Security Articles

Email Security

Email Security

As organizations learn to navigate life in the cloud, they need a higher level of preparedness. The volume of cyberattacks organizations face has seen increased this year and includes ransomware, phishing and impersonation fraud. The world was been rocked by two massive malware outbreaks of Petya and WannaCry last year.

Email is the most prevalent and common entry point for attackers looking to gain any foothold into an enterprise system and obtain sensitive data. Email security includes multiple methods to keep sensitive information in email communication and account safe against unauthorized access, or compromise. Email as a channel is maximum used to propagate malware, spam and phishing attacks. Hackers use deceptive messages to entice recipients to share sensitive information, open attachment or click on hyperlink, that will install malware on the victim’s computer.

Importance of Cyber Security Control Automation

Cyber Security Controls have become an outline to help Chief Information Security Officers (CISOs) and Chief Information Officers (CIOs) to deploy the most effective processes and tools to secure computer systems according to risk.
By following any of the Framework / Guideline (NIST /COBIT / ISO), an organization can reduce or protect cyber risks.
Organizations can use an automation tool to control testing approaches where a tool is run on the systems (desktops/laptops/servers etc.,) to download control data from tables and structures and algorithms are stored in the repository to read controls to start the automation process.

Please click the below link to read more

Authored by: Monfort, TCS Cyber Security

Apache Tomcat Vulnerability (CVE 2019 0232)

Apache Tomcat is an open-source implementation of the Java Servlet, JavaServer Pages, Java Expression Language, and Java WebSocket technologies. The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License Version 2.

Authored by: Binayak Banerjee

Please click the below PDF to read more

RDP WILL EXPLOITED AROUND THE GLOBE.

Every day around the world, we are seeing much news about how the “attackers” trying to break into corporate networks.
Couple weeks ago a new vulnerability was release (CVE-2019-0708) Remote Desktop Services Remote Code Execution Vulnerability Aka BlueKeep, when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Authored by: Saul Bustamante, Cyber Security, TCS

Using a Graph Database in Identity Access Management to supercharge an Entitlement Provisioning and De-provisioning System

Identity Access Management, or IAM, is, in a nutshell, a system used to ensure that the right individuals have access to the right resources at the right times and for the right reasons. In a modern large organization the relationships between the individuals and the resources can be very complex. What complicates the situation even further is the need to ensure the access is done for the right reasons. Organizations impose a host of rules on who can and cannot access applications and the underlying data, since permission to run applications are normally associated with data access, and the data can be proprietary, PII, and otherwise not open for public consumption. Identity management solutions apply these rules to determine the level of access for every user and every resource. One of the most significant concerns is Segregation of Duty (SoD) requirement.

Endpoint Security- Avecto Defendpoint

In today’s world, Compliance is one of the most important aspects of a successful enterprise. Adherence to the company’s policies, government regulations, industrial laws, land use laws, environmental compliance, etc. are some of the foremost motives of every company. With so many regulations and policies to comply with, it becomes important to protect your systems from data loss and reputational changes. Avecto Defendpoint is a proactive endpoint security tool, which helps in removing admin rights to have the least privilege that helps in maintaining compliance. Unauthorized or elevated privileges provide access to the users to make changes in the system which may not be compliant with the system’s policies and pose potential risks.

Oracle Padding Attack

The core to understand padding oracle attack is understanding the method that is in use. The method includes cryptographic padding using certain block ciphers. Usage of cryptographic block ciphers however leads to the conclusion that 'a text which has undergone a cryptographic block cipher encoding, must be a multiple of the block size that was decided upon, before enforcing the encoding algorithm'. 

Please read the attached document to learn more about Padding Oracle Attack.

Authored By - Binayak Banerjee
TCS Cyber Security Community

How to protect web apps with CA Single Sign On (CA Siteminder)

Before explaining how to protect the web apps with Siteminder SSO I would like to brief about how SSO works.

CA Single Sign On: It’s a property of access control of multiple related, yet independent, systems. With this property, a user with a single ID and password can gain access to a connected system and can seamlessly login into multiple systems.

There are organizations who have many web applications supporting the business. Those web applications must be secured and don’t want everybody to access the application. We can control this using a mechanism that forces each user to login into the application.

This document focuses on protecting an application using “WebAgent.” Webagents are CA developed agent which can integrate with variety of HTTP or Application servers. You can also provide SSO third party or vendor hosted applications through Federation module of CA SSO.

How to prevent security vulnerabilities in CA Single Sign On

How to prevent security vulnerabilities in CA Single Sign On

CA Single Sign On: It’s a property of access control of multiple related, yet independent, systems. With this property, a user with a single ID and password can gain access to a connected system and can seamlessly login into multiple systems.

There are organizations who have many web applications supporting the business. Those web applications must be secured and don’t want everybody to access the application. We can control this using a mechanism that forces each user to login into the application.

There can be many cross site scripting attacks and security breaches happen while launching any web application. CA Single Sign On can prevents these attacks by utilizing some out of box features.

Pages

Subscribe to RSS - Security Articles