Archives for Security
Web Server Considerations for Hosting SSL Certificates
(Also read - SSL Certificate basics ) Ensure that your server is at least dual homed. Use a separate Network Interface for the Web Server (and associated SSL certificate). Use…
SSL or TLS – on Firewalls and Load Balancers – layer 5 or layer 6
For layer 7 firewalls, how does SSL / TLS exactly work? Since SSL lives in layer 6 (or 5) – but not 7, how does it even understand layer 7…
SSH versus VPN
Both are technologies for accessing remote resources using a secure channel. VPN Base Use Case Some of the business’s employees may travel and frequently need to access these resources from…
Dual Factor in ASP.NET and Azure AD
On-Premises Application – MFA as built-into the application To perform a multi-factor authentication for on premise applications, you need your application to redirect authentication to a service (MFA service) that…
Group Policy Preferences Security Hazards
Domain machines periodically reach out and authenticate to the Domain Controller utilizing the Domain credentials of the logged-in user (these can be, and often are, unprivileged accounts) and pull down…
Security certifications
CISSP or CCIE SECURITY? CISSP is an internationally recognized and accredited certification for IT security training, CCIE is a CISCO specific training – and though, several employers require CCIE, most…
kerberos versus SAML
Kerberos is primarily used over internal LANs to authenticate users. The question is – why isn’t it used as an external (public facing) auth mechanism? The REALM The answer –…
DoES your app need a certificate SerVER?
Typically, no! There are some use cases where it may be justified : VPN Authentication Use Case A certificate can also be the second factor for VPN access. In…
Blocking traffic from overseas countries
Blocking other countries' IP addresses to prevent hacking attacks from overseas has a few downsides: a) You will block a lot of legitimate traffic - Armed forces overseas, IPs that…
Browser plugins and security
The Problem – PlugIns are far behind Browsers Browsers nowadays, will automatically update themselves (with security updates) by default. Plugins are far behind browsers when it comes to security updates…