Tag Archives: Two-Factor Authentication

Make your summer stress free with Password Reset

Posted on by
Reply

By Vanessa Cardwell, Marketing Manager, Netutils.

Views expressed in this post are original thoughts posted by Vanessa Cardwell, Marketing Manager, Netutils. These views are her own and in no way do they represent the views of the company.

Our guess is that a number of your employees are returning from their summer holidays and can’t remember their passwords. Are we right? It’s confession time from me .. I had to think hard to remember mine!

Drink by the CaribbeanStatistics suggest that as much as 20-50% of all help desk calls are related to password problems, and the scenario with forgotten passwords after a holiday is classic and a real pain to many IT departments.

SMS PASSCODE’s Password Reset Module takes this pain away by enabling users to easily reset their own Active Directory passwords in a secure way. The solution offers automated user notification and places intuitive self-service capabilities in the hands of the user. Take a look at this video from SMS Passcode for an quick overview of how it works.

(Btw, I did remember mine in the end, in case you were wondering!)

[vimeo vimeo.com/http://vimeo.com/100687647]

 

 

 

The Leap to Token Free; Key Features of Multi-Factor Authentication Solution SMS Passcode

Posted on by
2
[vimeo vimeo.com/http://vimeo.com/89103575]

In this short video blog Technology Specialist Malcolm Orekoya talks us through the key features of multi-factor authentication solution SMS Passcode – including why choose multi-factor? Why multi-factor offers a more secure alternative to traditional tokens and why password delivery is so secure with SMS Passcode.

Don’t ignore the hype: IT trends deliver security with access

Posted on by
Reply

By Malcolm Orekoya, Technical Specialist, Netutils

Views expressed in this post are original thoughts posted by Malcolm Orekoya, Technical Specialist, Netutils. These views are his own and in no way do they represent the views of the company.

How do we enhance security but allow users access to the data and resources they need seamlessly and improve enterprise productivity, while still keeping up with the trends in mobility, consumerisation and cloud? The answer is by following those trends.

Look beyond the technology and look at the people that use the technology. This tells us two things: users do not prioritise security, and your enterprise productivity is directly related to the ability of your users to perform their tasks efficiently. So companies cannot adopt a “lock everything down” mentality. It is effectively a denial of service attack against yourself, because you are essentially denying access to the essential services needed by your users. So security, and enforcement of it, is solely the responsibility of the enterprise. It may sound harsh, but it is the reality; employees are accountable for the procedures, guidelines and policies to which they are required to adhere to.

The only viable way to build a secure network that moves with CoIT is to use existing corporate user identity systems (such as Active Directory, LDAP, SQL) to integrate with evolving ideas to automatically provision context-aware applications and resources.

So how to secure data and the network while still allowing seamless access and speedy resource allocation? Don’t ignore the trends in the IT industry. Cloud and hosted applications are continually increasing in adoption because they guarantee a certain level of security of access, ease of access, flexibility, automated provisioning, ease of upgrades, cross platform compatibility and reduced CAPEX, while maintaining compliance and security standards. The providers of these solutions are themselves heavily regulated and required to adhere to high standards of data and network security.

If you prefer to retain in-house control of applications, then virtual desktop infrastructure (VDI) means you benefit from reduced costs over time of purchasing user endpoint machines by moving to thin clients. But also these VDI platforms allow control of what applications employees have access to, and provide much more granular control on what tasks users can perform. Because a lot of the VDI platforms allow “hot-desking”, as user profiles are maintained on centralised servers, they provide access flexibility and remote access, which fit with CoIT needs.

Zero-Day protection is also another useful trend; the means by which an enterprise can protect its data and resources from threats and vulnerabilities that are currently unknown, so consequently do not have a fix. Zero-Day application exploits, targeted attacks, advanced information stealing malware and Advanced Persistent Threats (APTs) all pose a serious security threat to enterprises, but as these threats evolve, so does the approach to effective and manageable protection. Active defence, which discourages attacks by focusing on raising costs and risks to attackers, is slowly creeping into enterprise strategy. Proactive protection – including advanced Web Application Firewalls (WAF), counterstrike and intrusion deception techniques – are all protection methods that have seen a revival. For example, in 2012 Juniper Networks acquired Mykonos Software’s intrusion deception software (Junos WebApp Secure) to enhance its web application security portfolio. It places deception points along the way. When an attacker trips one of those tripwires, we are alerted to the fact they are there and can watch them.

The reality is that vulnerabilities and threats exist, and come from inside as well as outside the network. The biggest insider threats are the employees, but we can only educate staff on how to handle sensitive corporate data and how to use corporate resources. For outsider threats, innovation brings assistance.

Webinar Recording: The leap to token free; what to consider when evaluating multi-factor authentication

Posted on by
Reply
[vimeo vimeo.com/http://vimeo.com/75018750]

With the rise in systems being breached and major brands such as The New York Times, Ubisoft, Burger King and Virgin Radio falling victim to hackers, it is clear that the need for strong multi-factor authentication has never been more urgent. Companies of all sizes are increasingly adopting modern SMS based technology instead of hard tokens to authenticate their users. Is it time for you to evaluate the benefits as well?

Webinar Recording: SMS Passcode – Next Generation 2 Factor Authentication

Posted on by
Reply
[vimeo vimeo.com/http://vimeo.com/62704206]

Recently there has been an explosion in security breaches including attacks on high profile organisations like Sony & Citibank. Increasingly trusted 20+ year old token technology has been breached. View our 30 minute webinar and we will show you SMS Passcode a new generation of login security based on multi-factor authentication via the mobile phone SMS network, voice call or secure e-mail. SMS Passcode is a low cost solution to traditional tokens with maximum scalability, reliability, fast set up and installation.

SMS PASSCODE® Version 6.1 raises the bar with location and behaviour aware login security

Posted on by
1

In this video blog our Senior Technical Consultant, Malcolm Orekoya, takes us through the new features of SMS PASSCODE® version 6.1 . Location and behaviour aware login security protects your remote access systems and users against un-authorised access.

[vimeo vimeo.com/49157381]

VMware to demonstrate SMS PASSCODE configuration as part of bootcamp

Posted on by
Reply

You may be interested in the recent blog post from Lars Nielsen, VP Commercial Operations at SMS Passcode.

During the recent VMware View Bootcamp – Mobile Secure Desktop: Radius 2-Factor Authentication – Mark Benson from VMware did an excellent walk through of the recently announced RADIUS support in the VMware View VDI client. SMS Passcode have been a technology collaboration partner on this project. Mark walks through the specific setup required to implement SMS PASSCODE transparently with the View client. It is an excellent brief tutorial on how easy it is to protect View with the more secure real-time, session specific multi- and two-factor authentication from SMS PASSCODE following a demonstration of a legacy token solution.  To learn more, visit the Youtube video here.

For more on SMS Passcode please follow their blog. http://blog.smspasscode.com/

Modern Threats, Modern Solutions – New Generation 2 Factor Authentication

Posted on by
1

View our latest Netutils Tech Round Up, here we discuss multi-factor authentication. Our Network & Security Specialist, Malcolm Orekoya illustrates how with security breaches at historically high levels a user name and password alone is simply not enough to protect your network. SMS Passcode offers a low cost solution to traditional tokens with maximum scalability, reliability, fast set up and installation.

Considerations for Service Providers – Delivering a Seamless Wi-Fi Off-Load Experience to Subscribers

Posted on by
Reply

Part 2:  Options for Authentication by Toby Makepeace, Technical Director, Netutils

This post contains original thoughts posted by Toby Makepeace, Technical Director, Network (Utilities) Systems Ltd. These views are his own.

Leading on from Part 1, Mobile Operators V Fixed Line Operators – who will win Wi-Fi Off-load Race?, we now need to look and consider how operator’s effectively manage subscribers and deliver a seamless Wi-Fi experience. What are the different options for authentication that operator’s should be considering?  WISPr , EAP-TTLS, EAP-SIM/AKA?

The answer is all of the above, because it all boils down to the device support.

For example, if we take the case that a user might have 3 devices that support Wi-Fi, but only one of these devices is provided by the mobile operator, do we want to limit authentication to only EAP-SIM based devices whereby a user will be limited to the device provided by the operator over 3G or Wi-Fi? Or do we want to offer a mixture of authentication methods to suit the devices a user may wish to use to connect to the internet?

Given my earlier point in part 1, that mobile users expect to consume and access more & more rich media content faster, from any location, at any time, from multiple devices an operator that only invests in one authentication method will limit either the devices they support or the user experience itself. This will inevitably lead to a user looking for another provider to meet their consumption needs, rather than their current mobile operator.

What we have seen is early adoption of WISPr based authentications in the market but the uptake to date has been slow; the process is cumbersome and non-secure. WISPr relies on the user taking responsibility so this clearly impacts on the all-important user experience.  Operators need to consider how to remove the responsibility from the user, and where possible make both the transaction and networks more secure.

The first secure method being considered for adoption by mobile operator’s is EAP-SIM, and this sees the number of subscribers using the service massively increase, however it is restricted by using the subscriber device’s SIM as the authentication parameter, validated by the HLR, and so only supports certain SIM based devices.

This limits those legacy devices that do not support the EAP-SIM protocol, for example a large number of Android devices. Any operator that ignores this will not achieve the required level of off-load they need. So protocols like EAP-TTLS or EAP-TLS come to the table.

Service Providers will quickly see the value of completely seamless Wi-Fi off-load to their end users in terms of increased loyalty with the improved user experience on Wi-Fi & the compelling business case of minimising the impact on the existing 3G network as data traffic increases. This will continue to be of major importance as 4G networks commence to roll out.

Top Considerations for Service Providers in Providing a Seamless Wi-Fi Off-Load Experience to Subscribers

  • Secure or Un-secure? Is this important to your subscriber base? Airwaves are open but can be secured.
  • Authentication protocols supported, the choice of SIM based or user interaction based.
  • Device support/target. Are you considering all Wi-Fi enabled devices or just phones for true off-load?
  • Consider how you are going to sell and manage usage, volume based or time based tracking, or just open?
  • Are you going to offer subscribers 3GB or Wi-Fi with the 1GB data plan they are on?
    • If so how are you going to manage it?
    • Are you going to sell subscribers a Wi-Fi data plan that is more attractive than the 3G data plan? Will you invest in educational campaigns to subscribers to use Wi-Fi rather than 3G?
    • Are you investigating in build or buy model?
      Build a wholesale network?
      Buy from a wholesale provider?
      Build a private network?

Read Part 1, Mobile Operators V Fixed Line Operators – Who will win the Wi-Fi Offload Race?

About Toby
Toby is currently working on a number of Service Provider projects focusing on Identity Management. These range from Mobile Operator Wi-Fi off-load projects, broadband authentication encompassing quota and service management for P2P and video traffic control, and integrated M2M projects over 3G.

Toby has over 15 years progressive experience designing complex RADIUS platforms to meet the demands of the most multi-faceted businesses.

In addition Toby has spent a number of years observing and implementing solutions for the enterprise space in the BYOD and NAC market. ‘It’s a keen area of interest for me as it combines the whole concept of identity management and business needs together. It also provides me with a good knowledge of what the enterprise customer are looking to their carriers services to provide.’

Computer Scientists Break Security hardware Token Key in Record Time

Posted on by
Reply

According to a recent New York Times post, computer experts claim to have found an easy way to hack into a certain RSA token that has a USB port and compromise the seed-file. Essentially, tokens physical or software based, all hold a seed file that tells what code to show in which token at what time. These are all commonly known as pre-issued token systems.  Without arguing or validating the news, the latest story posted in the New York Times blog, illustrates the challenges this widely used approach has when it comes to the modern threats of today. The best solution is to focus on real-time session specific solutions that do not contain seed files or pre-issued codes. Be it delivered via SMS or software or hardware tokens. The SMS PASSCODE solution is one such solution where the user ID and password is validated before a code is generated in real-time and delivered via SMS, voice or secure email to the users mobile device. No seed-file, no pre-issued codes. The solution is highly awarded due to this simple, yet profound difference. To learn more about the New York Times post, click here.

You may be interested in attending our latest Webinar: Modern Threats, Modern Solutions – New Generation 2 Factor Authentication. Register here.