December 19, 2017
Overview During an application security assessment performed for a client, we encountered an application that was relying heavily on the encryption features of the Tabular Data Stream (TDS) protocol implemented in Microsoft SQL Server to protect communications over untrusted networks. Out of curiosity, we investigated how different configuration settings on both the server and client change the security properties of this protocol. We quickly realized that their communications were insecure.
July 13, 2017
Interview with Kate Othus We recently had an opportunity to chat with Kate Othus, Partner and Healthcare Business Advisor at Aldrich. Kate asked us about the changes to HIPAA under the Omnibus Final Rule and how they will impact medical practices. We’ve include the transcript below. What are some of the recent changes to HIPAA that are causing heartburn for medical practices? HIPAA, as we experience it in the Privacy and Security Rules, went into effect in 2003 and 2005, respectively.
March 14, 2017
What is IP whitelisting? Why do you want us to whitelist you against our WAF/IPS? When we perform penetration tests and vulnerability assessments, we often ask clients to whitelist our source IP addresses. This allows us to be unfettered in our interactions and assessments of a client’s server. We request this to accomplish the following: a) To aid the client in recognizing and differentiating the network traffic we generate during a test
Copyright © 2020 Summit Security Group, LLC