Author Archives: Patrick Botz

You might be scratching your head over the alphabet soup in the title. Here’s the deal. Under Requirement 8: Identify and authenticate access to system components, PCI DSS defines requirements for those accessing systems that contain cardholder data that are … Continue reading

Posted in Compliance, Single Sign-On (SSO), Two Factor Authentication | Tagged , , , , , , , | Leave a comment

Remember the Heartbleed bug of a few years ago? Once you fixed it, you thought you were in great shape, right? Well guess again. Heartbleed was just a symptom of much deeper issues with OpenSSL. Perhaps the most dangerous are … Continue reading

Posted in IBM i Security | Tagged , , | Leave a comment

Recently a customer told me that some of their users access the IBM i internally with iPads through the Safari browser talking to the Apache Web server.  Even though the Web server application is configured to accept Kerberos, the iPad … Continue reading

Posted in Password Management, Single Sign-On (SSO) | Tagged , , , | Leave a comment

February 23, 2017, Google announced they had successfully exploited a known vulnerability in the widely-used SHA-1 hash algorithm. This is important because hash algorithms are used to create digital signatures.

Posted in Announcement, Information Security, Security Breach | Tagged , , , | Leave a comment

Recently, I was talking to a system administrator who said “We’re moving to the cloud. They’ll be responsible for security.” I was a bit startled to hear this. Not because of the first sentence; because of the second.

Posted in Cloud Security, Info Security Mgmt | Tagged , , , , , | Leave a comment

Back in the ‘80s, President Reagan said of a missile treaty with the Soviet Union, “Trust, but Verify.” That phrase is very apt for information security too; especially as it relates to securing data on your internal systems.

Posted in IBM i Security, Info Security Mgmt, User Authority | Tagged , , , , | Leave a comment

Q:  Do single sign on and SSO stat! only work between Microsoft Windows and IBM i? A:  Absolutely not! You can implement SSO for applications across nearly any combination of platforms.

Posted in Password Management, Single Sign-On (SSO) | Tagged , , , , , | Leave a comment

I thought it would be interesting for my first Security Bytes post of 2107 to pull together the most popular posts from 2016 based on number of readers. As an added attraction, I’ve also included the most popular post in … Continue reading

Posted in IBM i Security, Single Sign-On (SSO) | Tagged , , , , | Leave a comment

You may have noticed that I often recommend that folks just get started doing a little something to address information security. Don’t let everything else you should be doing get in the way of taking steps to secure your system. … Continue reading

Posted in IBM i Security, Info Security Mgmt | Tagged , , , | Leave a comment

Before you can advise management how much time and money you should spend on securing information assets, you should know what information assets you need to protect and how much they are worth to your company. If your organization doesn’t … Continue reading

Posted in Info Security Mgmt, Information Security, Security Breach | Tagged , , | Leave a comment