Network Security

News

Espionage outpacing financial crime as better reporting improves security picture: Verizon

By David Braue | 23 April, 2014 08:12

Growing data sharing between security and law-enforcement organisations may be improving visibility of the global cybercrime risk, but many Asia-Pacific region companies continue to jeopardise their data with lax security, senior Verizon security executives have warned on the release of the company's latest comprehensive security report.

Heartbleed panic drives flood of enquiries to Symantec's Melbourne CA

By David Braue | 14 April, 2014 08:34

While security vendors weigh their product ranges for vulnerability to the recently discovered 'Heartbleed' bug, Symantec's massive digital certificate infrastructure remains secure – but the company is advising customers to update the vulnerable OpenSSL code and then regenerate their public key infrastructure (PKI) private keys, according to its Melbourne-based senior principal systems engineer Nick Savvides.

Confirmed: hackers can use Heartbleed to steal private SSL keys

By Liam Tung | 14 April, 2014 08:23

Researchers have proven the Heartbleed OpenSSL bug can be used to extract private keys from a vulnerable web server, giving affected services concrete evidence they do need to revoke and reissue private SSL certificates.

Heartbleed could have already exposed your personal data, experts warn

By David Braue | 09 April, 2014 16:24

Consumers may well have lost sensitive data without even knowing it.

Microsoft confirms HTTP Strict Transport Security for IE 12

By Liam Tung | 07 April, 2014 08:22

Microsoft’s next major release of Internet Explorer (IE) will support an internet standard that allows web servers to force browsers to make a secured connection when the site supports encryption.

Reviews

Cisco impresses with first crack at next-gen firewall

By Joel Snyder | 17 June, 2013 11:23

When we tested next-generation firewalls last May, at least one important security vendor wasn't there: Cisco, because they weren't ready to be tested. Now that the ASA CX next-generation firewall has had a year to mature, we put the product through its paces, using the same methodology as our last NGFW test.

LANDesk Total User Management 9.5 Review

By Ashton Mills | 29 May, 2013 20:59 | 1 Comment

LANDesk’s foray into system, asset and user management is the latest version of its Total User Management suite, which we’ll affectionately call TUM.

Review: WatchGuard XTM2050

By Matt Tett | 22 May, 2012 16:09

What is big, flexible, red and costs more than your average mid-range family sedan? Not a HSV—not quite that much—but this top of the range unified threat management (UTM) device (or in this case, XTM– the X presumably being a variable) is definitely in a high performance category. The XTM2050 from WatchGuard is one of a new breed of security devices that packs punch.

Juniper EX4500 review

By Matt Tett | 17 November, 2011 13:47 | 2 Comments

Review of the Juniper EX4500 Ethernet switch. They connect desktops to servers in the data centre via a three-tier system of access, aggregation and core Ethernet switches.

Review: Self-Encrypting External Hard Disk Drives

By Enex Testlab | 16 October, 2011 17:33

With data becoming more valuable, the need for security also gets greater. Today’s technology and working behaviours both facilitate data being easily transported. Information is far less static due to home working, multiple office sites, low cost USB storage devices and DVDs. With all these portable devices and data being moved from place to place we must be mindful of data backup.

Slideshows

Overview of an ISMS implementation across SCADA and IT networks

By Russell Clarke and Mark Jones | 31 January, 2013 09:36

Presentation by Russell Clarke and Mark Jones - Directors of RMSEC.

From Anonymous to Hackerazzi: The year in security mischief-making

By Michael Cooney | 08 December, 2011 09:08

These days barely a day goes by where there isn’t some sort of network security breach or hack or malfunction of some sort. This year too we had the rise of groups such as Anonymous and Lulz that sought out attention for their activities. Here we take a look at the year in pictures of some of the key security problems that grabbed our attention.

The encryption quiz

By Tim Greene and Jim Duffy | 29 September, 2011 20:12

The complexity of encryption schemes has been increased dramatically in an attempt to outpace the development of computational tools designed to crack them. Now it's important to devise algorithms that can't be brute forced for trillions of years in the hopes that they will remain secure long enough to be useful before they, too, are broken. Here's a quiz about encryption to see how well you are versed in one of security's most important components. Keep track of your score and check at the end to see how well you stack up.

Symantec Vision 2011 Sydney in pictures

By Neerav Bhatt | 13 September, 2011 18:56

Symantec Vision 2011 Sydney in pictures

USB devices: The big hole in network security

By Ellen Messmer | 24 August, 2011 12:42

Ponemon Institute asked 745 information-technology and security managers whether USB drives were important for business use, and if they were secure. What did the survey find?

Features

2011's biggest security snafus

By Ellen Messmer | 02 December, 2011 06:27

Perhaps it was an omen of what was to come when the city of San Francisco on New Year's Eve 2010 couldn't get a backup system running in its Emergency Operations Center because no one knew the password.

Security breach

By Matt Rodgers | 22 September, 2011 09:00

No company wants to be associated with a data breach, but if your systems are compromised the fallout can sometimes be more damaging than the act itself.

NEWS FOCUS: Cyber-espionage attacks threaten corporate data in new unrelenting ways

By Ellen Messmer | 08 August, 2011 20:26

Stealthy, sometime long-term cyber-espionage attacks to steal sensitive proprietary information -- what some now call "advanced persistent threats" (APT) -- have become a top worry for businesses.

Penetration Testing

By Malcolm Higgins | 13 July, 2011 12:16

This is a real issue, and not just one for the well publicised attacks on major corporations such as Sony, Lockheed, Google, and Citi. It affects every business and organisation, large and small. More worrying still, it is now widely suggested that hackers and espionage organisations are moving away from directly attacking their target company, choosing instead to route their attack through suppliers to their target. Thus, even small and seemingly innocuous “third party” businesses who would not consider themselves as potential targets are now on the front line of this cyber war.

Home Wi-Fi networks the next target for cyber crime: Layer 10

By Hamish Barwick | 07 April, 2011 10:43

Wi-Fi may be the networking method of choice among apartment blocks cropping up in increased numbers in Australia’s major cities, however increased reliance on wireless internet is resulting in more security risks, according to Layer 10 Consulting.

Opinions

Why its time to upgrade to a next generation firewall

By CSO staff | 31 August, 2012 10:15

Distributed networks face the ongoing challenge of securing a continually evolving network perimeter. As threats have evolved to exploit the shifting lines of defense, companies have responded by adding additional layers of security. This need for multiple layers of security has placed an enormous strain on IT professionals, increasing their workload through the management of multiple consoles and security devices.

Is your firewall capable of handling the growing demands of your business?

Many organizations are now migrating to Next-Generation Firewall solutions to reduce complexity, consolidate functionality and increase employee productivity. In fact, analysts predict that by the year-end 2014, 60% of new purchases will be Next-Generation Firewalls.

Find out what is driving this phenomenon and you can benefit by these new solutions by attending the Web seminar:

Opinion: Cyber-Security – Stay Smart Online

By Sabeena Oberoi | 15 July, 2011 14:17

Australians are increasingly relying on the internet in their everyday lives, from banking and shopping, through to using emails, social networking and blogs to keep in touch with family and friends. They are using a range of devices such as smart phones, tablets, computer game consoles and other devices to go online.

CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Fraud Management Solutions

Reduce fraud losses regardless of channel by preventing cybercrime, identity theft, and other threats targeting your customers.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.