• Latest

RSA Hack: Dont Panic, Keep Calm

10 June, 2011
China Liberal Education Holdings Limited Starts Higher Volume Production and Expands Domestic Sales Channels of All-in-one Machine AI-Space

China Liberal Education Holdings Limited Starts Higher Volume Production and Expands Domestic Sales Channels of All-in-one Machine AI-Space

19 December, 2020
Bell connecting Canadians at home for the holidays with free TV programming and no extra usage fees on residential Internet

Bell connecting Canadians at home for the holidays with free TV programming and no extra usage fees on residential Internet

18 December, 2020
TEMSA: Bus exports to be delivered to the heart of the European Union

TEMSA: Bus exports to be delivered to the heart of the European Union

18 December, 2020
EU tries to reshape the rules of the Internet

EU tries to reshape the rules of the Internet

17 December, 2020
Matterport Brings 3D Capture to the iPhone

Matterport Brings 3D Capture to the iPhone

5 May, 2020
NASA Administrator Statement on Agency Coronavirus Status

NASA Administrator Statement on Agency Coronavirus Status

15 March, 2020
Technology Supports Social Distancing in age of Covid-19

Technology Supports Social Distancing in age of Covid-19

15 March, 2020
Second Staff Exchange Between EU CyberSecurity Organizations

Second Staff Exchange Between EU CyberSecurity Organizations

19 February, 2020
Iranian Professor on the Iran-US escalation: “Iranians expected to hear a clear and steadfast condemnation from Turkish authorities over Soleimani’s death”

Iranian Professor on the Iran-US escalation: “Iranians expected to hear a clear and steadfast condemnation from Turkish authorities over Soleimani’s death”

16 February, 2020
Badly Trained Spam – Only A Quarter of Brits Train their Spam Filter

Badly Trained Spam – Only A Quarter of Brits Train their Spam Filter

6 February, 2020
Year 2020: What is the Status of 5G Rollout Worldwide and Turkey

Year 2020: What is the Status of 5G Rollout Worldwide and Turkey

31 January, 2020
Turkish Competition Authority’s Android Decision

Turkish Competition Authority’s Android Decision

18 December, 2019
  • About Us
  • Contact Us
  • Homepage
  • Latest News
  • News Widget
  • Privacy Policy
Thursday, March 23, 2023
Social icon element need JNews Essential plugin to be activated.
  • Login
  • Register
Globaltelconews
Advertisement
  • IT
  • Telecom
  • Mobile
  • e-Commerce
  • Fintech
  • Security
  • New Tech
  • About
    • About Us
    • Contact Us
    • Privacy Policy
No Result
View All Result
  • IT
  • Telecom
  • Mobile
  • e-Commerce
  • Fintech
  • Security
  • New Tech
  • About
    • About Us
    • Contact Us
    • Privacy Policy
No Result
View All Result
Globaltelconews
No Result
View All Result

RSA Hack: Dont Panic, Keep Calm

globaltelconews-admin by globaltelconews-admin
10 June, 2011
in English
0

Duesseldorf June 10th, 2011 – Following the successful hacking attack against EMC Corps RSA Security Division in March of this year, and especially since news of subsequent attacks against large military contractors such as Lockheed Martin, L-3 and Northrop Grumman, which seem to have been based on data stolen from RSA, companies and organizations around the world that use the popular RSA SecurID token system are both confused and worried. They are demanding to know whether they can still trust the system and what they are supposed to do now that every SecurID token must be considered potentially compromised.

In an advisory note just published by KuppingerCole, the analyst group warns against panic and hasty decisions. There are measures organizations can adopt, both short and long term that can keep sensitive systems and information safe without going to radical extremes such as throwing out SecurID altogether and replacing it with some other strong authentication systems, a course which is simply not an option in most cases, both for logistical and cost reasons.

This is clearly the most serious security breach in the history of information technology, and customers are right to be extremely worried, says Martin Kuppinger, Lead Analyst and Co-Founder of KuppingerCole, a group of identity and security analysts based in Duesseldorf and Boston. However, there are measures, both organizational and technical, that must be swiftly taken because one thing is eminently clear: We are dealing with some very, very sophisticated hackers here, he believes.

On the organizational side, Kuppinger recommends raise user awareness to the dangers of revealing passwords to anyone, anytime! Hackers today use so-called social attacks such as spear phishing to target individual employees within an organization by disguising themselves as system administrators or members of the IT department and coaxing them into handling them their authentication data. This, together with the stolen Token IDs from RSA, would give the hacker potentially unlimited access to an organizations IT systems. Additionally, users should be ordered (or persuaded, if enforcement is impossible) to switch to stronger passwords. Kuppinger also recommends Intensify logging and auditing of user activity whenever SecurID tokens are involved. Of course, you should be doing this anyway, Martin Kuppinger believes, but at least there is now a good excuse in case the bean counters object to the extra expense.

On the technical side, KuppingerCole recommends replace existing SecurID tokens as soon as possible. RSA has already started offering token replacement to its customers. The new token IDs may be assumed to be secure since their token IDs werent on the servers at RSA when they were compromised. Adding additional passwords or other types of secrets as additional means for authentication may be an option in some cases.

Where this is not feasible, KuppingerCole suggests shutting down RSA SecurID and blocking off the access paths that these tokens secure. Admittedly, this is a radical step and one that might not work everywhere in practice. In some cases such as remote desktop access, replacing SecurID with (secure) web-based interfaces using username and strong password for authentication could be an option, at least for the interim. Another idea might be to switch to certificate-based protection of laptop access in cases where this can be rolled out quickly or is available anyway.

In the long term, organizations must rethink their basic strategies regarding strong authentication, Martin Kuppinger maintains. Versatility should be the cornerstone of any new authentication strategy, he says. This means the ability to switch flexibly between authentication mechanisms as need arises. Too often today, authentication technology is built into each and every application by hard-coding the interface to that mechanism. Versatile authentication, by contrast, is based on the concept of intermediation. It should be a standard feature today.

By de-coupling authentication from the applications themselves, KuppingerCole believes, it becomes much simpler to exchange authentication mechanisms, enabling organizations can react faster if a mechanism becomes too expensive or security problems such as those arising from the RSA hack are detected.

Previous Post

Flirtic.com raises funding from Almaz Capital to transform online dating

Next Post

Technically Minded Managers Struggle With Staff

Next Post

Technically Minded Managers Struggle With Staff

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Navigation

  • Authors
  • Author Login
  • Author Application
  • Advertisement
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • Sitemap
Social icon element need JNews Essential plugin to be activated.

© 2018 Globaltelconews.com

No Result
View All Result
  • IT
  • Telecom
  • Mobile
  • e-Commerce
  • Fintech
  • Security
  • New Tech
  • About
    • About Us
    • Contact Us
    • Privacy Policy

© 2018 Globaltelconews.com

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In