The technique that uses both contextual and historical user information along with data supplied during an internet transaction to assess the probability of whether a user interaction is authentic or not is called risk based authentication. Traditional username and password along with information such as who the user is, from where the user is logging… Continue reading Risk Based Authentication
Author: Shaheen
Biometrics Authentication
Passwords and personal identification numbers (PIN) are information that we need to remember since the day we started interacting with digital systems. Do we know the count of passwords we need to remember? Do we know if we forgot a password already? Some of these passwords also known as passphrase are long to remember that… Continue reading Biometrics Authentication
Disk Overwrite or Wipeout Best Practice
An online search shows majority of tools available for wiping out data on a disk points to a practice of 7 wipes. They believe that it is a US DoD requirement. Some of them support the Gutmann method of 35 wipes. However, I could not find any documentation on US government website that indicates seven… Continue reading Disk Overwrite or Wipeout Best Practice
Authentication – Level of Assurance
Authentication is the process of confirming an entity’s identity based on reliable credentials. The process and the technology involved in authentication varies with various level of assurance required from the entity. Authentication Level of Assurance can be defined as the authentication strength required for a relying party to be assured that an entity is indeed… Continue reading Authentication – Level of Assurance
How Virtual Private Networks Work
How Stuff Works.com has put up a great tutorial in layman’s language on how VPN work – http://computer.howstuffworks.com/vpn.htm
Security Must Haves in a SaaS Provider
The past year was a learning curve on Cloud Computing, especially on SaaS providers. More and more ASPs are coming back rebranded as SaaS provider. As a security practitioner, it would be good to have a must have check list that we need to use to assess them. I prepared the following must have check… Continue reading Security Must Haves in a SaaS Provider
ASP to SaaS
A discussion on business model transition from ASP to SaaS
Placing a Vulnerability Assessment Scanner
Where do you put vulnerability assessment (VA) scanners in a very distributed network? Consider a scenario where a company has a presence in North America, Europe, and South Asia. As part of its annual penetration testing environment, the company wants to conduct vulnerability assessment at all its demilitarized zones (DMZ). North America may have DMZs… Continue reading Placing a Vulnerability Assessment Scanner
Unauthentication
by Bruce Schneier In computer security, a lot of effort is spent on the authentication problem. Whether it’s passwords, secure tokens, secret questions, image mnemonics, or something else, engineers are continually coming up with more complicated — and hopefully more secure — ways for you to prove you are who you say you are over… Continue reading Unauthentication
Saas as a Strategy
Should we adopt SaaS as a Strategy? A discussion.