Raise your MASSACRE Score with HAProxy

Recently, Mark Stanislav gave a talk on holistic authentication security for companies who have implemented two-factor authentication. He developed a scoring system, MASSACRE, which quantifies the presence of several different security features on a web site; cookie flags, response headers, etc.. This inspired me to see if I could get our Jasig CAS server with Duo 2FA …

Raise your MASSACRE Score with HAProxy Read More »

Using HAProxy with CAS

We recently had trouble replacing an older CAS server with a new system. The new server would not forward to the requested service after authenticating and the service could not verify the service ticket. We decided to use HAProxy with CAS for the front-end so we could switch back-end services seamlessly.

a man looking at a computer screen with data

Geo Impossible Logins: Detecting Credential Theft in Splunk

Earlier this year I attended the Educause Security Professional Conference in St. Louis. I went to a session at which Nick Hannon from Swarthmore College explained how Splunk could combine MaxMind GeoIP data with authentication logs to detect credential theft by looking for geo impossible logins. I couldn’t find an exact tutorial online, so this is …

Geo Impossible Logins: Detecting Credential Theft in Splunk Read More »

close up photography of smartphone icons

Finding popular CAS services with Splunk

Let’s find out what our popular CAS services are by pulling our authentication logs for the server into Splunk Enterprise. To start review my CAS+Splunk configuration from my last post. We need to add a new field extraction for service_url like I did below. Then I started with the following query: