Tag Archives: enigmabridge

Encryption for DNSSec

We have recently come across a nice check-list for whoever wants to use DNSSec and establish a good security baseline with a hardware security module (HSM), i.e., never get encryption keys compromised.

We will include detailed comparison of our platform to enigmabridge.com a little bit later but here is an initial comparison. Continue reading Encryption for DNSSec

Card Payments and The Cloud

We are now integrating encryption into a corporate infrastructure and it made me think about payments and PCI audits. PCI stands for Payment Card Industry. Anyone who got close enough to e-commerce, or card payments knows what a burden it is on running a business.

Sooo, I have spent some time this week thinking about architectures for “technical security systems”. I could say “cryptography” straight away, I guess. Thinking about protecting sensitive data that may be subject of independent audits.

The scope of PCI audits is given by storage and processing of credit card numbers and PINs (in case of Chip&PIN systems). Once you experience the pain, you definitely want to get “out of scope”. This is true for merchants just as banks.

Screen Shot 2015-09-26 at 00.10.41

Continue reading Card Payments and The Cloud

HTTPS – what does it stand for?

HTTP stands for hypertext transfer protocol – the universal language of “the web”. HTTPS is a secure variant of this language as it provides tools to verify which website you actually connect to.

tumblr_inline_nugqbt26DH1tc653u_540

Continue reading HTTPS – what does it stand for?

“One time passwords” are not passwords

We did a bit of research into what IT start-up companies need in terms of security. I did expect that secure authentication / logons would be at the top but I was surprised that OTP (one time passwords) were at the bottom.

tumblr_inline_nuaqujon1g1tc653u_540

Continue reading “One time passwords” are not passwords