Access Control

News

Five steps to mastering identity and access management

By Gordon Makryllos | 04 June, 2012 16:40

As the workforce becomes increasingly mobile and dispersed, identity and access management becomes more important in ensuring organisational security. While managing user identities and controlling access are separate tasks, they are closely related.

Advanced Persistent Threats (APTs) — a Synopsis

By Ashwin Pal | 29 February, 2012 14:37

A lot has been written in the media recently about APTs, but there seems to be a level of confusion out there about what this phenomenon is and how this could affect us. Within this brief article, I shall try and shed some light on the phenomenon that is APTs.

Microsoft Security Essentials update blocks Google.com

By Liam Tung | 16 February, 2012 09:20 | 5 Comments

Microsoft's latest Security Essentials update inadvertently warned Internet Explorer (IE) users off Google.com.

HP admits LaserJet flaw, refutes flaming printer hack

By Liam Tung | 30 November, 2011 09:38

HP has refuted claims by researchers at Columbia University that a security flaw in its HP's LaserJet printer could give a hacker remote access to the device and the power to set it on fire.

Siri open to anyone even when iPhone 4S locked

By Liam Tung | 21 October, 2011 08:08

The default settings for Apple’s new iPhone 4S personal assistant Siri allows anyone to give it commands when it’s password-locked.

Reviews

Check Point and Sygate corral end points

By Victor Garza | 28 December, 2005 07:00

At their core, Check Point Integrity and Sygate Enterprise Protection are effectively policy-based firewalls. That's the cake. The icing is their capability to monitor other applications for compliance with configuration requirements and send errant machines to quarantine until they can be updated with the latest anti-virus definitions, Windows patches, or other necessities.

Slideshows

Network access control in a nutshell

By Joel Snyder | 22 June, 2010 08:43

Twelve leading NAC products put to the test

20 useful IT security Web sites

By Jon Brodkin | 08 April, 2008 09:50

Bookmarking these sites will help you protect your network, comply with government regulations and stay ahead of all the latest threats.

Features

Cloud Computing Poses Control Issues for IT

By Kevin Fogarty | 18 May, 2010 04:42

Though most U.S. companies still list customer and other corporate information as their most valuable assets, many keep pushing this data farther from safe lockdown in the data center--and are about to give it another strong shove in that direction.

Firewall audit tools: features and functions

By Neil Roiter | 12 May, 2010 05:02 | 3 Comments

Firewall audit tools automate the otherwise all-but-impossible task of analyzing complex and bloated rule sets to verify and demonstrate enterprise access controls and configuration change-management processes.

How security professionals monitor their kids

By Joan Goodchild | 15 April, 2010 07:27

Cell phones, texting, IM, email, Facebook, MySpace--kids are interconnected today in ways hardly imagined two decades ago. But these technology-based communication platforms also enable new forms of an age-old parenting strategy: monitoring your kids. Who are they talking to? What are they talking about? Are they going where they said they are going?

What Are the Most Overrated Security Technologies?

By Bill Brenner | 25 March, 2010 06:53

The security community has grown to depend on some basic technologies in the fight against cyber thieves, such as antivirus software and firewalls. But are practitioners clinging to tools that outlived their usefulness long ago? Were those tools ever really useful to begin with?

Biometrics: What, Where and Why

By Mary Brandel | 25 March, 2010 06:41

Biometrics encompasses a variety of methods for ensuring identity based on physical or behavioral traits. Conventional identifying traits include fingerprints, face topology, iris structure, hand geometry, vein structure, voice, signature and keystroke recognition. Emerging technologies analyze characteristics such as gait, odor, and ear shape. Rather than being used in isolation, biometrics systems are increasingly becoming multimodal, an approach that serves both to increase security and overcome failure-to-enroll problems.

Tutorials

10 tech-management tips

By Julie Bort | 18 January, 2007 13:19

Ten simple tips to manage your enterprise technology.

Ten tips to secure client VPNs

By Martin Heller | 03 October, 2006 14:31

If you have given your trusted employees and key contractors remote access to your network via a client virtual private network (VPN), congratulations! By now, you have seen the productivity and cost benefits from allowing collaboration that surmounts geographical separation.

Guides

Workarounds: 5 ways employees try to access restricted sites

By Joan Goodchild | 12 August, 2010 00:29

There may have been a time when blocking certain sites was acceptable in most office environments. But what was once considered off-limits is now essential in many organizations. Social media sites like Facebook are a major part of many companies' marketing strategy. Sites like YouTube present opportunities to share information about products or services visually. And IM and chat services like G-chat are free and efficient ways for employees to communicate.

Opinions

Sometimes, Security Theatre Really Works

By Gadi Evron and Imri Goldberg | 11 December, 2008 11:46

Israeli security researchers Gadi Evron and Imri Goldberg find that security theatre can be about more than window dressing.

Strange account management at Amazon

By Carl Jongsma | 09 October, 2008 10:51

Via the RISKS mailing list comes an interesting tale of poor online account management at a major online retailer. According to Graham Bennett, accounts with Amazon display an odd behaviour that doesn't seem to have attracted much attention in the past.

Five lessons learned about computer security

By Jarina D'Auria | 16 July, 2008 11:15

Reformed hacker-turned-security-consultant Kevin Mitnick served five years in federal prison for breaking into phone and software company networks. He talks about his past hacking exploits, computer security, and how he turned an illegal hobby into a useful career.

Hack a million systems - earn a job

By Carl Jongsma | 16 July, 2008 16:12

It has been a number of years since the fantasy that hackers will be offered a job by those who they hacked was even a potential reality, but there are reports that this might still be the case in New Zealand.

When university research is responsible for that network probe

By Carl Jongsma | 10 July, 2008 10:08

The Internet Storm Center, operated by SANS, is one of the leading sources when it comes to identifying emerging attacks against networks, through their DShield collaborative network analysis effort. Traffic spikes on network ports that are well above the normal rates of traffic flow can signify a rapidly spreading exploit or it could be a misconfigured network spewing rubbish across the rest of the Internet. One of the ISC's handlers noted a significant spike of traffic on port 7 recently and was surprised by what he found.

CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

IT Compliance Solutions

Enforce compliance consistently and cost-effectively across your organization.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.