iPad single signonIf you didn’t read the April issue of IBM Systems Magazine, then you missed a great case study about how Arkansas Electric Cooperative Corporation (AECC) enabled single sign-on for iPad users.

The beauty of it is that they simply tweaked configurations to hook into their existing SSO stat! implementation for a quick—and virtually free—solution.

Continue reading

Facebooktwittergoogle_pluspinterestlinkedinmail
Posted in Mobile Security, Single Sign-On (SSO) | Tagged , , , , | Leave a comment

— A Developer’s Guide to Security Considerations for Modernization Projects —

Security modernization

The number of IBM i applications that have been around for decades is truly amazing. It’s a testimony to the technology and vision IBM built into the platform.

But that’s been a double-edged sword for customers.

Continue reading

Facebooktwittergoogle_pluspinterestlinkedinmail
Posted in Info Security Mgmt | Tagged , , , | Leave a comment

MS Cyber SecurityWhile my kids were growing up I always told them that there was nothing more valuable than an education. As they were entering college just a couple of years ago, I was reminded that earning a graduate degree was an important item on my bucket list.

Well, in December I completed coursework on a Master of Science degree in Cyber Security Organization and Leadership at the University of San Diego. And just this week I received my diploma!

Continue reading

Facebooktwittergoogle_pluspinterestlinkedinmail
Posted in Announcement, Info Security Mgmt | Tagged , , , | Leave a comment

Spectre & Meltdown— Take Steps to Protect Your Systems Until Then —

The ubiquitous, hardware-related Spectre and Meltdown security flaws surprised many in the IBM i community. Who would have thought that the IBM i platform is just as susceptible to these bugs as nearly every other platform?!?!

Continue reading

Facebooktwittergoogle_pluspinterestlinkedinmail
Posted in IBM i Security, Security Breach | Tagged , , , | Leave a comment

PCI MFAYou might be scratching your head over the alphabet soup in the title. Here’s the deal.

Under Requirement 8: Identify and authenticate access to system components, PCI DSS defines requirements for those accessing systems that contain cardholder data that are part of the cardholder data environment (CDE).
Continue reading

Facebooktwittergoogle_pluspinterestlinkedinmail
Posted in Compliance, Single Sign-On (SSO), Two Factor Authentication | Tagged , , , , , , , | Leave a comment

Remember the Heartbleed bug of a few years ago? Once you fixed it, you thought you were in great shape, right? Well guess again.

Heartbleed was just a symptom of much deeper issues with OpenSSL. Perhaps the most dangerous are serious flaws in the API set design and implementation that can, among other things, actually return false positives when validating certificates!

Continue reading

Facebooktwittergoogle_pluspinterestlinkedinmail
Posted in IBM i Security | Tagged , , | Leave a comment

Recently a customer told me that some of their users access the IBM i internally with iPads through the Safari browser talking to the Apache Web server.  Even though the Web server application is configured to accept Kerberos, the iPad users were still being prompted for their IBM i userID and password. The customer asked if I could help them enable SSO on the users’ iPads.

Continue reading

Facebooktwittergoogle_pluspinterestlinkedinmail
Posted in Password Management, Single Sign-On (SSO) | Tagged , , , | Leave a comment

SHAtteredFebruary 23, 2017, Google announced they had successfully exploited a known vulnerability in the widely-used SHA-1 hash algorithm.

This is important because hash algorithms are used to create digital signatures.

Continue reading

Facebooktwittergoogle_pluspinterestlinkedinmail
Posted in Announcement, Information Security, Security Breach | Tagged , , , | Leave a comment

HA, SSO and the CloudRecently, I was talking to a system administrator who said “We’re moving to the cloud. They’ll be responsible for security.”

I was a bit startled to hear this. Not because of the first sentence; because of the second.

Continue reading

Facebooktwittergoogle_pluspinterestlinkedinmail
Posted in Cloud Security, Info Security Mgmt | Tagged , , , , , | Leave a comment

Trust but VerifyBack in the ‘80s, President Reagan said of a missile treaty with the Soviet Union, “Trust, but Verify.”

That phrase is very apt for information security too; especially as it relates to securing data on your internal systems.

Continue reading

Facebooktwittergoogle_pluspinterestlinkedinmail
Posted in IBM i Security, Info Security Mgmt, User Authority | Tagged , , , , | Leave a comment