Security Dealer & Integrator

SEP 2018

Find news and information for the executive corporate security director, CSO, facility manager and assets protection manager on issues of policy, products, incidents, risk management, threat assessments and preparedness.

Issue link: https://sdi.epubxp.com/i/1029017

Contents of this Issue

Navigation

Page 20 of 84

E very so oen, I hit a patch where I will run across a flurry of tech- nologies worthy of mention in this column. Two that recently caught my eye: One involves cryptography for two-fac- tor network authentication; the other involves the "virtualization" of com- puting and storage resources. Easier Authentication Hopefully, by now, most of you are using two-factor authentication for apps and access to critical accounts. It is now common to receive a code by text or email, which combines the authentication factor of "Something You Have" (phone or PC) with a pass- word ("Something You Know") – the other factor being "Something You Are" (typically a biometric). What are you doing to protect your login process? Although it has been available for a while, I recently investi- gated and purchased a YubiKey 4 from Yubico – a USB key that is inserted into a computer that a user taps when prompted by the application. Some terminology: U2F is an emerging standard for physical authentication tokens. A U2F USB key is a device inserted into a computer that automatically generates and fills in a code when activated by touch – Yubico is such a key. FIDO protocols reduce the sole reliance on passwords for authentica- tion. According to the FIDO Alliance (http://fidoalliance.org), the protocols "use standard public key cryptogra- phy techniques to provide stronger authentication. Registering the device with an online service creates a new key pair. It retains the private key and registers the public key with the online service. Authentication is done by the client device proving possession of the private key to the service by signing a challenge. e client's private keys can be used only aer they are unlocked locally on the device... accomplished by a user-friendly and secure action such as swiping a finger, entering a PIN, speaking into a microphone, inserting a second-factor device or pressing a button." e FIDO2 project provides FIDO authentication for the web, including a standard API – WebAuthN – to enable the embedding of this functionality in web-based services. WebAuthN may replace traditional passwords, and a USB key can provide the second authentication factor. Reduced reliance on passwords can help protect against phishing, man-in- the-middle and replay attacks using stolen passwords. With the YubiKey 4 (available for $40 on Amazon), a user touches it to trigger FIDO2, WebAuthN, U2F, smart card (PIV), challenge-response, or other authentication methods. It works with Windows and Mac login, gmail, GitHub, Dropbox, Dashlane, LastPass, Facebook, Salesforce and other services. I use it with LastPass, coupled with its Authenticator app on my iPhone. Set-up was easy. Network Virtualization My good friend and former ex-collab- orator at Cisco, Fernando Macias of VMWare, recently made me aware of the VMware NSX Data Center, which provides network security entirely in soware – abstracted from and regard- less of the underlying physical infra- structure. As most professionals know, VMware pioneered the virtualization of computing and storage resources. NSX is the next logical step. "Most IT security efforts focus on North-South traffic – traffic coming through the perimeter from the out- side; however, a gap exists in multi-ap- plication environments once an intruder has gained network access," Macias explains. "en, you worry about the escalation of privileges and movement from application to applica- tion, which we call East-West traffic." Deploying firewalls throughout the network is costly and time-con- suming, and it is extremely difficult to effectively scale and reconfigure to meet changing needs. Stricter, more granular, security is needed, with the ability to tie security to individual workloads and to provision policies automatically. Using a concept called 20 Security Dealer & Integrator / www.SecurityInfoWatch.com September 2018 Protect Your Login Process Summer tech finds: A closer look at an effective method of two-factor authentication and more Tech Trends BY RAY COULOMBE The YubiKey enables two-factor network authentication with the touch of a finger.

Articles in this issue

Links on this page

Archives of this issue

view archives of Security Dealer & Integrator - SEP 2018