Many organisations are now starting to look with serious interest in “the Cloud” and Open Source technology. Despite the stage of development and the successful of cloud technology, the doubt still remains as to the business benefits that can be realised by utilising these tools.
In this event managed by Omnis Systems, IT experts and organisations took a look at what Cloud and Open source technology actually are, how public and private sector businesses are utilising it, the business opportunities presented, explore a few of the common myths that surround those technologies and get into some real life case studies on how you and your organisation can benefit.
This is the presentation held by Giuseppe “Gippa” Paternò”, GARL Director, focusing on Enterprise security
We’re happy to announce the release of SecurePass NSS module for Linux and Unix.
Debian and Ubuntu will be the first distributions in adopting natively the new NSS module starting from the next releases, i.e. Debian Jessie and Ubuntu Vivid Vervet.
With the adoption of the NSS module, SecurePass users are automatically turned into Operating System’s users.This is a valuable enhancements to those customers embracing Ubuntu and Debian cloud instances.
The package will be available through the “apt” system as “libnss-securepass”. Backports might be available for previous releases of Debian or Ubuntu.
The NSS is also available for other distributions as well, such as CentOS/RHEL.
The source code is available on:
Update: chek a technical article on Alessio Treglia blog
Want a good tool to manage users information and documents in the startup era? You can try MediaWiki and turn it into a corporate intranet in the Cloud.
Startups are just an examples of businesses that grow very fast. It is a challenge to manage information in companies that can expand from 5 to 30 people in just a few months without a proper internal IT. Nevertheless, an “web intranet” would be the perfect tool to collaborate and spread the essential information. While on the move with your own device, even finding someone’s phone and e-mail address could be a challenge.
MediaWiki could be a good solution to collaborate and even create a “corporate directory” with names, email address and phone numbers of every person in your company. SecurePass beta APIs is a great way to extract and manipulate information. A Python script collects users’ information, sort it and output in Mediawiki format or other formats with few customizations.
A key problem for many enterprises is how to collaborate effectively and securely on mobility. Zarafa‘s open source collaboration software provides a cost effective and reliable replacement to proprietary software such as Microsoft Exchange. The web app goes beyond the traditional web client, working from any browser and featuring drag & drop of attachments to send emails and files quicker. An integrate calendar provides multiuser weekly calendaring and advanced delegation.
Zarafa can integrate SecurePass to manage users, permissions and email alias. An identity management system is a valuable tool for the entire organization, especially to avoid intrusions from malicious users and prevent identity theft. Considering that Zarafa could be integrated to CRM, social networks, void and management softwares, it’s even more important and convenient to improve protection of online data by granting access only to authorized users.
The Apple iCloud is just another example of how having good passwords are important, especially when embracing the Cloud hackers use automated “dictionary attacks” to successfully guess over 95% of passwords, so using words (in any language) is not a good idea (even with replacements such as 3 for E, 5 for S, 0 for O, etc. which are automatically tested by hacker software). Follow these tricks and rules to make their job harder!
CHOOSE UNGUESSABLE PASSWORDS
You need a strong password that’s difficult for hackers to break, but you also want something you can easily remember. Here’s the simple three-step solution:
- Use a phrase that is unique to you (not a phrase from a song or poem or the internet) and that you will always remember, ideally something you’ve remembered for years already, such as:
“My favorite old oak tree, was struck by LIGHTNING!”
- Take the first letter of each word, plus the punctuation marks: M f o o t , w s b L !
- Use a number that is not publicly associated with you (not any government ID, date of birth, phone, or address, etc.), but that you will always remember, such as the date of your first kiss, say 1998/10/23.
- Intersperse this number between your letters to generate your password, for example:
- Make sure the password is at least 16 characters long. Less than 16 characters isn’t secure against computer hacking programs.
This gives you a strong, but easy-to-remember password. Research shows that passwords created this way are actually remembered more reliably than conventional passwords.
USE A SECURE PASSWORD MANAGEMENT SOFTWARE
Using the same password for different websites, applications, etc. makes you very vulnerable. You need a unique password for every different website and application. That’s far more than one can remember. And all these passwords need to be stored securely, so only you can access them. The solution is to use a password manager—software that:
- Creates a unique, strong password for every website or application
- Securely stores all these passwords for you, so you don’t need to remember them
- Can be accessed from anywhere and any device in a secure way
The list of passwords in your password manager needs to be protected, so only you have access to it. Bank of Passwords is an example of a cloud-based secure password management that allows you to access your password from anywhere, including tablets.
NEVER SHARE YOUR PASSWORD MANAGEMENT ACCESS
Never share your personal access with anyone, except a trusted professional such as a lawyer who handles your will. The password management software should allow emergency access to your passwords from a trusted person.
If a colleague needs access to a system password, make sure that you choose a password manager that is able to share passwords securely without disclosing your own credentials and by logging access to the password itself. Bank of Passwords, for example, is capable of handling emergency access from a trusted person and also allow secure passwords sharing in a team, with audit logs and notifications
BEWARE OF THE “SECRET QUESTIONS”
The security of your strong passwords is compromised if you use weak “secret questions” that are easy to guess—thus enabling an attacker to bypass your strong passwords. If you use a password manager to securely store your passwords, you don’t need secret questions as a backup, so it’s best not to use secret questions at all.
But some websites and applications require secret questions. In this case, don’t provide true answers to the questions (these are always easy to guess or hack).
USE TWO-FACTOR AUTHENTICATION WITH ONE-TIME PASSWORDS
But what if someone somehow finds out the credentials to your password manager?
The solution is to use two-factor authentication with one-time passwords. This means that, in addition to a standard password, a second authentication method is required to access your password manager. It’s important that the second authentication method is something that changes every time you use it—in other words, a one-time password. So even if someone finds out which one-time password you used to log in this time, it is useless to them, because it is only valid once—the next login requires a new one-time password.
Bank of Passwords is backed by SecurePass, a unified secure access solution for web applications, remote network access (VPN) and cloud. SecurePass guarantees that nobody will access your password manager except you or your trusted person and team.
The importance of clock skew
Despite we encourage our customers to embrace the free mobile token, we have carefully qualify hardware vendors for our hardware tokens. Being picky since the beginning was necessary to ensure the maximum security while accessing our SecurePass platform. The real difference between a “good” hardware token and a “bad” one is all about the endurance of the battery and the quartz precision over a 3 years timeframe.
Why quartz is important
Let’s step back and explains how OTP works in SecurePass. GARL doesn’t believe in security-through-obscurity and adopted a public algorithm called TOTP, i.e. Time-Based One-Time Password Algorithm. A public algorithm has been reviewed by security experts and might be more robust than a proprietary one. TOTP is a variance of HOTP, in which the OTP is generated by a seed (the shared secret) and an Initialization Vector (IV), that is a simple 8 byte counter.
If the user press too many times the button on the hardware token, HOTP has the issue of desynchronizing the counter and generating more support calls for resets or even worse increasing the tolerance between number of valid counters.
Sometimes HOTP generates so many issues that there’s the need to increase the number of valid counters, as users kept their hardware token in their keychain and they were inadvertently pressing the button. Increasing tolerance of counters will lead in less security, as a brute-force program could potentially hit a valid OTP code.
Clock skew synchronization issue
TOTP uses Unix Time as IV, it has less issues than HOTP, but time synchronization is crucial when using this algorithm. The tolerance in TOTP is called “clock skew”, i.e. the time difference between the server and the device. RFC6238, i.e. the TOTP standard, recommends looking an extra time step in either direction, which essentially opens the window from 30 seconds to 90 seconds.
As you might understand, the less “skew”, the better security. While this is not an issue on mobile tokens, whose time is generally synchronized through the mobile network, it is for the hardware token.
We are so “picky” on choosing an hardware token as it needs to pass our tests, we want to be our quartz as much precise as possible to ensure the maximum security to the end users, while ensuring a fair price.
The pfSense project is a free network firewall distribution based on FreeBSD operating system and including third party free software packages for additional functionality. The pfSense software package provides most of the functionality of common commercial firewalls, like Cisco PIX, Cisco ASA, Juniper, Sonicwall, Netgear, Watchguard, Astaro, and more. Firewalls have traditionally protected companies of any sizes from internet attacks. These appliances have all they need to protect you from common security issues, but there is something that they could not protect you from: identity theft. SecurePass fully integrates into pfSense Firewall, like any other RADIUS appliances, by bringing two factor authentication and identity management. Combined with the strong access control, administrators can manage the entire user lifecycle from an intuitive control panel.
To start integrate pfSense with SecurePass, download the guide on the support page.
Two factor authentication is suggested by almost every major web site as a very highly recommended feature to extend security beyond the standard username/password combination. SecurePass identity and access management adds an extra layer of security to web applications, network appliances and cloud portals and help preventing breaches associated to weak passwords.
The mobile token for iOS generates passwords that lasts 60 seconds, use it instead of traditional password to access to entitled resources.This guide explains how to turn an IPhone into a Mobile Token in few minutes.
The new mobile token for Android is here, more quick and easy to set up than ever. Download it for free, as always, and provision yourself with the integrated QR code reader, it’ll immediately recognize your identity. You can start to generate a One Time Password to access to SSL VPN and than to all the integrated resources: two factor authentication is a security measure that adds an additional layer of protection in order to log into websites, web applications, network appliances and cloud portals. SecurePass provides the secure authentication with Single Sign On, to login once at the beginning of the work session and not retype credentials for every applications.
For example, a user might first enter username and pick a OTP from the mobile token as password. Every passcode works for 60 seconds, then SecurePass system create another without require internet connection. Until malicious users input an expired passcode on the application or website they’re trying to log into, they won’t be able to gain access to your account. This guide explains how to turn an Android phone into a Mobile Token in few minutes.
A Firewall Unified Threat Management (UTM) gives to corporate network extended security from the firewall to antivirus in a single appliance. It simplifies IT security with an interface that helpcreate policies to manage security risks.
SonicWALL UTM by Dell provides a safe working environment with firewall, content security, antivirus, intrusion prevention, application intelligence, antispam and content filtering on a single hardware platform. The protection begins at the gateway and blocks internal and external threats at various points of access on all network levels.
SecurePass completes Dell’s SonicWALL security features by bringing two factor authentication and identity management to mitigate the risks of a traditional username/password combination. SecurePass can also lower the costs of the helpdesk, as it decreases password resets requests; IT departments can now focus on core activities and guarantee compliance to corporate policies.