Security Monitoring

Research from MarkMonitor finds 80 percent of "abusive sites" identified in 2007 remain active; US, UK and Germany host the most.

Don't get Patrik Runald wrong: the Downadup worm (also called Conficker) has been a big deal.

The view of many popular Web 2.0 web sites has morphed from work no-no to job necessity. Now more security pros are allowing employees to use them in the office.

Dan Kaminsky, who for years was ambivalent about securing DNS, has become an ardent supporter of DNS Security Extensions.

Web sites rigged with malicious code are becoming more numerous by the day, but the time those sites are online is declining, according to new research from security vendor AVG Technologies.

Botnets will employ more obfuscated control techniques including the use of peer-to-peer networks during 2009, according to security researchers, following the [[artid:556517764|McColo datacentre take-down|new]] last year.

The computer worm that exploits a months-old Windows bug has infected more than a million PCs in the past 24 hours, a security company said Wednesday.

What risks do employees face in a sour global economy? What countries pose a growing threat of kidnapping for ransom? Is Columbia safer than Mexico? Insights from a former FBI hostage negotiator.

Internet security gurus and leading vendors are urging the US federal government to rapidly deploy security and authentication mechanisms at the top level of the DNS hierarchy, which is known as the root zone.

IBM, LexisNexis and the Secret Service are among a group of corporations, government agencies and academic institutions that has formed to study and help solve identity management challenges around cybercrime, terrorism and narcotics trafficking.

Hackers may have hit the Australian Telecommunications User Group (ATUG) Web site, according to Google which has placed security threat warnings across all pages displayed in searches.

Eleven people have been charged or indicted in a massive identity theft and computer fraud scheme involving some of the largest data breaches in recent U.S. history, the U.S. Department of Justice announced Tuesday.

Customers of small Internet Service Providers (ISPs) may be at risk of online fraud, following the industry's lax response to securing against the recently discovered Domain Name System (DNS) cache poisoning flaw.

Visitors to the Association of Tennis Professionals Web site have potentially been infected with spyware after apparent lax security allowed a malicious script to be injected across its pages.

Video management software (VMS) allows you to record and view live video from multiple surveillance cameras--either IP-based or analog cameras with an encoder--monitor alarms, control cameras and retrieve recordings from an archive. Because they are IP-based, VMS systems are more expandable and flexible than DVR-based systems, and employees can control the software from anywhere on the network. Surveillance and security teams can use the software for live monitoring, as well as investigative and forensic purposes, using archived footage.

CCTV implementations face a lack of product standardization, a confusing bidding process, and a limiting market structure. Here is expert guidance on critical considerations about bandwidth, frame rate, image quality and more.

Network administrator Ed Ziots offers his recipe for a sane and solid patch management program.

As Cyber Monday approaches, research suggests a majority of workers will use their work computer to shop this holiday season. But despite the continued growth in online shopping, employees and business still don't understand the risk.

Despite reports all day long about an assortment of e-voting machine problems in several US states, no massive systemic meltdown occurred.

Tips to thwart DNS cache-poisoning attacks

If you want to know about the latest malicious rootkit, ask security researcher Dino Dai Zovi. He'll tell you all about his proof of concept rootkit called Vitriol that uses virtual machine instructions in Intel processors to hide a rootkit at the virtualization layer.

A recent survey released by security software firm Symantec found 66 per cent of Millennial employees, those born after 1980, admit to using Web 2.0 technologies, such as Facebook and YouTube, while at work. The same poll found younger workers also regularly store corporate data on personal devices, such as PCs and USB drives.

If there is a Holy Grail in the information security industry, it surely is the answer to the question, "How secure is secure enough?"

Remember the old M&M analogy - security is like an M&M candy, hard shell on the outside, soft on the inside. In other words, put up firewalls, built a strong perimeter and you're good to go. Of course, nobody believes that M&M-type security is sufficient in today's world of insider threats, data leakage, mobile workers, thumb drives and sophisticated malware. So, what's the new metaphor? We asked around and came up with a number of interesting and useful ways to think about enterprise security.

To use an Internet-connected computer is to be insecure and place your privacy in danger. Spyware, viruses, Trojans and assorted malware are everywhere on the Net, trying to hop onto your PC and cause damage. Snoopers want to get at your personal information for nefarious purposes, such as identity theft.

Today's CISO plays a pivotal role not only in defining technical standards and security policies, but also in assuring customers of the security of their data and validating security controls to regulators. Many are struggling with this transition because they have been given these responsibilities without any real authority or visibility within their organizations. They also need a new set of skills to successfully fulfill their responsibilities.

Vendors of data leakage prevention (DLP) systems claim that customers will avoid integration issues by using packaged tools that encompass all the different elements of the technology, but some early adopters of DLP are already running into serious problems.

Spoofers, spammers and phishers, beware. There's a new gun in town, and some of the Internet's most powerful companies -- including Yahoo, Google, PayPal and AOL -- are brandishing it in the ongoing battle against e-mail fraud.

A jewellery store chain is having much better luck catching burglars in real time, thanks to a little help from the IT side of the house. Loss Prevention Manager Dennis Thomas explains how the company built its high-tech command center from scratch.

McAfee is hunkering down to integrate the security technologies it has bought over the past several months into its varied line of security software and appliances. Two trends in the company's activities are developing parallel products for deployment as software on endpoints and as network-based appliances. This week, for instance, the company is announcing that NAC software can be installed on its IntruShield IPS appliance to give customers the option of enforcing NAC policies in the network, not just on the endpoint. The company is bringing management of these platforms under control of its ePolicy Orchestrator (ePO) in an effort to centralize control of network security. Network World Senior Editor Tim Greene spoke with McAfee CEO Dave DeWalt about these efforts as well as other issues facing the company.

As vice president of learning and development for US-based AlliedBarton Security Services, Rich Cordivari is responsible for the training community in the company. That means he oversees 150 trainers who work locally all over the country to deliver education to AlliedBarton employees. Cordivari, who has been with the company since 2003, discusses his strategy for boosting retention rates with programs that speak to the company's diverse geographic accounts, as well as the different generations now working for AlliedBarton.

What is true enterprise security and how do you get it? Bogus promises by vendors are all too common. In this interview, outspoken security analyst Nick Selby humorously tackles the truth about data leakage products, smartphone protection, hotspot threats and the word "solution." Nick Selby leads The 451 Group's Enterprise Security Practice. Selby also serves as The 451 Group's Director of Research Operations and is on the faculty of the Institute for Applied Network Security.

There are a few highly publicised vulnerabilities at the moment which haven't completely been disclosed and which, it is claimed, could threaten the whole Internet as-we-know-it. Only, when the vulnerabilities are finally disclosed, it seems that the whole incident has been somewhat Chicken Little.

In 1999, the Massachusetts state fire marshal issued a cautionary advisory about a new security product: a surveillance camera designed to look like a smoke detector. "This action has created a great concern for us in the fire service," Stephen Coan said. "If this [security cameras as smoke detectors] becomes widely known, we feel that the lives of people will be placed in jeopardy. Out of fear of being watched and the loss of privacy, it is possible that people will begin to cover over smoke detectors, endangering their lives...." Marshal Coan was not alone in his concern: In 2004, New York officials forced local outlets to stop selling the device for many of the same reasons.

The proliferation and popularity of collaborative Web 2.0 sites – there are around 250,000 new registrations to Facebook everyday – has changed the threat landscape and the way businesses need to think about security. Each year, newer technologies and weapons are being unleashed to leave Web users surprised, annoyed and at greater risk.‘Whaling’ or ‘spear phishing’, is one such threat and refers to phishing scams which specifically target high-worth individuals.

The management of information risk has become a significant topic for all organizations, small and large alike. But for the large, multi-divisional organization, it poses the additional challenge of determining how to deploy an information security governance program among what are often disparate business units. Should the policies, procedures, and processes that define the program be developed and managed within a central, corporate body? Or perhaps responsibility would be better placed at the individual unit level? Is there a workable middle-ground?

In the immortal words of the Young Ones "[A] social conscience is like a garden shed. If you try to eat it, it will stick in your throat!". At least that is the lesson that the EU seems to be learning [1] in its efforts to promote greater competition in the technology industry as it tries to implement the use of alternate (to Microsoft) office software and operating systems that adhere to open standards.

Microsoft SQL server hasn't had a public vulnerability announcement since 2004. The SQL Slammer worm struck in 2005, but the hole the worm exploited had been patched six months before. The holes that MS-Blaster and Code Red worm attacked had been patched, too. But back just a few years ago, no one really cared about patching really. We just didn't patch.

Microsoft's US general manager/chief security advisor for its National Security Team thinks like a true security professional: In every bit of good news, Bret Arsenault wonders what bad news could be lurking behind it.

People don't notice change when it's gradual. Sometimes, however, small, incremental changes add up in a way that isn't noticed until a change in degree becomes a change in kind.

Planning to travel? Maybe you want to think twice about bringing your laptop, your mobile phone, or even that iPod. (And if you're of Asian or Middle Eastern descent, that goes double.)

The scientific field of biology has provided many useful metaphors, such as "virus" and "infection," for the study of malware. Many researchers have used biology and evolution science to create innovative defenses against malware, in many ways simulating the functions of biological immunity systems. I find that biological sciences and especially evolution provide some great insights into the behavior of malware, malware creators and malware defenses over longer periods of time. I also see a lot of parallels between the evolution of malware and the evolution of darknets (stealthy peer-to-peer, or P2P, networks).

Enterprise connectivity is exploding, driven by globalization, convergence, virtualization and social computing. As corporate perimeters dissolve, the security focus switches towards application and data-level security solutions. The question to ask is what are the longer-term implications for network security? Will it become redundant or could it grow more powerful? Only one thing seems certain: It will be different from today.

Security is a people problem. OK, you already knew that. But recently the SANS Institute finally recognized it too, in its list of the top 20 Internet security risks of 2007. Topping the chart of new, hard-to-defend-against risks were vulnerabilities in custom Web applications and (drum roll, please) "gullible, busy, accommodating computer users, including executives, IT staff and others with privileged access."

Virtualization introduces new potentials for flexibility and change over and beyond anything the world of network security has ever seen. Unfortunately for a host of large security vendors, most of the typical devices being used to protect physical data centers require a certain level of stability (or inflexibility) in order to promise proper protection.

It begins with a shiver, a vibration almost too faint to be sensed. My attention is pulled from the meeting I'm in by the security problem I know is occurring on our live network.