Tag: Access control
What Is Credential Stuffing? Credential stuffing occurs when a cybercriminal obtains a large number of stolen or leaked login credentials—username and password pairs—for one website and tests them on the login pages of other websites. The attacker’s goal is to gain unauthorized access to as many user accounts as possible and then carry out other…
Read MoreThe 2021 Application Protection report notes that ransomware was a factor in roughly 30 percent of U.S. breaches in 2020. Looking at the breach analyses, we found some of the most important controls were user account management, network segmentation, and data backup. We realize that implementing these controls can be difficult, so this article goes…
Read MoreWhat Is the Principle of Least Privilege? Information security is a complex, multifaceted discipline built upon many foundational principles. The three most important—confidentiality, integrity, and availability (the CIA triad)—are considered the goals of any information security program. A supporting principle that helps organizations achieve these goals is the principle of least privilege. The principle of…
Read MoreWhat Is Authorization? Once a subject is authenticated, authorization (abbreviated as AuthZ) is the process of determining whether the given identity (for example, a user) is allowed to access the requested resource and, if so, what actions they are allowed to take. The goal is to give authenticated users access to the resources (such as…
Read MoreUnpacking Zero Trust As A Concept Since the term “zero trust” was coined in 1994 by Stephen Paul Marsh in his doctoral thesis, it’s gone through a lot of changes. So many, in fact, that security practitioners often find themselves with a mandate to implement it without a good understanding of how to do so.…
Read MoreIntroduction Identity is one of those bedrock concepts in security that seems simple and intuitive when we use it in our daily lives (“Hi Bob!”), about ourselves (“I’m a chef!”), and in personal (“You’re my friend!”) and intimate (“I love you!”) contexts. Yet when we build or deploy systems that rely on identity — a…
Read More