Enterprise Security

E4b33dbe234685965beb3e9f2a0ad456

Google, Adobe, and Big Oil Attack Commonalities

March 07, 2010 Added by:Ted LeRoy

The work of protecting information is becoming more difficult with time.  The recently discovered attacks on Google, Adobe, Marathon Oil, ExxonMobil, and ConocoPhillips illustrate an alarming trend.  The attacks even gave rise to a new attack model, the Advanced Persistent Threat (APT).

Comments  (0)

A3e8b5e0becdbfb1b1c706b452b6c388

Road Map for an Application/Software Security Architect (Part 6)

February 26, 2010 Added by:Stephen Primost

So, the application designer has disclosed that the solution for the web services being designed will involve the (1) need to authenticate; (2) need to determine levels of authorization; and (3) [by the way] need to have some personalized data be carried forward to the application. If you, as a the security architect involved in the security assessment process, are smart, you would have a security...

Comments  (0)

1e44bd91360d3c685c3d78efcf0bea2e

Consider Outsourcing Your Network Security

January 27, 2010 Added by:Ken Leeser

As more and more critical applications and services move to the cloud, organizations are increasingly receptive to the idea of using a managed security service to protect their network and information assets.

Comments  (1)

A3e8b5e0becdbfb1b1c706b452b6c388

Road Map for an Application/Software Security Architect (Part 5)

December 30, 2009 Added by:Stephen Primost

Without a Digital Identity, how would you expect to do any authentication? And with an incomplete Digital Identity, how would you expect to get the authorization done correctly? Without the proper data model and the expectation that it would have the correct data (besides being in the right place at the right time), securing a system is impossible, although having the information, it is the easies...

Comments  (0)

09e5dbdf8a3bd6dccce5621459b11e26

Containment Phase - Incident Response

December 19, 2009 Added by:Mark Bennett

...the whole point of Incident Response..Having a Plan! In the containment phase of Incident Response you want to prevent the attacker from getting any further into the organization or spreading to other systems.

Comments  (0)

634ff692af43fd4dc5dab3b8590c77d6

Virtualization : the maneuver tactic !

December 17, 2009 Added by:K S Abhiraj

The lure of virtualization is clear. From the business perspective, it means faster time-to-market for new technology enabled services and a strong foundation for new strategic initiatives, such as cloud computing. For technology organizations, virtualization promises faster server provisioning, increased hardware utilization, and lower costs for disaster recovery (DR).

Comments  (0)

A3e8b5e0becdbfb1b1c706b452b6c388

Road Map for an Application/Software Security Architect (Part 4)

December 15, 2009 Added by:Stephen Primost

Planning your application's use of the digital identity is not an after-thought of system architecture. At the least, it might offer the occasional lack of reliable and conflicting information. At the worst, it provides little, if no protection, at all. And like the proverbial little dutch boy, you will be putting fingers in the holes of the dike, attempting to shore up an weak infrastructure with...

Comments  (0)

F6bae6ee0c7dfe5b62860cc8ebf311fe

Boole server - Data centric remote access, auditing and encryption

December 09, 2009 Added by:John England

Maintaining confidentiality and protection of data from unauthorized access are basic requirements for a security system. Boole Server is able to fulfil these protection requirements to a very high standard. Ease of use and versatility in configuration enables Boole Server to be the development platform delivering all the tools necessary for the complete protection of information circu...

Comments  (0)

D5e39323dd0a7b8534af8a5043a05da2

Packet fragmentation vs the Intrusion Detection System

December 08, 2009 Added by:Fred Williams

How well does Snort IDS handle packet fragments when the fragments could contain a potentially malicious software attack? Let's read on.... I found a really great article written in 2007 on how an author setup a lab environment to test this theory.

Comments  (2)

7fef78c47060974e0b8392e305f0daf0

'Mafia Wars' CEO Brags About Scamming Users from Day One

November 29, 2009 Added by:Infosec Island Admin

I've never played Mafia Wars myself, but it's a very popular Facebook game that many of my friends play and annoy me with the constant broadcast news feed messages. It's one of the more popular Facebook applications and -like most of them- pose a real risk to the players and players friends within the Facebook community.

Comments  (3)

6d117b57d55f63febe392e40a478011f

Internet Security Alliance: Cyber Security is Economic Issue

November 18, 2009 Added by:Anthony M. Freed

"The President is correct in his appreciation of the need to view cyber security as... an economic one as well. In the 21st century - the digital century - economics and security are opposite sides of the same coin. You cannot affect one without impacting the other..."

Comments  (0)

C7159a557369b66632c4b54bf746b69e

Emerging Technologies that can Reduce PCI Scope

November 17, 2009 Added by:Sean Inman

In recent months, the PCI Security Standards Council has continued to weigh the merits of what they have deemed as “emerging technologies”. The first is end to end encryption and the other is tokenization. These two solutions have quickly become the favorites among all other emerging technologies.

Comments  (0)

A3e8b5e0becdbfb1b1c706b452b6c388

Road Map for an Application/Software Security Architect (Part 3)

November 11, 2009 Added by:Stephen Primost

Risk assessments for application software is not a matter of a quick penetration test nor a matter of code reviews at a single point in time. It is a process of moving through the application/solution's Software Development Life Cycle (SDLC) and evaluating the results of the controls that are put in place at each phase. Whether it is waterfall, or agile method, waiting for the end of the final del...

Comments  (0)

A3e8b5e0becdbfb1b1c706b452b6c388

Road Map for an Application/Software Security Architect (Part 2)

November 02, 2009 Added by:Stephen Primost

Vulnerability testing at the acceptance stage of an application's Software Development Life Cycle (SDLC) will not compensate for the lack of an understanding of what is being done during the software development even though you may not have control over the development efforts. You need a plan that puts those controls in place and allows that governance. Ignoring vulnerabilities will not prevent b...

Comments  (0)

70e177868d7bc383ce3ea10b6f976ada

Searching for Return on Security Investments

November 02, 2009 Added by:Andrew Baker

There are several major challenges to the successful implementation of good information security in many organizations today.  It is not because business owners do not think that security is important.  No, the issues exist because they do not grasp the complexities that embody the Information Security profession, and thus make decisions that fail to account for the many nuances of a pro...

Comments  (5)

B32b392ce3a707f05f4838c48c67d9cf

Good enough security?

October 29, 2009 Added by:Christopher Hudel

We have had 802.1x -- CISCO + Active Directory Integration --  in place for over a year know and it is largely a success; windows systems automatically obtain machine certificates (machines automatically receive certificates when they join the domain), supplicants exist for our IP Phones, and those devices (i.e.: printers)  that are currently incapable of 802.1x are split off in a tightl...

Comments  (2)

Page « < 75 - 76 - 77 - 78 - 79 > »