Shahid Roofi Khan

Technologies Blog

Why SSL fate is doomed and TLS is the only option left

SSL, which refers to Secure Socket Layer, is a protocol used to provide secure connections between a client and a server. A TCP connection can provide a reliable link between a server and a client but cannot provide services such as confidentiality, integrity and end point authentication. So, SSL was introduced by Netscape in early 1990s to provide these services. The first version of SSL, which is known as SSL 1.0, was never released to the public as it had many security holes. However, in 1995, SSL 2.0, which provided better security than SSL 1.0, was introduced and, in 1996, SSL 3.0 was introduced with more improvements. The next versions of the SSL protocol appeared under the name TLS.

SSL, which is implemented in the transport layer, can secure a protocol such as TCP by applying various security measures. It will provide confidentiality by using encryptions to prevent anyone from eavesdropping. It uses both asymmetric and symmetric encryption. First, using asymmetric key encryption, a symmetric session key is established which then would be used for encrypting the traffic. Asymmetric key cryptography is also used for digital certificates used to authenticate the server. Then Message Authentication Code, which uses various hashing techniques, is used to provide integrity (identify any unauthenticated modification done to the real data). So a protocol like SSL allows transmitting sensitive information such as banktransactions and credit card information over the internet. Also, it is used for providing confidentiality for services such as email, web browsing, messaging, and voice over IP.

SSL is now outdated and has many security issues where its usage is not much recommended currently. SSL 3.0 was enabled by default until recently in many browsers but now they are planning to disable in the future versions due to severe security bugs such as POODLE attack.

Power of Two Factor Authentication using Microsoft Identity Manager 2016

Microsoft Identity Manager 2016 can increase the security and reduce help desk calls for password management substantially. It allows integration of authentication infrastructure with SMS gateway so that users mobile device can be used as OTP device for the password reset, unlock requirements. 

The windows environment, becomes latest with the industry trend of using One Time Password that is sent using SMS Messages.

The last organization where we implemented this technology became a great value to the infrastructure.

Never Install SQL Ent or Standard edition. Always use developer edition. Here's why

SQL editions can give you tough times, especially when you have used enterprise edition and later you find you cannot downgrade it to standard edition. Often times this is core requirement from the customer once they renew their Microsoft licenses.

Only edition flexible enough to be downgraded as well as upgraded is the developer edition which works for six months without any issues.

Once this period elapses you have chance to either upgrade to enterprise edition or downgrade the solution.

It will save you lot of wasted deployment hours.

SQL Editions

 source: https://docs.microsoft.com/en-us/sql/database-engine/install-windows/supported-version-and-edition-upgrades-2017?view=sql-server-2017#-edition-upgrade

 

Presented MS Pakistan for the launch of Windows 2008 R2 - Seems less live migration of Hyper-V

Thanks to MS Pakistan Office for giving the chance to present newly released Windows 2008 R2 Operating System.

Presented live migration feature with car running inside of a virtual machine in running state, the VM was failed over to other node and car didn't stop.

That's even though the active compute was out and processing was shifted to another node.

https://zafar73.wordpress.com/2009/12/05/microsoft-joint-business-launch-windows-7-windows-server-2008-r2-exchange-server-2010-comes-to-pakistan/