All Posts Tagged Tag: ‘Security’
Rayovac Corporation is a global consumer products company with a diverse portfolio of world-class brands, including Rayovac, Remington and VARTA. The Company holds many leading market positions including: the world’s leader in hearing aid batteries and the number one selling brand of men’s and women’s foil electric razors in North America. Rayovac markets its products in more than 100 countries and trades on the New York Stock Exchange under the ROV symbol.
Wavelink introduced Wavelink Managed Security, the industry’s first integrated system for wireless LAN management and protection.
CyberGuard has developed a custom mobile security appliance – the sVPN or single virtual private network – for remote employees of a leading electronic commerce business.
Secure Computing’s Sidewinder G2 Security Appliance customers that have activated the Sidewinder’s embedded anti-virus module have protection from an expected wave of malicious worms exploiting the recently announced Windows JPEG vulnerability – before the worms can reach unprotected desktops.
Forum Systems today announced that Yankee Group has named Forum Systems as the “winner” in the Web services security gateway category in an August 2004 report titled “Application Gateways Secure Business Communications” by senior security analyst Eric Ogren.
New Security Information Management Software Links Real-Time Threats and Business Vulnerabilities to Unite Prioritized Incident Responses with Proactive Risk Reduction.
Macromedia today announced the immediate availability of Macromedia Flash Player 7 for Solaris.
Layer 7 Technologies today announced that it is working with Oracle to provide flexible, end-to-end security for application integrations based on XML Web services.
GVI Security Solutions today reported the financial results for the second quarter ended June 30, 2004.
Following up to the patch that was released over the Fourth of July weekend, Microsoft has issued a cumulative patch for their web browser. The patch, called “Cumulative Security Update for Internet Explorer 6 Service Pack 1 (KB867801)”, fixes three vulnerabilities.
A vulnerability in Google’s Gmail may give remote users access to Gmail user information. The culprit is the Gmail CheckAvailability script. Remote users can apply the ‘/accounts/CheckAvailability’ script repeatedly until the system returns another user’s information.
Interested in certification? Then you’ve probably heard about CompTIA and its certifications. What is the value of CompTIA certifications? The Computing Technology Industry Association (CompTIA) is essentially a member organization that promotes competences and standards in the IT industry. As most CompTIA literature, state, “CompTIA is a global trade association representing the business interests of the information technology industry.”
ALF, not a nickname for Alfred but an acronym for Application Layer Filtering, is one of the hottest new buzzwords in a jargon-laden security subfield: firewall technology. Firewall vendors are rushing to implement ALF into their firewall products, and/or beefing up their ALF implementations to compete with those of other vendors. But exactly what is ALF and is it a “must have” feature to look for when you buy a firewall, or just another bit of marketing hype?
Before being able to choose a secure Internet communication system, you need to understand the threats to your security.
What are your IT Career and Certification expectations for year 2004? While certifications can give you an edge, going for just any certification doesn’t help. What is your career focus? New or old activities, what is your focus? New does not always translate to good or wise. It makes sense to review and analyze trends that will affect your career in 2004.
If you’ve been following these articles and thinking about all of the things you should be doing to protect information, your brain is probably on fire by now. This is the forth and final installment and we have only have just touched on some of the possible risks to your vital information.
Xinetd is a replacement for inetd, which was the original Unix super-daemon used to start network services on demand. The reason for inetd goes back to days of low memory and poor memory management: you didn’t want to keep a service running in memory if it was infrequently used. One process (inetd) would listen for connections on appropriate ports, and fire off the appropriate service when a request came in.
In part 2 of this 4 part article on information security, the CISP policy (Cardholder Information Security Policy) being mandated by financial acquiring networks was covered. These mandates were mainly about protecting the credit cardholder and the acquiring merchant bank from having vital information fall into the wrong hands.
MERCHANT AT RISK
In part of 1 this article, risk management was covered, outlining some of the threats and the need for a risk management plan.
I always worry about my website. Security is serious stuff, and you really can’t be too careful. I don’t enable telnet, rlogin and use long, complicated passwords with ssh and so on. I use a shared webserver (http://www.interland.com) that allows me virtual root access, and I fortunately don’t have to worry about things like sendmail; Interland keeps on top of that sort of thing for me.
Planning decisions are critical for a successful firewall implementation. Missing some of the most important points when designing a firewall implementation can jeopardize our information integrity and the overall network security.
Many organisations have deployed VPN’s as a quick win solution and have suffered as a result of not implementing a full solution. Trinity Security Services’ Consultants have worked with a wide array of customers to solve security issues as a result of hastily rolled out VPN solutions.
Network attacks are the biggest risk for Windows 2000 servers. Since the release of the old Windows NT 3.1, hackers have been actively looking for bugs in Microsoft Windows operating systems. Tools like SecHole, IISInjector, NAT (NetBIOS Auditing Tool), SMBRelay and L0pthcrack have been developed to reveal passwords, execute actions on a server, forge network connections and degrade system performance. In addition, several critical security vulnerabilities have been recently released for Windows 2000 that can completely expose a network to an intruder.
Why care about Password Attacks
Windows servers and workstations have become a primary target for malicious users. Be it hackers that try to deface a web site, the Warez community in search for “free” FTP server space or just your internal users interested in restricted files. One common thing about them is that the need to break in either via a software vulnerability or by breaking in into a user account. This article focuses on the later scenario, the try to break in into an account. Fortunately, this occurs not only often but is also relatively easy to spot – and the countermeasures are very simple and effective.
Databases are a goldmine for criminals. Successfully tracking an intrusion can depend 100% on administering database accesses and permissions. Unauthorized user actions, as well as possible intruder actions, need to be tracked and audited in order to maintain the integrity of the information stored in the database.
We often think about security measures as ways of protecting resources by preventing access to them. The need for authentication arises because, in the real world, keeping people out of protected areas is only half the battle. Authentication is about letting certain people (or processes) in, while keeping everyone else out. In practice, this usually means some people are going to have to be given secrets (passwords) that will form part of the credentials they need to present in order to gain access to protected resources. But since, as the old saying goes, the best way to keep a secret is not to, the distribution and exchange of access-providing secrets inevitably raises the level of risk to a secure system. A major goal of authentication, from a security point of view, is minimizing that risk – especially when users are being authenticated remotely, over publicly-accessible networks. Authentication is the process of poking minimally risky holes in one’s security.
People consider the GNU or free software and open source software to be unsafe and are supposed to easily compromised because their source code are readily available,which isn’t correct. This article is specifically related for the security of the GNU Linux Operating system and will help the person for enabling the security parameters for added safety.
Netcat is a utility that is able to write and read data across TCP and UDP network connections. If you are responsible for network or system security it essential that you understand the capabilities of Netcat. Netcat can be used as port scanner, a backdoor, a port redirector, a port listener and lots of other cool things too. It’s not always the best tool for the job, but if I was stranded on an island, I’d take Netcat with me. During this tutorial I’ll demonstrate a complete hack, using Netcat only, just to point out how versatile it is.
For many of us in the SCO world, office networks are a fairly new phenomenon. Many SCO systems are still happily using serial connectivity exclusively, even when Windows machines are part of the enterprise, and even when those machines maybe be networked between each other. In fact, some people even refer to serially connected terminals as a “network” (I won’t use that here: if I say network, I mean an Ethernet network).
Ebook authors these days seem to be highly focused on ebook security. Stories run rampant through the ‘Net about customers who share ebook files on the Internet and via email, buy your ebook and attempt to sell it themselves for a profit, and ask for a refund, but continue to use your ebook. These situations can result in thousands of dollars in lost profit for you.
Despite a few good online articles and countless alarmist news items decrying parasitic War Drivers and War Chalkers contributing to the moral decay of the country, a surprising number of people still install wireless equipment with all of the defaults enabled. There are a huge number of access points in use today that unintentionally advertise a default SSID, bridge directly to an Ethernet network, and use no encryption whatsoever (or a WEP key left on the factory setting, and therefore easily deduced).
I have received over 2 dozen calls on Monday, Aug.11, 2003 concerning people with Windows XP that contains an error that states there was in an error in the RPC and the system will reboot.
In April, a CERT advisory announced the discovery of two separate buffer-overflow vulnerabilities in Snort, a popular security-monitoring tool used for detecting suspicious network activities. This development was disturbing and ironic: system administrators install and run programs like Snort to improve security, and don’t often consider the possibility that the tools themselves might be attacked and exploited to create entirely new security holes. It’s therefore important to understand precisely what happened here, especially since the same mechanisms used against Snort could threaten other security tools.
Business leaders worldwide are becoming more aware of the importance of assuring the security of information assets. Information-security issues are among the hottest topics being addressed in trade media for organizational governance, executive, financial, audit, and IT leaders. Conferences covering the latest information-security issues, tools, and problems abound in both the public and private sectors.
Sometimes, people ask me about security or liability issues online. I do teach some of the realities in my college courses, but I’m far from being an expert in this field and I always recommend checking with a competent, legal professional in every case. But here are some of my thoughts …
You set up firewalls, e-mail filtering, Intrusion Detection Systems (IDS), personal firewalls, Censor Software (both on network and personal level) and they still get in. What I’m referring to are those pesky VBSes, similar worms inhibiting the Windows platform right now and maybe a few real life crackers here and there. For the network administrator, this can be a real problem. Even when he has secured his network with the latest tools and patches, there is still a big chance of his kingdom getting infected, especially if it’s made up of MS Windows machines, and its trusting users.
SAN JOSE, Calif., July 1, 2003 – Cisco Systems, Inc. today announced the addition of a government-specific security curriculum for network professionals. The new Information Systems Security (INFOSEC) Professional validates the knowledge and skills specified by the Committee on National Security Systems (CNSS) for federal systems engineers. The INFOSEC Professional is the only vendor-specific curriculum that meets the rigorous standards of the National Security Agency (NSA) and the CNSS.
Here we go again. I decided to write another article concerning some overall security aspects of installing and running linux. To keep it short and simple, here are some good pointers to enhancing your system’s security. But remember, there’s no absolute security, so keep your eyes open, subscribe yourself to a few good mailing lists, and keep your software up-to-date.
SAN JOSE, Calif., June 17, 2003 – Cisco Systems, Inc. today announced the expansion of its security certification and training program to reflect the latest advances in Cisco security technology and industry expectations for IT professionals. Cisco has added two new comprehensive security design training courses, Designing Perimeter Security (DPS) and Designing VPN Security (DVS), and has also updated exams for the CCSP, Cisco Firewall Specialist, Cisco VPN Specialist and Cisco IDS Specialist certifications.
Over the last few years I have been a roving SQL Server DBA contractor and tended to work contacts in small and mid-size companies that involved organizing, documenting and then tuning/optimizing existing SQL Servers in those companies. I have noticed one very disturbing truth over the years; no one seems to document anything. In fact, I was usually thankful if I could find something or someone who knew the sa passwords on each SQL Server installation, let alone knew anything else about their setups.
Everyone has an opinion as to the longevity of this type of technology, its validity and its capabilities as a security tool. Most security professionals will agree that an IDS cannot be used as your only form of defence. If an IDS is deployed in the correct manner, that is as part of an overall security program, with the correct processes and procedures in place governing operation maintenance and incident handling, can an organisation afford to be without one?
Debian has a package manager (DPKG) that resolves dependency problems automatically. It help us to automatically keep up to date programs looking for new versions on the internet, resolving and completing the files and libraries dependencies which a package requires, making system administration easy and keeping us up to date with the new security changes. It also shows some important and substantial security features: it doesn’t have commercial goals, also doesn’t obey mercantile urgencies, It has a good pursuit of errors, problems are fixed in less than 48 hours and it’s priority is to develop a complete and reliable operating system.
Everyone needs a firewall. If you run a web site, have a dial-up connection or control a corporate backbone you have to install a firewall. This will allow the control of what internal information from your network or computer is allowed to go out, and what information is allowed to come in. Taking advantage of a simple firewall installation can help you preserve your data and report all attempts of unauthorized access.
Although high speed internet access may not have reached you yet, it probably will soon. The advantages are obvious, but there’s a dark side: security. I’m not going to talk about the more general aspects of securing your system here (I’ve done that in General Security), but only specifically about the issue of clear text passwords with telnet, pop, and ftp.
Masking or anonymizing a Web server involves removing identifying details that intruders could use to detect your OS and Web server vendor and version. This information, while providing little or no utility to legitimate users, is often the starting place for crackers, blackhat hackers and “script kiddies”.
Common sense dictates that before you build a security infrastructure, you need to understand what you’re trying to secure.
The deadline for your ezine was yesterday. You have nothing to say. The last week you have spent preparing for a vacation, working overtime at your day job, fighting with your girlfriend. Just fill in the blank. Oh wait, you don’t have to. Somehow there is always an excuse to fill that blank. So, what do you do now?
A vulnerability discovered in Macromedia Flash ad user tracking field allows a remote user to perform Cross-Site-Scripting attacks and retrieve session information.
Just three weeks before Microsoft Corp. publicly details plans to create a secure operating mode for Windows PCs, two top cryptographers have raised concerns about Microsoft’s approach.
The universal problems of spam email and viruses mean companies that specialise in software, hardware and services for the security industry could see stronger growth this year than counterparts in other technology fields, according to speakers at this week’s RSA Conference 2003 in San Francisco.
At a Washington briefing with government officials today, the Computing Technology Industry Association (CompTIA) revealed results from its new security survey Committing to Security: A CompTIA Analysis of IT Security and the Workforce.
Working on the Internet provides Internet marketers with the opportunity to make a living in the comfort of their own home. However, as your business is completely reliant upon your computer, you must take the necessary steps to ensure your computer is safe.
Connecting to the Internet
This article is a basic overview to get you started. There are other articles here that cover certain details in more depth. You may also want to read:
- Installing a Small Office Network
- Internet Mail
- OSR5 PPP Setup
- IPFILTER Firewalls
- DSL and Cable Modem Security
- VPN’s and other remote access
- E-Smith Server and Gateway
A few days ago, an incident happened to me that has prompted the writing of this article. I’m sure that if this is an issue for me and one of my Web sites, it’s an issue for many others.
With my personal Web site, I use a nationally known Internet Host provider to host it. They’ve hosted my site for years, and I can’t really complain about their services (except that you can rarely find a real "person" to talk to).
Sun Microsystems’ Eve Maler, chair of the Security Work Plan Working Group of WS-I (Web Services Interoperability Organization), is a leading mover and shaker in the world of Web services security. She co-founded, formerly chaired, and is currently coordinating editor of the SAML (Security Assertion Markup Language) committee, which brought together divergent XML-based security efforts in an effort to develop a common standard.
Ulli Niemann will answer all types of investment questions, like “what kind of an IRA should I choose? How can I find an Investment Advisor? What type of mutual funds should I pick? How can I avoid being financially devastated by the bear market? How can I avoid some of the broker garbage fees?”
The company’s claims that its software is more secure than a bank vault have not impressed South Africa’s advertising standards authority. Microsoft claimed in an advertisement that its software is so secure, it will make hackers extinct. As it turned out, it was the ad which bit the dust.