| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Slogging (syslog-ging) through the Mud In this paper I’ll be focusing on what I feel are some of the most important -- but often taken for granted – mechanisms of defense in depth: logging and auditing. Logs are often thought to be things that are consulted after an incident.
By Michael Sullivan, 07/08/2004
|
|
Securing Networked Storage using Defense in Depth In this paper, I will discuss security vulnerabilities in networked storage solutions and methods to identify and mitigate risk associated with the vulnerabilities.
By Anikumar Pochiraju, 07/08/2004
|
|
Deception: A Healthy Part of Any Defense in-depth Strategy This paper will: Define and discuss the major components of a multi-layered defense with special emphasis on security policies and their framework, and define deception and discuss how it is used by the attacker, how it can be used by the defender, deception tools used in a defensive strategy, and it's role in a multi-layered defense.
By Paul Anderson, 04/30/2004
|
|
Defense In Depth This paper will look at three common scenarios for network attacks, likely methods of attack, and countermeasures to protect the network from the attacks. The first scenario is an attack by a script kiddie from the Internet, the second is an attack from a skilled hacker and the final attack is from a trusted user who has access to the network.
By Todd McGuiness, 04/23/2004
|
|
Implementing Defense in Depth at the University Level This paper will discuss how defense in depth was implemented at a university in the Southwest. It will begin with a brief description of the concept of defense in depth, both in general terms and as applied to higher education. Following that will be the description of the actions and techniques used to harden this university, as well as specific examples.
By G.Michael Runnels, 04/23/2004
|
|
Security Management Systems: An Oversite Layer for Layers of Defense This paper discusses the true strength of a well-planned and maintained information security solution. Layers are built primarily by breaking networks into subnets, De-Militarized Zones (DMZs) and so on, with multiple layers of screening routers, firewalls (or typically a single perimeter firewall), implementation of Virtual Private Networks (VPNs), anti-virus solutions at the desktop or server-level, and often, a healthy sprinkling of Intrusion Detection System (IDS) to (hopefully) identify (but not prevent) any malicious traffic not caught by perimeter defenses. These are narrowly focused solutions, with no awareness of the other layers.
By Dan Keldsen, 04/15/2004
|
|
Information Security: Managing Risk with Defense in Depth This paper will first give a detailed overview of risk/risk management & data classification and why we need the Defense in Depth strategy. Then it will layout the blueprint for Defense in Depth. Each layer will be identified and followed up with a description and/or best practice depending on the technology involved. There may be times throughout this paper when specific vendors and/or products are mentioned. This is not done as an endorsement of any kind. A conclusion section will bring the topic to a close, followed by a list of references, which were used to help support the document.
By Kenneth R. Straub, 04/14/2004
|
|
Defense In Depth: A Small University Takes Up the Challenge This paper briefly explores the vital network security design concept of Defense in Depth (DiD). It is based upon extensive research and reading in the field, thirteen years of general experience as a systems administrator for three different firms, plus nearly five years of experience as the current Director of IT at a small multi-campus private university in the USA. This paper is an attempt to define DiD, explore various elements of implementing it, show some "real world" examples of what can go wrong, and the steps that we've taken to correct these problems over time. It will also touch upon the question of diminishing returns, and will outline some of the choices that have been necessary due to our limited budget here at the university. It usually isn't feasible to do everything that a very strong DiD configuration would require, but that doesn't mean that you can't get decent bang-for-the-buck!
By David W. Robinson, 04/03/2004
|
|
Defense-In-Depth Applied to Laptop Security: Ensuring Your Data Remains Your Data As the use and need for mobile computing grows in the global, interconnected economy, so does the need for mobile data protection. This paper illustrates how to apply a Defense-In-Depth strategy to protect laptop systems. Security topics addressed in this paper are confidentiality, integrity, availability, identity, authentication, and authorization, with specific focus given on how to achieve functional, convenient and effective security utilizing hardware and software available on the market today. This paper will review security-specific hardware and software applied to mobile computing. Several laptop manufacturers, such as Acer1, Compaq2, MPC3 and IBM4, have added security focus features to certain models. Other vendors have focused on augmenting laptop vendor's systems with hardware-based encryption engines, such as CryptCard5, and security-specific authentication and encryption software, such as SafeBoot6.
By Chris Grant, 03/26/2004
|
|
Using a layered security approach to achieve network integrity It's becoming increasingly clear that the current model for network security -- defend the perimeter and patch, patch, patch -- has some serious shortcomings. First, relying on signature files and patches doesn't provide the absolute protection that some vendors promise. Even if your perimeter systems are fully up to date, new attacks that signature files don't recognize will still get through. That was the case in January 2003 when the Slammer worm struck, spreading so quickly around the world that it slipped right past signature-based defenses and reached most vulnerable hosts within 18 minutes.
By Eric Ogren, 02/17/2004
|
|
Page: 1 2 |
