealing passwords
The answer is very simple use Two Factor Authentication.
I think the next time the implementation of remote access is under taken business should think twice or consider MAS ICE by CRYPTOCard.
What is the bigger risk to you business H1N1 or an invisible person on your network stealing all of your IP??
Or in techie speak - translates to the implementation of a remote access solution! If you are following or looking at government or business forums they recommend the use of implementing a number of measures. So what????
One of the measures that are being described is the implementation of remote working solutions to enable working from home.
In all cases no one is highlighting the possible risks to remote access systems by way of gaining access with weak username and passwords? So here's a clarification. Today there are a lot of remote access technologies. As SSL VPN, IPSEC VPN, Citrix, etc ...
But we have a big problem business have and should use Two Factor Authentication. But you say I can just use a username and static password? Technically yes!
But do you think this is a good idea. The risks are far too GREAT. It is so easy to steal or guess someone’s password. Please refer to a number of my blog postings on stealing passwords
The answer is very simple use Two Factor Authentication.
I think the next time the implementation of remote access is under taken business should think twice or consider MAS ICE by CRYPTOCard.
What is the bigger risk to you business H1N1 or an invisible person on your network stealing all of your IP??
Tuesday 28 July 2009
Sexy Technology
Some information that I thought you might find useful..
Please see the following article:-
Please see the following article:-
http://searchsecurity.techtarget.co.uk/news/article/0,289142,sid180_gci1362723,00.html?track=NL-988&ad=717543&asrc=EM_NLT_8797460&uid=8792533
Even Twitter has issues with passwords – which I am sure we will see them address very soon – so customers are not alone:- "It's easy to be seduced by sexy technology, but if your password is compromised, then your security is blown."
The article highlights the need for two factor authentication and also puts forward a really good sales tactic:- "Smart CISOs could use a move to cloud computing as a good reason to ask for budget to introduce two-factor authentication."
Shame he did not mention that the ideal solution is cloud based authentication – never mind
Even Twitter has issues with passwords – which I am sure we will see them address very soon – so customers are not alone:- "It's easy to be seduced by sexy technology, but if your password is compromised, then your security is blown."
The article highlights the need for two factor authentication and also puts forward a really good sales tactic:- "Smart CISOs could use a move to cloud computing as a good reason to ask for budget to introduce two-factor authentication."
Shame he did not mention that the ideal solution is cloud based authentication – never mind
Thursday 25 June 2009
UK cyber security
“It is certainly welcome that cyber security is being given a higher level of attention at Cabinet, something that has been long overdue. What is sometimes frustrating for those of us in the industry is that security is a relatively easy thing to get right if effective frameworks are in place. This includes a robust legislative framework and the educational framework to promote exemplary information security practice throughout both public and private sector.
Awareness is the key, with ensuring that all businesses are made aware of the simplicity of gaining access to information a priority. The rise of social networking is one key development that raises many security issues, which must be carried out safely by staff and citizens alike. These are the wider issues that need to met by Government, away from the blitz of announcements and initiatives.”
Awareness is the key, with ensuring that all businesses are made aware of the simplicity of gaining access to information a priority. The rise of social networking is one key development that raises many security issues, which must be carried out safely by staff and citizens alike. These are the wider issues that need to met by Government, away from the blitz of announcements and initiatives.”
Friday 20 February 2009
Let me ask you one simple question:
“How do you weigh up IT Security costs in your organisation?“
Sometimes, it's not just a number on an invoice. If your company suffered from a malious attack from a fraudster who stole important data or brought down critical business systems what would be the full cost to the business?
To start with there's the expenses of legal fees, call centers and lost employee productivity. There is also regulatory fines, a fall in share prices and customer losses to consider.
The fact is that the loss of sensitive data can have a dehabilitating effect on an organization's bottom line- especially if it is ill-prepared. A Forrester report published last year estimated the cost to be between $90 to $305 per record lost which does not include additonal marketing activities and discounts offered to rebuild customer loyalty. There are weekly media reports of these e-crimes. A Best Western Hotel was a recent case. Whilst the security breach has been closed, the after shock from this data loss goes beyond those whose personal data could have been compromised. Only 10 people affected?
How confident would you be at booking your next stay with them? So whilst departmental heads are looking to trim pounds off their budgets due to the economic climate, reducing your IT security budget to zero may cost more than you think.
Sometimes, it's not just a number on an invoice. If your company suffered from a malious attack from a fraudster who stole important data or brought down critical business systems what would be the full cost to the business?
To start with there's the expenses of legal fees, call centers and lost employee productivity. There is also regulatory fines, a fall in share prices and customer losses to consider.
The fact is that the loss of sensitive data can have a dehabilitating effect on an organization's bottom line- especially if it is ill-prepared. A Forrester report published last year estimated the cost to be between $90 to $305 per record lost which does not include additonal marketing activities and discounts offered to rebuild customer loyalty. There are weekly media reports of these e-crimes. A Best Western Hotel was a recent case. Whilst the security breach has been closed, the after shock from this data loss goes beyond those whose personal data could have been compromised. Only 10 people affected?
How confident would you be at booking your next stay with them? So whilst departmental heads are looking to trim pounds off their budgets due to the economic climate, reducing your IT security budget to zero may cost more than you think.
Let me ask you one simple question:
“Do you know the different between Identity and Authentication? ” Actually this can be quite a hard question to answer but put simply, identity is the state or fact of being the same one as described whereas authentication is to establish as genuine the facts presented. Clear as mud I'm sure!
So here's an example to help you: James Brown has a key to unlock and drive his car. The car can be unlocked as he approaches his car but only by his key. However, if Joe loses his key in the car park whoever finds it has the ability to unlock and drive that car...and could even copy that key. What has happened here is that the key provides an identity the car recognises or "fact of being the same." It has no way of questioning the validity of the user within the request.
Can you imagine if all you had for your bank account was your cash card, or to logon to your laptop, was a username? This is why PIN's and passwords are used to form part of the authentication process, but all too often we make them useless but simplfying them, writing them down or even letting others know it!
This is why two-factor authentication is not only becoming increasingly popular but standard for a growing number of industries and organisations serious about authentication. So if James Brown's laptop that was in the back of his car was protected with 2FA, the 'new owner' would have to know his user name, PIN and have his password token to 'be him' in order to authenticate to the server.
The benefits of authentication over identity are clear.
So here's an example to help you: James Brown has a key to unlock and drive his car. The car can be unlocked as he approaches his car but only by his key. However, if Joe loses his key in the car park whoever finds it has the ability to unlock and drive that car...and could even copy that key. What has happened here is that the key provides an identity the car recognises or "fact of being the same." It has no way of questioning the validity of the user within the request.
Can you imagine if all you had for your bank account was your cash card, or to logon to your laptop, was a username? This is why PIN's and passwords are used to form part of the authentication process, but all too often we make them useless but simplfying them, writing them down or even letting others know it!
This is why two-factor authentication is not only becoming increasingly popular but standard for a growing number of industries and organisations serious about authentication. So if James Brown's laptop that was in the back of his car was protected with 2FA, the 'new owner' would have to know his user name, PIN and have his password token to 'be him' in order to authenticate to the server.
The benefits of authentication over identity are clear.