Vulnerabilities tend to morph over time. Upon initial identification, researchers, companies, and experts tend to rush to offer opinions, sometimes factual and sometimes less so. The disclosures concerning Heartbleed have been no exception. However, one of the most interesting discoveries came in the past few days. Initially, many were quick […]Continue reading
Author Archive for Chris Hickman, Author at Certified Security Solutions
Recently I was engaged with a customer who decided to source certificates from a service provider rather than build a PKI. In this case the customer was limited in resources and an evaluation of build vs. buy showed this to be the correct approach in the near term. While looking […]Continue reading
With the recent sting of very public and highly publicized IT compromises, many IT security stake holders are re-evaluating their overall security strategy. It is inevitable that at some point in that evaluation, the idea of implementing multifactor authentication will be considered.
Smartcards are often discussed and quickly dismissed as an alternative to existing multifactor schemes. However, in recent years there have been many changes to the smartcard product offering, that include reductions in total cost and easier implementation into heterogeneous environments.Continue reading
CIOs, CSOs, IT Security personnel are confronted with the realization that the RSA Secure ID breach may have impacts that extend well beyond RSA itself, and into its customer base. While the admission of a breach at RSA this past March is cause for alarm, the recent event at Lockheed Martin should also inspire action. It is widely reported that the breach on Lockheed Martin’s VPN was executed by spoofing RSA Secure ID tokens. The spoofing of those tokens likely involved at least some information gained as a result of the breach at RSA.
The reality of this recent attack clearly illustrates the need for organizations to constantly review IT security and make adjustments and changes to technology and policies as things change. Security is a process, not a point in time event to check off a to-do list. Whether you use RSA Secure ID or other technologies, user authentication should not be your only defense against unauthorized access to your network.Continue reading