Linux Network Security - Page 51

Discover Network Security News

2003 Report: $55 Billion Loss From Computer Virus Attacks

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

omputer virus attacks cost global businesses an estimated $55 billion in damages in 2003, a sum that would rise this year, said Trend Micro Inc., the world's third-largest antivirus software maker. Companies lost roughly $20 billion to $30 billion in 2002 from the virus attacks, up from about $13 billion in 2001, according to various industry estimates. "The economic and financial impact of virus attacks will continue to climb in 2004," Lionel Phang, Trend Micro's Managing Director told Reuters in an interview. He did not have a forecast for the year. . . .

Anthony Pell
Jan 19, 2004

GAO Report on $1 Billion PKI Investment Highlights Key Challenges

The federal government has spent about $1 billion on 89 public key infrastructure programs among 20 major agencies in recent years, but the results of those programs are mixed, according to a report issued by the General Accounting Office. PKI is a secure method for exchanging information within an organization, within an industry, nationwide, or worldwide. . . .

Anthony Pell
Jan 16, 2004

Ensuring Protection: Learning From Information Security Breaches

Every issue of The ISO17799 Newsletter features at least one TRUE story of an information security breach and its consequences:1) The 'Perfect' Business Continuity PlanYes, we have published this one previously - but it is our favorite true story! . . .

Anthony Pell
Jan 16, 2004

Personal Firewall Day: Elevating Consumer Safety For Home Systems

Straddling the line between public service and marketing, Microsoft and a handful of security companies are sponsoring a campaign to heighten consumer security awareness and have declared Jan. 15 "Personal Firewall Day." . . .

Anthony Pell
Jan 15, 2004

Exploring Effective Anti-Virus Strategies Against Internet Threats

Twenty years after Fred Cohen first defined the computer security problem of viruses in a paper he wrote as a graduate student, most experts would contend that viruses have evolved from intermittent irritants into an internet plague. But Cohen, a research professor at the University of New Haven and principal analyst at the Burton Group, believes that viruses really haven't changed much since the late 1980s. Email-based viruses and programs that exploit software vulnerabilities basically all imitate similar iterations from the past, he says. . . .

Anthony Pell
Jan 14, 2004

CERT Advisory CA-2004-01 Critical H.323 DoS: VoIP Network Threats

A number of vulnerabilities have been discovered in various implementations of the multimedia telephony protocol H.323. Voice over Internet Protocol (VoIP) and video conferencing equipment and software can use these protocols to communicate over a variety of computer networks. . . .

Anthony Pell
Jan 14, 2004

Implementing Antispam Strategies to Combat Gibberish in Spam Emails

"Daphnia blue-crested fish cattle, darkorange fountain moss, beaverwood educating, eyeblinking advancing, dulltuned amazons...." This is not a failed attempt at free-form prose. It's a snippet of a spam message intended to promote a sexual stimulant, a deliberate crack at sneaking past and spoiling some of the most popular antispam filters. . . .

Anthony Pell
Jan 14, 2004

H.323 Protocol Risk Advisory: DoS and Buffer Overflow Threats

Some voice-enabled IP networks could be at risk for denial-of-service (define) and buffer overflow (define) attacks as a result of a security flaw in the H.323 (define) networking protocol for transmitting audio-visual data. According to an alert from the U.K. National Infrastructure Security Co-Ordination Centre (NISCC), the security vulnerability was identified in the H.323 protocol, which is used for the transmission of real-time audio, video and data information over packet switched-based networks. . . .

Anthony Pell
Jan 13, 2004

802.11i Issues Affecting WLAN Security And Authentication

The 802.11i protocol for wireless encryption is on track to become an IEEE standard by June, but it looks like existing WLAN customers seeking to adopt it will need to swap out hardware instead of just upgrading software. In addition, Cisco and Microsoft have gone their separate ways on a WLAN authentication technology called Protected Extensible Authentication Protocol (PEAP), creating a schism that could result in interoperability issues. . . .

Anthony Pell
Jan 13, 2004

VeriSign Warns: Expiring Certificates Result in Application Instability

The expiration of one of VeriSign's master digital certificates on Wednesday created confusion for Net users and glitches to the operation of some applications, notably Norton Anti-Virus (NAV). After the cert VeriSign used to sign other certs expired, the chain of trust was broken, leaving some aps unable to set up a secure connection. These apps then defaulted to trying to access Verisign's certificate revocation list server (crl.verisign.com) which, faced with a huge extra load, buckled under the pressure. . . .

Anthony Pell
Jan 12, 2004

Essential Security Checklist For Revamping Risk Management

Recently, a former student and propective client asked me to send, along with a proposal, a checklist of things he needs to be thinking about to help his company's goal of "revamping security" in 2004. This is that checklist. Be forewarned. While risks change somewhat with network size, bandwidth, and connectivity, while business requirements grow, and while the technology we can use to mitigate and mediate risk gets fancier (it is hoped to meet the changing risks), there is nothing new under the sun. Also, this is purposely very high level. It is a general checklist of things to consider. . . .

Anthony Pell
Jan 12, 2004

Lotus Notes 6.x Security Advisory: Local Threat and Access Risk

A local vulnerability in a Lotus Notes for Linux configuration file could allow a malicious user to manipulate the values of essential configuration parameters and gain access to files. When installing Lotus Notes for Linux, the default permissions for the "notesdata/notes.ini" configuration file are "666". This gives malicious local users the ability to open the file, change the values of configuration parameters and save them. The local copy of Notes would then run using these altered parameter values, which could cause Notes to operate improperly and possibly destroy or alter data. . . .

Anthony Pell
Jan 12, 2004

Kazaa Malware Risks: 45% of Executables Infected from P2P Sharing Analysis

Forty-five percent of the executable files downloaded through Kazaa, the most popular file-sharing program, contain malicious code like viruses and Trojan horses, according to a new study. Out of 4,778 files downloaded in one month, Bruce Hughes, director of malicious code research at security firm TruSecure, found that nearly half of them contained various types of nefarious code. . . .

Anthony Pell
Jan 12, 2004

WiFi Security and Network Protection With NoCatAuth Insights

Wireless technology, with its freedom of flexibility, its low cost equipment, provides a powerful solution to connect large numbers of computers through an air-network without cables. Despite of its advantages, if not treated correctly, wireless technology provides a real threat to wireless-based communities and networks. . . .

Anthony Pell
Jan 12, 2004

Improving Packet Capture Methods for Gigabit Network Monitoring

Passive packet capture is necessary for many activities including network debugging and monitoring. With the advent of fast gigabit networks, packet capture is becoming a problem even on PCs due to the poor performance of popular OSs. The introduction of device polling has improved the capture process quite a bit but not really solved the problem. This paper proposes a new approach to passive packet capture that combined with device polling further improves it and allows, on fast machines, packets to be captured at (almost) wire speed. . . .

Anthony Pell
Jan 09, 2004

MiMail Worm Variant Poses Significant Security Threat to PayPal Users

"MiMail attacks have been relentless since the summer of 2003," said Ken Dunham, the director of malicious code for iDefense, a Reston, Va.-based security intelligence firm, in an e-mailed statement. "This is just one of many waves of MiMail attacks we've seen in the wild in the past few months." And that wave won't crest anytime soon, added Dunham. "MiMail stands to be one of the more regular threats to emerge in the first part of 2004." . . .

Anthony Pell
Jan 08, 2004

Enhancing Corporate Security With 10 Key Strategies for Readiness

This 10-point game plan will push the risks and liabilities associated with cybersecurity to the forefront of the corporate agenda and help to dramatically increase your preparedness. But this program won't remove the threat or eliminate the need for strong walls until the technology industry puts better weapons at our disposal. . . .

Anthony Pell
Jan 07, 2004

90-Day Plan for Developing Security Management Strategy

True cybersecurity requires that financial, IT, and operational managers from across the enterprise--and outside it--come together to assess and guard against their company's most serious risk and exposures. Here's how to get started. . . .

Anthony Pell
Jan 07, 2004

Managing Network Security Challenges In University Settings

For university information technology departments, a balancing act can be challenging. University computer networks are an essential component of university operations. Yet, they are often large, heterogeneous, open, and used by thousands of individuals whose computing habits and expertise are largely unknown. . . .

Anthony Pell
Jan 06, 2004

Expected Rise in Spam and Virus Threats Throughout 2004

MessageLabs predicts that spam will account for over 70 percent of e-mail traffic by April of 2004. Given that current antispam legislation is largely ineffective, the onus will continue to be on you and me to protect ourselves. . . .

Anthony Pell
Jan 05, 2004

Community Poll

More Polls