Published By: ProofSpace
Published Date: Jul 31, 2007
This paper details the processes by which ProofMark tags electronic records with a self-validating cryptographic seal that acts as a "tamper indicator" based on a true and provable time-reference datum. With this it is able to provide instantaneous and irrefutable proof of authenticity, no matter where the data resides or who has controlled it.
Published By: ProofSpace
Published Date: Sep 10, 2007
Read this paper and learn the principles that are prerequisites to enforceable electronic agreements as required by existing legal standards and electronic signature legislation. This paper will also specify sixteen measurement criteria that can be used as metrics to assess whether the architecture of an electronic transaction will meet the requirements of admissibility.
While 802.1X has a growing presence, it's still immature and may not provide all the policy enforcement features commonly required in most organizations. This white paper focuses on the 802.1X standard for authentication and access control and how it compares to the Nevis approach for LAN security.
Published By: Netwrix
Published Date: Oct 10, 2007
This white paper covers account lockout management process and introduces new cost-effective workflows of account lockout resolution, describing significant ROI enterprises can achieve through the use of automated management solutions.
Published By: Netwrix
Published Date: Apr 22, 2008
Password practices that improve security are by their nature burdensome to the user, resulting in passwords difficult to remember which are often changed about the same time they have finally become memorized. Yet password security remains a cornerstone of system security: as much as 80% of security breaches take place not through arcane hacking and virus attacks, but through system infiltration facilitated by use of a password.
At the Defcon security conference on August 2007, a hacker and Defcon staffer who goes by the name Zac Franken, showed how a small homemade device he calls "Gecko", which can perform a hack on the type of access card readers used on office doors throughout the country.
Swiping a card to gain access to a company building is now a perfectly accepted feature of everyday corporate life. Over the years, we have all grown familiar with the routine and the advantages it brings to access control. But where cards were once used exclusively to open doors, controlling who went where and when in a building, now they can be used for a wide variety of extra functions.
Developed by Borer in conjunction with AND-Group, the CruSafe software and hardware system provides a state-of-the-art safety system specifically developed to address the key requirement for real-time tracking of personnel. AND CruSafe is a state-of-the-art safety system which has been specifically developed to address the key requirement for real-time tracking of personnel (often known as POB- Personnel On Board). CruSafe has already been proven to reduce muster times by 70%.
Clear Image was awarded a contract to supply and fit CCTV and Access control to NISA, one of the largest picking warehouses in Europe. The company runs 3 shifts per day and wanted to allocate lockers to employees. The simple solution would have been to give each employee a locker, but between Borer and Clear Image, a better solution was devised. Thanks to our technology, we can create one to many relationships between our devices.
With so much of today's commerce being conducted electronically, providing staff with internet access has become a business necessity. The improper use of e-mail and instant messengers can lead to extremely expensive lawsuits, and the proliferation of mobile devices has made it considerably easier for errant employees to steal sensitive information. This white paper will detail the risks to which organizations that do not monitor their employees are exposed and explain the right way for organizations to go about monitoring.
Guests, contractors, vendors, business partners, and other temporary users require and expect certain level of network access within organizations that they visit. Corporate network access has been typically open; internal LAN connections have seldom required authentication. Today however, regulatory and other security concerns demand that organizations adopt a more secure posture towards these short-term users.
In the past, authentication solutions were either easy to use and inexpensive, but insecure (such as username/password) or very secure but expensive or difficult to implement (such as OTP tokens and smart cards). Arcot offers a third option: WebFort, a software-only, two-factor authentication solution. It delivers the right balance of cost, convenience, and strength.
Solutions including one-time-password (OTP) generator tokens, do not offer the same level of protection as the ArcotID against attacks such as the man-in-the-middle attack. The ArcotID secure software credential provides protection against common Internet threats and several futuristic attacks that are becoming popular among fraudsters.
Man-in-the-Middle attacks can defeat most kinds of multi-factor authentication, including OTP tokens. Financial institutions, brokerages, and other likely targets of MITM attacks should consider the ability of their countermeasures to defeat MITM attacks, as these types of attacks will continue.
While IPSec VPN implementation has traditionally been viewed as expensive and time-consuming for large organizations, Quocirca has found that the next generation of IPSec VPN technologies has addressed these management headaches through automation, integrated security policy management, and centralized control.
This white paper outlines issues with managing online identities across a diverse customer base when faced with increasing threats. It proposes a common sense approach that matches security to the assessed risk for users, actions and applications.
This document describes how Likewise and Microsoft Active Directory can foster compliance with the Payment Card Industry Data Security Standard, a set of requirements for businesses that process payment card information. Developed by Visa, American Express, Discover Financial Services, and other members of the PCI Security Standards Council, the standard sets forth policies, procedures, and practices to protect customer account data. The standard includes specific requirements for strictly controlling access to customer data, authenticating business users, monitoring access, maintaining a secure network, and auditing system resources. Likewise integrates Linux, Unix, and Mac OS X workstations and servers into Active Directory, providing the basis to assign each user a unique ID for authentication, authorization, monitoring, and tracking. Likewise also provides group policies for non-Windows computers so that their security settings and other configurations can be centrally managed in the same way as Windows computers.
This document describes how Likewise facilitates the implementation of enterprise single sign-on (SSO). It explains how Kerberos-aware applications can be configured to exploit the authentication infrastructure provided by Likewise. It explains the concepts as well as outlining the specific steps that must be taken to enable single sign-on support in applications.
This paper begins by exploring why SOX compliance continues to be so difficult when it is treated as an annual project rather than a continuous process. Then the paper discusses how Likewise Enterprise can help your company make the shift to continuous compliance for identity and access management in a mixed network. Likewise joins Linux, Unix, and Mac OS X computers to Active Directory, providing the basis to assign each user a unique ID for authentication, authorization, and monitoring. Likewise also includes group policies for non-Windows computers so that you can centrally manage their security settings in the same way as Windows computers.
Web Services are emerging as the preeminent method for program-to-program communication across corporate networks as well as the Internet. Securing web Services has been a challenge until recently, as typical Web authentication and authorization techniques employed browser-to-server architectures (not program-to-program). This resulted in user identity ending at the Web Application Server, forcing the Web Services Provider to trust blindly that the Web Services Requester had established identity and trust with the end user.
Whether and organization or an individual, identity theft spells a long, expensive, and complex recovery process. However, online identity theft can be prevented with encryption software and advanced password protection.
Credit Union Times is the nation's leading independent source for breaking news and analysis for credit union leaders. For more than 20 years, Credit Union Times has set the standard for editorial excellence and ethical, straight-forward reporting.