Posted by:
root
8 years, 9 months ago
Any day now, we expect the PCI Council to release PCI DSS 3.2. According to PCI Security Standards Council Chief Technology Officer Troy Leach:
When making changes to the standard, in addition to market feedback, we look closely at the threat landscape, and specifically what we are seeing in breach forensics reports as the trending attacks causing compromises. With this in mind, for 3.2 we are evaluating additional multi-factor authentication for administrators within a Cardholder Data Environment (CDE).
It seems as though the PCI Council has been reading the Verizon DBIR.
Luckily, WiKID has just released an Active Directory protocol providing native two-factor authentication for Windows environments and servers. This feature will allow windows administrators to login using a WiKID one-time passcode. The OTP is pushed as the new password to AD and then over-writen on expiry. It is quite simple to setup as well.
Payment processors and merchants face a difficult challenge. Much of their infrastructure is dispersed and in less-than-optimal environments. It needs to be available to non-employees and thus is open to physical attack. Locking down administrative accounts makes a great deal of sense. Preventing attackers from escalating their privilege via attacks like pass-the-hash and forcing their presence out in the open is critical.
UPDATE: We have published a tutorial on requiring 2FA for admins on both Linux (Centos/RHEL/Ubuntu) and Windows.
Share on Twitter Share on FacebookRecent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)