Monday, March 21, 2011

Follow up on RSA incidence

NSS lab has released their analysis of the incidence.

NSS lab is a well known security research lab testing and verifying claims made by security hardware and software vendors.

Sunday, March 20, 2011

RSA information stolen

RSA has announced this past Thursday that certain information about the SecurID technology has been stolen. RSA is best known for providing the hardware key device that many used for 2 factor authentication. At this time, RSA has not announced what is impacted. But there are certain steps you can take if you are using RSA for your authentication.  Network World published an article with 4 steps that you can take now.

RSA has been a trusted source for years, and many have taken it for granted. This latest episode again reminds us that security needs more than just trusting in a single device or technology.  If we use more than a single lock on the door at our house, why do we think a single device can serve our security needs for system access?

Yes, there are other devices or technology that performs similar functions as SecurID, such as phone based systems. But no matter how good or robust the technology, someone might be able to compromise it by sheer luck and persistent.

Defense in depth is the way to go. Diligent monitoring of access log can also help. It is good security practice.