Security Articles

The Art of Identity and Access Management

Identity and access management (IAM) plays an important role in IT industries. It is very important to control what a particular user can access. We cannot grant access to everyone for everything. IAM means specifying roles and managing access privileges of individual users. IAM not only includes managing privileges granted to users, but it also includes managing the situations in which those privileges should be granted and when those can be revoked.
With the IAM framework, administrators can manage access to the systems and networks using Role-based Access Control. Access means giving permissions to the user to perform a task based on his role. A user is given a role based on his responsibility towards that organization.

HackQuest - Season 4

Data is gold!! Data is now more valuable than oil. Data is now “the” thing to steal. Data is virtual, travels digitally and is mostly online. State-sponsored espionage missions are instituted to steal sensitive data from other states.

We need to create an army to protect data with the same zealousness of an army that guards it's country’s physical borders. We need them to be conversant with the way data is stored, moved and used. With more and more of our information going online, from work to our personal lives, our data is more at risk than ever before. How can we ensure the confidentiality, integrity, and availability of our data?

In this backdrop TCS Cyber Security unit is looking for students who have a passion for ethical hacking and in general, securing the digital future of organizations engaged in transacting millions of data points across the world!

ADVANCED PERSISTENT THREATS – The biggest threat to cyber safety

Advanced persistent threats (APTs) are threats that the high skilled hackers use latest and sophisticated methods to enter any organization and attempts to exfiltrate valuable and sensitive data from the company.
Advanced persistent threats are very hard to detect and the APTs lasts for many months in average and can cause much damage to the company targeted in terms of company specific sensitive data and trade secrets.
Typically, APT attacks target organizations in sectors such as national defense, manufacturing, and the financial industry, as they deal with high-value information, including intellectual property, military plans, and other government and corporate data.

Please click the below link to read more

Authored by: Divya Gn, TCS Cyber Security

Email Security

Email Security

As organizations learn to navigate life in the cloud, they need a higher level of preparedness. The volume of cyberattacks organizations face has seen increased this year and includes ransomware, phishing and impersonation fraud. The world was been rocked by two massive malware outbreaks of Petya and WannaCry last year.

Email is the most prevalent and common entry point for attackers looking to gain any foothold into an enterprise system and obtain sensitive data. Email security includes multiple methods to keep sensitive information in email communication and account safe against unauthorized access, or compromise. Email as a channel is maximum used to propagate malware, spam and phishing attacks. Hackers use deceptive messages to entice recipients to share sensitive information, open attachment or click on hyperlink, that will install malware on the victim’s computer.

Importance of Cyber Security Control Automation

Cyber Security Controls have become an outline to help Chief Information Security Officers (CISOs) and Chief Information Officers (CIOs) to deploy the most effective processes and tools to secure computer systems according to risk.
By following any of the Framework / Guideline (NIST /COBIT / ISO), an organization can reduce or protect cyber risks.
Organizations can use an automation tool to control testing approaches where a tool is run on the systems (desktops/laptops/servers etc.,) to download control data from tables and structures and algorithms are stored in the repository to read controls to start the automation process.

Please click the below link to read more

Authored by: Monfort, TCS Cyber Security

Apache Tomcat Vulnerability (CVE 2019 0232)

Apache Tomcat is an open-source implementation of the Java Servlet, JavaServer Pages, Java Expression Language, and Java WebSocket technologies. The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License Version 2.

Authored by: Binayak Banerjee

Please click the below PDF to read more

RDP WILL EXPLOITED AROUND THE GLOBE.

Every day around the world, we are seeing much news about how the “attackers” trying to break into corporate networks.
Couple weeks ago a new vulnerability was release (CVE-2019-0708) Remote Desktop Services Remote Code Execution Vulnerability Aka BlueKeep, when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Authored by: Saul Bustamante, Cyber Security, TCS

Using a Graph Database in Identity Access Management to supercharge an Entitlement Provisioning and De-provisioning System

Identity Access Management, or IAM, is, in a nutshell, a system used to ensure that the right individuals have access to the right resources at the right times and for the right reasons. In a modern large organization the relationships between the individuals and the resources can be very complex. What complicates the situation even further is the need to ensure the access is done for the right reasons. Organizations impose a host of rules on who can and cannot access applications and the underlying data, since permission to run applications are normally associated with data access, and the data can be proprietary, PII, and otherwise not open for public consumption. Identity management solutions apply these rules to determine the level of access for every user and every resource. One of the most significant concerns is Segregation of Duty (SoD) requirement.

Endpoint Security- Avecto Defendpoint

In today’s world, Compliance is one of the most important aspects of a successful enterprise. Adherence to the company’s policies, government regulations, industrial laws, land use laws, environmental compliance, etc. are some of the foremost motives of every company. With so many regulations and policies to comply with, it becomes important to protect your systems from data loss and reputational changes. Avecto Defendpoint is a proactive endpoint security tool, which helps in removing admin rights to have the least privilege that helps in maintaining compliance. Unauthorized or elevated privileges provide access to the users to make changes in the system which may not be compliant with the system’s policies and pose potential risks.

Pages

Subscribe to RSS - Security Articles