Security Technology Comparison

Today, IT managers have a host of security management technologies available to them. While all these products have their advantages, if the incorrect technology is chosen and the solution is too complex to manage, then the computer network and data may actually be less secure than before. IT may be lulled into a false sense of security when end-user compromises security with work-arounds designed for their convenience. Therefore, some of the key considerations before implementing any network security are:

• End-user’s convenience
• Back end infrastructure modifications
• Value of the data being protected
• Ongoing support and maintenance
• Budget and
• Size of organization

Read this white paper to find out how Access Smart’s Smartcard-based Password Manager stacks up against other security technology products.

Password Manager – Wikipedia Re-print

A password manager is software that helps a user organize passwords and PIN codes. The software typically has a local database or a file that holds the encrypted password data for secure logon onto computers, networks, web sites and application data files. Many password managers also work as a form filler, thus they fill the user and password data automatically into forms. These are implemented using a browser extension, smart card application or USB stick application that communicates to the browser

Recently I had the opportunity to update Wikipedia’s listing for “Password Manager”. While many others have also contributed over time to this entry, I wanted to do a simple PDF reprint of this topic to help inform others about the advantages and disadvantages of a password manager system. While I don’t know who else has contributed to the writing of this entry in Wikipedia, I want to thank and acknowledge their contributions.

Click here to view

Can Contactless Smartcards Support PKI? Fact or Fiction

“It is cheap and easy to design a high security system poorly. It is expensive and hard to design a security system to protect against every possible attack. It requires forethought and insight to design a useful security system at a high degree of trustworthiness and at an affordable price”.
– Tom Austin

The misconception is that contactless smartcards with symmetric encryption is part of a Public Key Infrastructure (PKI) system. The thought is that a card stores an AES or 3DES encrypted digital signature or certificate as a secure, unique individual identifier. That signature is then passed to the reader where it decrypts it to reveal the true signature. To a die-hard security and smartcard person, like me, the hairs on the back of my neck start to stand on end when I hear this claim.

You Think Passwords are Secure

Why criminals crave employee passwords · Why employees practice poor password management · Understanding the problems with passwords · Leveraging Power LogOn

To gain access to the company’s computer, network or cloud accounts all that’s needed is a legitimate user name and password. IT may have a security policy regarding password strength that employees are suppose to follow, but just how secure really are their passwords, and how much protection does the policy really offer? Here’s a simple test.

Do employees implement one or more of the following common password management practices? · Use a simple password based on a name, word, or date that can easily be remembered. · Use a password that is very identifiable to that person, such as a kid’s name with birth date, home town with zip code, and so on. · Try to be clever and spell a child’s name backwards. · Use the same password everywhere and for everything. · Write the passwords down somewhere such as in or on a notebook, piece of paper, white board, sticky notes, PDA, or whatever else happens to be handy. · Have a Word or Excel document or some other data file called “passwords” that’s stored in a compute or smartphone. · Have told a co-worker, assistant or spouses a passwords so they could multi task. · Keep the same password for years, or recycle a series of the same ones. · Use the Web site’s name as a password. · Use the word “password” as a password.

If you answer “yes” to any one of these common password management practices, you company is at risk of being a victim of a data breach that leads to Privacy Laws violations.

Dealing with online identity theft

Identity crimes involve two victims: a company and an individual. Identity crimes also involve two criminal acts: identity theft – the act of stealing someone’s personal information, and identity fraud – the act of falsely using someone elses identity to commit felonies. Companies, universities, and organizations are the primary victims of identity theft, whereas individuals are the victims of identity fraud. Although the costs of identity theft to a company and to an individual are different, a successful attack is devastating and traumatic to both.

The State and Federal Identity Theft and Privacy Protection Laws now require companies, agencies, and organizations of all sizes to protect all personal information they store and report to all their customers, employees, and vendors whenever a breach occurs. The financial ramifications on a company having a security breach can be substantial to their present and future business. In some cases, companies have had to close down their businesses because the financial costs of a security breach were overwhelming.

The crimes committed using another person’s identity range from credit card fraud to serious felonies. Typically, the victim is unaware that their identity has been stolen and is being used for criminal acts. The victim usually finds out at the most inopportune time: while applying for a home mortgage, being harassed by aggressive bill collectors, or being arrested. Identity fraud takes an emotional, financial, and time-consuming toll on its victims.

Taking a look at identity fraud

Family and friends know the most about you. They know your nickname, the schools you attended, your birthday, your kids’ names, your maiden name, and a whole bunch of other personal information you may use for your passwords. Typically, a home computer is accessed by other family members. Unless you set up unique User Accounts with individual rights and privileges, every- one on that computer has full access to everything you do.

Many online accounts and Web sites require a user name and password to prevent unauthorized access. If you make the logon to the accounts easier by saving all the passwords within Windows Internet Explorer for automatic logon, agree to the Web site’s option to “Remember my logon,” and/or have notes by your computer with all the passwords written down then you put yourself at even higher risks. By doing so, what stops another family member.

Safeguarding your identity

You don’t have to be paranoid about being an identity-theft victim or protecting yourself. Using commonsense and asking yourself whether you should or shouldn’t tell a stranger a piece of personal information will protect you from 80% of the attacks. As for the other 20%, you just want to make it difficult enough to deter the thief so that he or she looks elsewhere.

A lot of information is presented throughout this and my other white papers about the importance of generating strong passwords, securely managing all your passwords, and the need for convenience when keeping your personal or corporate less safe. Here are some key points to remember.

Recovery After Identity Theft

I hope you never have to go through the anguish of being a victim of identity theft or identity fraud. If, however, you suspect or discover that you are a victim, remember the first rule: Don’t panic, don’t get angry, and don’t let your emotions get the better of you. Losing your self-esteem and your self-control is yet another way