Security

Fri
06
Jan

15 Important Pros and Cons of Biometric Authentication

Biometrics: Something to Evaluate
Biometric is a security mechanism used for authentication and providing access to an individual based on verification of one’s physical characteristics which are pre-stored in a biometric security system or scanner. It is the technology used for measuring and analyzing biological data. Biometric solutions include fingerprint recognition, iris and retina recognition, face recognition, voice recognition and latest technologies like behavioral recognition. From MasterCard wanting to use the heartbeat data to verify purchases to Google’s Abacus Project planning to monitor the usage patterns like voice patterns, typing patterns etc. to confirm that it is a specific individual and not a fake person using the device; it is sure that the appetite for biometrics is expanding rapidly. Biometrics is being considered by both big and small ventures in recent times.
 
Fri
15
Jan

Follow secure software development life cycle to reduce risks

Follow secure software development life cycle to reduce risks

The purpose of this article is to ventilate the user to Secure Software Development Life Cycle (S-SDLC). Understanding about Software Development Life Cycle (SDLC) is very significant for anyone who wants to understand S-SDLC.

SDLC process is a well-defined, organized sequence of stages in software engineering,

1. To develop a software product and software applications.

2. Most organizations have a process in place for developing software; this process may, at times, be customized based on the organizations requirement and framework.

The intent of an SDLC process is to produce a product that is cost-efficient, productive and of high quality. The Following are some of the major steps which capped the whole SDLC process, regardless of the organization.

Mon
11
Jan

Expensive mistakes which can be avoided in an IAM implementation

Expensive mistakes which can be avoided in an IAM implementation

From the very beginning of my professional career I have been a part of different IAM initiatives and have seen and been part of all the phases from requirements gathering till the implementation and warranty support. I have had a chance to see very complex and successful implementations at the same time had some not so good experiences. So, I kept on asking myself what actually has gone wrong with those IAM initiatives that they failed eventually and the organisation lost their investment.

So here are the few key points which I found worth looking into.

Wed
14
Oct

Is your organisation's Microsoft Outlook Web Access secure?

Is your organisation's Microsoft Outlook Web Access secure?

Recently security researchers have disclosed reports of a new vulnerability in OWA (i.e. Outlook Web Access). This has been the headline of many security bulletins throughout internet since October 5, 2015.
OWA is a component of Microsoft Exchange Server which is an Internet-facing webmail server and is deployed in private companies and organisations to provide internal emailing capabilities.
Important point to note here is that unlike other web servers that typically have only a web interface, OWA is different. It is a critical internal infrastructure that also faces the Internet, making it an intermediary between the internal, DMZ, and the web.

Mon
31
Aug

Ideal Enterprise Vulnerability Management Lab

Every Enterprise has many teams that work for multiple domains. As the security risk of each applications has increased in the recent days, almost all teams either want to have their own security team or they refer to Enterprise Security Team. If the teams work inside the premises, then the corporate policies do not allow the security team to work on all types of security domains.
In order to conduct a high end security testing on the applications or networks, an Enterprise Security team needs a security Lab which should be free from corporate restricted policies and have its own policies to control its internal security & safety. This Lab should be segregated and restricted from other working areas (or can be called as ODC).
What are the requirements for an Ideal Lab?
The basic requirement for a Lab is described below.

Wed
12
Aug

Visibility Factor in the cloud - THE ONLY MISSING FACTOR

Visibility Factor in the cloud - THE ONLY MISSING FACTOR

Cloud computing is altering the method of business; more or less it has enforced enterprises to reflect virtually about each facet of IT. If we intensely scrutinize the contemporary development of cloud computing architecture, we discover the dearth of visibility in the dark room of cloud. In today’s environment “visibility”, not “security” is an immense cloud task. Worldwide corporations and giant organization do not worry considerably about security because cloud providers are mindful of security and infrastructure disputes. The subject is that they are not having visibility inside their critical data and the rigorous sequence of supervision of information about what is happening exclusively in cloud environment. This is the focal question that desires to be taken care of, even though cloud environment upsurges the business flexibility and scalability.

Wed
29
Jul

Vulnerability Management - Step 0

Vulnerability Management - Step 0

Compliance is critical, necessary and not evil. Every organization wants to meet the compliance requirements and doing risk assessments, vulnerability management are key to achieve critical requirements.

Most of the times the organizations just see Vulnerability Management as another checkbox in pursue of compliance and forget or ignore many different aspects or they don’t have concrete foundations to carry out a well drilled and oiled Vulnerability Management process and the process complicates or fails mid-way.  Our job is to make the process as smooth as possible and sometimes it is better to start at step 0.

Pages

Subscribe to RSS - Security