PAM – WindowsTechs.com

How to mitigate spoofing, keylogging password, stealing public key with smart card with external/internal smart card reader?

Posted on November 11, 2023 by user300431

Here is my thought process:
I want to use smartcards without passwords for my setup. We don’t want to use Iris or fingerprint or voice. I only want to put in the card whenever something needs to authenticate and when I take out the card wh… Continue reading How to mitigate spoofing, keylogging password, stealing public key with smart card with external/internal smart card reader?→

Zero Trust Data Security: It’s Time To Make the Shift

Posted on April 27, 2023 by Jonathan Reed

How do you secure something that no longer exists? With the rapid expansion of hybrid-remote work, IoT, APIs and applications, any notion of a network perimeter has effectively been eliminated. Plus, any risk inherent to your tech stack components becomes your risk whether you like it or not. Organizations of all sizes are increasingly vulnerable […]

The post Zero Trust Data Security: It’s Time To Make the Shift appeared first on Security Intelligence.

Continue reading Zero Trust Data Security: It’s Time To Make the Shift→

(Privileged) Access Management solution that integrates into the workflow of developers [migrated]

Posted on April 20, 2023 by Phero

Tl;dr:
We need an access management solution for 200 admins and developers to access internal servers. It should be possible to not only use a webshell, but also use it as a proxy for local programs like DB GUI tools or scripts. It shouldn… Continue reading (Privileged) Access Management solution that integrates into the workflow of developers [migrated]→

Breaking Down a Cyberattack, One Kill Chain Step at a Time

Posted on March 14, 2023 by Mark Stone

In today’s wildly unpredictable threat landscape, the modern enterprise should be familiar with the cyber kill chain concept. A cyber kill chain describes the various stages of a cyberattack pertaining to network security. Lockheed Martin developed the cyber kill chain framework to help organizations identify and prevent cyber intrusions. The steps in a kill chain […]

The post Breaking Down a Cyberattack, One Kill Chain Step at a Time appeared first on Security Intelligence.

Continue reading Breaking Down a Cyberattack, One Kill Chain Step at a Time→

5 Holiday Cybersecurity Tips That Make A Real Impact

Posted on December 14, 2022 by Jonathan Reed

Tired of cybersecurity tips that don’t really make an impact? This post is for you. The year is winding down to an end. Everyone, including security teams, is busy and preoccupied. Cyber actors know this and are gearing up to launch attacks. Over the holiday season, the global number of attempted ransomware attacks has increased […]

The post 5 Holiday Cybersecurity Tips That Make A Real Impact appeared first on Security Intelligence.

Continue reading 5 Holiday Cybersecurity Tips That Make A Real Impact→

Is "pam_ssh_agent_auth" more secure than passwords for sudo on a remote server?

Posted on September 19, 2022 by student_at_work

I read about "pam_ssh_agent_auth" in combination with sudo, which can use a ssh agent to authenticate instead of using the users password: https://manpages.ubuntu.com/manpages/jammy/en/man8/pam_ssh_agent_auth.8.html
Is using a fo… Continue reading Is "pam_ssh_agent_auth" more secure than passwords for sudo on a remote server?→

Creating Password from 2 different part

Posted on March 8, 2022 by learner

I’m looking for Term Or Some platform for managing Password Authentication with this way :
Password construct from 2 Part ,
First one is static and you can make it and second Part Generate From TOTP System as an example :

In 13:00 Jinx pa… Continue reading Creating Password from 2 different part→

Does a solution exist to permit account sharing without revealing the account password?

Posted on November 11, 2021 by Jay

I’m looking for a process to replace the status quo of notepad and Excel. We’ve tested a market-leading password manager. An issue that comes up with this is that the secure sharing password facility has some significant vulnerabilities. W… Continue reading Does a solution exist to permit account sharing without revealing the account password?→

[SANS ISC] (Ab)Using Security Tools & Controls for the Bad

Posted on November 8, 2021 by Xavier

I published the following diary on isc.sans.edu: “(Ab)Using Security Tools & Controls for the Bad“: As security practitioners, we give daily advice to our customers to increase the security level of their infrastructures. Install this tool, enable this feature, disable this function, etc. When enabled, these techniques can also be

The post [SANS ISC] (Ab)Using Security Tools & Controls for the Bad appeared first on /dev/random.

Continue reading [SANS ISC] (Ab)Using Security Tools & Controls for the Bad→

At-rest encryption. Use SFTP log-in credentials to access encrypted drive or folder

Posted on October 20, 2021 by mechcaptain

I have a simple file server running on a small Ubuntu machine that facilitates file sharing and 2 way folder syncing between my and my girlfriend’s computers through SFTP over a private network.
The setup works great for my purposes, and I… Continue reading At-rest encryption. Use SFTP log-in credentials to access encrypted drive or folder→