Network Access Control Solutions & Protection | Enterprise Password Management | Access Smart

Channel 9 Blogs about Power LogOn

Channel 9, a Microsoft community site for Microsoft customers, posts “Power LogOn Brings Additional Layer of Security to Azure.” “In today’s environment of increasingly sophisticated cyber-attacks, our mutual customers rely on proactive solutions such as Access Smart’s Power LogOn to help protect their computer systems,” said Nicole Herskowitz, Senior Director of Product Marketing for Microsoft Azure. “We are pleased that Access Smart will continue to make its security expertise available to help Azure customers improve the security of their data.”

Logon Security for Azure

Power LogOn® now supports Microsoft Azure

Access Smart® Improves Cybersecurity With Power LogOn.

Girl with Power LogOn in office button(190x190)LADERA RANCH, CA.  June 15, 2015 – Access Smart, LLC today announced that the Power LogOn software now supports Microsoft Azure.  Power LogOn adds an extra layer of cybersecurity during the initial logon process to Azure.  Azure provides Power LogOn customers with an efficient cloud solution, keeping data available with improved security.

Because cybersecurity needs to start before the firewall, Access Smart complements Azure by adding on a security-enhanced password manager.  To access the power of Azure, employees don’t need to type in their user name and password. The greatest security threat to any company is the employee managed user names and passwords. By removing this cybersecurity vulnerability, Power LogOn puts the control of sensitive data back in the hands of IT professionals. Read More→

Six Easy Tips to Reduce Cybersecurity Vulnerabilities.

Corporate cybersecurity policies and procedures must come first.

CybersecurityThe news bombards us with the latest cyber-attack stories. Being aware of potential attacks is important, but what can a business owner do? Are you worried that cybersecurity vendors are going to try to exploit these attacks to sell you their products? Are you afraid that IT will ask for more money? Do you just keep doing what you are currently doing and hope a cyberattack never happens to you?

Investing in cybersecurity is important; however, you can’t afford to make a snap security decision based on fear that will do little to no good. Nor can you hope it will never happen to you. Cybersecurity is not all about new technologies. Often a change in policies and business practices can have a greater impact on your bottom line. Before you bring out the checkbook, here are six tips that costs very little, but have high security impact. Read More→

Power LogOn Passes HHS/CDC Cyber Lab’s Security Evaluation

HHS CDC passes Power LogOn securityI’d like to tell you about a new secure password management and authentication solution that passed HHS/CDC cyber lab’s security evaluation to eliminate their employee managed password burdens.  It’s called Power LogOn® Government Edition. The cyber lab now has a multi-factor, IT centralized password manager for their existing PIV, CAC, or CIV credentials.

Here are a few of the specifications Power LogOn delivers:

  • Independent FIPS 140-2 verification
  • Secure, IT centralized password management and authentication
  • Every account can have up to a 500-character long unique password that can be changed as frequently as required without user involvement
  • Convenient for employees to log into multiple server, web and application accounts without them having to know or type the passwords
  • Scalable to fit any size department or agency, without a high cost of ownership
  • Compliments existing PIV credentials without re-badging or FIPS 201 re-certification
  • And a whole lot more

With Power LogOn Government Edition, the HHS IT team now implement very long complex passwords that are changed very frequently. All password changes are automatically pushed down to all users without their involvement or knowledge. Employees no longer have to generate, remember, type or even know any network, application or computer logon passwords. Power LogOn instantly integrates with existing PIV credentials without having to program or modify any file structures, thus avoiding any FIPS 201 re-certification issues.

Power LogOn is now ready and available on GSA Advantage for other government agencies and departments who struggle with the insecurity of employee generated and managed passwords.

To learn more about Power LogOn Government Edition and download our Capabilities Line Card please visit our webpage www.access-smart.com/gov.

 

Power LogOn’s Reaction to Pass the Hash

Pass the Hash Protections.

Pass The Hash

Copyright: Walt Disney Productions

Last week I attended the BSide LA hackers’ conference to discuss that passwords are secure. At first, some of the attendees scoffed at my claim. I then went on to explain that it’s the management of passwords and the way some IT administrators configure their networks that causes the insecurities. To that point, they agreed. However, the more persistent attendees brought up the “Pass the Hash” (PtH) attack as the reason why passwords will never be secure.

Not being as well verse on PtH as with other attacks, I needed to do a little research before I had an informed response.

A Pass-the-Hash (PtH) attack uses a technique in which an attacker captures the password hash value on one computer and then plays back the hash without ever knowing any passwords. Ultimately, the attacker gets access to network disks, memory, network domain controllers, and other servers to install drivers, applications, and execute applications.

For a hacker to start the attack, he/she first needs access to a computer on a network with administrator rights. This often can easily be accomplished if IT inadvertently assigned “Administration” rights to a User/employee (Note: most Users do not need Administrator rights). Because Users typically do a poor job of generating and managing their logon password, the hacker easily breaks in the User’s account. The administrative privileges allows the hacker to drill deeper into the network. Even if a complex password is used, if the employee writes it down on a sticky note it only takes a cell phone camera to capture the password and sell it on the internet.

The password hash is the key to the kingdom with superadmin rights. The hacker can do anything, and can bypass all the security barriers IT has installed. All operating systems, authentication protocol, even Kerberos, and smartcard logons are vulnerable. What’s worst, there’s no defense, but there are protections.

Hash authentication is not a bug, hole, or flaw that can be solved with a patch. Microsoft, Apple, and others claim they cannot stop the attack. Therefore, the best defense is stop worrying and fighting PtH. Instead, keep the hackers from getting in in the first place. Here are some simple ways to start protecting your network.

  1. Don’t allow every user or employee to have administrative rights
  2. Administrator passwords should have a short lifecycle
  3. Implement strong, complex password policies
  4. Of course, maintain strong and up-to-date antivirus, antimalware, firewalls, whitelists, etc.
  5. Don’t use Remote Desktop Protocol (RDP) or some other sort of interactive remote software to administrate computers
  6. Don’t allow or assign a superadmins. Instead, “delegate” just the rights an administrator needs and no more
  7. When and employee is finished for the day, they not only need to log out but power down the computer

 

How Power LogOn Addresses Pass the Hash

Pass the Hash is not a password authentication issue, but again an administration and system security issue. While Power LogOn cannot stop or prevent a PtH there are features within Power LogOn to make an unauthorized access more difficult.

  1. IT assigns complex passwords
  2. IT changes passwords more frequently in the background
  3. Users don’t generate, type or know their passwords
  4. Power LogOn can auto-shut down or log users off the network when their smartcard is removed
  5. PL does not store an “authenticator” in memory and therefore requires users to present their card every time they logon to an application or website while using PL SSO functionality
  6. If a thief stole a Windows users password or password hash it would not enable them to logon to Power Logon managed SSO applications or website

Again, currently there are no ways to stop a Pass the Hash attack. Access Smart does not claim that we can safeguard a company for such an attack. However, Power LogOn does add some barriers while keeping the logon process convenient for the user so they don’t circumvent cyber security. The best an IT administrator can do is put up enough barriers for a hacker that the time and effort to break into a computer and network is too great; especially when there are easier prey just around the corner.