Tag Archive for: Identity Management

Using WebSphere Process Server in your SOA Infrastructure

WebSphere Process Server (WPS) is the runtime engine for artifacts produced in a business-driven development process.   It allows orchestration of business assets into highly optimized and effective processes to meet business goals.  It is a single, integrated, runtime foundation for deploying service-oriented architecture or SOA based business processes.  Built on open standards, it deploys and executes processes that orchestrate services (people, information, systems, and trading partners) within your SOA or non-SOA infrastructure.  It helps increase efficiency and productivity by automating complicated processes that span people, partners, and systems.  It helps cut costs by enabling flexible business processes with reusable assets, thus reducing the need to hard-code changes across multiple applications.  It has the ability to track the state of process instances, handle human intervention, and deal with exceptions.

WPS is mounted on top of WebSphere Application Server (WAS) with its robust J2EE runtime and offers a new level of abstraction so the task of integrating applications and services becomes much easier. Read more

7th Phase of growth – Security of the enterprise’s IT/IS Investment

So congratulations, you were just named Chief Information Officer of your company and now moved into your new office.  Looking through the top desk drawer you find a note with three sealed envelops attached.  The note says when you have your first major crisis, open envelop one, the second one open envelop two and the third one open envelop three.  Being the type “A” personality, the one that got you here, you decide to open all three now.  The first one says this is your first crisis blame it on me, your predecessor. The second one says this crisis is yours and you will need a plan to solve it.  The third one says “Oops”, prepare three envelops and leave them in the top draw for your successor.

At this point being a Type “A”, you decide that you are going with envelop two and throw away the other ones.  Your first step is to evaluate your staff and their capabilities.  Looking at their performance records you can learn some of the basics, but you will not be satisfied with just that limited amount of information.  You know about Maslow’s hierarchy of needs.  Although this was explained in a paper by Abraham Maslow in 1943, it still applies today.  The phases are: (1) Physiological (breathing, food, water, sleep, etc.); (2) Safety (security of body, employment, resources, morality, the family, health, property, etc.); (3) Belonging (friendship, acceptance by the group, social needs, sense of belonging); (4) Esteem (self-esteem, confidence, achievement, respect of others, respect by others); (5) Self-actualization (morality, creativity, spontaneity, problem solving, acceptance of facts).  You are aware that Self-actualization is the goal, studies show that only about 2 % are performing at this level.  As people move up the hierarchy with their needs, if suddenly there is a need below, a person will revert back to that level.  (i.e. if someone is working at a self actualization level and can’t breath he would abruptly revert to the Physiological level or if threaten to safety. Read more

Strengthening the Authentication of Your Users

They say a chain is only as strong as its weakest link.  In the world of IT systems, you don’t want that weak link to be user authentication.  Once a hacker gains access to a system as a valid (potentially high level) user, the amount of damage they can do is unlimited.  There are different ways to validate a user’s identity and they have different levels of security.  Using the three little pigs as an analogy, let’s take a look at the options:

1)      The straw house – This is what we call single factor authentication.  This just involves something you know or have.  An example for physical security is a badge that is tapped on a door reader to gain access.  If someone gets hold of the badge, that’s all they need to walk into the building.  Another in the IT world is the familiar user ID and password.  It’s what a majority of users use to gain access to their computer’s OS and applications. This has the potential to be fairly secure, but often times isn’t due to poor password choice.  Users frequently pick passwords that are easy for them to remember which means they are easy for hackers to crack. Once they know the password they have total access to the system/application.  Read more

IT Disciplines of an Identity & Access Management Expert

The field of identity and access management is considered a small, specialized niche in the world of IT. Some would speculate that this is because of the very complex nature of the applications we deploy to an enterprise. Although that may be true, it goes far beyond just the complexity of the specific applications we work with. A true identity and access management expert must be very knowledgeable over many IT disciplines. This is due to the products we architect and implement being entire solutions, as opposed to singular purposed applications. Let me provide some examples of the typical IT disciplines covered during a deployment:

Gathering enterprise requirements:  The expert must be well versed in enterprise architecture, security, networking, hardware, and multiple operating systems. This is crucial as they will propose the best suite of products based upon the clients requirements and the current state of the enterprise architecture. The expert must consider things as simple as who the primary user base is, to more complex questions such as what hardware will be required based on expected application load. This phase will determine both the tempo of the project as well as its success. Lest we forget the expert must also play the role of a project manager, technical writer and business analyst. Any well-rounded expert can explain identity and access management plans and concepts to the client in simple, no nonsense terms, but also deliver highly technical documents to the various IT departments in which the project will affect. In addition, a precise project plan needs to be delivered to the client to stay on task and on budget. Read more

Tivoli Directory Integrator – On Multiple Entries

Tivoli Directory Integrator (TDI) is a pretty neat tool that comes packaged with IBM Tivoli Identity Manager (ITIM).  TDI comes out to the box with a multitude of connectors that are used to as the name says, connect to different sources.  One of the most common business processes where TDI is used is to extract data, transform the data and then load the data into different data source (ETL).  For an example, it is common to use TDI to extract Human Resources data and using a DMSL connector, send the data over to the ITIM Application for processing.

One of the main considerations in extracting data from different sources is the data.  The data values, the data relationships and attributes do not always exist as advertised.

For example:  The process pulls the employee information from SAP and then does a lookup to Active Directory using the employee number.  Active Directory is only supposed to have one entry for each employee.  “Supposed to” is the key word.  In some cases, there are multiple AD accounts for one employee. Read more

Internet Enable your Applications using WebSEAL with Active Directory Authentication

Let’s say you have a set of applications you use within your organization that you want to make available for access from the Internet. Let’s further say you want remote users to login using their Active Directory credentials. That way, there is no additional password maintenance to worry about – for users or for support staff.

Sounds great, but can you pull it off without exposing your organization to the countless threats lurking out there on the Internet?

In most cases, it can be achieved with minimal risk to your systems and applications. Furthermore, PathMaker can help you design and deploy a solution, as well as help you analyze your applications and infrastructure for potential vulnerabilities. Read more

Email Attacks and Hate Mail Response: Recognizing When You Need to Hire an Incident Response Expert

Many people who use email think that their true identity and location are anonymous. Hidden behind their supposed “cloak of anonymity,” these people may sometimes lash out at their employers, colleagues, political adversaries, ex-lovers, and so on. Thankfully, there are a number of identity management services that can help to reveal the identity of the person who sent you a threatening message.

If you receive an email that is of a threatening or illegal nature, it’s not difficult to initiate an enquiry leading directly to the person involved for appropriate actions by authorities. Here is a look at how the specialists at PathMaker Group can handle your situation:

Forensic Expertise

The key to finding out who is responsible for sending a threatening message is the technical knowledge that incident response experts have about the inner workings of electronic mail. By examining the Internet Headers of a particular email, our incident response experts can identify the exact source of the message. Read more

Using IBM Tivoli Identity Manager to recertify Active Directory Groups

Its audit time and you’re responsible for recertifying approximately 75 Active Directory Groups and each group has a membership of about 10 to 30 people.  An email needs to be sent to every manager for them to confirm the person still needs to be a member of the group.  You have to provide information to the Auditors to confirm that each person in each of these groups has been verified.  Before you can send out the verification requests to the managers you have to confirm each Active Directory Account has the correct person contact information and manager information.  All this has to be done in the next 30 days.

What are you going to do?  Book an early tee time!

How is this possible? Read more

An Overview of Digital Forensics and Electronic Discovery

Digital forensics and electronic discovery involve the collection and analysis of electronically-stored data. Together, these two fields of electronic security cover the entire digital information spectrum. To find out more about what each one is and when or why you may want to hire an investigative team to perform digital forensics and electronic discovery procedures for your company, continue reading this article.

What is digital forensics?

Digital forensics entails the thorough examination of electronic storage devices. In the process, electronic systems investigators identify, collect, maintain, and analyze the data stored on an electronic device. After doing so, they produce results based on their analyses that are defensible enough to be upheld in a court of law. Deleted, damaged, and encrypted files are all included in the analysis and the data explained in the results.

What is electronic discovery?

Electronic discovery, or e-discovery, is the process of gathering electronic data so that it is readily available and can be stored on a variety of electronic storage devices. This data is gathered and stored via:

  • Information and identity management.
  • Collection and preservation of all data.

When good e-discovery practices are employed at a company, e-discovery records can be sent to a team of digital forensics investigators for:

  • Processing, analysis, review, and presentation of results.

When are these processes necessary?

Electronic discovery should be practiced by any company that stores sensitive data and records that are crucial to future business. Digital forensics should be employed when a company needs to draw on its performance history to justify a decision made in the present, as well as whenever a company is facing legal action. A forensics team can ensure the files and digital history stored on your computer that support your case will provide you with valid courtroom evidence.

Are you a Dallas-based business owner who is looking for services in the field of electronic security and identity? If so, call PathMaker Group at (817) 704-3644 and ask about our electronic discovery, digital forensics, and identity management services today!

 

Using IBM DataPower XI50 Appliance to Secure XML-based Web Services

Congratulations!!! Your IT organization, and more importantly your company, now enjoys the benefits of Service Oriented Architecture (SOA). These benefits include return on investment, code mobility and maintenance, agility, improved scalability and high availability.  But along with these rewards come some disadvantages.  These include degradation of application server performance and increased security concerns and risks.  The XML-based Web Services in use in your enterprise easily expose back-end systems to customers and partners.  Your Web Services pass through your enterprise network firewall and are based upon SOAP, XML and HTTP.  These all combine to introduce new threats and security exposures within your enterprise infrastructure.  These new type of threats can consist of some of the following below:

  • XML Denial of Service
    • Slowing down or disabling a Web Service so that service requests are hampered or denied
  • Unauthorized Access
    • Gaining unauthorized access to a Web Service or its data
  • Data Integrity and Confidentiality
    • Data integrity attacks of Web Service requests, responses or underlying databases
  • System Compromise
    • Corrupting the Web Service itself or the servers that host its Read more