| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
When Policies that have 'Always Worked', Don't or The scenario I will describe in this paper outlines a failure of our "human systems" due to a limitation in our thinking about our procedures that could easily have had catastrophic results. What I will describe is a situation regarding one particular software package, but the principle it illustrates I hope will serve as a warning to those of us who may have let our past successes lull us into a sense of complacency regarding the security of our networks.
By Rich Parker, 05/07/2004
|
|
Information Technology Department Network Security Briefing When I started my career in Information Technology (too many years ago to mention), the corporate network at the company I was working for consisted of private leased lines to other cities within the United States. There was a single production mainframe computer that basically only had two types of devices that it communicated with, dumb terminals and printers. Security was straightforward, physically protecting the mainframe computer and peripherals was the most important item. Today it’s a totally different story.
By Thad Nobuhara, 04/30/2004
|
|
Securing a Wide-Open Computer Network I will be outlining how I've applied many of the security principles discussed in this paper. While there are many highly qualified IT professionals in the field today, there are also a large number of unskilled people who used the media?s certification hype as leverage to gain employment in the IT industry. The best example of this is Microsoft?s MCSE which teaches nothing in terms of security concepts. Having dealt with this situation myself, I though it might be helpful to do an overview of the steps that I?ve taken to secure a wide open network from almost zero knowledge.
By Mark Andrich, 04/30/2004
|
|
I Think Our Internet Connection is Down The following is a case analysis of a real incident that was uncovered while trying to assist a small company with a supposed down Internet connection. The particular organization published a few specialized magazines and did not have a full time trained technical staff.
By Raymond Hillen III, 04/30/2004
|
|
Security from Scratch ... How to Achieve It If you find yourself in a situation where you're working for a company that has put together an IT infrastructure and the only real concerns have been functionality and performance, then this document is aimed as a guideline for starting off an information security culture. This will be achieved through policies and the use of various tools to analyse your systems and network the end result should be a series of reports you can present on the current state of security in your company and a roadmap built on that to improve it based on a risk analysis.
By Alan Davies, 04/29/2004
|
|
Security Issues of Integrating a Stand-alone System into Corporate Network This paper describes some methods to improve security on systems that were originally designed as stand-alone or where security issues were ignored. It points out the weaknesses which have to be addressed before integration. It describes various channels into the system and explores ways on how to protect these pathways from being exploited. Some implementations of Supervisory Control And Data Acquisition (SCADA) are such systems.
04/17/2004
|
|
Improving Defense in Depth for NASA's Mission Network Defense in depth has been used by NASA's Mission Network in the past and will be used in the future to improve its security posture. These defense building blocks included increasing network capabilities, continued examination of network capabilities, assessment of new technologies and tools, increased security awareness for NASA nonsecurity professionals, and training of the Mission Network security team members. Improvements in policy, business continuity, firewalls, CM, encryption, network architecture, host and network based IDS, host and network based vulnerability assessment tools should be developed. Classes, training and research provide new insight into security measures as NASA works to increase network capabilities while protecting its Mission Network and NASA projects.
04/14/2004
|
|
Unique Security Challenges in Higher Education - Securely Integrating Student-owned Computers into Your Network The balancing act between freedom and security is a delicate and difficult one. It’s certainly not a new one, and is tested in the physical and political arenas as well as in the Information Security field every day. Higher Ed is not walking this wire alone, of course. Businesses also must balance the needs of the users to accomplish their work with the security and stability of the network. But Higher Education does face some unique challenges – if not in concept, at least in their scope. Most business organizations have complete control, or at least a large measure of control, over the computers that are connected to their network. They are usually purchased, configured, and maintained by the company, and strict rules and policies govern their use. This is not the case in the world of Higher Education today. The explosion of broadband access in the residence halls has resulted in a large part of the network being comprised of computers neither owned nor managed by the college.
04/03/2004
|
|
Twists in Security for Law Enforcement Although computer security, at its base, is similar for businesses, government, home users, etc., there is a bit more that is involved for supporting law enforcement agencies. This paper is an attempt to not only briefly cover the basics of computer security that should be in use by everyone, but also an attempt to introduce to those unfamiliar with the extra challenges of supporting law enforcement what additional computer security precautions need to be addressed. This is by no means an exhaustive list, but an overview that includes some points of concerns, some ways they are currently being addressed, and a few insights into other ways to provide the needed computer security. As a person who was just recently given the responsibility of computer security in an environment that supports public safety after having been a server administrator, I too, need to learn the many additional challenges that I now face.
04/03/2004
|
|
Steps to Secure a Law Enforcement Network This paper attempts to answer that question by addressing several common issues such as training for system administrators, risk assessment, physical security, security policies, and proper system administration. I work for a statewide law enforcement network. This network provides on-line access to records concerning wanted persons, stolen vehicles, criminal histories, and other data of importance to law enforcement and criminal justice agencies. The state system also provides access to the National Crime Information Center (NCIC), which is maintained by the Federal Bureau of Investigation. Local law enforcement and criminal justice agencies connect to the statewide network to obtain this data and to communicate with other agencies throughout the United States. These user agencies must meet federal and state security requirements to insure confidentiality and integrity of the data.
04/03/2004
|
|
Page: 1 23 |
