Thursday, February 9, 2012
Network Security
Error 404--Not Found |
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:10.4.5 404 Not FoundThe server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead. The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism, that an old resource is permanently unavailable and has no forwarding address. |
Guide to two-factor authentication
It's not who you know; it's what you know plus what you've got.
Increased online fraud and new industry regulations are driving companies to search for stronger authentication methods. The
problem is there's little agreement on the best authentication method or what constitutes multifactor authentication.
Related links
Authentication: Where's the magic factor?
04/24/06
Soft tokens at the new Interop show 01/16/06
Regulating two-factor authentication 10/10/05
Is two-factor authentication too little, too late? It's not enough 04/04/05
Incoming Sony CEO: Hot gadgets aren't enough anymore
02/09/12
Sony's new CEO says the company needs to move on from its hardware roots.
Apple and Google disagree over licensing of essential patents
02/09/12
Google is at odds with Apple, Microsoft and Cisco over the licensing and litigation of patents. While Google wants to make the most of patents it will receive if its acquisition of Motorola is approved, the others want to change the way so-called essential patents are licensed.
LTE boosts mobile gear by 17% in 2012
02/09/12
Thanks to 4G LTE technology, the global market for mobile communications gear will grow 17% in 2012, according to IHS, formerly iSuppli.
However, a set of best practices is slowly emerging that will help you develop a strong authentication program.
The first step is a basic one. Before jumping ahead to buying hardware tokens and face-recognition scanners, you need to thoroughly understand your risks.
 |
| Richard Hansberger, eNotarization director for the National Notary Association in Chatsworth, Calif. |
"When it comes to authentication, there is no one-size-fits-all solution," says Sally Hudson, an analyst at IDC. "Much depends on the level of security needed by the end user."
For example, most banks will probably offer different levels of access. For accounts that are high risk, the bank will issue tokens or smart cards. For customers who pose lower risks, the bank will more likely use software-only authentication, Hudson says.
Security consultant Bruce Schneier agrees that it's important to identify the problem before you decide on authentication. "You have to step back and make sure that there is an authentication problem that needs to be solved," he says. "If there is, then two-factor authentication will make an enormous amount of difference. If there isn't, then it won't."
|
Eight steps to better authentication
|
|
|---|---|
| • | Measure risk. |
| • | Assess user base. |
| • | Choose solution that matches user base and risks. |
| • | Build business practices around authentication. |
| • | Conduct pilot test and phased rollout. |
| • | Tie in with other layers of security. |
| • | Monitor, measure, audit and review. |
| • | Roll out additional tiers of authentication or security layers as users and risks change. |
There are three key questions to ask when setting up an authentication system, according to Karen Devine of RSA Security:
1. Who are you? Is this person an employee, a partner or a customer? Different levels of authentication would be set up for different types of people.
2. Where are you? For example, an employee who has already used a badge to access the building is less of a risk than an employee or partner logging on remotely. Someone logging on from a known IP address is less of a risk than someone logging on from Nigeria or Kazakhstan.
3. What do you want? Is this person accessing sensitive or proprietary information or simply gaining access to benign data?
When dealing with consumer-facing applications, such as online banking and e-commerce, strong authentication must be balanced with convenience. "There's a trade-off between increased protection and turning customers away from your online channel," cautions Kathie Claypool, senior vice president of e-commerce for Bank of America.
If it's too difficult to bank or shop online, users will go back to the brick-and-mortars.
|
Does Verizon's Voyager stack up to the iPhone? |
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]