| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Auditing
|
|
Patch Management
|
|
Risk Assessment
|
|
Why Your Data Is at Risk Randy Nash discusses various methods by which critical data may be attacked. He compares the risks to data as it traverses a network (data on the wire) with attacks directed at a data repository (data at rest).
Randy Nash,
01/03/2005
|
|
The Science of Host Based Security Just a few years ago, the focus of enterprise security was primarily split between perimeter security and authentication controls. Security engineers spent their time mulling over firewall implementations, access rights, and the occasional implementation of encryption technologies. A new movement though has overtaken the industry as security breaches have become more and more common despite perimeter defenses, thus forcing enterprises to start reassessing security again from a host based perspective.
By Ray Zadjmool , 04/29/2004
|
|
Vulnerability Assessment The intention of this paper is to provide basic information to those who have recently entered the security field, provide some insight as to why a vulnerability assessment is necessary provide an overview of the vulnerability assessment process from discovery to baseline standardization, provide some assistance to those who want to perform a vulnerability assessment but do not know where to start.
By Susan Cima, 04/25/2004
|
|
We're Lost, But We're Making Good Time! Throughout history, information has been protected by one form of security or another. Time and time again, we have stood by to watch the latest techniques compromised by a few dedicated, intelligent, and resourceful people purely as an intellectual pursuit. Whether referred to as black hat or white, the fact remains that scores of people on both sides of the electronic battlefield spend countless hours determining ways to undermine the security of fragile technological systems.
By Benjamin P. Grubin , 04/25/2004
|
|
System Vulnerability Mitigation This essay addresses various facets of IT security and offers insight into the different areas that should be considered when attempting to adequately protect a system. The paper begins by discussing the various Internet security problems facing networks today, such as software vulnerabilities, etc. Next, this document discusses factors that have contributed to successful attacks on various organizations within the IT community. It concludes with a discussion of pertinent security objectives and an outline featuring a variety of topics that will help facilitate the development of a successful security model.
By Kevin Vasquez, 04/18/2004
|
|
Your Greatest Strength can become your Greatest Weakness: Simple Network Management Protocol Vulnerability According to the recent press coverage, multiple vulnerabilities have been discovered in the widely used Simple Network Management Protocol (SNMP). This paper will discuss some of the major vulnerabilities discovered in SNMP and their potential impact as well as some of the major vendors affected by these vulnerabilities and possible solutions and alternatives that can be implemented to protect systems from these vulnerabilities.
By Amy Geiger, 04/18/2004
|
|
SNMP and Potential ASN.1 Vulnerabilities Earlier this year a number of issues with the Simple Network Management Protocol (SNMP) [RFC1157] were highlighted by the University of Oulu Secure Programming Group [OSPG]. This led to the release of a CERT vulnerability alert [CA0203] and a flurry of activity by vendors to release patches to address the issues highlighted. Following this initial activity there has been, despite little press attention, a sustained rumble within the IT security industry with concerns being voiced that the issues raised by Oulu are not solely related to SNMP. As ASN.1 is a fundamental part of a number of widely used protocols there is concern that these too may be susceptible to the same kind of issues and, whereas SNMP could be filtered at an organization’s firewall, many other potentially vulnerable protocols would be much harder to protect and have a much more detrimental effect on the Internet as a whole were a successful attack to take place.
By Edmund Whelan, 04/18/2004
|
|
A Model for Peer Vulnerability Assessment Once a network is set up and running, it is critically important to persistently check the network and hosts to assure they are not vulnerable to attack. Once a system goes up, it becomes a target for a worldwide community of hackers – hackers of all skill levels. And due to the graphical interfaces and scripts available for hacking tools, it doesn’t even take a great deal of skill to find and exploit vulnerabilities. Continuous assessment is necessary to maintain security. “Routine, independent reviews of security systems and procedures not only ensure an organization has adequate protections in place, but confirm that they are working as designed – and that the employees are using them effectively.”
By Patricia Payne, 04/18/2004
|
|
Implementing Vulnerability Scanning in a Large Organization This paper describes how the security group in our organization uses Vulnerability Scanning to demonstrably improve our security posture. This covers the reasons and requirements for scanning, how this fits with our current business structure and how we used a web interface to distribute the collected data to our system custodians. Also covered are our techniques for dealing with false-positives, an explanation of the chosen solution and how the system was tailored to operate from an enduser perspective. Finally, we discuss the impact that the system has had on our organization.
03/28/2004
|
|
Case Study: A Risk Audit of a Very Small Business Many security case studies focus on large businesses, or on small businesses, for limited values of “small.” The US Federal Government defines a small business as having fewer than 100 employees and, depending on industry, an annual income of less than a number ranging from $0.75 Million to $28.5 Million.1 Many businesses, however, are far smaller than that, but could still benefit from security awareness. This is a security audit of one such business, focusing on the discovery and risk analysis process. This paper describes the environment, determines and assesses risks, and addresses the risks that we found. At the start of this process, the biggest known risk was uncertainty, the "We don't know what we don't know" factor. Therefore, this paper will focus on the discovery and risk analysis process, and provide technical details in appendices.
03/28/2004
|
|
Page: 1 23 |
