“The first layer of network security is to know ‘who is knocking on the door’.” – Dovell Bonnett
All the recent cyber-attacks confirm the importance of strong identity verification. To satisfy Homeland Security Presidential Directive (HSPD-12), the National Institute of Standards and Technology (NIST) developed their Federal Information Processing Standard (“FIPS”) 201 to ensure government wide interoperability for information technology and security. The Personal Identity Verification (PIV) credential that resulted from FIPS 201 utilizes certificate-based encryption for both physical access control (PAC) and logical access control. However, many government departments and agencies still have computers, applications, systems and networks that utilize user name/password authentication were digital certificates won’t work.
Security technologies and policies are the best they have ever been, but all too often security breaks down because of the human element. Reading reports about recent government and corporate computer breaches, a common element keeps coming up: “employees used very weak passwords that the attackers were able to exploit.” Access Smart has seen numerous incidences where employees find security technologies too cumbersome to use and they will circumvent it for their personal convenience. We’ve all seen it; passwords written on sticky notes or bits of paper hidden under the keyboard or even worse stuck to the side of their monitor. Once, I walked into the office of a busy middle manager in a Fortune 500 company who had her passwords written on her white board! It had the right number of characters and complexity per company policy, but it was right out there for everyone to see! Read More→