Filed under: Authentication Security, Authentication Trends, PortalGuard
Federal Trade Commission has filed a complaint against Wyndham Worldwide Corp. (WYN) and three subsidiaries (Ramada, Days Inn and Super 8 hotels) for alleged data security failures and data breaches. Attackers obtained 600,000 credit card numbers and committing $10.6 million in fraudulent credit card charges. Wyndham and its subsidiaries failed to take security measures (complex user IDs and passwords, firewalls and network segmentation between the hotels and the corporate network). Improper software configurations resulted in the storage of sensitive payment card information in clear readable text. Each Wyndham hotel has its own property management computer system that handles payment card transactions and stores information (payment card account numbers, expiration dates and security codes).
In the first breach in April 2008, intruders gained access to a Phoenix Wyndham-branded hotel’s local computer network that was connected to the Internet and the corporate network of Wyndham Hotels and Resorts. The intruders had access to the corporate network of Wyndham’s Hotels and Resorts subsidiary, and the property management system servers of 41 Wyndham-branded hotels. Wyndham has more than 7,000 hotels in the United States, UK, China, Mexico, Puerto Rico, Australia and more.
The PortalGuard software is an authentication platform which is focused on enhancing usability, while maintaining a balance between security, auditing, and compliance for your web and desktop authentication requirements. PortalGuard provides capabilities including multi-factor authentication, self-service password reset, password synchronization and single sign-on which can be seamlessly configured by user, group, or application.
Subscribe to our newsletter: http://portalguard.com/contact_us.php
Filed under: Authentication Trends, General Information, PortalGuard, secureworld expo
Just wanted to share PortalGuard’s recent press release regarding the presentation of contextual authentication, a midpoint between passwords and two-factor, at the SecureWorld Expo in Boston, March 28th – 29th.
The release discusses the opportunity attendees will have to talk with our authentication experts about how to apply the appropriate authentication method to each user, group or application.
Read the press release now on MarketWire to learn more about having the flexibility to take a gradual approach to increasing security.
PortalGuard has been traveling the states attending leading industry events and educating attendees on self-service authentication, one-time passwords via a mobile device, multi-factor authentication and how to maintain usability for the end-user. With a focus on the enterprise PortalGuard offers a configurable, easy to deploy login system plug-in for the desktop, mobile or browser.
The next stop for PortalGuard is:
Recently Attended Events:
Filed under: PortalGuard, SharePoint Authentication
Come see if PortalGuard is right for your company! See how you can meet or exceed your security objectives, including:
- Stronger Authentication
- Reducing Risk – both financial and security
- Enhance compliance with both security and industry standards
- Deliver effective password policies
- Implement Best Practices
And Many More…
Filed under: General Information, PortalGuard, SharePoint Authentication, SharePointPro Summit & Expo, Uncategorized
Thanks for Stopping By!
We first would like to extend a thank you out to those of you who stopped by our booth at the SharePointPro Summit this year. It was fascinating to hear about how SharePoint authentication and security is being handled, what specific requirements you are looking for, and how PortalGuard or Tailored Authentication could help you with your SharePoint security needs.
If you did not have a chance to see us at the show, then we encourage you to visit PortalGuard.com, to see how PortalGuard is the solution for meeting and exceeding your security objectives. PortalGuard is supported on multiple platforms including Microsoft SharePoint/IIS, IBM Websphere/Websphere Portal, and Lotus Domino.
PortalGuard is an authentication and security solution that allows end-users to securely authenticate and manage their portal login credentials directly from a Web browser, while providing administrators with functionality to meet or exceed their security objectives. With PortalGuard, administrators can implement best practices for ensuring stronger and consistently secure authentication. Learn More…
Extensible Authentication Framework:
Many of our customers implement our standard Password Power Plug-ins – the authentication software framework offers robust functionality and feature-rich security, access control, and password management.
But for those customers who have a unique user base, organizational complexities, specific security and compliance requirements or multiple and diverse applications, our expert professional services and development team will develop a solution adapted to their environment and delivered within the framework of our standard Password Power software product, including ongoing technical support. Learn More…
Filed under: General Information, SharePoint Authentication, SharePointPro Summit & Expo
PistolStar Brings PortalGuard to the SharePointPro Summit & Expo on March 17th & 18th, in Las Vegas!
Come stop by booth #508 for more information on:
PortalGuard is an authentication and security solution that allows end-users to securely authenticate and manage a portal password directly from a Web browser, while providing administrators with functionality to meet or exceed their security objectives. With PortalGuard, administrators can implement best practices for ensuring stronger and consistently secure authentication.
Security & Auditing:
- One-Time Password – stop being vulnerable to replay attacks
- Limit multiple concurrent logon sessions – prevent multiple users from logging in with the same set of credentials
- Define strike-out limits by person, group or hierarchy – Alerts are emailed when strike-out limits are exceeded
- Lockout inactive users after “n” days – Identify and stop access to dormant user accounts
Help Desk and End-User Productivity:
- Self-service Active Directory password reset via challenge question/response — Highly configurable and secure!
- Prove your identity to the help desk – by providing highly configurable challenge question and answer functionality
- Tailored Authentication – we deliver a product that will fit precisely with your environment
- Excellent Customer Service – receive support directly from the developers
- Easy deployment — let us take you by the hand
† Fully supports & enhances multiple platforms and portals — IBM Lotus Domino (AIX, Solaris, Windows, System i, Linux), IBM WebSphere/WebSphere Portal, and Microsoft SharePoint
For more information please visit: PortalGuard.com
Come stop by booth #324 to learn more about:
A password authentication and security solution that allows end-users to securely authenticate and manage a portal password directly from a Web browser.
For a unique environment and/or situation, which requires specific functionality, our team would make the necessary adaptations to meet or exceed your security objectives, and provide a fully supported product.
Security – Activity Monitoring – making early predictions leads to being proactive instead of reactive.
Filed under: Authentication Trends, Lotusphere 2010
Tuesday, January 19, 2010
Lotusphere, Swan Hotel, Ibis Room
An exclusive raffle is offered to all attendees.
Victor Toal is a messaging and collaboration architect and engineer with more than 15 years experience with Domino (since R 4.1), Sametime, Quickr, Lotus Connections, and WebSphere. Victor’s clients include the Pentagon, US Army, banks, as well as manufacturing, tourism, and medical companies. He has worked in the US and overseas (Japan, Austria, Great Britain, Germany, France, Italy, Hungary, Poland, and Czech Republic) and speaks fluent German and Japanese. He is certified in Domino R4-R8.5 and Sametime 7.5 and 8.0.
Unable to attend? Request a recording of the presentation by visiting the Contact Us page.
Filed under: Authentication Trends, Data Security, General Information
For centuries the Trojan horse was a weapon of war; a historical piece of trickery and deceit, which was used to bring down the City of Troy. Now in this century, when searching the term Trojan horse, the first result to appear is about the technology verison of the Trojan horse. As many of us know malware stands for malicious software. The vehicle in which it obtains its unwanted access is the Trojan horse programs. These carriers are great at disguise, trickery, and breaking down the walls of your personal identity and even financial status.
Recently a new Trojan horse program has appeared, and has many concerned. Trojan Horses, as many of us know, are invasive, but this new one goes beyond that, targeting specifically financial institutions and Internet Explorer users. The new name to fear: W32.Silon. With the target of financial institutions, Silon can intercept Internet Explorer sessions, and steal credentials. Many say this attack has two heads, the generic Trojan horse approach into all applications, and then the financial focus.
When it comes to logging onto your bank account online, that is when to watch out. The Silon Trojan will intercept between the token protected financial sites and the user, putting up a façade that looks like their normal login screen. This allows them to transmit your credentials to hackers, to be able to obtain your financial data, and reap the rewards. The main thing that is clear about this attacker is that it is following and changing wih the authentication trends. With more advanced authentication techniques, attacks are becoming more and more sophisticated. The Silon is a prime example, as it attacks the two prong stronger authentication methods with ease. Bank accounts beware!
For more information check out these links:
Compliance is always a large concern, especially with attacks and data breaches increasing. It is important to understand the industry and regulatory requirements that need to be enforced within your corporation and security environment. One area that experts are beginning to see as an issue is instant messaging. This is a communication method that is hard to regulate and record, which could pose problems with industries with strict compliance standards.
In a recent article by Dmitry Shapiro, CTO at Akonix Systems, Inc., “Instant Messaging and Compliance Issues: What You need To Know” the issues that are becoming ever present with IM are discussed. The main issue is the sheer volume of users on these IM systems, totaling in the 100s of millions. This is not to mention what IT managers are most afraid of, which are the public IM systems, such as AOL Instant Messenger and Yahoo Messenger.
Although IM is a functional tool for communication there are key areas with which there is a lot of concern for compliance issues:
- Record Retention
- Information Security
- Copyright Infringement
These issues are ever rising with the number of users and amounts of information on these systems. With the public IM services, the control a manager could have with an internal system is taken away. Tasks such as auditing, logging, and deleting records are all issues when the manager cannot oversee the whole system, and the web of IMs being created.
Without compliance and monitoring, the one thing that is apparent is that risk will increase. Shapiro says that the main issues to watch for are:
- Organization of records
- Retention of records
- Tamper Proof Records
- Record Retrieval
- Off-Site Copies
And many more…
With such acts as the Sarbanes-Oxley Act, HIPAA, and GLBA the ability to control, monitor, protect, and delete records is essential. These regulations are going to require IT managers to remain compliant and come up with ways to monitor their users IM behaviors. If this is not done, IMs will be a strong source of theft and cybercrime.