Maintaining robust network defenses requires a proactive approach to keep pace with today's rapidly evolving network security threats. One crucial element of an effective network security strategy is penetration testing, or staged attacks in network ...
Computer forensics, once a discipline restricted to a small cloister of law enforcement officers, is now a booming business. Demand for the services is exploding as electronic evidence becomes more widely used in court and as companies become increasingly concerned about the use of computer networks for corporate spying and other mischief.. . .
Networks dominate today's computing landscape and commercial technical protection is lagging behind attack technology. As a result, protection program success depends more on prudent management decisions than on the selection of technical safeguards. Managing Network Security takes a management view of . . .
Napster, Gnutella, IM and other peer-to-peer applications are the "flavor of the week." But if you're not careful, these programs could be used to undermine your network security. P2P applications are hot nowadays because they allow users to share the massive . . .
A few months ago, I challenged myself with a problem. I wanted to implement centralized system logging that would securely store logs in a location that would prevent any tampering or mischief. It was necessary to find a solution that fit . . .
Networks dominate today's computing landscape and commercial technical protection is lagging behind attack technology. As a result, protection program success depends more on prudent management decisions than on the selection of technical safeguards. Managing Network Security takes a management view of . . .
If you have several machines in your home or office network, make the other machines use it. With NAT (or "IP masquerading", as it's called in another universe), multiple machine can be hidden behind one gateway machine. The machines behind the . . .
Security experts say site managers and enterprise e-commerce managers can take many steps to ward off or minimize the effects of these attacks. But to choke them off at the source and then identify the perpetrators "would take . . .
A brute-force password cracking program called CrackWhore written by our Dutch friend SubReality turns out to be clever for more than its name. The author has rigged it with a phone-home feature (which users can disable) that sends the password combos . . .
The CORE SDI team has found a vulnerability in the SSH 1.5 protocol that allows an attacker to retrieve the session key, which could then allow them to decrypt network traffic. This attack was discovered by David Bleichenbacher. . . .
The DDoS (distributed denial of service) attack that knocked out Yahoo used a host of hacked servers--dubbed "slaves" or "zombies"--to inundate a Web site or Internet-connected server with data, effectively stopping the server's ability to respond to Web page requests or . . .
ASP (Active Server Pages) are a technology initially developed by Microsoft to tackle the "dynamic content on the web" problem. Chili!Soft is a company that has released a piece of software called Chili!Soft ASP that makes ASP functionality available on . . .
An invisible snoop may be virtually peering over your shoulder right now. Computer crackers can read your e-mail, collect your credit card data, intercept the information you send wirelessly or pry into your private files.. . .
It was a common enough problem for a small business: AMT Asset Management, a Marlboro, New Jersey-based brokerage with six employees, needed a way to connect its Boca Raton, Florida office to headquarters. The goal was to provide the smaller office . . .
The idea of a wireless LAN has always had a certain charm -- suggesting an end to the expense and inconvenience of running cable, and to users' whining about being tethered to their desks. And now, with wireless standards firming up, . . .
Despite a series of costly attacks that have shut down some of the Internet's best-known sites over the past year, experts say it is still easier to launch an assault like the one that stunned Microsoft this week, than it is . . .
In the first part of this series we had a laid the ground work that took us a step further towards understanding the necessity of a full fledged Intrusion Detection system (IDS). A good policy is to mix and match the . . .
A vulnerability recently discovered in the software used in most DNS (Domain Name System) servers may be the most serious security threat yet found on the Internet, allowing hackers effectively to shut down ISPs and corporate Web servers as well as . . .
CERT's advisory is the latest in a long series of problems both with the Berkeley Internet Name Domain (or BIND) server software and the DNS system in general. CERT alone has issued 12 advisories about exploits or vulnerabilities in the software . . .
Ebusiness offers tremendous opportunities for reducing costs and improving revenues. However, along with the advantages it also brings new threats and liabilities that leave businesses highly vulnerable to cyber attack and fraud. Business today must be concerned with the impact of . . .
As a System administrator of a *NIX network it is your responsibility to ensure that your *NIX machines are running in perfect condition and to see to it that valuable customers and transactions are not lost, by minimizing the down time. . . .