When it comes to digital certificates, the Subject Alternative Name (SAN) extension plays a crucial role in how modern systems authenticate and communicate securely. Although the Common Name (CN) field traditionally carried the hostname of a server, today it’s the SAN extension that browsers and applications actually pay attention to. In fact, industry standards have…
Category: assurance
IAM vs PAM vs IGA – what is the difference?
Identity security is now a cornerstone of enterprise cyber defence, particularly in the UK where regulatory pressure and threat levels continue to rise. Security teams often hear three related but distinct terms: IAM (Identity and Access Management), PAM (Privileged Access Management), and IGA (Identity Governance and Administration). While they overlap, each addresses different layers of…
Refresh JWTs are subject to compromise
Refresh JSON Web Tokens (JWTs) are a crucial part of maintaining user authentication sessions without requiring frequent logins. However, if not implemented securely, refresh tokens can become a major security risk. Here are some common ways refresh JWTs can be compromised: 1. Token Theft via Storage Vulnerabilities Storing refresh tokens improperly is one of the…
IP Spoofing
IP spoofing is a cyberattack technique in which an attacker manipulates the source IP address in network packets to appear as though they are coming from a trusted source. This deceptive practice allows attackers to bypass security measures, launch denial-of-service (DoS) attacks, and intercept sensitive communications. The objective of IP spoofing is often to initiate…
ECDHE
ECDHE (Elliptic Curve Diffie-Hellman Ephemeral) is a cryptographic algorithm used for secure key exchange in network protocols like TLS (Transport Layer Security). Its main function is to enable two parties (e.g., client and server) to agree on a shared secret over an insecure network, without transmitting the secret itself. This fact almost alone has ensured…
‘Digital Outcomes (DOS) 6’ Supplier Award
We are delighted to announce that MIC Solutions Ltd has been awarded a place on the Digital Outcomes 6 (DOS) Framework. The DOS frameworks publish opportunities on the Digital Market place to find suppliers for technical digital projects within public sector organisations. DOS differs from the G-Cloud framework in that customers must know what it…
The rush towards public DNS
One result of the rush towards using large-scale public Domain Name Service (DNS) resolvers, such as Google and Cloudflare, is that critical and sensitive DNS queries are often handled by servers in different countries or even continents. This trend is introducing unexpected security, resilience, legal and data protection issues for policy makers and governments. With…
Software-Defined Perimeter Networks
Software-defined perimeter (SDP) networks are an advanced iteration of a zero-trust network (ZTN) strategy for access to enterprise resources. As organizations migrate more and more services to the cloud, regardless of deployment model or location, the potential attack surface is dramatically changed. Securing the data (not just the network) has therefore become an existential concern….
What is TPRM?
Imagine a world where people demand data on any device, from any location, 24/7. To deliver this level of service, businesses are deploying cloud architecture for almost everything. But shadowing these decisions is the largest annual increase in successful cyber-attacks within the last six years, and when seen alongside a global shortage of IT security experts…
ISO/IEC publish ‘Cloud Computing Vocabulary’ standard
Unsure of the difference between public, private, hybrid or community cloud deployment models? Check out some helpful vocab and definitions in the recently published Joint Information and Telecommunication (JTC1) standard: ISO/IEC 22123-1:2021. In defining terms such as roles and activities, the difference between characteristics and capabilities, this new standard helps to demystify and remove some…
MIC Solutions 