About Over 50 Articles Library
Content: Services - Computer
Computer Security No 45: Password Managers Discussion
Corporate - Private Computer Security
Password Managers Discussion
Why should you consider a Password Manager:
- hackers often use brute force attacks to guess commonly used passwords; they also use rainbow tables (which have lists of encrypted passwords).
- a Password Manager is a software package you install on your computer that will help you generate long complex passwords, but requiring you to only know remember one master password.
It helps you create, store in encrypted format and organise all your passwords for websites that you use as well as computers and applications that require authentication.
What to look for:
- two-factor authentication. Some examples of two factor authentication are:
- biometric: iris/finger print/photo recognition;
- SMS-based - ie you receive an SMS with a number which you need to input in addition to the password or when changing passwords;
- The Google authenticator app.
- Many online services (eg Facebook, Google and Microsoft) already offer two-factor authentication as an option. Turn on two factor authentication whenever you can;
- cross-platform application
- zero-knowledge (method for one party to prove to another party it knows the value of a password, without revealing anything else).
- The product should detect password-change events and offer to update the existing
- Should have a password generator
- some websites offer to store your personal details like address, name, email, credit card details - you are putting your personal data at RISK. Just let the Password Manager do it for you.
- managing passwords for applications not just websites could be a convenient feature.
- don't just rely on the Password Manager
- Never use the same passwords for two different websites/systems
1. For Windows:Keeper, Dashlane, LastPass v 4.0 Premium, Password Safe, LockCrypt, 1Password
2. For Mac OS X:LogMeOnce, KeePass, Apple iCloud Keychain
3. For Linux: SpyderOak Encryptr (recommended by Edward Snowden), EnPass, RoboForm
4. For Android:1Password, mSecure
5. For iOS: OneSafe,SplashID, LoginBox Pro
6. Best Online: Google Online Password Mgr, Clipperz Online Password Mgr, Passpack Online
7. Best enterprise: special tools used: Vaultier, CommonKey, PassWord, Meldium and Zoho
Comparison between Password Managers (PCMAG):
Top 3: LastPass 4.0 Premium, Dashlane 4, Sticky Password Premium
Proposed Bill in US would allow cyber victims to fight back
Hacking back the attackers is illegal in many countries, including US. However, in some cases, the security firms hack the infrastructure of threat groups to uncover high-profile malware campaigns.
A new bill has been proposed by Representative Tom Graves of Georgia. It is named Active Cyber Defence Certainty (ACDC). The Bill is intended to amend section 1030 of the Computer Fraud and Abuse Act:
There are many arguments against the introduction of the Bill. To read more: www.techdirt.com/articles
Critical security controls for effective cyber defense
The Centre for Internet Security in the US has issued the list of critical controls, which has proven an effective framework. They cover:
1. Inventory of authorised and unauthorised devices
2. Inventory of authorised and unauthorised devices software
3. Secure configuration for Hardware & Software on mobile devices, laptops, workstations and servers
4. Continuous vulnerability assessment and remediation
5. Controlled use of administrative privileges
6. Maintenance, monitoring and analysis of audit logs
7. Email and web browser protections
8. Malware defences
9. Limitation and control of network ports, protocols and services
10. Data recovery capability
11. Secure configurations for network devices such as firewalls, routers and switches
12. Boundary defense
13. Data protection
14. Controlled acess based on the Need-to-Know
15. Wireless access control
16. Account monitoring and control
17. Security skills assessment and appropriate training to fill gaps
18. Application software security
19. Incident response and management
20. Penetration tests and Red team exercises
How can you achieve the implementation of such a framework?
To discuss further please contact us at www.advisoryboardsgroup.com.au
Cyber Security & Privacy suite for Directors and Executives
On 13 Feb 2017, legislation passed through the Australian Parliament which will establish a Mandatory Data Breach Notification scheme. This gives Australian companies one year to get ready and ensure that a cyber strategy, processes and tactical plans are in place.
Recent lawsuits against directors worldwide, claiming negligence, lack of due diligence and/or duty of care (Worldwide Corporation, Target US, etc) highlight the need for directors to take immediate action.
The fact that 60% of organisations go out of business within 6 months of an attack and that the average cost for a breach is $4m illustrate the significance of this threat.
Are you prepared to discuss cyber at Board level? Are you aware of your obligations and defence as a director or officer of the company? Have you taken the necessary steps to mitigate the consequences of a cyber attack?
ABG offers the Cyber suite of course modules:
- Cyber threats and defences Module - Tactical plans
- Directors and Officers Module - Strategy
- Risk Management Workshop for Cyber
- Cyber Crisis simulation
Send your enquiries to firstname.lastname@example.org
Memories of jokes
Moderated by Monica Schlesinger: www.advisoryboardsgroup.com.au
© About Over 50s 2017 website by aml websites online