| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Oracle
|
|
PHP and MySQL
|
|
OpenVMS 7.2 Security Essentials The purpose of this effort is to construct a Security Essentials paper on OpenVMS 7.2 to satisfy Option 1 of the GSEC V1.4b Practical Assignment by doing the following: 1) Distill the concepts and counsel provided by the OpenVMS manual "Guide to System Security" down to a basic set of implementable practices to be followed when installing and configuring the first OpenVMS system on a network; 2) Assess strengths and weaknesses of the following aspects of an OpenVMS system: physical environment and security, a basic OS installation, objects commonly used from the Authorization Database files and facilities, default state and basic configuration of key system files and directories, Digital's ...Compaq's...HP's...whatever!) implementation of TCP/IP for OpenVMS, and additional TCP/IP-based access services, like SSH; 3) Evaluate OpenVMS as a practical and "secure-able" server OS; and 4) Provide references to additional resources to take OpenVMS beyond the essentials.
By Jeffrey A. Leving, 03/26/2004
|
|
Open Source Risk Mitigation Process Many times when people speak about Open Source software, they only think of pieces of work like Linux and Apache HTTP Server but there are many other Open Source solutions which are not as large or mature. Some solutions are released by the same mature communities that released Linux and Apache HTTP Server but others do not yet project the same sense of comfort and longevity that The Apache Software Foundation (http://www.apache.org) does today. Regardless however of who releases the Open Source solution, the question remains the same, and that is, whether or not to use Open Source Solutions in production systems. The questions and research must address the issues of Security, Total Cost of Ownership (TCO), Licensing and Break/Fix before any recommendation can be made to use Open Source software. The hope is that these questions are asked and research is done before the answers or results are found to be unacceptable.
By Carlos Casanova, 03/26/2004
|
|
Technical Aspect of Implementing/Upgrading SAP Security 4.6 SAP is one of the most popular ERP systems. This system is made up of multiple modules that correlate to business processes. The modules are typically referred to by a two- etter abbreviation. They are as follows MM (materials management), SD (sales and distribution), CO (controlling - cost accounting), FI (finance), PM (plant maintenance), PS (project systems), PP (production planning), HR (human resources), and PS (project systems). Essentially SAP is can be effectively used as the only system an entity will need to conduct business. This creates a risk for controlling activities within the system. Information for each module is kept in tables and is shared between the modules; therefore incorrect information can create a snowball affect in many processes.
By Mary E. Sims, 03/24/2004
|
|
Service Account Vulnerabilities As an Information Security (IS) specialist, you may be called on by your employer's software application developers to secure an application. This may be a purchased product or a product developed in house. In either case, the earlier an IS specialist is involved in the process, the better since an IS specialist's goals for a product differ from the developers. The application developer's goal is to provide the customer with the product they want and this may mean purchasing or developing a product which has exceptions to your employer's security standards. The developer is most concerned about producing the expected product. An IS specialist is also concerned about producing the expected product, but, one which is within the employer's security standards. Involving an IS specialist early in a project may reduce or eliminate security vulnerabilities by influencing the purchase of a product or how an in-house product's security is designed.
By Barbara Guhanick, 03/24/2004
|
|
Database security in high risk environments During all ages, pirates hunted for treasures. Violence was usually involved to acquire them. In today's economy, corporation databases symbolize one of the most valuable assets that the modern bandits try to break in. Methods have also changed and physical presence is frequently not required. A simple computer attached to the Internet can be the only weapon needed to gain access to a "treasure". In this work, we will describe some of the methods in use to protect databases, desirable techniques to improve data confidentiality and integrity, and new viewpoints to consider in the beginning of the ecommerce era.
By Joaquin A. Trinanes, 03/24/2004
|
|
An Approach to Application Security This document discusses an approach to assessing application security that will work within most organizations. It first discusses some classes of threats that should be considered when designing security for applications. It then shows how to develop a simple Security Development Life Cycle to complement an organization's Systems Development Life Cycle One approach for assessing risk in applications or systems is then discussed, with an example. Finally, some conclusions are reached about how to approach security in applications.
By Ian Rathie, 03/24/2004
|
|
Distributed Object Technology: Security Perspective The objective of this paper is to give a brief introduction to distributed object technology and an overview of security features available in Microsoft.NET and CORBA. The paper explains the architecture of .NET and covers some of its key security concepts like Security Policy, Code Access Security, Role Based Security, Verification and Stackwalk. It also explains CORBA and its security concepts like CORBA Security Services, Security Specifications, Security Policy, Domain Access Policy and Delegation. The paper concludes by explaining the way in which some key security concerns are addressed in .NET and CORBA.
By Subbu Cherukuwada, 03/24/2004
|
|
Polycom Videoconferencing Endpoint Security and Configuration This paper focuses on the security of videoconferencing endpoints made by Polycom Corporation. The paper begins by discussing the recent growth in videoconferencing and introducing the International Telecommunication Union (ITU) system of videoconferencing standards. Videoconferencing components are briefly reviewed, including H.323 Terminals, MCUs, and Gatekeepers. The paper then provides an overview of the videoconferencing endpoints offered by Polycom, and reviews some motivations for attacking videoconferencing endpoints. A number of vulnerabilities and related security measures are discussed, including: theft of endpoints, eavesdropping on videoconferencing calls, administrative security, ISDN and perimeter security, SNMP access threats, FTP access threats, and denial of service attacks. The paper describes how vulnerability scanners can misreport videoconferencing endpoints as Trojan horse programs and concludes with a checklist for Polycom endpoint security.
By J Scott Christianson, 03/24/2004
|
|
Making Your Network Safe for Databases If you are charged with administering a network that contains a database server, there are a number of steps you can take to help protect the data from being compromised. Properly configured, you can help prevent your organization's information assets from falling into the wrong hands.
By Duane Winner, 03/24/2004
|
|
The Intrinsic Hole In Information Security This discussion will address the lack of type safety as a fundamental weakness of the C program and how type safety coupled with the wide spread use of the C programming language relates to a massive hole in information security. The discussion begins with a historical perspective of the C programming language and why it is an integral part of so many computer systems. From there the discussion will cover type safety and how it relates to information security. Finally, the discussion wraps up with the safer alternative to C programming, C++ and some common methods used to make C programming more secure.
By Douglas Gaer, 03/24/2004
|
|
Page: 12345 6 78 |
