Ajit Gaddam on Security & Technology

For IT Security folks, especially those in a large corporation, dealing with Threats Security or External Content Threats Security has a potential to take away a significant operations time. So what is External Content Threats Security?

External Content Threats Security usually involves threats through many threat agents which evolve over time. These threat agents could be across an Enterprise Office platform, a database or a website within a corporate environment’s intranet or on a public network such as the Internet. External Content threats security deals mostly with the following threat agents which include Hyperlinks, Data Connections and Web Beacons.

Hyperlinks: This threat agent is usually exploited by attackers who create websites containing malicious code or content. These might include phishing sites containing these hyperlinks enticing a user to click on a link outside their trusted domain.

Data Connections: This threat agent is exploited by attackers who create data connections to databases or other data sources and then use these connections to either extract data and use it to gain further access or manipulate the data.

Web Beacons: If you ever used Microsoft Outlook or most Desktop email clients or even web clients, you see that the email has not been fully downloaded and there might be images to be downloaded, waiting for your authorization. While saving network bandwidth is one of the reasons, it also helps in security.

Read more »

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

Why Biometric Security CANNOT secure a Corporate Environment

Biometric Security is being billed as the next savior of personal and corporate security, a superior solution to our Identity and Access management problems. Solutions are often exotic and include voice for unlocking rooms housing servers or for reseting passwords. There are already systems in place for retinal scan for more secure access. The key to a door is always with you, and the key is YOU. Think about it, unlike passwords which can be guessed or read from that yellow sticky hanging on a monitor screen, it is hard to forge them. Someone can’t replicate your fingerprint or your iris scan. Sure some artists can mimic other people’s voices but getting past a security system is a whole different ball game.

So, if Biometrics is all this good, why it cannot secure a Corporate Environment?

Lets start of with what is the biggest strength of Biometric Security. It tells an authentication system that you are who you tell you are … because unlike usernames or passwords or even Smart cards or tokens, they cannot be lost or stolen, because your identity is unique to you and only you.

Now, Biometric security secures both your Authentication and Data privacy. Let us assume that a corporation is implementing Biometric access through a fingerprint reader on a Laptop. Typical authentication in a corporation involves verifying your credentials to those in the Active Directory or any other central “source of truth” in a corporation. Here, let us use a finger print as the biometric authentication input. A thumb is scanned on a laptop fingerprint scanner and travels over the network verifying with a master biometric on file. If everything matches, you are in or <bleep> incorrect password.

Read more »