The channel remains deeply concerned about fallout from the recent announcement that RSA's SecurID authentication product was compromised. But RSA has been less than forthcoming with recommendations or even potential ramifications of how to keep customers safe. It's clear that it's up to partners to make sure that the proper steps are taken to ensure the security of customer information. Here are some key recommendations for immediate and near-term actions that partners need to check off their list, based on RSA's Securicor note and a synthesis of partner and security expert advice. Before all else, suggests Don Gray, chief security strategist for Cautionary, remember that a calm head is necessary to best help customers and that your clients are looking for long-term solutions, not short term fixes. "Don’t panic!" Gray says. "A successful attack using the worst case scenario will not appear quickly if at all."
of
Improve Physical SecurityThe physical security of token servers is tantamount, and similarly partners need to stress the importance to token holders of keeping close track of their devices. Depending on the attack, physical access may be the only thing a well-equipped hacker needs at this point.
Consider Turning Off Remote AccessIt may not be a possibility for some systems, but this option is the most secure choice until RSA offers more details about the breach.
Reexamine Passwords and PINsTokens are part of multifactor authentication schemes. Passwords and pins are more important than ever if you choose to keep remote access on while the situation unfolds. Be sure to educate and enforce strong password principles.
Train Help DeskIs your help desk staff giving away key information about customer accounts to social engineering scammers? If you're not sure, it's time to retrain.
Lock Down Active DirectoriesRSA is suggesting that organizations implement two-factor authentication to control access to Active Directory and to keep special monitoring tabs on and to stay on the lookout for unusual account behavior.
Explore AlternativesIf you or your customers are unsatisfied with RSA's response, if customers can't afford to be without remote access or multifactor authentication, or if your customer was already unhappy with the unwieldiness of tokens, now is the time to look for authentication alternatives.
Monitor Privilege LevelsService providers will especially want to watch their customer's accounts closely for unusual changes in privilege levels and access rights and potentially may even want to add manual approval for changes in key accounts.
Train Employees On Social EngineeringCustomer and partner employees need to be reminded of why they need to avoid giving away credential information over the phone or email. They should also be instructed to report these requests.
Patch, Patch, PatchEnsure that customers have not only patched their operating systems and key apps, but also their security software.
Intel Technology Provider Program
Intel Technology Provider Program (ITP) helps resellers better understand Intel products which power the technology they sell, and enables value-add services such as remote manageability or anti-theft tracking. Learn More
WindowsForDevices.com
WindowsForDevices.com is the comprehensive news site covering Windows embedded technologies. Visitors get news, technical white papers, opinion columns and extensive directories covering the products and companies in the marketplace. Click Here
10 Key Ingredients That Have Made Apple So Successful
10 Reasons RIM`s New CEO Won`t Fix the Company
Eight IT Jobs Skills That Win Six-Figure Salaries
Social Media Best Practices to Land that Dream Job
Channel Executives On The Move: 2012
Why SOPA Is Such A Big Issue
See All Slideshows
