{"id":6498,"date":"2020-12-21T22:39:38","date_gmt":"2020-12-22T03:39:38","guid":{"rendered":"http:\/\/allidm.com\/blog\/?p=6498"},"modified":"2020-12-21T22:39:38","modified_gmt":"2020-12-22T03:39:38","slug":"nsa-releases-guidance-on-authentication-security-for-cloud-systems","status":"publish","type":"post","link":"https:\/\/allidm.com\/blog\/nsa-releases-guidance-on-authentication-security-for-cloud-systems\/","title":{"rendered":"NSA Releases Guidance on Authentication Security for Cloud Systems"},"content":{"rendered":"\n

The National Security Agency (NSA) late last week released new guidance<\/a> on cloud security to defend against cyber threats that manipulate authentication environments.<\/p>\n\n\n\n

Click here to find the guidance<\/a><\/p>\n\n\n\n

The Detecting Abuse of Authentication Mechanisms advisory provides guidance to National Security System (NSS), the Department of Defense (DoD), and Defense Industrial Base (DIB) network administrators. It aims to \u201cdetect and mitigate against malicious cyber actors who are manipulating trust in Federal authentication environments to access protected data in the cloud.\u201d<\/p>\n\n\n\n

The advisory discusses detection and mitigation of \u201ctwo tactic, technique, and procedures\u201d (TTPs) to forge authentications and gain access to cloud resources. One such TTP includes the actors compromising on-premises components of a federated single sign-on (SSO) infrastructure and steal credentials or keys that are used to sign Security Assertion Markup Language (SAML). The second TTP sees threat actors leveraging \u201ca compromised global administrator account to assign credentials to cloud application service principles.\u201d<\/p>\n\n\n\n

Read more at NSA Releases Guidance on Authentication Security for Cloud System<\/a>s<\/p>\n","protected":false},"excerpt":{"rendered":"

The National Security Agency (NSA) late last week released new guidance on cloud security to defend against cyber threats that manipulate authentication environments. Click here to find the guidance The Detecting Abuse of Authentication Mechanisms advisory provides guidance to National Security System (NSS), the Department of Defense (DoD), and Defense Industrial Base (DIB) network administrators. […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"nf_dc_page":"","_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[210],"tags":[1958],"class_list":["post-6498","post","type-post","status-publish","format-standard","hentry","category-cloud-2","tag-cloud-authentication"],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p25vfy-1GO","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/posts\/6498","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/comments?post=6498"}],"version-history":[{"count":1,"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/posts\/6498\/revisions"}],"predecessor-version":[{"id":6499,"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/posts\/6498\/revisions\/6499"}],"wp:attachment":[{"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/media?parent=6498"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/categories?post=6498"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/tags?post=6498"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}