By Gary Williams, Published Wednesday, 10th June 2020
With every device now connected to the internet, having good quality IT security in place is essential.
In the world of IT there is nothing more important than security – network security, backup security and physical security. One of the biggest threats to the security of a network is the end-user password. This is often out of the control of network administrators beyond the enforcement of password policies, although this amounts to nothing if a user password is phished, stolen or just misplaced. To protect against such a risk, we recommend implementing a second factor of authentication.Below are some examples of how this can be leveraged against common IT implementations:
Remote Access
Remote access into a system, such as a VPN or Remote Desktop Services deployment, can be protected by sending an authentication message to a smart phone with either a code or an instant ‘Allow’ or ‘Deny’ response to an app. Vendors such as Duo Security and Microsoft Azure provide easy-to-manage solutions for this.
Device Access
Smartcard technology in the form of USB access keys can be used in conjunction with a user password. This ensures that physical access to a machine with the correct password is only part of the authentication process, as without the physical token as well, access cannot be granted.
Email
Email account security is one of the most overlooked points of vulnerability for an organisation, but is one of the most visible targets. Enabling Multi-Factor Authentication using one of the above vendors is a simple task that goes a long way to protecting against data loss and impersonation attempts, among other forms of email-based attacks.
Cloud Services
Multi-Factor Authentication is now available on most external services such as Facebook, Outlook.com, Google, LinkedIn etc. We highly recommend that these services are enabled for their security benefits. They also mitigate against the same email and password combination being used across different platforms and services – if one service is compromised, then all are vulnerable in this case.
By Gary Williams
Gary Williams is Technical Director for Datcom. He has over 10 years experience in the IT industry advising, implementing and supporting IT solutions.
Contact