Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

11/17/2009
04:17 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Trustwave Rolls Out Tokenless Two-Factor Authentication

On-demand solution does not incorporate physical tokens

CHICAGO (November 17, 2009) " Trustwave, the leading provider of on-demand data security and payment card industry compliance management solutions to businesses and organizations throughout the world, has unveiled a low-cost, token-less, on-demand two-factor authentication solution.

Two-factor authentication involves the use of two components to authenticate a user's identity when accessing a network from a remote location. This usually consists of a factor the user has or possesses (e.g., ATM card) and a factor the user knows (e.g., PIN). Trustwave's on-demand two-factor authentication solution couples digital certificates, representing user's identities, with your existing Virtual Private Network (VPN) infrastructure.

Because Trustwave's solution does not incorporate physical tokens, which provide a code that a user must enter along with a password to access a network remotely, it is able to deliver its solution at a fraction of the cost of these current alternatives. The high cost of issuance, replacement and revocation, combined with the corporate resources required to manage that effort, can make physical tokens a difficult solution for companies to implement, manage and afford.

Trustwave's on-demand two-factor authentication solution drastically reduces these costs, while also eliminating the need to track inventory and maintain associated hardware and software. In addition, the solution leverages existing infrastructure and is managed via an easy-to-use Web portal to eliminate the pains of implementation and maintenance. Trustwave's on-demand two-factor authentication solution does not require any additional hardware and therefore, can be activated immediately!

Additionally, Trustwave's on-demand two-factor authentication solution can be used to fulfill Requirement 8.3 of the Payment Card Industry Data Security Standard (PCI DSS):

Incorporate two-factor authentication for remote access (network-level access originating from outside the network) to the network by employees, administrators and third parties. Use technologies such as remote authentication and dial-in service (RADIUS); terminal access controller access control system (TACACS) with tokens; or VPN (based on SSL/TLS or IPSEC) with individual certificates.[1]

"Trustwave provides an innovative, manageable and flexible two-factor authentication solution that meets the needs of any organization," says Robert J. McCullen, chairman and CEO of Trustwave. "Our solution is simple for customers to deploy and can easily and cost effectively scale to thousands of employees with minimal burden on IT resources."

About Trustwave Trustwave is the leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper' compliance management software and other proprietary security solutions. Trustwave has helped more than 30,000 organizations—ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers—manage compliance and secure their network infrastructure, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, Asia and Australia. For more information, visit https://www.trustwave.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-29445
PUBLISHED: 2021-04-16
jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDe...
CVE-2021-29446
PUBLISHED: 2021-04-16
jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDe...
CVE-2021-29451
PUBLISHED: 2021-04-16
Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patched in the upcoming 5.2.1 release.
CVE-2021-29452
PUBLISHED: 2021-04-16
a12n-server is an npm package which aims to provide a simple authentication system. A new HAL-Form was added to allow editing users in version 0.18.0. This feature should only have been accessible to admins. Unfortunately, privileges were incorrectly checked allowing any logged in user to make this ...
CVE-2021-29444
PUBLISHED: 2021-04-16
jose-browser-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDec...