Managing Burnout Risk

It is quite apparent that burnout is one of the highest priority risks facing security professionals today, by threat impact, and by threat likelihood. This can be clearly observed on Twitter, and in conversations with professional regardless of company. However, when security professionals talk about mitigating risk in their lives, their threat model rarely includes …

Managing Burnout Risk Read More »

Two Factor Authentication – Bank Security Explained (1 of 4)

I recently looked at four different aspects of the security posture of a number of US banks. I’d like to explain in detail what these security controls are and why they’re important. In this post I’ll explain what two factor authentication is and why you should be using it everywhere you can. To start off, …

Two Factor Authentication – Bank Security Explained (1 of 4) Read More »

Raise your MASSACRE Score with HAProxy

Recently, Mark Stanislav gave a talk on holistic authentication security for companies who have implemented two-factor authentication. He developed a scoring system, MASSACRE, which quantifies the presence of several different security features on a web site; cookie flags, response headers, etc.. This inspired me to see if I could get our Jasig CAS server with Duo 2FA …

Raise your MASSACRE Score with HAProxy Read More »

Using HAProxy with CAS

We recently had trouble replacing an older CAS server with a new system. The new server would not forward to the requested service after authenticating and the service could not verify the service ticket. We decided to use HAProxy for the front-end so we could switch back-end services seamlessly.

ePHI Storage Compliance

Digital storage of electronic protected health information is a treacherous path for a small company to walk. The health insurance portability and accountability act enforces a number of requirements on the security controls required for the storage of such sensitive data. Unfortunately, the language used in not crystal clear, and I have been able to …

ePHI Storage Compliance Read More »