Data access control authentication controls the data access process and information protection. Data access control is a tough challenge for everyone, proper research, development of new generation data protection technology is mandatory for improving security to access cloud computing and big data processing method. Patent data leakage is a big loss for applicants who are interested as it can cause a leakage of technological information. Compared to when we think about the traditional data protection technologies and security algorithms which are stored on the shared database that used the encryption algorithms and transmits data using encryption and fragmentation method.
Patent data is classified into four categories as public data, Non-public data, structure data, and unstructured data. Every year more than four million applications each year and 160 million documents are generated in XML, PDF, and other formats. The framework is written as DSEA (Data Segmentation Encryption Algorithm) model that can prevent system operators and data managers from data violation of regulations, prevent cloud service providers from tampering with user program codes, private data storage, and prevent data leakage from peripheral organizations. Blockchain improves the efficiency of shared storage and data privacy protection, however, the security performance will be affected, so overall more research is required for proper balance of patent data access control.
The future of security: Unifying video and access control technologies
Cloud-based integrations for even smarter features
Many organizations cannot have screens physically monitored 24/7, and this is where unifying video and access control technologies and integrating cloud-based solutions make all the difference. Decentralizing the monitoring of security measures and implementing automated alert systems allows security teams to focus their time more effectively elsewhere.
Modern technology for video security can integrate hardware and software features, such as smart detection and infrared sensors, to optimize the efficiency and accuracy of remote system management.
Not only are more and more organizations adopting this integrated approach to improve their cyber and physical security measures, but giants in the industry are making moves that clearly demonstrate the future impact of merging video identification technology with access control systems. Merging video and access control is highly relevant to the future of security.
MFA is an effective control against phishing as the attacker does not have access to something the user has, e.g. a code from an authenticator app. One way to bypass MFA is to use a reverse proxy to collect the code and use it to establish a session under the victim’s account. This method is often detected and blocked by service providers, e.g. Google, which limits its effectiveness.
An updated approach to reverse proxy attacks has been deployed by security researchers to bypass MFA. This attack builds on the reverse proxy technique and uses VNC, a graphical desktop-sharing system. VNC is a remote access software similar to Windows Remote Desktop. The attack uses the noVNC remote access software and browsers running in kiosk mode to display a site’s login page. This page is actually running on the attacker’s server, but appears as a login page on the victims browser. A phishing email delivers the link to the victim prompting them to sign in and allows the attacker to harvest information. The author provides the following overview from the article:
“So how do we use noVNC to steal credentials & bypass 2FA? Setup a server with noVNC, run Firefox (or any other browser) in kiosk mode and head to the website you’d like the user to authenticate to (e.g. accounts.google.com). Send the link to the target user and when the user clicks the URL they’ll be accessing the VNC session without realizing. And because you’ve already setup Firefox in kiosk mode all the user will see is a web page, as expected.”
Since the victim is signing into the site on the attacker’s server, there are many techniques available to steal credentials and session tokens, e.g. Burp Suite. This defeats MFA, since the challenge is legitimately completed on an unassuming machine as far as the provider is concerned, i.e. no reverse proxy is detected. This attack paired with a spear phishing email can be particularly effective as the links can be highly customized so as not to raise user suspicion.
Recent Access Control Vulnerabilities Are Fair Warning
The security provided by access control systems is vital, which is why access control vulnerabilities found in a leading system are so troubling.
The need to control who can access an organization’s facilities is critical to keeping corporate assets secure. To address that issue, more and more organizations have implemented access control systems, requiring authorized personnel to use specific credentials–such as PIN numbers, biometrics or key cards–to enter a facility or specific areas of a facility. Just as importantly, these systems monitor and report on suspicious activity, such as someone trying to unlock a door he or she isn’t authorized to unlock. The security provided by access control systems is vital, which is why the discovery of dangerous exposures in a leading access control system is so troubling.
Taking note of these challenges may be the key to preventing these types of vulnerabilities in the future. IT professionals installing access control technology should be sure to keep up with patches, change defaults, perform vulnerability testing and segment their networks. At the same time, vendors writing application security software should build in a testing tool, Kennedy advised.
The Internal Revenue Service (IRS) had announced last year that it would start requiring people who file taxes online to register with ID.me, which would verify the identity of filers with a video selfie. There was a lot of controversy over this decision and they received backlash for using third-party vendors to verify the identity of people wanting to use its online services as giving a private company access to that much biometric information is inherently risky; not to mention, there were concerns over potential racial and gender biases to come. Amid concerns over privacy and data security, the IRS has since decided to stop using facial recognition software to identify taxpayers seeking access to their accounts on the agency’s website. In addition, they made a statement ensuring their users that any biometric data already shared with ID.me would be permanently deleted over the next few weeks, and any biometric data provided for new signups will be destroyed after an account is created.
Samsung Confirms Data Breach After Hackers Leak Galaxy Source Code
Samsung on Monday confirmed a security breach that resulted in the exposure of internal company data, including the source code related to its Galaxy smartphones.
“According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees,” the electronics giant told Bloomberg.
This article talks about how a 3rd or 4th generation Amazon Alexa can hack itself.
Researchers found that self activation of the echo device happens when an audio file reproduced by the device itself contains a voice command.
To make Alexa play a maliciously crafted recording a hacker needs a phone or laptop with in Bluetooth range. This means they need to be within the proximity of the Alexa device. Once the attacker pairs with the Alexa, they don’t need to re-pair to that Alexa, meaning the attack doesn’t have to happen at the time of pairing but at another time of the hackers choosing. Another way for the hacker to connect to the Alexa is by using internet radio. “beaming” to the Alexa like a command and over control sever. That means it works remotely and can be used to control multiple devices at once.
Once the attacker has successfully gained access to the Alexa, your home is no longer safe. Alexa can order from amazon, call people, unlock your front door, turn the oven on, mess with the heat and literally can put your safety at risk. Imagine at night time, your hacked Alexa turns off your lights and then unlocks the door? Pretty scary to think about. https://threatpost.com/attack-amazon-devices-against-themselves/178797/
Many end users have a bad habit of reusing passwords on multiple sites even when those sites/passwords have been breached. This article points out that 70% of breached passwords are still being used by the end user, creating tons of easy targets for bad actors. Additionally, more and more end-users are using popular words/sayings from tv shows and sports teams, making it easier for bad actors to guess their password or to find them using dictionary attacks.
Russia’s invasion kicks Senate into cybersecurity law mode
Obviously, the majority of the news cycle is currently focused on the Russian invasion of Ukraine. Among the variety responses by the US, the Senate has unanimously passed a bipartisan cybersecurity bill. This bill now moves to the house to be voted on. The bill contains steps to force critical infrastructure companies to report attacks and ransomeware payments to the Cybersecurity and Infrastructure Security Agency (CISA). There has been some cyber professionals that are questioning the requirement to alert Homeland Security of a ransomware payments. Some claim that self reporting these payments will do more harm then good. Either way, the Biden Administration has made it a point to prioritize cybersecurity and this bill can be a big step in that direction.
Zero-Click Flaws in Widely Used UPS Devices Threaten Critical Infratructure
UPS devices provide emergency backup power for mission-critical assets that require high availability. Schneider Electric, one of the leading suppliers of UPS equipment, has approximately 20 million APC Smart-UPS units deployed worldwide.
However, researchers at Armis Research Labs have discovered a flaw they call TLSStorm in APC Smart-UPS devices. By exploiting TLSstorm, attackers can remotely control devices and use them to compromise a company’s internal network and steal data. By cutting power to mission-critical equipment or services, attackers can also cause personal injury or disrupt business services. The latest APC Smart-UPS models are controlled via a cloud connection, and a bad actor who successfully exploited the TLSStorm vulnerability could take over the device remotely from the internet without any user interaction or the user’s knowledge. In addition, the researchers said, an attacker could These vulnerabilities are exploited to execute code on the device, which in turn can be used to alter the operation of the UPS, causing physical damage to the device itself or other assets connected to it.
Multiple sources are reporting that Google is in the process of acquiring a cybersecurity firm known as Mandiant. Apparently the organization is worth $4.5 billion dollars, and the tech company is offering $5.4 billion dollars to buy them out. This is all in an effort to protect their cloud-based customers. Mandiant has a market value of about $5.25 billion dollars, and Google is planning to add them to their “cloud computing division, which is yet to grow to the same size as Microsoft Azure or Amazon Web Services”. This is happening at a time when cyber security threats and attacks are not only more sophisticated but also severe. On a global scale organizations are constantly being subjected to cyber attacks “that were previously used to target major governments but are now being used to target companies in every industry”. This article implies that Google’s initiative to upgrade their cyber security footprint pressures other big tech companies like Amazon and Microsoft to do the same.
Currently with the war between Ukraine & Russia there has been a spillover increase in Cybersecurity attacks. Surprisingly there hasn’t been any major Russian attacks against Ukraine’s infrastructure and it is speculated that this is due to Ukraine’s infrastructure not being interconnected with the Internet of Things (IOT) like western Europe and North America. However, there has been many independent groups from both sides launching attacks at both the Ukraine and Russian military to disrupt military hardware and communications. One group in particular known as the Belarus Cyber Partisans trying to disrupt troop and hardware movements.
Despite Russia not launching any major attacks, this still probably is the largest Cyberhacker war ongoing currently in the shadows. With multiple groups trying to advance further for their causes. And spillover is likely to occur and has occurred near neighboring countries within Ukraine. Financial institutions and organizations within Latvia and Lithuania were also hit.
What is even more concerning is with an ongoing war which is reigning destruction in Ukraine – there are even more malicious bad actors taking advantage of the conflict and using the guise of the two nations to launch their own attacks as “false flag” operations. Forensics is already incredibly difficult within the realm of cybersecurity and will likely ignite a free for all even further as hacking further intensifies.
“A mismanaged parking lot and vehicle access can lead to an end user’s building (or your own company) being vulnerable to a security breach.”
03/08/22
by Frederick Trjillo & Mae Tholoniat
This brief article basically describes that most office parking lots are often overlooked when developing an access control security plan. It is crucial to secure this first point of entry for numerous reasons. First, it protects users because an unsecured lot increases the risk of breaching the lot’s structure. For that reason it is important to have a solution that identifies the driver & their vehicles, such as mobile IDs & front license plates. Another important point is for convenience & quick access into the lot. Ticketing systems & short-range readers require the car to come to a complete stop, which often results in delays. Finally, simplifying management & reducing cost. Unauthorized vehicles cause safety concerns & take up parking spots, and a mismanaged lot can result in the lot’s organization being vulnerable to a security breach. A solution for this is tech that combines UHF & Bluetooth because they identify the vehicles & drivers that are entering the car park. This works by basically digitizing parking lot access cards for the users.
This article touches on some of the pros and cons related to organizations adopting biometric authentication within their environments. To many people, the idea of using biometric authentication instead of password based authentication is more secure for a number of reasons. First, the use of biometric authentication gets rid of the idea of password reuse. Additionally, biometric authentication eliminates the ability for users to deploy weak or easy to guess passwords. However, the article indicates there are also risks associated with the adoption of biometric authentication, the article notes, “Someone can steal a physical security key. Researchers also found that the OTP method could fail in up to 80 percent of cases due to interception bots that grab the code before the rightful user can. People have also spoofed biometrics with everything from Play-Doh to 3D masks”. The article also mentions that the adoption and implementation of biometric authentication can be difficult as organizational and business leaders are reluctant to embrace new technologies and the security features associated with them.
This article is related to security leaders who expect to see an increase in physical threats in wake of pandemic. With an ever-increasing number of people starting to make their way back into public spaces and traditional office environments as the Covid-19 pandemic wanes, many security professionals fear the so-called “return to normalcy” will also result in an uptick in physical threats to the businesses they serve.
https://www.networkworld.com/article/3654479/what-is-nac-and-why-is-it-important-for-network-security.html
This reading talks about the importance of network access control (NAC). The reading mentioned that there were 2 stages of NAC. The first stage, called authentication, helps to identify users and verify their credentials. In the second stage, NAC will work on enforcing number of policy factors that also include how the security system set up a limit of access by role and granting users access to specific the resources that are necessary to do their jobs.
Mohammed Syed says
https://www.nature.com/articles/s41598-022-05215-w
Data access control authentication controls the data access process and information protection. Data access control is a tough challenge for everyone, proper research, development of new generation data protection technology is mandatory for improving security to access cloud computing and big data processing method. Patent data leakage is a big loss for applicants who are interested as it can cause a leakage of technological information. Compared to when we think about the traditional data protection technologies and security algorithms which are stored on the shared database that used the encryption algorithms and transmits data using encryption and fragmentation method.
Patent data is classified into four categories as public data, Non-public data, structure data, and unstructured data. Every year more than four million applications each year and 160 million documents are generated in XML, PDF, and other formats. The framework is written as DSEA (Data Segmentation Encryption Algorithm) model that can prevent system operators and data managers from data violation of regulations, prevent cloud service providers from tampering with user program codes, private data storage, and prevent data leakage from peripheral organizations. Blockchain improves the efficiency of shared storage and data privacy protection, however, the security performance will be affected, so overall more research is required for proper balance of patent data access control.
Shubham Patil says
The future of security: Unifying video and access control technologies
Cloud-based integrations for even smarter features
Many organizations cannot have screens physically monitored 24/7, and this is where unifying video and access control technologies and integrating cloud-based solutions make all the difference. Decentralizing the monitoring of security measures and implementing automated alert systems allows security teams to focus their time more effectively elsewhere.
Modern technology for video security can integrate hardware and software features, such as smart detection and infrared sensors, to optimize the efficiency and accuracy of remote system management.
Not only are more and more organizations adopting this integrated approach to improve their cyber and physical security measures, but giants in the industry are making moves that clearly demonstrate the future impact of merging video identification technology with access control systems. Merging video and access control is highly relevant to the future of security.
Link: https://bdtechtalks.com/2022/02/13/security-video-access-control-technologies/
Matthew Bryan says
Article: Devious phishing method bypasses MFA using remote access software
Author: Lawrence Abrams
Published: February 22, 2022
Link:https://www.bleepingcomputer.com/news/security/devious-phishing-method-bypasses-mfa-using-remote-access-software/
MFA is an effective control against phishing as the attacker does not have access to something the user has, e.g. a code from an authenticator app. One way to bypass MFA is to use a reverse proxy to collect the code and use it to establish a session under the victim’s account. This method is often detected and blocked by service providers, e.g. Google, which limits its effectiveness.
An updated approach to reverse proxy attacks has been deployed by security researchers to bypass MFA. This attack builds on the reverse proxy technique and uses VNC, a graphical desktop-sharing system. VNC is a remote access software similar to Windows Remote Desktop. The attack uses the noVNC remote access software and browsers running in kiosk mode to display a site’s login page. This page is actually running on the attacker’s server, but appears as a login page on the victims browser. A phishing email delivers the link to the victim prompting them to sign in and allows the attacker to harvest information. The author provides the following overview from the article:
“So how do we use noVNC to steal credentials & bypass 2FA? Setup a server with noVNC, run Firefox (or any other browser) in kiosk mode and head to the website you’d like the user to authenticate to (e.g. accounts.google.com). Send the link to the target user and when the user clicks the URL they’ll be accessing the VNC session without realizing. And because you’ve already setup Firefox in kiosk mode all the user will see is a web page, as expected.”
Since the victim is signing into the site on the attacker’s server, there are many techniques available to steal credentials and session tokens, e.g. Burp Suite. This defeats MFA, since the challenge is legitimately completed on an unassuming machine as far as the provider is concerned, i.e. no reverse proxy is detected. This attack paired with a spear phishing email can be particularly effective as the links can be highly customized so as not to raise user suspicion.
Oluwaseun Soyomokun says
Recent Access Control Vulnerabilities Are Fair Warning
The security provided by access control systems is vital, which is why access control vulnerabilities found in a leading system are so troubling.
The need to control who can access an organization’s facilities is critical to keeping corporate assets secure. To address that issue, more and more organizations have implemented access control systems, requiring authorized personnel to use specific credentials–such as PIN numbers, biometrics or key cards–to enter a facility or specific areas of a facility. Just as importantly, these systems monitor and report on suspicious activity, such as someone trying to unlock a door he or she isn’t authorized to unlock. The security provided by access control systems is vital, which is why the discovery of dangerous exposures in a leading access control system is so troubling.
Taking note of these challenges may be the key to preventing these types of vulnerabilities in the future. IT professionals installing access control technology should be sure to keep up with patches, change defaults, perform vulnerability testing and segment their networks. At the same time, vendors writing application security software should build in a testing tool, Kennedy advised.
https://www.itprotoday.com/data-security-and-encryption/recent-access-control-vulnerabilities-are-fair-warning
Elizabeth Gutierrez says
Article Title: IRS: Selfies Now Optional, Biometric Data to Be Deleted
Source / Link: https://krebsonsecurity.com/2022/02/irs-selfies-now-optional-biometric-data-to-be-deleted/
The Internal Revenue Service (IRS) had announced last year that it would start requiring people who file taxes online to register with ID.me, which would verify the identity of filers with a video selfie. There was a lot of controversy over this decision and they received backlash for using third-party vendors to verify the identity of people wanting to use its online services as giving a private company access to that much biometric information is inherently risky; not to mention, there were concerns over potential racial and gender biases to come. Amid concerns over privacy and data security, the IRS has since decided to stop using facial recognition software to identify taxpayers seeking access to their accounts on the agency’s website. In addition, they made a statement ensuring their users that any biometric data already shared with ID.me would be permanently deleted over the next few weeks, and any biometric data provided for new signups will be destroyed after an account is created.
Jason Burwell says
Samsung Confirms Data Breach After Hackers Leak Galaxy Source Code
Samsung on Monday confirmed a security breach that resulted in the exposure of internal company data, including the source code related to its Galaxy smartphones.
“According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees,” the electronics giant told Bloomberg.
https://thehackernews.com/2022/03/samsung-confirms-data-breach-after.html
Corey Arana says
This article talks about how a 3rd or 4th generation Amazon Alexa can hack itself.
Researchers found that self activation of the echo device happens when an audio file reproduced by the device itself contains a voice command.
To make Alexa play a maliciously crafted recording a hacker needs a phone or laptop with in Bluetooth range. This means they need to be within the proximity of the Alexa device. Once the attacker pairs with the Alexa, they don’t need to re-pair to that Alexa, meaning the attack doesn’t have to happen at the time of pairing but at another time of the hackers choosing. Another way for the hacker to connect to the Alexa is by using internet radio. “beaming” to the Alexa like a command and over control sever. That means it works remotely and can be used to control multiple devices at once.
Once the attacker has successfully gained access to the Alexa, your home is no longer safe. Alexa can order from amazon, call people, unlock your front door, turn the oven on, mess with the heat and literally can put your safety at risk. Imagine at night time, your hacked Alexa turns off your lights and then unlocks the door? Pretty scary to think about.
https://threatpost.com/attack-amazon-devices-against-themselves/178797/
Amelia Safirstein says
https://www.helpnetsecurity.com/2022/03/08/exposed-data-trends/
Many end users have a bad habit of reusing passwords on multiple sites even when those sites/passwords have been breached. This article points out that 70% of breached passwords are still being used by the end user, creating tons of easy targets for bad actors. Additionally, more and more end-users are using popular words/sayings from tv shows and sports teams, making it easier for bad actors to guess their password or to find them using dictionary attacks.
Ryan Trapp says
Russia’s invasion kicks Senate into cybersecurity law mode
Obviously, the majority of the news cycle is currently focused on the Russian invasion of Ukraine. Among the variety responses by the US, the Senate has unanimously passed a bipartisan cybersecurity bill. This bill now moves to the house to be voted on. The bill contains steps to force critical infrastructure companies to report attacks and ransomeware payments to the Cybersecurity and Infrastructure Security Agency (CISA). There has been some cyber professionals that are questioning the requirement to alert Homeland Security of a ransomware payments. Some claim that self reporting these payments will do more harm then good. Either way, the Biden Administration has made it a point to prioritize cybersecurity and this bill can be a big step in that direction.
https://www.theregister.com/2022/03/05/senate-cyber-bill/
Yangyuan Lin says
Zero-Click Flaws in Widely Used UPS Devices Threaten Critical Infratructure
UPS devices provide emergency backup power for mission-critical assets that require high availability. Schneider Electric, one of the leading suppliers of UPS equipment, has approximately 20 million APC Smart-UPS units deployed worldwide.
However, researchers at Armis Research Labs have discovered a flaw they call TLSStorm in APC Smart-UPS devices. By exploiting TLSstorm, attackers can remotely control devices and use them to compromise a company’s internal network and steal data. By cutting power to mission-critical equipment or services, attackers can also cause personal injury or disrupt business services. The latest APC Smart-UPS models are controlled via a cloud connection, and a bad actor who successfully exploited the TLSStorm vulnerability could take over the device remotely from the internet without any user interaction or the user’s knowledge. In addition, the researchers said, an attacker could These vulnerabilities are exploited to execute code on the device, which in turn can be used to alter the operation of the UPS, causing physical damage to the device itself or other assets connected to it.
Link: https://threatpost.com/zero-click-flaws-ups-critical-infratructure/178810/
Joshua Moses says
Multiple sources are reporting that Google is in the process of acquiring a cybersecurity firm known as Mandiant. Apparently the organization is worth $4.5 billion dollars, and the tech company is offering $5.4 billion dollars to buy them out. This is all in an effort to protect their cloud-based customers. Mandiant has a market value of about $5.25 billion dollars, and Google is planning to add them to their “cloud computing division, which is yet to grow to the same size as Microsoft Azure or Amazon Web Services”. This is happening at a time when cyber security threats and attacks are not only more sophisticated but also severe. On a global scale organizations are constantly being subjected to cyber attacks “that were previously used to target major governments but are now being used to target companies in every industry”. This article implies that Google’s initiative to upgrade their cyber security footprint pressures other big tech companies like Amazon and Microsoft to do the same.
https://www.cnbc.com/2022/03/08/google-plans-to-acquire-mandiant-for-5point4-billion.html
Michael Duffy says
Currently with the war between Ukraine & Russia there has been a spillover increase in Cybersecurity attacks. Surprisingly there hasn’t been any major Russian attacks against Ukraine’s infrastructure and it is speculated that this is due to Ukraine’s infrastructure not being interconnected with the Internet of Things (IOT) like western Europe and North America. However, there has been many independent groups from both sides launching attacks at both the Ukraine and Russian military to disrupt military hardware and communications. One group in particular known as the Belarus Cyber Partisans trying to disrupt troop and hardware movements.
Despite Russia not launching any major attacks, this still probably is the largest Cyberhacker war ongoing currently in the shadows. With multiple groups trying to advance further for their causes. And spillover is likely to occur and has occurred near neighboring countries within Ukraine. Financial institutions and organizations within Latvia and Lithuania were also hit.
What is even more concerning is with an ongoing war which is reigning destruction in Ukraine – there are even more malicious bad actors taking advantage of the conflict and using the guise of the two nations to launch their own attacks as “false flag” operations. Forensics is already incredibly difficult within the realm of cybersecurity and will likely ignite a free for all even further as hacking further intensifies.
https://apnews.com/article/russia-ukraine-vladimir-putin-technology-europe-hacking-a61c1c631fd4fc945d02066e03fec534
Alexander William Knoll says
“A mismanaged parking lot and vehicle access can lead to an end user’s building (or your own company) being vulnerable to a security breach.”
03/08/22
by Frederick Trjillo & Mae Tholoniat
This brief article basically describes that most office parking lots are often overlooked when developing an access control security plan. It is crucial to secure this first point of entry for numerous reasons. First, it protects users because an unsecured lot increases the risk of breaching the lot’s structure. For that reason it is important to have a solution that identifies the driver & their vehicles, such as mobile IDs & front license plates. Another important point is for convenience & quick access into the lot. Ticketing systems & short-range readers require the car to come to a complete stop, which often results in delays. Finally, simplifying management & reducing cost. Unauthorized vehicles cause safety concerns & take up parking spots, and a mismanaged lot can result in the lot’s organization being vulnerable to a security breach. A solution for this is tech that combines UHF & Bluetooth because they identify the vehicles & drivers that are entering the car park. This works by basically digitizing parking lot access cards for the users.
https://www.securitysales.com/access/vehicle-key-access-control/
Bryan Garrahan says
https://www.makeuseof.com/passwordless-authentication-risks-benefits/
This article touches on some of the pros and cons related to organizations adopting biometric authentication within their environments. To many people, the idea of using biometric authentication instead of password based authentication is more secure for a number of reasons. First, the use of biometric authentication gets rid of the idea of password reuse. Additionally, biometric authentication eliminates the ability for users to deploy weak or easy to guess passwords. However, the article indicates there are also risks associated with the adoption of biometric authentication, the article notes, “Someone can steal a physical security key. Researchers also found that the OTP method could fail in up to 80 percent of cases due to interception bots that grab the code before the rightful user can. People have also spoofed biometrics with everything from Play-Doh to 3D masks”. The article also mentions that the adoption and implementation of biometric authentication can be difficult as organizational and business leaders are reluctant to embrace new technologies and the security features associated with them.
Ornella Rhyne says
This article is related to security leaders who expect to see an increase in physical threats in wake of pandemic. With an ever-increasing number of people starting to make their way back into public spaces and traditional office environments as the Covid-19 pandemic wanes, many security professionals fear the so-called “return to normalcy” will also result in an uptick in physical threats to the businesses they serve.
https://www.securityinfowatch.com/security-executives/article/21230718/study-security-leaders-expect-to-see-an-increase-in-physical-threats-in-wake-of-pandemic
Hang Nu Song Nguyen says
https://www.networkworld.com/article/3654479/what-is-nac-and-why-is-it-important-for-network-security.html
This reading talks about the importance of network access control (NAC). The reading mentioned that there were 2 stages of NAC. The first stage, called authentication, helps to identify users and verify their credentials. In the second stage, NAC will work on enforcing number of policy factors that also include how the security system set up a limit of access by role and granting users access to specific the resources that are necessary to do their jobs.