Security Articles and Resources

I often encounter professionals wrestling with the question: “Should I transition into a management role?” Today, I’d like to shed some light on this topic in case you are also wondering if management is for you. Choosing a career path is a deeply personal decision and, while it’s thrilling to consider new possibilities, it can also bring up a lot of uncertainty. My hope is that this post will …

Introduction We recently encountered issues when replacing an older CAS server with a new system. The new server wouldn’t forward users to the requested service after authentication, and the service couldn’t verify the service ticket. To resolve this, we implemented HAProxy as a front-end load balancer, allowing us to switch back-end services seamlessly while maintaining high …

The Hidden Threat: Burnout in Security Burnout is one of the highest priority risks facing security professionals today, both in terms of threat impact and likelihood. It’s a conversation happening constantly on Twitter, in industry Slack groups, and at security conferences. The security field is high-stakes, fast-paced, and often reactive—making stress an unavoidable part of the job. Yet when …

Understanding Two-Factor Authentication (2FA) When it comes to online banking security, one of the most critical protections available is two-factor authentication (2FA). This method adds an extra layer of security beyond just a username and password. But what exactly is 2FA, and why should you enable it everywhere you can? What is Authentication? Authentication is the process of proving you are …

I’ve had an account with the same bank for years, but in 2016, it still doesn’t offer two-factor authentication, EMV cards, or other modern security features. That got me wondering—how do other banks stack up? Are they actually doing better? Instead of relying on compliance audits, I decided to take a more open approach and examine two key areas of security: email protections and website security. …

Recently, Mark Stanislav gave a talk on holistic authentication security for companies who have implemented two-factor authentication. He developed a scoring system, MASSACRE, which quantifies the presence of several different security features on a web site; cookie flags, response headers, etc.. This inspired me to see if I could get our Jasig CAS server with Duo 2FA to the top of the charts. As …

Why SSL Configuration Matters for Tomcat With POODLE making headlines, it became clear that a strong SSL configuration is essential for securing web servers. If you’re running Apache Tomcat, ensuring your SSL settings are up to modern security standards is crucial. This guide walks you through improving your Tomcat SSL configuration to mitigate vulnerabilities, optimize encryption, and …

The Evolution of SSL Certificates: A Decade of Change Back in 2014, securing a website with HTTPS was often a costly endeavor, limiting its adoption among smaller websites and personal blogs. The landscape began to shift when Cloudflare announced free SSL certificates for all its users, marking a significant step toward a more secure internet. In the original post, I shared my experience …

Earlier this year I attended the Educause Security Professional Conference in St. Louis. I went to a session at which Nick Hannon from Swarthmore College explained how Splunk could combine MaxMind GeoIP data with authentication logs to detect credential theft by looking for geo impossible logins. I couldn’t find an exact tutorial online, so this is my execution of his idea. I based much of the …

How to Integrate Duo Security with Jasig CAS for Multi-Factor Authentication Securing access to your authentication system is more critical than ever. By integrating Duo Security with Jasig CAS, you can add an extra layer of protection through two-factor authentication (2FA). This guide provides a detailed, step-by-step walkthrough to setting up Duo Security MFA with Jasig CAS on a clean install …