We hear about a new major security rupture almost every week. Some of them rely on weak keys to do this. In the famous TJ Maxx breach, hackers are believed to have exploited a soft pre-shared access for wifi. If they had used WPA2-802.1x the resolution would have been infinitely more vital.
It means that the hackers will have to be in the same place for an extended period and may prevent them from continuing the attack. Even if they had stayed, the staff would have realized that a car had lurked too long. Identity management would have helped enable 802.1x and Radius, which generate unique keys and regenerate them at shorter intervals.
Identity Management
Identity management is a correction that is very important to the security of your computer. Basically, Digital work management software consists of many functions, such as access control, user provisioning, directory services, account monitoring, role and group management, single sign-on (SSO), privileged account management, and access control to network.
Some vendors offer pieces of the uniqueness organization puzzle. Others, like Cisco and Aruba, provide robust solutions that provide most, if not all, of these features. Cisco offers the Identity Services Engine (ISE) and Aruba ClearPass, Compliance Growth
Regulatory compliance has fueled the growth of these suites as federal regulations for FIPS, SOX, HIPAA, and GLBA, as well as industry standards such as PCI DSS, have forced organizations to consider user access to their systems. According to these regulations, managements must assign unique identifiers to each user to be able to regularly report on who has access to the methods and what users are doing on those systems.
Joel Dubin from searchsecurity techtarget.com describes the main areas of identity management as follows: “These IAM suites consist of four pillars: identity management, identity infrastructure, access management and auditing.” Identity management allows the creation and management of user and group roles.
The identity framework is the data repository that contains the credentials (usually Active Directory, but can be any LDAP compatible database). Access management is the piece of this puzzle that configures the appropriate username and password, or even smart cards or biometric data. The final audit provides a format that reports on the accounts as to whether and how they have been authenticated and what they are authorized to do.
Network Access Control
Network Access Control (NAC) is an approach to computer security that seeks to standardize endpoint security technology (for example, antivirus, host intrusion prevention, and vulnerability assessment), the user or system authentication and enforcement of network security.
In the field of identity management, NAC aims to “recruit”. Products like ISE and ClearPass can perform posture checks based on some rules, including checking the operating system, patch level, antivirus, etc. Depending on the result, the endpoint can quarantined and granted access, or redirected to a URL (to download the software necessary to access it).
Identity management can be used in many ways, as it can use to access both WLAN (802.11) and LAN (802.3). ISE and ClearPass can use RADIUS and TACACS. Regardless of your solution, feature-rich technology enables powerful identity management for Windows, Apple, and devices such as smartphones. Using identity management is truly the way of the future. You are likely to use it when logging into networks in shops, cafes and airports.
Key Tips
Remember, CCSI staff are staffed with certified security specialists from many of the leading security providers in the industry. CCSI can customize your local security solution or a managed security solution for you. Always look at the details of a public Wi-Fi access point. Make sure it’s not fully open and navigate carefully. Use only one SSL connection for e-money or credit card transactions.
John Busso is a Senior Network Engineer-Specialist at CCSI. He has nearly 20 years of experience providing secure voice and data solutions. John was an expert on mobile business solutions such as Guest WiFi and BYOD and provided information for various clients.
John was an associate professor and trainer. It has numerous industry certifications including CISSP, CWNP, CCNP, ACMP and ITIL. His experience includes working in the retail, TNL couriers, DC and airports, healthcare, education, DOD, local government, finance, nonprofit public WiFi, entertainment and hospitality industries. His expertise lies in the areas of mobility, security, WLAN, WAN, LAN, VoWiFi, RFID, RTLS, WIPS, WIDS, DAS, PTP and PTMP with or without a license.