Author: admini

“Each NAC product works a little differently, but in every case, we found the means to bypass it,” says Ofir Arkin, CTO and co-founder of Insightix. For example, most NAC technology assumes that users will be granted access to the network via Dynamic Host Control Protocol (DHCP), which keeps IP addresses in a pool and hands them out as each user is authenticated. Through DHCP, NAC systems can restrict user access and recognize unauthorized attempts to gain entry to sensitive information. However, an insider with access to the corporate network often has the option to configure his PC with a static IP address, Arkin observes.
“That means if you can find the address of the router, which is contained in TCP/IP settings on most PCs, you can link directly to the router and enter the network undetected,” Arkin says.

NAC systems are also at risk because they normally work entirely through IP addresses, without collecting information on where devices are located or how they are connected to the network, Arkin states. NAC systems generally cannot detect activity between nodes on the same subnet, particularly if the client avoids broadcast transmissions.

Users could also gain access through unauthorized devices or old, forgotten systems and connections that don’t show up in a standard DHCP address discovery.

http://www.darkreading.com/document.asp?doc_id=98626&WT.svl=news1_2

Chairman David Goodman declared on day one that the role of identity-related trust – at both a personal and corporate level – was dramatically changing Internet-based transactions.

In the first keynote address, Stijn Bijnens, SVP of Identity Management at Cybertrust, stated that the main drivers of identity are security, integration of physical and logical access control, flexibility, productivity, compliance and customer satisfaction. On the drivers behind national identity programmes, Bijnens also recognised the need for more efficient e-government, both regionally and across-borders, as well as new applications such as e-tickets on public transport and physical access to public buildings.

During the morning’s panel debate, Chief Security Officer at Corestreet, Bob Dulude, echoed Bijnens’ sentiments, claiming that e-ID cards must be technically interoperable to support multiple applications, with the caveat that security and privacy could be more easily compromised when there is a vast amount of data on a single smartcard. “It united senior IT, marketing and management personnel from some of the biggest players in the industry to share their valued opinions.”

http://www.it-observer.com/news/6564/identity_become_key_technology_focus/

The survey, of 100 IT directors, commissioned by enterprise software firm Compuware, found ignorance about data protection legislation was rife among IT directors.

This can have severe repercussions on customer confidence and company reputation, and ultimately affect the bottom line,” Compuware worldwide enterprise solutions director Ian Clarke said.

http://www.theregister.co.uk/2006/07/04/data_abuse_survey/