SAML. ADFS. Shibboleth. Your network team may be bringing up these terms as they relate to your organization’s security initiatives and all you may know is that PeopleSoft doesn’t support them natively. Even if your organization isn’t bringing up these terms, you should start thinking about them, because they enable your organization to do 3 important things: 1. Securely control access to all your corporate systems 2. Widely adopt fluid and mobile solutions 3. Adopt cloud technologies SAML / ADFS / Shibboleth Primer Before getting to the meat of the matter, let’s provide a quick overview on what we’re talking about.
When securing enterprise systems every PeopleSoft customer knows they need strong passwords and secure networks. A good firewall is a critical first line of defense. But is your firewall as secure as you think? Ticketbleed, the latest network infrastructure vulnerability, was all over the news today. A quick internet search will turn up several valuable responses, but just for context, Ticketbleed, reminiscent of Heartbleed, is a vulnerability in the SSL/TLS layer of a wide variety of F5 firewalls and load balancers. Today’s news reminds us that even the best network and security infrastructure is vulnerable to compromise. Ticketbleed, Heartbleed, and other vulnerabilities make it very clear: network security infrastructure is not enough.
Oracle released an out of band security update today for issues within Oracle Weblogic Server. Recommendations are to apply the patch and mitigation steps as soon as possible. Read More.
After the PS_TOKEN threat vector was announced at Hack in the Box Amsterdam in May 2015, security organizations started adding specific tests for PS_TOKEN into their penetration test portfolio.
Why is identity management (IDM) such a challenging issue facing security personnel in today’s fast moving business environment? Security professionals are concerned with outside hackers, malicious insiders and accidental data loss. By not focusing on internal processes around their employees’ changing roles and responsibilities, organizations are missing a key area of risk.
A layered approach is critical to protect your PeopleSoft system against multiple threat vectors. Deploying a series of security barriers requires the bad guys to defeat all of them to breach the PeopleSoft system. A layered approached significantly reduces an organization’s daily risk, and their possible breach costs. Read More.
While some organizations believe hacks come from only external sources, these companies may be missing an even larger threat: internal, privileged users.
In recent blog posts, we’ve mentioned that PeopleSoft provides a number of security protections out of the box. In this entry, we wanted to go into more detail on this, specifically focusing on common web application vulnerabilities.
Want to sort cybercrime fact from fiction? Do you think you know the difference? Test your knowledge. In this OHUG sponsored webinar, GreyHeller will set the record straight about cybersecurity myths using data from its Annual Cybersecurity Survey, the Sans Survey and live audience polling.