While security vendors weigh their product ranges for vulnerability to the recently discovered 'Heartbleed' bug, Symantec's massive digital certificate infrastructure remains secure – but the company is advising customers to update the vulnerable OpenSSL code and then regenerate their public key infrastructure (PKI) private keys, according to its Melbourne-based senior principal systems engineer Nick Savvides.
Researchers have proven the Heartbleed OpenSSL bug can be used to extract private keys from a vulnerable web server, giving affected services concrete evidence they do need to revoke and reissue private SSL certificates.
Consumers may well have lost sensitive data without even knowing it.
Microsoft’s next major release of Internet Explorer (IE) will support an internet standard that allows web servers to force browsers to make a secured connection when the site supports encryption.
Software Defined Networks are here. In just a couple of years they have moved from theory and are now part of every CIO's planning. And that means a significant rethink is needed when looking at security. With many critical functions moving off proprietary hardware towards open platforms where core functions are abstracted to software, the way networks are managed and secured is changing.
When we tested next-generation firewalls last May, at least one important security vendor wasn't there: Cisco, because they weren't ready to be tested. Now that the ASA CX next-generation firewall has had a year to mature, we put the product through its paces, using the same methodology as our last NGFW test.
LANDesk’s foray into system, asset and user management is the latest version of its Total User Management suite, which we’ll affectionately call TUM.
What is big, flexible, red and costs more than your average mid-range family sedan? Not a HSV—not quite that much—but this top of the range unified threat management (UTM) device (or in this case, XTM– the X presumably being a variable) is definitely in a high performance category. The XTM2050 from WatchGuard is one of a new breed of security devices that packs punch.
Review of the Juniper EX4500 Ethernet switch. They connect desktops to servers in the data centre via a three-tier system of access, aggregation and core Ethernet switches.
With data becoming more valuable, the need for security also gets greater. Today’s technology and working behaviours both facilitate data being easily transported. Information is far less static due to home working, multiple office sites, low cost USB storage devices and DVDs. With all these portable devices and data being moved from place to place we must be mindful of data backup.
Presentation by Russell Clarke and Mark Jones - Directors of RMSEC.
These days barely a day goes by where there isn’t some sort of network security breach or hack or malfunction of some sort. This year too we had the rise of groups such as Anonymous and Lulz that sought out attention for their activities. Here we take a look at the year in pictures of some of the key security problems that grabbed our attention.
The complexity of encryption schemes has been increased dramatically in an attempt to outpace the development of computational tools designed to crack them. Now it's important to devise algorithms that can't be brute forced for trillions of years in the hopes that they will remain secure long enough to be useful before they, too, are broken. Here's a quiz about encryption to see how well you are versed in one of security's most important components. Keep track of your score and check at the end to see how well you stack up.
Symantec Vision 2011 Sydney in pictures
Ponemon Institute asked 745 information-technology and security managers whether USB drives were important for business use, and if they were secure. What did the survey find?
Perhaps it was an omen of what was to come when the city of San Francisco on New Year's Eve 2010 couldn't get a backup system running in its Emergency Operations Center because no one knew the password.
No company wants to be associated with a data breach, but if your systems are compromised the fallout can sometimes be more damaging than the act itself.
Stealthy, sometime long-term cyber-espionage attacks to steal sensitive proprietary information -- what some now call "advanced persistent threats" (APT) -- have become a top worry for businesses.
This is a real issue, and not just one for the well publicised attacks on major corporations such as Sony, Lockheed, Google, and Citi. It affects every business and organisation, large and small. More worrying still, it is now widely suggested that hackers and espionage organisations are moving away from directly attacking their target company, choosing instead to route their attack through suppliers to their target. Thus, even small and seemingly innocuous “third party” businesses who would not consider themselves as potential targets are now on the front line of this cyber war.
Wi-Fi may be the networking method of choice among apartment blocks cropping up in increased numbers in Australia’s major cities, however increased reliance on wireless internet is resulting in more security risks, according to Layer 10 Consulting.
Distributed networks face the ongoing challenge of securing a continually evolving network perimeter. As threats have evolved to exploit the shifting lines of defense, companies have responded by adding additional layers of security. This need for multiple layers of security has placed an enormous strain on IT professionals, increasing their workload through the management of multiple consoles and security devices.
Is your firewall capable of handling the growing demands of your business?
Many organizations are now migrating to Next-Generation Firewall solutions to reduce complexity, consolidate functionality and increase employee productivity. In fact, analysts predict that by the year-end 2014, 60% of new purchases will be Next-Generation Firewalls.
Find out what is driving this phenomenon and you can benefit by these new solutions by attending the Web seminar:
Australians are increasingly relying on the internet in their everyday lives, from banking and shopping, through to using emails, social networking and blogs to keep in touch with family and friends. They are using a range of devices such as smart phones, tablets, computer game consoles and other devices to go online.
Sign up now »
Think your endpoints are secure? Think again. Learn why Trend Micro can help.
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.