… for desktop/laptop a physical smartcard inserted in the device provides additional security, user just need to unlock the smartcard with a pin, without the need to know their password – in times of mobile devices it is possible to attach those smartcard with adapters, but with bad user experience
derived credentials ensure compliance with HSPD12 / FIPS 201 personal identity verification (piv) requirements
derived credentials provider, e.g. entrust, provides an overview about the integration in the infrastructure and enrollment of trusted certificate with modern emm system
citrix provides an easy way to secure authenticate at workspace app for emm trusted devices, better usability and higher security
download NCCoE released second draft version of NIST cybersecurity practice guide SP 1800-12, derived piv credentials attached:
… inside a wifi you could find your ip in android 8 settings > about > status, use unsecured services like sonos, scan for other clients, check open ports, bruteforce backend services (router, firewall)
open wifi – in 2018 none should access untrusted unsecured wireless networks anymore
wpa encryption – works with “handshake” to ensure trust between devices – wpa2 added advanced encryption standart (aes) – wpa2 is vulnerable: key reinstallation attacks – wi-fi alliance announced wpa3 with additional security features
public wifi – when accessing a wifi while shopping, your devices are redirected to a captive portal to accept policies and establish a secure connection
vpn – apps like nordvpn esablish secure connection to add another layer of security, browse incognito through the internet
business – could use radius protocol to check validity of authentification – further enroll client certificate via mdm to authenticate via 802.1x – aruba clearpass can check devices status in mdm to ensure security and trust at the entire cycle
rouge access – attacker can fake access points to start a man in the middle (mitm) attack, intercept your private data, for example this pineapple nano
hashcat – new technique allow to get all the information they need to brute force decrypt a Wi-Fi password, by snooping on a single data packet going over the air
ssl srip – a method to redirect traffic from https to http to force unencrypted transport – every passcode is unprotected, even it is shown as secure
mobile devices management – is a way to protect company devices, e.g. disallow profile installation – but in a byod or mam-only scenario you can’t disable all features
mobile thread defense – mtd is for private and business devices, check behaviour and use ai to protect – like lookout as cloud service and additionally on device like zimperium, partners with mobileiron
are you really sure that your account is/was not compromised – hasso plattner institute analysed over 5 billion leaked user accounts – your able to check if it’s listed in at least one stolen or unlawful published identity leak
they further analyse password quality – astonishing how easy password are still in 2018
need an extra layer of security ? use multi factory authentication, two factor authentication, 2fa, two step verification or fta – additionally to username and password are further method is requested to successfully authenticate like
e.g. fedex exposed thousands customer records on a password-less server, companys should care about your data as well, especially for european citizen because of gdpr