When in action, a social engineering attack could look like an email received from a government organization or your own organization asking your employees to divulge their credentials. The basis of social engineering attacks is to induce fear or urgency in unsuspecting users and employees into handing over sensitive information. Over the years, these attacks have become more sophisticated – even if you open a mail or message from a possible attacker, malware is immediately installed on your system. Continue reading Identity and Access Management for Social Engineering Attacks
Security vs. usability – the debate has been around for quite a while now. Which one would you prioritize? Would you consider convenience more important than security when it comes to the identity management of consumers? What are your users more inclined to? Is there a way to find a balance between the two? Continue reading Security vs. Usability
Social login is a form of single sign-on, where users are allowed to log into an application or website using one of their existing social media account credentials. A social login, therefore, eliminates the need for users to register on yet another online platform – saving them the need to remember yet another set of credentials.
If you are a business, you may have noticed that a social login option on your online platform has had a positive effect on the number of registrations you receive. If you are an individual user, you may have found the option to either “Sign up” or “Login with Facebook/Google” and felt relieved that you were able to access the platform in just a few seconds by choosing the latter. But have you ever thought of how secure this method of login really is? Continue reading Is Social Login a Secure Login?
In recent times, you might have noticed user accounts being compromised by the millions, and yet companies refute these claims saying that their systems are secure and have not been attacked. In these cases, the companies are right – instead of a direct attack, the hackers may have performed an attack called ‘credential stuffing’. In this type of attack, hackers get their hands on usernames and passwords of one application or service and stuff the same credentials on another login for another digital provider.
Domain Name System (DNS) is an addressing system used by the internet through which domain names are located and translated into internet protocol (IP) addresses. When a user attempts to access a website through an internet browser, a DNS query is performed. The DNS server matches the request to the respective IP address of the domain and responds to the query by loading the requested web page on the user’s browser.
So what is DNS Filtering? It is a technique by which access to specific websites, web pages, or IP addresses, can be blocked or permitted. If a DNS filter is in place, the IP address being returned from the DNS server will be checked before it is permitted to load on the user’s browser. Therefore, DNS filtering ensures that the user is protected from online threats like viruses, malware, ransomware, and so on. DNS web filtering can also be used to block inappropriate websites and web pages that the user may be searching for, especially at the workplace.
Would you trust just anyone to enter your home? Or would you first confirm that you know them and they have the right to be there?
The Zero Trust Model (ZTM) of security follows a similar principle. The ZTM approach is to be aware of anything entering the company, whether from inside or outside the company’s perimeter.
ZTM simply verifies everything that requires access to the system. The approach does not necessarily decree that every request should be denied. Instead, it asks: Why is access needed? How far? How long?
Identity theft is as real as your identity and as dangerous as the one who steals it. It occurs when an unauthorized person or entity uses your personal information to assume your identity and commit fraud and other criminal activities including stealing from you, or from others in your name.
What does an identity thief steal?
Your name, address, credit card or bank account information, and even information that might otherwise seem harmless, such as photographs, information about your family members or your date of birth could be used in harmful ways in the wrong hands.
Apart from data security, data privacy represents a major area of concern in IT security today. When it comes to data privacy, all organizations are very particular about where and how their company data is being saved, and who has access to it.
This is also related to one of the major reasons why organizations still hesitate to move their data to the cloud – “who else has access to my data if I move to cloud?” Even though almost every IaaS and PaaS provider tries to build confidence in their clients through certifications by authorized agencies, many enterprises are still not convinced. The reason is that there are still areas that lack transparency, where details on their data privacy are not clearly explained and conveyed to them.
Security and privacy of user data are crucial for any organization and is also a major area of risk. So a Secure and Efficient Authentication (SEA) is very important.
How do you make authentication secure and efficient? Let me share some insights on how this can be achieved through certificate-based authentication…