Maintaining robust network defenses requires a proactive approach to keep pace with today's rapidly evolving network security threats. One crucial element of an effective network security strategy is penetration testing, or staged attacks in network ...
The major Internet backbone networks for the Pacific Northwest converge at a single location: the Westin building in Seattle, a 32-story structure that houses dozens of major and minor Internet service providers. It is also home to more than 50 . . .
"To some, our observations can be summarized succinctly as "bugs happen". That certainly is not news. But dismissing our results so cavalierly misses. . .
In a recent discussion about the Apache Chunk Handling vulnerability, which consisted of many debates and rants on how the reporting was done, ISS mentioned that they found another serious vulnerability in one other vendor's open source product. Theo de Raadt . . .
A recent Gartner report predicts that 50% of small to medium enterprises across the globe will have been crippled by virus attacks by 2003, costing businesses and governments more than an estimated $18 billion in lost revenues through downtime and the . . .
If current trends continue, we will probably see encryption's use increase. However, the extensive use of encryption affects current conventional security methods in a very profound way, and this is something the security community must consider. Currently, we rely a great deal on security infrastructure such as proxy firewalls and network-based intrusion detection, tools that rely on being able to inspect the traffic that's passing through the network.. . .
This small article is a brief overview on social engineering. It talks a bit about the psychology of social engineering, the security threat it imposes and about the methods used for it. Basically, this article is a summary that covers the . . .
Think malicious users need sophisticated tools to attack a Web site? Think again. All they really need is a Web browser and basic knowledge of SQL or another scripting language.. . .
There are few tutorials on how to accomplish using LDAP for authentication, and I found them to be difficult to understand or incomplete, and as a result some research and testing was done to setup LDAP-based authentication on Mandrake Linux. This was done using Mandrake Linux 8.2, and while all supported versions of Mandrake Linux should operate in the same way, your mileage may vary. The information here should be enough to get you started, if not help you finish everything off.. . .
Security, when dealing with large linux clusters has no single solution, only the commonly used approach of packaging together several existing solutions. DSI (Distributed Security Infrastructure) is Ericsson's attempt to centralize security. The interest in clustering from the telecommunications industry . . .
You'd think we would have learned some important lessons about security when WEP was broken last year by products like AirSnort. Unfortunately, we did not. In fact, some of us believed we could simply take a few security components from the cryptographer's tool box, put them together by the book and wind up with a certifiably secure system. . . .
Employees continue to be overlooked as an IT security threat, despite the significant destruction they can cause, according to one white paper. A white paper released in the US by Web filtering vendor SurfControl found that more than 80 percent . . .
Double authentication -- like adding passwords to fingerprint scanners -- can significantly increase safety. Some music fans have discovered that they can evade Sony's CD copyright-protection system by blackening the edge of the disk with a felt-tipped pen. In Japan, . . .
In implementing a secure WLAN, you'll need to ante up to acquire security hardware and software and accept the burden of increased complexity. One size definitely does not fit all. First, you need to understand the key elements of a comprehensive . . .
Before you uncrate one piece of network equipment for a mass deployment, you need to have the right design in place. Good network design is often the difference between a successful rollout and a torrent of user complaints.. . .
Searching for relief from the pressures of abundant capacity and intense competition for their core services, carriers such as WorldCom Inc. and Sprint Corp. are rushing headlong into the managed security services business. But the plans are drawing fire from security experts and customers, who say the carriers should look internally and secure their networks before offering external services. . . .
The most basic form of Web-based user authentication is known as Basic Authentication. This is an amazingly simple and very old protocol (well, in Web years, anyway) which doesn't rely on any of the fancy encryption, cookies, checksums, or much of anything else that currently exists.. . .
IP networks, long lacking the high availability of their voice and data counterparts, are being improved to recover from failures more quickly and to reduce packet loss. Cisco Systems Inc. and Alcatel SA are targeting such deficiencies with new software . . .
In order to access computer networks, online bank or e-mail accounts, we need a wide range of usernames and passwords. Constant attention is required to track what our name is in each virtual environment, and what password is needed at that moment to access personal information. . . .
Few people believe that maintaining a sound network security posture is easy. Those who do are deluding themselves, unless they practice two fundamental tenets of security: simplicity and awareness. Simplicity facilitates abstraction, which is the basis of all computing. Abstraction . . .
Even before the CanSecWest security conference started on Wednesday, unknown hackers had given the hotel's high-speed network a case of the hiccups. By Wednesday evening, the system was laid out flat. The pros were peeved, and a call for an electronic posse went out. . . .