One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 825817 |
| Date de publication | 2018-09-27 13:00:00 (vue: 2018-10-01 06:00:44) |
| Titre | One Day, NCSAM will be a Fond Memory |
| Texte |
October is National Cyber Security Awareness Month (NCSAM), and I thought it would be a neat idea to offer some ideas about best practices for good passwords. Since I have written about this before, I figured it would be the easiest thing ever, especially with all the advances in password management technology, and the new NIST Guidelines. I could talk about the usual things, like:
Use a password manager;
Use a passphrase instead of a password;
Don’t re-use passwords;
YAWN;
Etc.
All these tips seem so “common”, tired, and repetitive. We have heard this all before from some of the giants of the InfoSec community. There are hundreds of articles from every known source that offer the same tips on best practices for passwords, dating back many years. Clearly, the problem is not a lack of information. The problem is not with the message, as that is clearly splashed all over the internet.
Some of us, myself included, have previously followed the misguided approach that we should treat the patient, rather than the disease. However, the disease is outpacing the cures.
As Bruce Schneier has stated, the problem is not with the patient.
Technology has created a world of easy access, and it keeps getting easier. Everything is available at the click of a link, yet we security folks, the messengers of online safety, spend much of our time like a bad piano teacher with a ruler, ready to slap the fingers of the person who clicks that link without first thinking of the consequences.
There have been so many advances in the technology that can unobtrusively improve the security experience for everyone. All the tools exist to create a silent security wall that protects the online experience. For example:
Multi-Factor authentication has been a major leap towards protecting identities, preventing many credential-theft scams. I have posited in the past that this needs to mandatory for all online systems.
URL obfuscation, which masks a hyperlink and checks it against known exploits before loading the destination page, can protect against clicking a link that is not what it purports to be. With everything based in the cloud, this is an easy redirection scheme to silently protect online browsing.
Browser plug-ins, such as IDN-Safe, which protects you against malicious sites that use hidden Unicode characters in URL names.
Safe Wi-Fi – Products, such as LookOut Mobile, offer a feature that will detect SSL stripping to protect consumers against connecting to rogue Wi-Fi hotspots.
The main hurdle to overcome with some of these tools is that their best features are unavailable at the consumer level. While that may make good business sense, it leaves us with the same problem of the crutch of “user awareness” as our primary tool towards security.
This all leads me back to my “password best practices” advice for NCSAM. Yes, all of the standard password rules still apply, but only because that is the current state of affairs.
What can we do to change this approach? Is it possible to dem |
| Envoyé | Oui |
| Condensat | “password “user able about access achieve advances advice affairs against all already apply approach are articles authentication available awareness awareness” back bad based because been before begun best better bright browser browsing bruce built burden business but can celebrate change characters checks clearly click clicking clicks cloud community connecting consequences consumer consumers could create created credential crutch cures current cyber cybersecurity dating day demand destination detect disease don’t easier easiest easy emergence especially etc eventually ever every everyone everything example: exist experience exploits factor faulted feature features figured fingers first folks followed fond from future gdpr getting giants good guidelines has have heard hidden hotspots how however hundreds hurdle hyperlink idea ideas identities idn improve included information infosec ins instead internet keeps known lack leads leap leaves level like like: link litigation loading lookout looks main major make making malicious management manager; mandatory many masks may memory message messengers midst misguided mobile model month moreover much multi myself names national ncsam neat need needs new nist not obfuscation october offer one online only outpacing over overcome own page passphrase password password; passwords passwords; past patient person personal piano plug posited possible practices practices” preventing previously primary problem products protect protecting protection protects purports rather ready redirection regulations repetitive responsibility responsible rogue ruler rules safe safety same saying scams scheme schneier security seem sense shift shifted should silent silently since sites slap some source spend splashed ssl standard state stated stripping such systems talk teacher technology than theft these thing things thinking those thought time tips tired tool tools towards treat unavailable unicode unobtrusively url use usual wall want wave what which who will without world would written yawn; years yet |
| Tags | Tool Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.