Blog Elements

Half Sized Blog Element (Single Author Style)

Half Sized Blog Element (Multi Author Style)

What is Two-Factor Authentication?

2013-10-11/0 Comments/in General Security/by SecurityOrb_Staff

It is an authentication process where two of three recognized factors are used to identify a user:

Something you know – usually a password, passcode, passphrase or PIN.
Something you have – a cryptographic smartcard or token, a chip enabled bank card or an RSA SecurID-style token with rotating digits
Something you are – fingerprints, iris patterns, voice prints, or similar

The C.I.A. Triad or C.I.A. Triangle and Other Security Concepts

2013-10-10/0 Comments/in General Security/by admin

Information security is the method of providing confidentiality, integrity and availability to data, information, applications and equipment for those who needs it. The key concept to providing such a level of protection falls on the concept of The C.I.A. triangle which consist of:

– Confidentiality
– Integrity
– Availability

What is Two-Factor Authentication?

2013-10-11/0 Comments/in General Security/by SecurityOrb_Staff

It is an authentication process where two of three recognized factors are used to identify a user:

The C.I.A. Triad or C.I.A. Triangle and Other Security Concepts

2013-10-10/0 Comments/in General Security/by admin

– Confidentiality
– Integrity
– Availability

Full Sized Blog Element (Big Preview Pic)

What is Two-Factor Authentication?

2013-10-11/0 Comments/in General Security/by SecurityOrb_Staff

An interesting article by John Shier at NakedSecurity:

This October is National Cyber Security Awareness Month (NCSAM).

So I thought I would write my inaugural Naked Security article on a topic near and dear to my heart: two-factor authentication.

What is two-factor authentication?

It is an authentication process where two of three recognized factors are used to identify a user:

Something you know – usually a password, passcode, passphrase or PIN.
Something you have – a cryptographic smartcard or token, a chip enabled bank card or an RSA SecurID-style token with rotating digits
Something you are – fingerprints, iris patterns, voice prints, or similar

Two-factor authentication works by demanding that two of these three factors be correctly entered before granting access to a system or website.

So if someone manages to get hold of your password (something you know), they still will not be able to access your account unless they can provide one of the other two factors (something you have or something you are).

For example, at Sophos we use secure tokens with rotating six-digit codes to remotely access internal systems. Every time I want to establish a VPN session, I need to provide my username, a password and the six digit code appended to a PIN.

At home I use similar methods to access many online and personal resources. In the last year, many social media sites, including Facebook, Twitter and LinkedIn, have all added some sort of two-factor authentication.

Many of these sites employ SMS code verification. This is where, in addition to correctly entering your password (something you know), you must also correctly enter a numeric passcode sent to your mobile phone via SMS (something you have).

The availability of mobile network service and the unreliable nature of SMS can make this difficult, however.

Some services allow you to use an authenticator app in addition to your password which present you with a different numeric one-time password (OTP) for each service that you register with the app. Both Google and Windows make these apps freely available in their respective stores.

Read the rest here.

The C.I.A. Triad or C.I.A. Triangle and Other Security Concepts

2013-10-10/0 Comments/in General Security/by admin

Confidentiality
Integrity
Availability

Confidentiality of information ensures that only those with sufficient privileges may access certain information. To protect the confidentiality of information, a number of measures may be used including:

Information classification
Secure document storage
Application of general security policies
Education of information custodians and end users

Integrity is the quality or state of being whole, complete, and uncorrupted. The integrity of information is threatened when it is exposed to corruption, damage, destruction, or other disruption of its authentic state. Corruption can occur while information is being compiled, stored, or transmitted.

Availability is making information accessible to user access without interference or obstruction in the required format. A user in this definition may be either a person or another computer system.

Over time the list of characteristics has expanded to other key and important concepts, but The C.I.A. Triangle remain central core of Information Security. Some of the other key concepts of Information Security are:

Privacy – Information is to be used only for purposes known to the data owner.

Identification– Information systems possesses the characteristic of identification when they are able to recognize individual users.

Authentication – Authentication occurs when a control provides proof that a user possesses the identity that he or she claims.

Authorization – After the identity of a user is authenticated, a process called authorization provides assurance that the user (whether a person or a computer) has been specifically and explicitly authorized by the proper authority to access, update, or delete the contents of an information asset.

Accountability – The characteristic of accountability exists when a control provides assurance that every activity undertaken can be attributed to a named person or automated process.

Understanding these concepts and the controls that are associated with each will provide the security/system administrator with the proper capabilities to protect their organization.