Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

9/26/2009
08:01 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

VeriSign Embeds Authentication Into Cisco SA 500 Series Security Appliances

Solutions provide employees with remote access to VPNs while protecting against email account takeover and other Internet threats

MOUNTAIN VIEW, CA -- (Marketwire) -- September 24, 2009 -- VeriSign, Inc. (NASDAQ: VRSN), the trusted provider of Internet infrastructure for the networked world, today announced that its VeriSign' Identity Protection (VIP) strong authentication is poised to help more small businesses protect their networks and employees from security threats.

VeriSign is embedding optional VIP authentication functionality into the new Cisco Small Business Pro SA 500 Series Security appliances, making it easier than ever for small businesses to provide employees with remote access to VPNs while protecting against email account takeover and other Internet threats. The optional VIP authentication service uses a proven solution to increase protection of business data and can be rapidly deployed with a single click.

VIP Authentication Service offers an additional layer of protection to any number of employees, partners or customers -- anyone who needs highly secure remote access to an organization's network. Two-factor authentication works by requiring each user to provide not just a username and password, but also a unique one-time six-digit security code generated by a user's VIP authentication credential.

Though businesses can leverage VIP credentials in many form factors, including traditional hardware tokens and credit card-sized credentials, many are opting to utilize VIP Access for Mobile, a free, easy-to-install mobile application. VIP Access for Mobile transforms more than 200 different mobile devices into VIP authentication credentials. The application costs nothing for businesses to deploy and is available now to mobile end-users at http://m.verisign.com and the iTunes' application store for iPhone users.

VeriSign also makes two-factor authentication more affordable by reducing the time and costs associated with managing the lifecycle of VIP authentication credentials. Through the VIP Authentication Service, VeriSign takes care of every aspect of credential lifecycle management, including issuance, synchronization, revocation, replacement, tracking and auditing.

"To legitimately safeguard business networks and the data that resides in them, companies can no longer rely on simple username and password sign-ons," said Kerry Loftus, vice president of Consumer Authentication Solutions at VeriSign. "With VIP authentication, we're helping small businesses remain a step ahead of attacks that could have serious financial and competitive implications. And with VIP, the process of implementing and managing two-factor authentication has never been easier or less costly."

VIP Authentication Service is increasingly popular among online merchants, financial institutions and government agencies the world over. A valid VIP authentication credential can allow users to authenticate themselves across any VIP-enabled Web site. That makes it more convenient for users to adopt two-factor authentication into their online routine. For online businesses, joining the VIP Network helps distribute the costs of stronger authentication.

About VeriSign

VeriSign, Inc. (NASDAQ: VRSN) is the trusted provider of Internet infrastructure services for the networked world. Billions of times each day, VeriSign helps companies and consumers all over the world engage in communications and commerce with confidence. Additional news and information about the company is available at www.verisign.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27132
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
CVE-2021-25284
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
CVE-2021-3144
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
CVE-2021-3148
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
CVE-2021-3151
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...