Category Archives: Main

Automating Security and Compliance Assessments using SCAP – On-demand Scanning and Compliance Reporting with Remediation

      No Comments on Automating Security and Compliance Assessments using SCAP – On-demand Scanning and Compliance Reporting with Remediation

Manually assessing security controls, host and application configuration, access control policies, software patch levels and creating on-demand compliance readiness reports has always been a daunting task, especially when it is critical to adhere standards and regulatory mandates.  Not only those processes are very time consuming and they are also highly prone to human errors.  It becomes even more complicated when… Read more »

Data Protection Strategies for Oracle SuperCluster Private Cloud Deployments..

      No Comments on Data Protection Strategies for Oracle SuperCluster Private Cloud Deployments..

Few weeks ago, a few folks in the SuperCluster community have reached out to me to share information on the Data protection strategies on SuperCluster that we incorporated them for “Secure Multitenancy” deployments. It’s not an easy exercise as we published it as a Cookbook for customers. However, I’d like to share the critical aspects of Data protection that can be… Read more »

Sorry..It's been a while !

      No Comments on Sorry..It's been a while !

Yes, I’ve been out of touch with my blog for too long without new posts. I have so many excuses to note… as quite a lot has been going on at work particularly Oracle policies !!! Also I was busy on personal travel. Thanks for all those who stopped here and all the friendly reminders. I am inspired once again..to… Read more »

Firesheep: HTTP Session Hijacking made so easy !

      1 Comment on Firesheep: HTTP Session Hijacking made so easy !

Way cool ! HTTP Session Hijacking can’t be made simpler than using Firesheep. Couple of days ago, a friend of mine suggested me to login a most popular website and he demonstrated how he took control and accessed my user session in less than a minute. First, I thought he used a network protocol analyser tool such as Wireshark or… Read more »

Hardware Assisted Security: Cryptographic Acceleration for SOA and Java EE applications

      1 Comment on Hardware Assisted Security: Cryptographic Acceleration for SOA and Java EE applications

I’ve spent the last few days attending Oracle OpenWorld conference at San Francisco..it is my second OOW experience, so it is not a surprise to see the conference was fully packed with people, hundreds of sessions and demos – I did have an opportunity to attend few and also present two sessions focused on Security topics featuring “Hardware Assisted Security… Read more »

Java Cryptography on Intel Westmere

      3 Comments on Java Cryptography on Intel Westmere

When it comes to Java cryptography based application security –  Solaris has significant performance advantage over Linux and Windows on Intel Westmere processor equipped servers.  I am not debunking Linux performance on Intel but evidently Linux does not take advantage of Intel Westmere’s AES-NI instructions when the Java applications relies on Java cryptographic implementations  for performing AES encryption/decryption functions.  AES is one of the most popular symmetric-key encryption algorithm widely… Read more »

Using Hardware Security Module (HSM) for Oracle Transparent Data Encryption (TDE)

      No Comments on Using Hardware Security Module (HSM) for Oracle Transparent Data Encryption (TDE)

Hardware Security Module (HSM) plays a critical role in securing the storage of private keys and accelerating compute-intensive cryptographic processes associated with public-key encryption, symmetric-key(secret-key) encryption and digital signature applications. Using HSM in Oracle Transparent Data Encryption applications will ensure that the Key material stored on the card is protected and not exportable (never leaves the card) and all associated… Read more »

SAML Attribute Exchange for X.509 Authentication based Identity Federation

      4 Comments on SAML Attribute Exchange for X.509 Authentication based Identity Federation

In a typical Single Sign-On (SSO)/Federation scenario using SAML, the Service Provider (SP) initiates the user authentication request using SAML AuthnRequest assertion with an Identity Provider (IDP). The IDP authenticates the principal and returns a SAML AuthnStatement assertion response confirming the user authentication. If the user is successfully authenticated, the SP is required to have the subject’s profile attributes of the authenticated… Read more »

Bye, Bye, Sun…a new beginning at Oracle :-)

      No Comments on Bye, Bye, Sun…a new beginning at Oracle :-)

Life goes on… as everyone know by now, EU approved the Oracle’s Sun acquisition deal. After my 10+ years long saga ending at Sun…..now I am pushed into Oracle (Sun + Oracle). It looks like I will be doing the same job….as always I continue my passion towards security and identity technologies… especially on Solaris and Sun systems (oops…Oracle servers)… maybe a bit more on… Read more »

Web SSO with One-time Passwords via Mobile SMS and Email

      6 Comments on Web SSO with One-time Passwords via Mobile SMS and Email

With increasing incidents of online frauds through username/password compromises and stolen/forged identity credentials – Strong authentication using multi-factor credentials is often considered as a  defensive solution for ensuring high-degree of identity assurance to accessing  Web applications. Adopting multi-factor credentials based authentication has also become a most common security requirement for enabling access control to critical online banking transactions and to safeguard online customer information  (Mandated by FFIEC… Read more »