Security Articles

Endpoint Security- Avecto Defendpoint

In today’s world, Compliance is one of the most important aspects of a successful enterprise. Adherence to the company’s policies, government regulations, industrial laws, land use laws, environmental compliance, etc. are some of the foremost motives of every company. With so many regulations and policies to comply with, it becomes important to protect your systems from data loss and reputational changes. Avecto Defendpoint is a proactive endpoint security tool, which helps in removing admin rights to have the least privilege that helps in maintaining compliance. Unauthorized or elevated privileges provide access to the users to make changes in the system which may not be compliant with the system’s policies and pose potential risks.

Oracle Padding Attack

The core to understand padding oracle attack is understanding the method that is in use. The method includes cryptographic padding using certain block ciphers. Usage of cryptographic block ciphers however leads to the conclusion that 'a text which has undergone a cryptographic block cipher encoding, must be a multiple of the block size that was decided upon, before enforcing the encoding algorithm'. 

Please read the attached document to learn more about Padding Oracle Attack.

Authored By - Binayak Banerjee
TCS Cyber Security Community

How to protect web apps with CA Single Sign On (CA Siteminder)

Before explaining how to protect the web apps with Siteminder SSO I would like to brief about how SSO works.

CA Single Sign On: It’s a property of access control of multiple related, yet independent, systems. With this property, a user with a single ID and password can gain access to a connected system and can seamlessly login into multiple systems.

There are organizations who have many web applications supporting the business. Those web applications must be secured and don’t want everybody to access the application. We can control this using a mechanism that forces each user to login into the application.

This document focuses on protecting an application using “WebAgent.” Webagents are CA developed agent which can integrate with variety of HTTP or Application servers. You can also provide SSO third party or vendor hosted applications through Federation module of CA SSO.

How to prevent security vulnerabilities in CA Single Sign On

How to prevent security vulnerabilities in CA Single Sign On

CA Single Sign On: It’s a property of access control of multiple related, yet independent, systems. With this property, a user with a single ID and password can gain access to a connected system and can seamlessly login into multiple systems.

There are organizations who have many web applications supporting the business. Those web applications must be secured and don’t want everybody to access the application. We can control this using a mechanism that forces each user to login into the application.

There can be many cross site scripting attacks and security breaches happen while launching any web application. CA Single Sign On can prevents these attacks by utilizing some out of box features.

How to clear .dat files from Siteminder AdminUI console

How to clear .dat files from Siteminder AdminUI console

dat files ?? :  These are the extension files which stores policy store information and it gets generated on the siteminder adminui server.

Any action on the siteminder adminui will generate .dat files on the server where adminui is installed. Deleting .dat files directly from the server will corrupt the data on the adminui console.

We have an option to clear these .dat files by performing the below steps on the adminui console.

You will see huge amount of space gets occupied by dat files. So clearing off these dat files will help in releasing more space in the server.

All you need to know about 3D secure Protocol

3D secure is an xml based protocols designed with the intention of improving additional security to the internet payments made cards. 3D secure is mainly designed to reassure the cardholder by proving the sense of security and reduce the fraud transaction by making the stolen credit card details. 3D secure controlled by verified by Visa (VBV) & and MasterCard Secure Code (MSC).

We need to understand how 3D secure act as an important role in payment gateway and why because increasing online transaction every cardholder intended to initiate the transaction in online to pay for their online purchase. 

Internet Payment

Security: No More A NON-FUNCTIONAL Requirement

Information is the heart of any business, be it banking, medicine, healthcare, insurance, retail etc. Hence it becomes imperative to protect the information for any business and its enablers. This is how the concept of information security could have been conceived. Information Security ensures to keep the Confidentiality, Integrity, and Availability of information intact. With evolving trends in the industry, security requirements emerged over a period of time including few listed below,

1.    Authentication and password management
2.    Authorization and role management
3.    Audit logging and analysis
4.    Network and data security
5.    Code integrity and security testing
6.    Cryptography and key management
7.    Data validation and sanitization
8.    Third party component analysis

Homomorphic Encryption : Is it a newbie in the field of data security?

Homomorphic Encryption : Is it a newbie in the field of data security?

Cryptography and data protection has been there since olden days. From earliest adoption by Julius Caesar (Caesar cipher) that used substitution of keep messages secret to Germany’s implementation of Enigma machine for protecting communication during the second world war to the latest implementation of Symmetric & Asymmetric cryptographic cyphers.

Nowadays, Encryption is not only in use to protect military communication but it’s also used to protect personal information. Data is everywhere, stored in billions and billions of computing devices driving the need to protect data from unauthorized access, theft, and misuse. There has been a lot of focus on data privacy and protection by governments and industries across the world. The latest implementation of GDPR is a huge step in the direction.

Spear Phishing: The Treading Cyber Security Threat

As we all are aware that phishing in general are scams which attempt to trick the recipient into providing confidential information, like account credentials, to the attacker. It is usually conducted by sending malicious emails to as many people as possible. In a way the attackers know that the more people they reach out to, more the number of victims.

On the other hand Spear Phishing is “an email targeted at a specific individual or department within an organization that appears to be from a trusted source”.

Pages

Subscribe to RSS - Security Articles