Blog / News

Do not give up on security when using SSO

SSO (Single Sign-On) is an authentication method that allows users to access with one set of log-in info on multiple software systems and services without having to authenticate again. SSO has become increasingly popular as it simplifies application access and reducing the burden of remembering multiple passwords from a user’s perspective. However, there are also concerns about security vulnerabilities that could result in account exposure and leakage of sensitive information from multiple systems. There is also a concern that an attacker could hack into the user’s PC and acquire the credential key downloaded when the user accesses the target system through SSO, which can also be used to re-access the target system. Some PAM (Privileged Access Management) vendors argue that the lack of zero trust, which should be a multi-authentication framework, is a fatal weakness, although it can deliver user convenience.

However, Jae-Guk Lee, Director of Global Technology at NETAND said “Unlike other PAM solutions, NETAND’s HIWARE has the strength to achieve both convenience and zero-trust security. The reasons for maintaining a higher security level when accessing the target system through HIWARE are as follows:

Firstly, the proxy server holds the credential key used for communication with the target device to be accessed. Secondly, when the user (client PC) attempts to access the target device through the relay server, a virtual credential key is generated and delivered to the user each session. Lastly, when attempting to communicate with a used credential key, the value of the key used in the communication changes every session, and when communicating with DATA, the existing credential key is invalidated because it is encrypted with the new credential key. Therefore, even if an attacker acquires a critical key from a user’s PC, the target system cannot be accessed using that key again.”

Data Masking
18 Apr: Data Masking

Data masking, also known as data obfuscation, hides the actual data using modified content like characters or numbers. The idea behind data masking is creating another version of data that cannot be easily identifiable or reverse engineered, protecting data classified as sensitive.

Leave a comment