InfoSecMinds

For like-minded people

Archive for category Technical

Two factor authentication

Nov 8

Posted by Vinod Puthuseeri in Information Security, Information Security Management System, Information Security Risk Management, ISMS, Technical | No Comments

What it is, what are the solutions

Today, banks providing internet banking facilities are looking for implementing or have already implemented two factor authentications. This has been done by either identifying risks by the banks themselves or has been mandated by the regulatory authorities. Whatever has initiated this, it is more important to understand what a two factor authentication is, what are the business requirements and how is it going to impact the customers. Read the rest of this entry »

Tags: , , , , ,

SSL – How it works

Mar 16

Posted by Vinod Puthuseeri in Information Security, Technical | 2 Comments

Trying to simplify and explain how SSL works. Hope I have not complicated it further.  

Let us consider that someone is trying to call me over the phone and he/she is going to talk to me for the first time. In this case, how does he/she understand that I am the person on the other side of the phone OR is he/she connecting to the right person? Not possible.  

Now if you are in a large organization and the organization maintains an updated directory which lists the contact person, his office location, extension number etc, this is one place for validation and you can be sure that you are reaching the person that you intended too.  

But still there is a chance that someone else might pick up the extension instead of the person you are looking for. Once you have reached the intended person, you will now require to be sure that your conversation is not heard or interpreted by a third party.

Read the rest of this entry »

Tags: , , , , , ,