Whether it be hurricane, flood, fire or simply a member of staff accidentally hitting the delete key, your company's data is constantly at risk from being permanently wiped out. Companies need to ask themselves, `Do we have the strategy in place to cope with a disaster?' . . .
Distributed denial of service (DDoS) attacks aim to disrupt the service of information systems by overwhelming the processing capacity of systems or by flooding the network bandwidth of the targeted business. Recently, these attacks have been used to deny service to commercial web sites that rely on a constant Internet presence for their business. . . .
The Internet became significantly more dangerous for business in the past week, as criminals spread not one, but two attacks that used the web as a platform, making web-spread attacks into a mainstream threat. . . .
"If you can't afford the security, you can't afford the project," says Rosaleen Citron, CEO of Toronto-based security firm WhiteHat Inc., citing a well-known axiom in the information security industry. On the other hand, "most businesses, big or small, can't afford to defend everything," says Mary Kirwan, an independent security expert in Toronto. Indeed, they would impede their productive business activity if they tried. . . .
There's no doubt that wireless networks can increase productivity and produce a significant return on investment for organizations with large, mobile workforces. Unfortunately, the repercussions from an unprotected wireless network can be just as significant, if not worse. . . .
In this 6:30 minutes long audio learning session, Rob Lane, AEP Systems VP of Product Management, discusses SSL VPNs in general, shares his point of view on the benefits of using SSL VPNs for secure remote access and talks about the difference between SSL and IPSec VPNs. . . .
Businesses in Europe's leading financial centres are failing to secure their wireless access points despite the risk of "drive-by" hacking. More than 33% of businesses surveyed in London, Milan, Paris and Frankfurt are still making fundamental security mistakes, research by RSA Security revealed. . . .
An attack last week against Akamai Technologies Inc. demonstrated the disruption of key Web site activity that a well-placed assault on the Internet's Domain Name System can cause. The incident also revealed a troubling capability on the part of hackers to target core Internet infrastructure technologies, security experts said. . . .
While the past of Wi-Fi has been plagued with security problems the economics are such that many players in the IT market want to see the insecure WEP replaced with something more robust. While nothing in the future is certain, it seem a given that Wi-Fi will overcome its adolescent growing pains and mature into a reasonably secure and easy to deploy method of networking. . . .
Denial of Services attacks aimed at disrupting network services range from simple bandwidth exhaustion attacks and those targeted at flaws in commercial software to complex distributed attacks exploiting specific COTS software flaws. These types of attack are not new and have been used to devastating effect to prevent normal operation of the victim sites. Historically, these attacks by hacktivists and extortionists alike have targeted companies as diverse as eBay and Microsoft, the RIAA and SCO, and a plethora of online gambling companies. . . .
In this 8 minutes long audio learning session, John Stuart, Signify CEO, discusses what are the alternatives to passwords. There are three fundamental technologies which users could take into consideration: one time passcodes (token based systems), digital certificates and biometrics. . . .
Many believe that demonstrating a ROSI in the enterprise is nigh impossible because there are no metrics that measure the ROSI unless a company is attacked or security is outsourced to a managed security provider. However, I've always been astounded by this attitude, as to me it appears that the most obvious point has been completely missed; organisations must begin with information risk assessments in order to evaluate the true effectiveness of their ROSI. . . .
The first ever computer virus that can infect mobile phones has been discovered, anti-virus software developers said today, adding that up until now it has had no harmful effect. The French unit of the Russian security software developer Kaspersky Labs said that that virus - called Cabir - appears to have been developed by an international group specialising in creating viruses which try to show "that no technology is reliable and safe from their attacks". . . .
My advice: Don't go another day without setting up a centralized logging server with syslog. Nearly all routers and switches can send log traffic on UDP port 514 in a syslog format. It's just a matter of providing a secure platform to collect that information. I recommend setting up a Linux box to handle this syslog task. It's simple and inexpensive, and it provides data security to some of the most valuable information about your network. . . .
Customer Relationship Management (CRM) systems are cited as one of the major technology successes of the last decade. These 'super databases' enable the real-time sharing of information across global organisations, increasing the visibility of the sales pipeline and providing a central control of the customer experience. A far cry from the early databases which were supported in the locally networked environment, CRM systems have pushed database capabilities into the enterprise arena, providing accurate monitoring of customer information and enabling corporations to sell and market to customers through a centrally managed delivery mechanism. . . .
Jabber, the streaming XML technology mainly used for instant messaging, is well-suited to its most common task. However, Jabber is a far more generic tool. It's not a chat server per se, but rather a complete XML routing framework. This has some pretty far-reaching implications. . . .
We have to ask: could this be related to the fact that the marginal risk posed by terrorism to companies in the US are small? Of course, terrorist attacks are spectacularly horrible events, but in terms of the sheer numbers, how large a risk is it compared to, say, internal sabatoge or even accidental fires? Overall, despite the screaming headline, this is a decent article... except that it basically ignores the obvious role of insurance in situations of low average risk but highly catistropihic possible outcomes. . . .
Will help C-level executives understand what Security Testing is and how the Open Source Security Testing Methodology Manual (OSSTMM) can help raise the level of security within their organization. . . .
With recent technological advances, wireless devices are well positioned to add value as corporate productivity tools. Investments in this area have the potential to provide widespread improvements in mobile worker efficiency, business activity monitoring, exception handling, and organizational throughput. While the potential gains are impressive, many organizations are waiting to deploy this technology due to security concerns. Companies which wait may indeed feel secure. . . .
By altering the Multiple Access Control (MAC) protocol, one of the series of protocols that govern how bandwidth is distributed between multiple users of the same wi-fi access point by randomly assigning each hotspot user a rate for data transfer, it is possible to siphon off most or all of the bandwidth. . . .
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
