Category Archives: Security

CyberSecurity hits Primetime!

      No Comments on CyberSecurity hits Primetime!

Last night, CBS ran a 60 Minutes report on “Sabotaging the System” highlighting the potential dangers associated with the security vulnerabilities of critical government IT systems. More than news, CBS presented this story with special insights from cybersecurity experts and disclosed some scary facts…serious stuff and hard to ignore ! I am sure this story will raise the heat on some who… Read more »

Wire-speed Cryptography for SOA Security and Compliance

I admit that I am not a SOA expert or pretend to be one !  Lately, I had a chance to explore few security features intended for securing XML Web Services and Java EE applications. With my little knowledge to SOA, I found that XML Web services play a vital role in SOA to enable loosely-coupled services and ensuring interoperability. From a security perspective, the core foundation… Read more »

Exploring Logical Access Control with PIV cards

      No Comments on Exploring Logical Access Control with PIV cards

Looks like convergence projects are in the limelight… lately I noticed a lot of interests on enabling the use of common credentials for securely accessing physical and logical resources.  Although we find most convergence projects are targeted at the enterprise level but there are serious minds working on using smartcard based PKI credentials for supporting citizen-scale projects (I regret that… Read more »

Enabling FIPS-140 compliance for Java based SSL/TLS applications

FIPS-140* compliance has gained overwhelming attention these days and it has become a mandatory requirement for several security sensitive applications (mostly in Government and Security solutions and recently with select finance industry solutions and particularly for achieving compliance with regulatory mandates such as PCI DSS, FISMA, HIPPA, etc ). FIPS-140 also helps defining security requirements for supporting integration with cryptographic hardware and software tokens.  Ensuring… Read more »

Biometrics based Encryption & Digital Signatures ?

Just read this interesting research paper published by Prof. Bobby Tait and Prof. Basie von Solms of the University of Johannesburg (South Africa), explains how a person’s biometric fingerprints/Iris scans can be used as a protocol to perform private key based encryption and digital signatures.  The paper describes a biometric middleware infrastructure (BioVault) which requires users to performs biometric authentication for generating or retrieving a random… Read more »

Fortifying Sun Ray Desktops with Biometric Authentication

Lately I’ve been franctically busy with couple of my ISVs and an SI helping them out on a Citizen-scale National Healthcare Identity Infrastructure solution pilot for one of the populous countries in the Atlantic region – Sorry I cannot disclose the country’s name to abide their privacy laws and to protect my job :-). The solution aims to deliver an Unified Desktop/Voice Infrastructure via Sun Ray… Read more »

Encrypted ZFS Automatic Snapshots to Amazon S3 Cloud

 Are you test driving Amazon S3 cloud as your backup storage and worried about your data security ?  Now, Amazon S3 users can have a compelling encrypted backup solution by adopting to OpenSolaris and ZFS.  Few months ago, I had my first experience with ZFS Automatic Snapshots which allows to backup and preserve the filesystem at timed intervals.  Last week I noted from Glenn Brunette that… Read more »

Cloud Security Guidelines from Cloud Security Alliance !

Cloud Computing Security is getting hot this summer ! Without a doubt, the Cloud security issues has emerged as a top concern and gained got a lot of interests in the RSA conference ’09 (held last week). To the surprise, the newly formed “Cloud Computing Security Alliance” presented a report covering the critical areas of focus and provided a comprehensive… Read more »

NIST to set standards for Cloud Security !

      No Comments on NIST to set standards for Cloud Security !

Lately NIST is very much intrigued with Cloud computing infrastructures, …not sure it is part of President Obama’s Stimulus plan ! Without doubt it makes the US Government as the most influential Cloud customer. Like everyone else, NIST also feels Security as the paramount challenge ahead before adoption…. ofcourse, Security cannot be an afterthought or post-mortem process after a breach… Read more »