Foxpass

"Credential checking" is one of the most basic requirements of an enterprise security program, but it is also one of the most critical. But despite this, many organizations struggle to manage user access across multiple channels such as desktop, mobile, or cloud. In fact, most of today's data breaches have to do with weak, default, or stolen passwords. Targeted threats are becoming more sophisticated and continue to grow. Businesses must protect their information, an increasingly complicated task in a more complex and distributed IT environment. Most of the gaps have one thing in common: attacks occur by obtaining passwords, which are often hacked and used to gain access to privileged accounts. The problem is that this unauthorized access may go undetected for months, allowing criminals to obtain all of the company's information. The reality is that many IT users do not have adequate knowledge of how privileged accounts work, as well as the risks associat...

The authorization is issued in accordance with the access control policy. There are different access control policies, each one tailored to different needs. Let's see the most common Role Based Access Control RBAC. In this policy, users of the system are assigned a role that is often attached to a function in an organization. Take the example of an information system of a distribution chain, the roles are closely linked to the functional of the organization, so that we could find the roles cashier, department manager, store manager, accountant. The security policy will define that the cashier and store manager roles have access to the opening of the cash drawer. The department manager role has access to the margins and results of his own department. And so on. Managing new and guest users can be difficult and time-consuming, but if an RBAC defines these roles before a user joins the network, the problem is resolved immediately. As soon as guests and new users join the netw...

SSH is a powerful security tool, which protects privileged access to essential systems. However, when not properly managed, it can become a security handicap rather than an advantage. Our goal is to help you understand the underlying challenges of  SSH Keys  security. In this blog, we will summarize some of the risks associated with SSH. Untrusted SSH Server If users and administrators enable access to the SSH server on systems where it is not required, you increase your attack surface, because attackers will have a better chance of accessing distance to these systems. Uncorrected SSH Software For systems where the use of SSH is warranted, if the SSH server and client software are not kept up to date with patches and updates, then they can expose the systems and data and render them vulnerable. Vulnerable SSH Configuration Most SSH Keys server and client implementations (e.g. OpenSSH) include a large number of configuration parameters that affect operation an...