Survival in the modern business world requires strong backup and recovery plans. Companies can no longer sit back and wonder if something will happen, but must plan what to do when something does happen. Disaster recovery needs to be addressed immediately before disaster strikes. . . .
With a clear knowledge gap among many IT professionals and security specialists demanding salaries in excess of £50,000, many organisations since the recent downturn in the economy have looked to outsource all or part of their IT security. The main benefits being to deliver improved value across the board and importantly increase profits. With lower investments being made in staff and contracts agreed up front, this becomes entirely feasible. . . .
It is a rare organization that has the money to deploy best of breed or integrated commercial software for every security role. Whether your job is perimeter protection, incident response or email server administration, there may be an opportunity to use your favorite Unix system with some additional tools to get the job done faster and cheaper than what you do now. . . .
Computer forensics involves the preservation, identification, extraction, documentation and interpretation of computer data. It is often more of an art than a science, but as in any discipline, computer forensic specialists follow clear, well-defined methodologies and procedures, and flexibility is expected and encouraged when encountering the unusual. It is unfortunate that computer forensics is sometimes misunderstood as being somehow different from other types of investigations. . . .
Anything short of keeping a computer locked in a room with no network connection represents a security risk. From the moment the device is plugged in and connected to a network, you begin to trade security for functionality. It's always a balancing act, and one that requires you to determine how much functionality you are willing to sacrifice for increased security or vice versa. "Wireless, remote access and outsourcing solutions present many key barriers to security and, if not managed correctly, can expose a corporate network to unlawful intrusion. These threats, however, can be avoided if the proper precautions are taken," says Wreski. . . .
A few days ago, a reader asked if I could help him justify the cost of security training that he and his fellow Unix system administrators felt they needed. I gave the reader a variety of ideas, one of which is sure to resonate with his manager. When making your pitch, you might want to try these reasons. . . .
Perhaps the best way to visualize Defense in Depth as it relates to Information Security is to view the recent blockbuster movie: "The Two Towers". When the antagonists approached the perimeter defenses at Helm's Deep, they were first greeted by a volley of arrows. As they approached closer, rocks and boiling oil was thrown on their heads. Then there was the actual wall to contend with. As they brought up siege ladders, they were thrust back with long poles. As they jumped on the tower ramparts they were engaged hand to hand. But despite of the defenses due to the perceived value attached to defeating Rohan, evil nearly prevailed. As of late when one considers network and especially Internet security one might wonder if good will prevail in the real world. . . .
As last summer's virus attacks vividly demonstrated, companies of every size are finding themselves hard pressed to maintain around-the-clock network security. Arriving nearly simultaneously, the Blaster, Welchia, and Sobig.F worms invaded hundreds of thousands of corporate computers, resulting in billions of dollars of damages and lost productivity. In this new atmosphere, where crippling attacks arrive almost immediately after vulnerabilities are announced, how can enterprises maximize their IT investments and successfully manage security? They can tackle the job with their in-house IT staff, of course, or they can outsource the task to a managed security services provider (MSSP). This article will look at certain key issues for determining when outsourcing security is the best approach to take. . . .
Malicious attackers are getting faster and harder to keep out of corporate and government systems, a major conference on computer crime was told yesterday. . . .
Every good hacker story ends with the line: "and then he's got root access to your network and can do whatever he wants." But the story really doesn't end there. This is just the beginning of the real damage that the hacker can inflict. . . .
Be practical, not panicked. Much of the hacker hysteria is theoretical. As wireless networking settles into the routine of everyday computing, maybe the advice-givers will rely a bit less on trying to terrify the novices, and a bit more on specifics. . . .
This concerns us all. Cisco is trying to patent the idea of demanding a confirmation-to-reset packet from an allegedly resetting host. This not only attempts to patent something that fails the 'non-obvious' test (really, is there a more obvious solution?), but it also opens up the door to a new "confirm reset? acknowledge" DoS attack. We all have a stake in making sure that basic TCP/IP security measures do not become proprietary. . . .
AirDefense is one of the more respected companies producing wireless LAN security software. AirDefense performed a research experiment at the recent Networld+Interop conference in Las Vegas. Their monitoring software scanned for vulnerabilities and network attacks during the conference producing some astonishing results. . . .
"I opened up my wireless home network to the world, and I've never felt more comfortable." Thus starts a startlingly different perspective on privacy and security. . . .
A rogue access point is not authorized by an organization's IT department for operation.) Setting up an access point is child's play. In addition to plugging the access point into a power source, all one has to do is connect one end of an Ethernet cable to an available Ethernet port, connect the other end to an access point and voila! A new Wi-Fi WLAN is born. . . .
Three Brisbane university students have discovered a major flaw in wireless network technology that means hackers can bring down critical infrastructure in as little as five seconds. . . .
As voice over IP sweeps across the high-tech landscape, many IT managers are being lulled into a dangerous complacency because they look upon Internet phoning as a relatively secure technology--not as an IP service susceptible to the same worms, viruses, and other pestilence that threatens all networked systems. . . .
The Trusted Computing Group said Monday that it is working on a specification to ensure that wireless clients connecting to a network won't serve as a back door to worms and crackers. Officials within the TCG, based in Portland, Ore., said the industry standards body is developing a "Trusted Network Connect" specification, designed to audit wireless-enabled PCs when they first make contact with an enterprise's wireless network. . . .
Using vulnerabilities revealed at the same time as those exploited by the web worm, security firm IRM has demonstrated how they can be used to gain control of a Windows web server. . . .
To better understand the reality of this threat, KernelTrap spoke with Theo de Raadt [interview], the creator of OpenBSD, an operating system which among other goals proactively focuses on security. In this article, we aim to provide some background into the workings of TCP, and then to build upon this foundation to understand how resets attacks work. . . .
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
