| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Auditing
|
|
Patch Management
|
|
Risk Assessment
|
|
Vulnerability Assessment Survey Organizations have a tremendous opportunity to use information technologies to increase their productivity. Securing information and communications systems will be a necessary factor in taking advantage of all this increased connectivity, speed and information. However, no security measure will guarantee a risk free environment in which to operate. In fact, many organizations will need to provide easier access by users to portions of their information systems, thereby increasing potential exposure.
03/24/2004
|
|
Vulnerability Identification and Remediation Through Best Security Practices This paper provides only a beginning framework from which you can continue to build and refine your security efforts. Many other items must be taken into account and effectively addressed in order to implement a comprehensive security plan. Some of these topics, which are not addressed in this paper, include unix hosts, modem attacks, social engineering, intrusion detection systems, firewalls, encryption, and the detailed hardening of operating systems and applications. But, the basic principal of removing enticements, while both strengthening and monitoring systems through the application of appropriate Best Security Practices, is universal.
03/24/2004
|
|
Footprint Your Intranet How well do you know your intranet? By that I mean: do you know what machines are connected to your intranet; do you know how they are configured to communicate and what services are available; and would you know if a new workstation or server was connected? Knowing the answers to these questions has been a quest that I have pursued time and again during my cyber security career of over 13 years. When I began, I used to practice computer security by walking around, observing, talking and asking questions, and demonstrating that computer security measures and procedures would not hamper operational concerns or progress. In today’s information technology environment, that is no longer a viable method of fulfilling the responsibilities of a cyber security program manager.
03/24/2004
|
|
Footprinting What Is It, Who Should Do It, And Why? Are you footprinting your systems? Or is an attacker doing it for you? Yes, footprinting can be good for you just like scanning. The process of footprinting is the first step in information gathering of hackers. To perform or thwart a successful attack, one needs to gather information. The hacker’s intention is to learn about all aspects of the perspective organization’s security posture, profile of their Intranet, remote access capabilities, and intranet/extranet presence (Scambray, McClure, and Kurtz 2001).
03/24/2004
|
|
System identification for vulnerability assessment Identifying systems is an especially difficult task in large corporate, educational or public networks. These networks usually have distributed asset management and technical support functions. As wired network access had become commonplace and wireless network access grows in popularity, it becomes more and more difficult to keep an up to date listing of the systems that comprise your network. Keeping tabs on legitimate connections to the network becomes increasingly difficult in large networks with decentralized inventory and asset management and varying levels of support. Manual asset and inventory systems usually have little detail about network connectivity or software. Even in organizations that have formal centralized inventories, both operating systems and network connectivity details are either not part of the data available or simply not populated.
03/24/2004
|
|
The Ethics and Legality of Port Scanning Port scanning is an ideological ambiguity within the computer industry. While usually considered malicious, port scanning is often used by system administrators to diagnose problems on their own network. While most private organizations prohibit the activity, there are currently no state or federal laws that specifically address it. This paper will define and outline the process of port scanning, discuss ethical and legal issues surrounding port scanning, and assert the importance of strictly defining scanning in an organization’s policy.
03/24/2004
|
|
Distributed scan model for Enterprise-Wide Network Vulnerability Assessment Conducting an Enterprise-wide Vulnerability Assessment (VA) on a regular basis, as required risk management, is extremely time- consuming task for security professionals. Enterprise networks are usually widely distributed, located in different places, towns and even counties. A structure of the network is very complex and is separated to different type of zone, sometimes with highly restricted physical access. Average amount of hosts in network is estimated as thousands or tens thousands. Security administrators cannot accommodate a growing amount of requests for network assessment. They are looking for new ideas, news approaches and news tools for Enterprise Vulnerability Assessment.
03/24/2004
|
|
10 Vulnerabilities a Scanner Might Not Find In a world where services are becoming economically more emphasized than products, those organizations seeking to remain in the products sphere survive due to differentiation alone. However, despite the billions of dollars spent on security products and services, the innovation and inventions behind these organizations remain dangerously exposed to theft, destruction, and modification. This paper presents 10 vulnerabilities a scanner might not identify.
03/24/2004
|
|
Strategies for Improving Vulnerability Assessment Effectiveness in Large Organizations Implementing or maintaining a vulnerability assessment program in a large organization requires a dedicated team to conduct the assessments, and to evaluate the findings. In most businesses, security is not a revenue generator; indeed, it is a cost center. In order to provide value, you must either improve the effectiveness of the program, or reduce the drain on resources. There are several steps that can be taken to reduce the impact to your environment, to include: effective communication of the program, use of appropriate change and enterprise management, placement of assessment tools, tuning the assessment policy and automating the assessment. In addition, a new process to manage the assessment data, termed vulnerability management, has materialized. This spawned the creation of several new solutions to address the issue of data management. Combined with the essential elements stated above, these tools will increase the effectiveness of your vulnerability assessment program.
03/24/2004
|
|
The Meaning of Security The term "Security" can be interpreted differently by people and vendors. In this paper, we study the different interpretations from SUN Solaris and NESSUS. This study was done by performing security scans of the SUN Solaris 8 Operating System before and after applying SUN security patches. We will analyze the before and after scans that are performed on the system, look at what the Operating System vendor explained the patches would do and compare the end result with expectations set by the vendor. In the end, you will see that applying patches isn't a complete solution to securing your systems, but a mere step in the process.
03/21/2004
|
|
Page: 1 2 3 |
