Can we prevent establishing of reverse SSH tunnel between corporate network and a public domain system?
Tag: Information Security
Security Architecture Definition
The definition of security architecture has never been consistent among experts. While it is a framework for some, it’s a process or a detailed technical design for others.
I Lost Trust in You!
Shaheen shares a personal experience on identity theft
Make a little adjustment for the new Copyright Law
The Canadian Copyright bill was passed yesterday, a bill that demands a little adjustment to our day to day life. Till now, no one cared who is using our internet connection or what are the files being downloaded or uploaded using it. No one cared of your unscrambled satellite videos from across the border. However that’s all changing even though you may not want it that way. I guess no one can withstand the pressure of the “big guys” for too long.
Smartphone Security For Enterprise
Smartphones are now rich in features that include network connectivity, enough storage space with efficient processors. These enter your network through authorized corporate users while others are brought in by employees who purchased it themselves.
What were they thinking?
At the start of the New Year, CIO magazine has data protection and governance at the top of the list for this year. I thought this was supposed to be taken care from day one! In this age when words are being patented, we are still trying to figure out to protect data.
Protecting Clear Text Password
Passwords are the basic type of authentication in a system. They are easy to implement and also easy to attack. However, there are situations where you need to use a password to protect access to a resource. Its fine if an end user of system is providing the password directly to the system. Sometimes you need to store the password in a configuration file of a system. That’s where the dilemma starts. You have a scheduled SFTP process that needs a password to start. Do you keep the password in clear text or do you encrypt it? If you encrypt it, then how do you protect the key to encrypt and decrypt the password?
Key Management in Java
Sometimes developers find it confusing or hard to connect the dots between some of the key management interfaces in Java especially the key generators, key tool and key store.
EDW Regulations and Implications
Some of the regulations that needs to be considered while building an Enterprise Data Warehouse in North America are SOX and GLB of the US, Bill 198 and PIPEDA of Canada and PCI.
EDW Security Considerations
An Enterprise Data Warehouse (EDW), according to California State University, is a collection of data that can be defined and shared across the whole enterprise along the lines of common dimensions to be used for analysis. While you are in the designing phase of an EDW, there are certain security and related functional requirements that needs to be considered.