Cyber Access Control | MFA Enterprise Password Management | Access Smart

Archive for network security

Six Easy Tips to Reduce Cybersecurity Vulnerabilities.

Corporate cybersecurity policies and procedures must come first.

CybersecurityThe news bombards us with the latest cyber-attack stories. Being aware of potential attacks is important, but what can a business owner do? Are you worried that cybersecurity vendors are going to try to exploit these attacks to sell you their products? Are you afraid that IT will ask for more money? Do you just keep doing what you are currently doing and hope a cyberattack never happens to you?

Investing in cybersecurity is important; however, you can’t afford to make a snap security decision based on fear that will do little to no good. Nor can you hope it will never happen to you. Cybersecurity is not all about new technologies. Often a change in policies and business practices can have a greater impact on your bottom line. Before you bring out the checkbook, here are six tips that costs very little, but have high security impact. Read More→

Power LogOn is Heartbleed safe.

Power LogOn Heartbleed secureHeartbleed is very dangerous, but not to Power LogOn.

This week the cyber security community has been a buzz about the OpenSSL vulnerability and the Heartbleed bug.  This is a very serious problem and tech companies are scrambling to plug the holes, get patches out to companies and help them implement the fix.

I have been getting calls from our customers asking if the client / server communication channel in Power LogOn is safe from the Heartbleed bug. I’m happy to assure every Access Smart customer that the Power LogOn channel is secure.

There are many different security communication protocols available on the market. Access Smart’s engineers decided not to use or rely on the OpenSSL cryptographic functions.  Instead we choose a different NIST FIPS 140-2 approved cryptographic library.

After the different websites have updated their OpenSSL and assigned new keys, IT administrators will want to update all employee passwords.  This is very easy to do with Power LogOn.  IT can change every password as frequently as they deem necessary without the employee having to know, remember or type them.

Security has always been a cat ‘n’ mouse game. Access Smart is constantly monitoring this and other vulnerabilities and when something happens we evaluate and make necessary adjustments.

Rest assured, the Power LogOn server channel is secure from the Heartbleed bug.

About Access Smart

Founded in 2005 and headquartered in Ladera Ranch, California, Access Smart, LLC is a one-stop-shop offering a wide range of Single Sign-On cyber access control products (software, licenses, cards and readers) to make network multi-factor authentication deployment fast, easy and inexpensive. We are dedicated to empowering businesses, agencies and institutions to securely regain control over their computers and networks at the point of entry. Authentication, authorization and non-repudiation do not have to be cumbersome to be effective. That’s why our products are designed using state-of-the-art security technologies while focusing on ease-of-use and low-cost-of-ownership.

Previously, smartcard technology was only affordable to large government agencies and Fortune 500 companies. Access Smart has turned that model upside down by utilizing existing infrastructures and matching the technology to the needs. For example: you can use existing badge technologies, you have no backend server modifications, there are no annual subscription fees, and all your licenses are transferable.

Please contact Access Smart for a no obligation consultation on how best to implement Authentication, Authorization and Non-Repudiation into your business. Access Smart – The Alternative to PKI.

Christmas Cyber Attack – Who’s to Blame?

A cyber attack Scrooged Christmas. Treat security as a process – not as a product!

cyber attack

 In reading articles about the resent Christmas cyber attacks, the authors’ key take away is that global companies are extremely vulnerable to cyber-attacks and data losses.  Guess what, so too are the small and medium size businesses.  Every business, healthcare service, government agency and educational institution is vulnerable since they all use many of the same technology components. So who’s to blame

 These last few weeks I have been asking the questions: “Who do you think should be held accountable for all the cyber breaches: the Merchants or the Technology companies?”  The responses have been most enlightening. Some blame the business owners, others the IT managers, some the technology companies, and some say all the above. Read More→

InfoGard awards Access Smart FIPS 140-2 Verification

Power LogOn® meets US Government’s FIPS 140-2 requirement for networks access control

FIPS 140-2 Verification

 

Government regulations mandate agencies to implement multi-factor authentication for secure network access control (NAC). User names and passwords are still the most common form of authentication. Access Smart’s Power LogOn Password Management Solution (Version 5.4.x) uses strong encryption, smart card technology and secure communications protocols that meets the Office of Management and Budget (OMB) E-Authentication Guidance for Federal Agencies [OMB M-04-04] requirement for Level-3 and Level-4 authentication.

 

Access Smart contracted InfoGard as an independent third-party to verify that Power LogOn uses cryptographic algorithms and methods that comply with the FIPS 140-2 requirements.

 

 According to Mr. Dovell Bonnett, Founder and CEO of Access Smart, “The reason we selected InfoGard was because we wanted a trusted, independent and documented analysis that assured our customers that Power LogOn meets their HIPAA, HSPD-12, CJIS, etc. multi-factor authentication requirements.”

 

Passwords are still the most common means to authenticate a user. “Passwords are secure,” stated Mr. Bonnett. “What is insecure is how employees generate and manage them. It’s time to remove this weak link.” With Power LogOn, employees no longer need to generate, remember, type or know their passwords.

 

The Power LogOn password management solution allows an agency’s IT manager to centrally manage all passwords. Mr. Bonnett explained that, “Once the employee is not required to generate and manage passwords then passwords are no longer classified as ‘something you knows’ ”. Passwords can now be managed as efficiently as symmetric keys.” 

 

Power LogOn takes the user out of password management, creates a randomly generated complex character string, assigns every account its own unique string, and a string can be changed as frequently as IT deems necessary. These are the same requirements imposed on symmetric key generation. The security of a key is also determined by how it is stored, protected and implemented.

 

Power LogOn implements multi-factor authentication and eight layers of assurance in the form of PINs, cards, biometrics, AES-256 & SHA-256 encryption, CHUID, challenge/response, password salting and user classification code. Power LogOn can be added to an existing CAC or PIV credentials without the need for re-badging.

 

Power LogOn’s password management is one of the most important tools in an agency’s security arsenal. Not only does it deliver employee convenience, it offers authentication, non-repudiation and authorization.  Power LogOn’s FIPS 140-2 verification gives IT managers the confidence that their multi-factor authentication implementation complies to the many government computer security regulations.

Finally, licenses are transferable, no annual subscription fees and the ability to work with existing credentials make Power LogOn the most affordable, flexible and scalable multi-factor solution for network access control.

 

FIPS 140-2About Access Smart:

Founded in 2005 and headquartered in Ladera Ranch, California, Access Smart, LLC (a certified CA Small Business) offers the total solution for logical access products (software, licenses, cards and readers) to make network authentication deployment fast, easy and inexpensive. We are dedicated to empowering businesses, agencies and institutions to securely regain control over their computers and networks at the point of entry.  Authentication, authorization and non-repudiation do not have to be cumbersome to be effective. That’s why our products are designed using state-of-the-art security technologies while focusing on ease-of-use and low-cost-of-ownership. For further information, please visit www.access-smart.com.

 

About InfoGard:

InfoGard Laboratories, Inc., founded in 1993, is an independent, third party, professional service organization. Our staff includes experts in cryptography, computer engineering, network analysis, project management, and financial services. InfoGard was the first laboratory accredited by the National Voluntary Laboratory Accreditation Program (NVLAP) to perform FIPS 140 validations. InfoGard has successfully performed more FIPS validations than any other laboratory. InfoGard is also a Common Criteria Laboratory.  For further information, please visit www.infogard.com.

Are your customers asking you for a Logical Access Solution?

Looking for a Logical Access Partner to handle all the IT concerns?

Logical AccessWe had a great presence at the ISC West 2013 conference in Las Vegas.  One recurring theme we heard from ID resellers was their desire to offer their existing customers a value add, card based, logical access solution for network security. 

I want to help you secure these new logical access business opportunities.

Companies, healthcare and government agencies are looking for multifactor cyber access control because of the increase in data breaches, implementation of privacy laws like HITECH, HIPPA and CJIS, and their overall concern for network security.  Our Power LogOn cyber access control allows you to add logical access to almost any type of ID badge your currently sell. And best of all, it only takes a few hours to install.

Access Smart wants to be your IT security partner.  It is our policy to work with you so you can offer your customers a multi-factor cyber access control solution.  Here is my promise to you:

     1.  You retain full ownership of your customer.

     2.  You will be a reseller of our Power LogOn.

     3.  We will assist you and your customer on all IT integration, training and support.

Logical access control does not need to be scary, cumbersome, or expensive when you have a partner with 20-years of industry experience.  If you are interested in expanding your business, up selling your existing customers and increasing revenue at no risk to your business, then please call me to learn more.

Data security begins with cyber access control. Cyber access control begins with Power LogOn.

 

Keep up with Cyber Access Control by subscribing to our blog headlines.

Best regards,

Dovell Bonnett
Founder and CEO
Access Smart, LLC
E: Dovell@access-smart.com
W: www.access-smart.com
P: 949-218-8754