This paper reveals how not securing all of your keys and certificates enables cybercriminals to bypass controls like threat detection, data protection, firewalls, VPNs, DLP, privileged access, and authentication systems that you expect will mitigate threats.
Advanced Persistent Threat (APT) operators have proven they can breach enterprises like yours by undermining your critical security controls when you fail to protect digital certificates and cryptographic keys. Not securing all of your keys and certificates enables cybercriminals to bypass controls like threat detection, data protection, firewalls, VPNs, DLP, privileged access, and authentication systems that you expect will mitigate threats.
This white paper examines the compelling business and technical case for centralizing administration in Microsoft's Active Directory, using Centrify's DirectControl to extend Active Directory authentication and access control to your UNIX, Linux and Mac OS systems and applications, and using Centrify's DirectAudit to log user activity to provide you a clear picture of end user actions on all UNIX and Linux systems.
Published By: Intralinks
Published Date: Oct 03, 2013
As the business case for Software-as-a-Service (Saas) and other cloud computing models solidifies, more companies are incorporating cloud computing into their IT programs. However, the legal, regulatory, and ethical requirements of data security must be adhered to regardless of where the information is housed. The best SaaS providers offer strong authentication systems, user activity auditing tools, and real time usage reporting to maintain the highest level of control over sensitive and confidential data.
In this 11-page white paper, Intralinks provides tips and questions to ask prospective providers about their security standards and practices, software reliability and uptime, and the availability of reporting and audit trails.
This paper discusses the value of two-factor authentication systems that provide vital access security for today's mobile workforces, who can now be productive from numerous remote locations: the home office, the airport, hotels, and customer sites. Moreover, the ubiquitous nature of mobile phones has now given rise to a new, convenient form factor for the software-based authenticator that resides right on the mobile phone/device.
"For years, developers have known that one of the best ways to reassure users is by signing code using a digital signature accessed via a private key issued by a respected certificate authority. But signed code is not invulnerable. Due to lax key security and vetting processes, malware has managed to infiltrate applications with signed code.
Extended Validation (EV) Code Signing Certificates help to halt malware infiltration by requiring a rigorous vetting process and helping ensure that private key security cannot be compromised. EV certificates require a hard token and associated PIN in order to sign code, introducing a more secure physical factor of authentication to the signing process. The EV Code Signing process provides browsers, operating systems, and security software an additional source of confidence in applications signed with an EV certificate.
Read the white paper, Protect Your Applications—and Reputation—with Symantec EV Code Signing, to learn:
• Key background on the latest malware threats
• How you can provide users with reassurance that your application is safe to download
• Why EV Code Signing Certificates represent the next step in advanced website security and their effectiveness
• How you can help provide a frictionless experience when users attempt to download your application
At the Defcon security conference on August 2007, a hacker and Defcon staffer who goes by the name Zac Franken, showed how a small homemade device he calls "Gecko", which can perform a hack on the type of access card readers used on office doors throughout the country.
Swiping a card to gain access to a company building is now a perfectly accepted feature of everyday corporate life. Over the years, we have all grown familiar with the routine and the advantages it brings to access control. But where cards were once used exclusively to open doors, controlling who went where and when in a building, now they can be used for a wide variety of extra functions.
Developed by Borer in conjunction with AND-Group, the CruSafe software and hardware system provides a state-of-the-art safety system specifically developed to address the key requirement for real-time tracking of personnel. AND CruSafe is a state-of-the-art safety system which has been specifically developed to address the key requirement for real-time tracking of personnel (often known as POB- Personnel On Board). CruSafe has already been proven to reduce muster times by 70%.
Clear Image was awarded a contract to supply and fit CCTV and Access control to NISA, one of the largest picking warehouses in Europe. The company runs 3 shifts per day and wanted to allocate lockers to employees. The simple solution would have been to give each employee a locker, but between Borer and Clear Image, a better solution was devised. Thanks to our technology, we can create one to many relationships between our devices.
DatacenterDynamics is a brand of DCD Group, a global B2B media and publishing company that develops products to help senior professionals in the world's most ICT dependent organizations make risk-based infrastructure and capacity decisions.
Our portfolio of live events, online and print publishing, business intelligence and professional development brands are centred on the complexities of technology convergence. Operating in 42 different countries, we have developed a unique global knowledge and networking platform, which is trusted by over 30,000 ICT, engineering and technology professionals.
Data Centre Dynamics Ltd.
102-108 Clifton Street
London EC2A 4HW