The WPA2 security feature set in wireless networks has been around for several years and has been pretty secure...until now. Research was released recently that spread shockwaves through the wireless vendor community, which are all scrambling to patch their software. This issue affects the WiFi standard itself and it is not vendor specific, but does require access from within the WiFi signal range to be executed. Most implementations will need to be patched. The key issue is a vulnerability which allows a key reinstallation providing for access to the decrypted WiFi conversation. This could compromise credentials as well as payload data. This will likely affect PCs, Macs, Tablets and Smartphones.
If anti-virus is the most basic control people think of in securing a computer, then firewalls serve the same role in network security. To many laypersons, “firewall” is synonymous with network security. But it was not until the late 1980s that practical network packet filters were introduced, allowing organizations to connect two networks while controlling what types of traffic were allowed, to which endpoints, and in which directions.
Passwords are perhaps the oldest and best-known security technologies in use today, as well as perhaps the most hated and despised. Security professionals dislike passwords because they often provide woefully inadequate security, and users hate them because they are hard to remember and manage. Security policy requirements often exacerbate this situation by imposing arcane requirements for password "complexity" and by requiring users to change passwords frequently (just when they are really, solidly stuck in our memory).The latest publication from the National Institute of Standards and Technology (NIST) on the topic of authenticators (NIST Special Publication 800-63B) advances some exciting ideas that run counter to the typical ideas about how passwords should be chosen and managed:
Let us discuss the importance of using strong, complex passwords, and being diligent to use different passwords for everything. Most of us can agree that is good advice, but many of us don't follow it. The reason is simple: it is too hard to remember all those passwords!
Former Secretary of State General Colin Powell became the latest public figure to have his personal email account hacked and his messages exposed publicly, to great embarrassment to himself and others. He joins a long list of political, government, and entertainment figures who have endured this same fate. Organizations cannot ignore the potential impact of such an incident occurring to one of their personnel, especially senior management in highly visible roles.
In many organizations, more and more work is being conducted via “mobile devices” like smartphones and tablets rather than traditional PCs and laptops. The most common of these by far are those running Apple’s iOS (iPhones and iPads) and those running Google’s Android OS. These devices are light, portable, convenient, handy, and generally easy to maintain and manage. However, they are still powerful computing devices that can store a lot of critical information and can also present serious security challenges.