Authentication is the process of confirming an entity’s identity based on reliable credentials. The process and the technology involved in authentication varies with various level of assurance required from the entity. Authentication Level of Assurance can be defined as the authentication strength required for a relying party to be assured that an entity is indeed… Continue reading Authentication – Level of Assurance
How Virtual Private Networks Work
How Stuff Works.com has put up a great tutorial in layman’s language on how VPN work – http://computer.howstuffworks.com/vpn.htm
Security Must Haves in a SaaS Provider
The past year was a learning curve on Cloud Computing, especially on SaaS providers. More and more ASPs are coming back rebranded as SaaS provider. As a security practitioner, it would be good to have a must have check list that we need to use to assess them. I prepared the following must have check… Continue reading Security Must Haves in a SaaS Provider
ASP to SaaS
A discussion on business model transition from ASP to SaaS
Placing a Vulnerability Assessment Scanner
Where do you put vulnerability assessment (VA) scanners in a very distributed network? Consider a scenario where a company has a presence in North America, Europe, and South Asia. As part of its annual penetration testing environment, the company wants to conduct vulnerability assessment at all its demilitarized zones (DMZ). North America may have DMZs… Continue reading Placing a Vulnerability Assessment Scanner