As the workforce becomes increasingly mobile and dispersed, identity and access management becomes more important in ensuring organisational security. While managing user identities and controlling access are separate tasks, they are closely related.
A lot has been written in the media recently about APTs, but there seems to be a level of confusion out there about what this phenomenon is and how this could affect us. Within this brief article, I shall try and shed some light on the phenomenon that is APTs.
Microsoft's latest Security Essentials update inadvertently warned Internet Explorer (IE) users off Google.com.
HP has refuted claims by researchers at Columbia University that a security flaw in its HP's LaserJet printer could give a hacker remote access to the device and the power to set it on fire.
The default settings for Apple’s new iPhone 4S personal assistant Siri allows anyone to give it commands when it’s password-locked.
At their core, Check Point Integrity and Sygate Enterprise Protection are effectively policy-based firewalls. That's the cake. The icing is their capability to monitor other applications for compliance with configuration requirements and send errant machines to quarantine until they can be updated with the latest anti-virus definitions, Windows patches, or other necessities.
Though most U.S. companies still list customer and other corporate information as their most valuable assets, many keep pushing this data farther from safe lockdown in the data center--and are about to give it another strong shove in that direction.
Firewall audit tools automate the otherwise all-but-impossible task of analyzing complex and bloated rule sets to verify and demonstrate enterprise access controls and configuration change-management processes.
Cell phones, texting, IM, email, Facebook, MySpace--kids are interconnected today in ways hardly imagined two decades ago. But these technology-based communication platforms also enable new forms of an age-old parenting strategy: monitoring your kids. Who are they talking to? What are they talking about? Are they going where they said they are going?
The security community has grown to depend on some basic technologies in the fight against cyber thieves, such as antivirus software and firewalls. But are practitioners clinging to tools that outlived their usefulness long ago? Were those tools ever really useful to begin with?
Biometrics encompasses a variety of methods for ensuring identity based on physical or behavioral traits. Conventional identifying traits include fingerprints, face topology, iris structure, hand geometry, vein structure, voice, signature and keystroke recognition. Emerging technologies analyze characteristics such as gait, odor, and ear shape. Rather than being used in isolation, biometrics systems are increasingly becoming multimodal, an approach that serves both to increase security and overcome failure-to-enroll problems.
Ten simple tips to manage your enterprise technology.
If you have given your trusted employees and key contractors remote access to your network via a client virtual private network (VPN), congratulations! By now, you have seen the productivity and cost benefits from allowing collaboration that surmounts geographical separation.
There may have been a time when blocking certain sites was acceptable in most office environments. But what was once considered off-limits is now essential in many organizations. Social media sites like Facebook are a major part of many companies' marketing strategy. Sites like YouTube present opportunities to share information about products or services visually. And IM and chat services like G-chat are free and efficient ways for employees to communicate.
Israeli security researchers Gadi Evron and Imri Goldberg find that security theatre can be about more than window dressing.
Via the RISKS mailing list comes an interesting tale of poor online account management at a major online retailer. According to Graham Bennett, accounts with Amazon display an odd behaviour that doesn't seem to have attracted much attention in the past.
Reformed hacker-turned-security-consultant Kevin Mitnick served five years in federal prison for breaking into phone and software company networks. He talks about his past hacking exploits, computer security, and how he turned an illegal hobby into a useful career.
It has been a number of years since the fantasy that hackers will be offered a job by those who they hacked was even a potential reality, but there are reports that this might still be the case in New Zealand.
The Internet Storm Center, operated by SANS, is one of the leading sources when it comes to identifying emerging attacks against networks, through their DShield collaborative network analysis effort. Traffic spikes on network ports that are well above the normal rates of traffic flow can signify a rapidly spreading exploit or it could be a misconfigured network spewing rubbish across the rest of the Internet. One of the ISC's handlers noted a significant spike of traffic on port 7 recently and was surprised by what he found.
Sign up now »
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.