| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Defense in Depth
|
|
DNS
|
|
Logging
|
|
VLAN
|
|
VoIP
|
|
Security Considerations for Extranets Increasingly extranets are being used by organizations to conduct e-business operations. However, an extranet must be properly planned, implemented and maintained to ensure that it does not pose an unacceptable risk to an organization's internal data and information systems. This paper identifies potential risks associated with extranets and the actions that can be taken to mitigate against them.
By Karen A. Korow-Diks, 04/23/2004
|
|
Security Features in IPv6 This paper will present a brief overview of some of the new features provided by the Internet Protocol version 6 (IPv6). It will take an in-depth view of the new security features in IPv6, namely the use of the Authentication Header and Encapsulating Security Payload (ESP) Header. This document will examine how these security features can prevent certain types of network attacks currently occurring over the Internet and discuss some of the open issues with the IPV6 security features.
By Penny Hermann-Seton, 04/18/2004
|
|
Understanding Security Using the OSI Model This paper is written as a guide for those who do not labour through the wee hours of the morning (yet) studying every new Information Technology (IT) vulnerability. This paper will provide a breakdown of the OSI (Open Source Interconnection) model, and using that model, explain some well-known vulnerabilities. The paper will take each layer of the OSI model (there are seven) and describe a relevant vulnerability with a solution to that problem area. The reader will become more aware of the vulnerabilities that exist in the IT environment. More importantly, the reader will be able to use the OSI model as a guide to simplify the security process.
By Glenn Surman, 04/18/2004
|
|
Security Measures to couple mixed IPv4/IPv6 Networks over a pure IPv6 Infrastructure by making Use of NAT-PT The next generation of the Internet Protocol (IPv6) was developed to improve the within the Internet widespread deployed Internet Protocol (IPv4). Among other things it enlarges the available addressing space and improves security. Due to lack of unique IPv4 address space one strategy to couple existing IPv4 networks that uses private IPv4 addresses is to define a unique IPv6 network on top of the coupled IPv4 networks. At the border routers the use of NAT-PT (Network Address Translation - Protocol Translation) ensures that the IPv4 hosts have assigned virtual unique IPv6-addresses. IPv6 is used between the border routers. This ensures a smooth migration from a pure IPv4 to a pure IPv6 environment. The scope of this paper is to present a European test installation where NAT-PT is used to couple national networks over an IPv6 backbone. The description focuses on one national test installation with respect to security.
By Thorsten Brikey, 04/18/2004
|
|
Applying the OSI Seven Layer Network Model To Information Security Data networking is a critical area of focus in the study of information security. This paper focuses on reviewing a key area of data networking theory - The Open Systems Interconnect (OSI) Seven Layer Network Model. This paper demonstrates the application of the model's concepts into the context of information security. This paper overall presents the perspective that common information security problems map directly to the logical constructs presented in the OSI Seven Layer Network Model, and seeks to demonstrate the Seven Layer Model's usefulness in evaluating information security problems and solutions. The OSI Model is presented by way of both formal definition and practical terms that affect information security on a layer-by-layer basis. For each layer, examples of common information security threats and controls are evaluated by how they fit into the OSI Seven Layer Model's layers of classification, with notes on exceptions and special cases.
By Damon Reed, 04/18/2004
|
|
IPv4 Multicast Security: A Network Perspective Multicast holds great promise in reducing the network bandwidth required for simultaneous communication between multiple hosts. Documented routing protocols and distribution methods are now enabling multicast implementations to move out of the LAN arena and into the larger world of the internet. Multicast's methods of operation pose new and extended demands on security models developed primarily for unicast data transmission. This paper examines the security implications of multicast communications as they relate to network management. It begins with a general description of multicast communications and then progresses to discussing multicast methods of operation within the Internet Protocol (IPv4) framework while contrasting them against the more familiar unicast operations. Security issues specific to multicast communications are identified and discussed. Possible solutions including the extension of IPsec to MIPsec are examined.
By Tom Bachert, 04/17/2004
|
|
Securing out-of-band device management In networks with critical core components, securing device access while maintaining the ability to provide emergency maintenance is crucial. Often, a console port, craft port, dedicated Ethernet management port or other out-of-band access must be used to recover failed devices or systems. For large networks, these devices are frequently located at remote or inaccessible locations. However, leaving the management ports attached directly or via modem presents a security hole. The network infrastructure may be very secure with firewalls, IDS, and encryption systems while core access to the device's management ports is often neglected. This paper will outline vulnerabilities of out-of-band managed systems and devices, provide worksheets for helping to ensure security and give examples of possible architectures for secure remote access.
By Marc S. Kolaks, 04/17/2004
|
|
Implementing a Secure Internal Network This paper presents how-to options and suggestions for designing and securing an internal network. Scenarios are provided concerning designs that may currently be in place and discussions and analysis on the risks involved and the vulnerabilities presented are included. Figures 1 through 5 illustrate a phased approach that can be used to migrate to a more secure environment through the use of a combination of router and switch configurations.
By Ken Creekmore, 04/17/2004
|
|
Securing SNMP: A Look at Net-SNMP (SNMPv3) This paper addresses the many improvements, enhancements, and additions that comprise net-snmp, as well as the benefits of using SNMP to monitor network devices and computers. A discussion on the benefits of systems monitoring is included for relevance. Shortcomings of previous versions of SNMP are explained, and solutions to these faults are described in terms of net-snmp's capabilities. The bulk of this practical focuses on the specific additions to SNMP that make net-snmp the ideal candidate for systems monitoring. The User-based Security Model is explained with regard to SNMP, and encryption is topically dealt with for completeness. Throughout the paper, various topics within network security and operation are discussed to emphasize the improvements with net-snmp. Overall, SNMPv3 provides the best of both worlds: ready access to system monitoring information, and sophisticated security.
By Michael Stump, 04/17/2004
|
|
Designing a DMZ Start by asking yourself what do I want to protect? Or what is most valuable to me? Then ask yourself what is the entrance point into this system? Or what is my front door? These questions might sound easier to answer than they actually are. You may actually find that you have more than one entrance to your system such as an Internet connection and dial-up connections. It is suggested in this situation that you have two different DMZ's. This is because you're going to have different configurations for each of those access types. That means extra vulnerabilities. Remember security is minimalism.
By Scott Young, 04/05/2004
|
|
Page: 1 2 3 |
