Many of the recent high profile cybersecurity incidents have something in common: stolen credentials are used to gain remote access through a VPN solution that is not protected by multi-factor authentication. Mult-factor authentication prevents attackers with stolen credentials from gaining remote access by challenging the user to provide additional information such as biometric data or TOTP tokens.
“The authentication factors are defined as follows: something you know (e.g., a personal identification number [PIN]), something you have (e.g., a physical authenticator such as a cryptographic private key), or something you are (e.g., a biometric)…Regardless of the type of access (i.e., local, network, remote), privileged accounts are authenticated using multi-factor options appropriate for the level of risk. Organizations can add additional security measures, such as additional or more rigorous authentication mechanisms, for specific types of access” –NIST SP 800-53r5 IA2 (1)
Learn more: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf
Our offering:
Unlimited Technology offers solutions for each of the functions of the NIST Cyber Security Framework. Our goal is to put you in command of your world by providing you with Insight that informs, Insight that empowers, Automation that quantifies and provides answers real-time and Knowledge that supports and enables compliance. Contact us for more information at Info@utglobal.com.