IT security
-
News
25 Oct 2024
Dutch critical infrastructure at risk despite high leadership confidence
Stark paradox in Dutch cyber security landscape has business leaders expressing high confidence in their IT infrastructure as cyber attacks rise Continue Reading
-
News
11 Jul 2024
Dutch research firm TNO pictures the SOC of the future
In only a few years, security operations centres will have a different design and layout, and far fewer will remain Continue Reading
-
News
05 Sep 2006
Cisco, Microsoft unveil NAC/NAP interoperability
Nearly two years into their partnership, Cisco and Microsoft yesterday announced a joint architecture combining their network access security solutions. Continue Reading
-
News
04 Sep 2006
Revamped Cisco WAFS worth the wait, users say
Months late, Cisco has finally released a combined Wan optimisation and WAFS product, while startups like Riverbed have been snapping up the customers. But some Cisco beta testers say it has been worth the wait. Continue Reading
-
Feature
04 Sep 2006
Protecting wireless networks: Step 3
Security testing expert Kevin Beaver covers the tools and techniques needed to find and exploit insecure wireless networks. Continue Reading
-
Feature
04 Sep 2006
Protecting wireless networks: Step 2
Security testing expert Kevin Beaver covers the tools and techniques you'll need to find and exploit insecure wireless networks. Continue Reading
-
Feature
04 Sep 2006
Wireless network security testing
Attack your own wireless networks to find vulnerabilities before malicious hackers do. Continue Reading
-
News
31 Aug 2006
Attacks against MS06-040 on the rise
Six pieces of malware are now going after the Windows Server Service flaw outlined in MS06-040, and a spike in attacks has led Symantec to raise its ThreatCon to Level 2. Continue Reading
-
News
31 Aug 2006
Emulex acquisition could cloud future of FC-SATA spec
New Emulex subsidiary Sierra Logic's strength is in FC-SATA bridging technology. Meanwhile, ONStor launches midrange clustered NAS, and Quantum shareholders withhold votes. Continue Reading
-
Feature
31 Aug 2006
Identity and Access Management Security School
This Security School explores critical topics related to helping security practitioners establish and maintain an effective identity and access management plan. Continue Reading
-
News
30 Aug 2006
Survey: Data breaches difficult to spot, prevent
IT pros worry that false positives and a lack of resources are preventing them from blocking data breaches Continue Reading
-
News
30 Aug 2006
Symantec CIO vies with virtualization, device policy
Symantec CIO David Thompson says virtualization is a big part of the security giant's future and it has developed a policy to mitigate virtualization security risks. Continue Reading
-
News
30 Aug 2006
Malware database access sparks debate
Should an emerging database of more than 300,000 malware samples remain a walled community for trusted users, or is open access the best way to fight off digital desperados? Continue Reading
-
News
29 Aug 2006
AT&T breach affects 19,000 customers
Online outlaws hacked into an AT&T computer system and stole credit card data on thousands of customers. AT&T has offered to pay for credit monitoring services for those affected. Continue Reading
-
News
29 Aug 2006
An era ends as Tandberg buys Exabyte
The once-dominant player in the tape market has ended a long downward spiral by selling off its assets. At least customers can now count on continued support, analysts say. Continue Reading
-
Feature
29 Aug 2006
Risk management: Data organization and impact analysis
This first article of the Insider Risk Management Guide explains how to data organization is the first step in implementing insider threat controls. Continue Reading
-
Feature
29 Aug 2006
Risk management: Implementation of baseline controls
This fourth article in the Insider Risk Management Guide examines the implementation of baseline controls. Continue Reading
-
Feature
29 Aug 2006
Risk management: Baseline management and control
Identifying baseline controls is the second step to implementing insider threat controls as described in this article from SearchSecurity's Insider Risk Management Guide. Continue Reading
- Feature 29 Aug 2006
-
Feature
29 Aug 2006
Risk management audit
This article explores the audit function in the insider risk management process. Continue Reading
-
Tip
29 Aug 2006
BackTrack: The gotta-have, free, network security tool you've never heard of
Get the power of Linux-based security tools on Windows with this free suite of open source security tools. Contributor and vulnerability assessment expert Kevin Beaver introduces BackTrack and explains its network security testing features. Continue Reading
-
News
28 Aug 2006
Microsoft probes alleged Internet Explorer flaw
A research group claims attackers could launch malicious code using a flaw in the way Internet Explorer instantiates certain COM objects' ActiveX controls. Continue Reading
-
News
27 Aug 2006
Third-party patching: Prudent or perilous?
Security patches issued by third parties have become more prevalent in recent months, and while some security pros endorse them, others say they're more trouble than they're worth. Continue Reading
-
Feature
27 Aug 2006
Look through the over-hyped storage terms; find the value
Storage expert Marc Staimer discusses the storage vendor trend of using over-hyped terms to sell their products, and how you can find the true value in what they're selling. Continue Reading
-
News
24 Aug 2006
Are tape backups a thing of the past when it comes to disaster recovery?
I guess we have to look at disaster recovery, when it comes to tapes, in order of priorities. So, if we're talking about your most critical applications nowadays -- your most critical data -- tape backup is actually losing favor to disk backup or data replication. Continue Reading
-
News
24 Aug 2006
Security Blog Log: Opinions abound on IBM/ISS deal
Bloggers ponder what IBM's acquisition of ISS says about the industry as a whole. Is the end in sight for independent security vendors? Continue Reading
-
News
24 Aug 2006
How do I identify what data to replicate and what data to simply backup?
It goes back again to the value of the data to your organization -- or the impact of losing access to this data. Typically, from a business continuity perspective, the best way to establish this is through what we call a "business impact analysis," which really measures the impact of an outage on your revenue stream or your organization from a public perception point of view. Continue Reading
-
News
24 Aug 2006
What is the difference between RPO and RTO (from a backup perspective)?
The recovery point objective (RPO) and the recovery time objective (RTO) are two very specific parameters that are closely associated with recovery. The RTO is how long you can basically go without a specific application. This is often associated with your maximum allowable or maximum tolerable outage. Continue Reading
-
News
24 Aug 2006
What is the most important aspect of data protection when it comes to DR?
You could answer that with one word really, and I would have to say "testing." Just "testing." Whatever you do when you're protecting data, whether it's a backup, whether it's replication, whatever it is, make sure that you test what you put in place. Just because the vendor's glossy ad said that theproduct allows you to restore "virtually in seconds," I wouldn't necessarily take their word for it. Continue Reading
-
News
24 Aug 2006
Weekly compilation of storage news
Symantec peddles enterprise vault toolT and the new features developed because of a recent update to the US Federal Rules of Civil Procedure. Continue Reading
-
News
24 Aug 2006
Aren't backups and archives essentially the same thing?
The answer to that can be a "yes" and "no." If we look at a very high level, a copy of data is a copy of data, and that's where a lot of people confuse both as being somewhat the same -- one copy is just kept longer. When we start digging into what a backup is for and what an archive is for, that's when we really start seeing the distinction between the two. Continue Reading
-
News
24 Aug 2006
What do tiered storage and ILM have to do with disaster recovery?
That idea ties back into the topics of data growth, data control, data management and recoverability. Once you start categorizing your data based on criticality and recovery priority, it gives you an indication of your data segments. We have our high-priority data, we have our medium criticality data and we have our low restore priority data. Continue Reading
-
News
24 Aug 2006
How far apart should my production and alternate recovery sites be?
As a good consultant, I would have to use the typical answer; it depends. We have a few things to consider here. First, what kind of disaster are you trying to protect yourself (or your organization) from? Second, what is your geography like? Continue Reading
-
News
24 Aug 2006
Cisco patches flaws in multiple products
Attackers could corrupt files, cause a denial of service and bypass security restrictions via flaws in several of Cisco's firewall and VPN products. Continue Reading
-
News
23 Aug 2006
Remote access, WAN optimization, and network analysis news
Briefs: Remote access from Positive Networks helps with disaster recovery plans; Ipanema Technologies provides WAN optimization; Lancope rolls out network behavior analysis and response system tools. Continue Reading
-
News
21 Aug 2006
Briefs: VoiceCon in the news
This week at VoiceCon we saw everything from managed VoIP services to IP phones made to make mobile workers right at home, wherever they are. Continue Reading
-
News
21 Aug 2006
IBM spruces up storage line
IBM floated a raft of announcements across its storage line, but analysts say they are still waiting for the updates stuck in the research phase. Continue Reading
-
News
20 Aug 2006
AOL data spill leads to dismissals, resignation
AOL has fired two employees and its CTO has left the company after search data from 658,000 customers was accidentally exposed earlier this month. Continue Reading
-
News
17 Aug 2006
Apple fixes Xsan security flaw
Attackers could exploit a security flaw in Apple's Xsan file system to launch malicious code and crash vulnerable machines, but a fix is available. Continue Reading
-
Feature
17 Aug 2006
Security blog log: Fear and loathing in MS06-040's wake
This week, security bloggers wonder if some of the MS06-040 warnings have gone too far. Meanwhile, Symantec uses its blog to warn about the timed release of exploits. Continue Reading
-
News
15 Aug 2006
Cisco says it can't reproduce PIX flaw
Ever since a researcher at Black Hat outlined a flaw in the PIX firewall, Cisco has been trying to reproduce the security hole. So far, the company has been unsuccessful. Continue Reading
-
News
15 Aug 2006
Cisco boosts VoIP certification
The upgraded CCNP midlevel Cisco certification now incorporates VoIP, security and wireless to boost converged network skills among enterprise professionals. Continue Reading
-
News
14 Aug 2006
EMC sheds light on RSA integration plans
As the dust begins to settle on EMC's $2.1 billion acquisition of RSA Security, the hard work of integration begins. What's EMC strategy here? Continue Reading
-
News
14 Aug 2006
Mocbot update targets MS06-040 flaw
Security experts raised the red flag Sunday as new malware targets the Windows flaw addressed in the MS06-040 patch. Attackers are using the flaw to expand IRC-controlled botnets. Continue Reading
-
News
10 Aug 2006
Security Blog Log: Israeli-Hezbollah war spills into cyberspace
This week blogosphere warily watches online attacks inspired by the Mideast conflict and rants over the latest security incidents at AOL and the VA. Continue Reading
-
News
10 Aug 2006
Vista kernel limits have security vendors on edge
Microsoft's PatchGuard feature will prevent extension of Windows Vista kernel, and antivirus vendors say it'll make it harder for them to produce good security products. Continue Reading
-
News
10 Aug 2006
Symantec fixes Backup Exec flaw
Attackers could exploit flaws in Symantec Backup Exec 9.1 and 9.2 for NetWare Servers to cause a denial of service, launch malicious code and gain access to vulnerable machines. Continue Reading
-
News
09 Aug 2006
Xiotech resurfaces with data compliance focus
Xiotech has been busy acquiring a legal discovery software vendor and building a data compliance practice, but what about storage? Continue Reading
-
News
08 Aug 2006
Cheat sheet: Access management solutions and their pros and cons
Popular authentication methods such as passwords, biometrics and two-factor are assessed in this chart. Continue Reading
-
Feature
07 Aug 2006
Inside MSRC: Time to rethink security workarounds
Christopher Budd of the Microsoft Security Response Center recommends implementing one of several security workarounds to ensure a secure infrastructure until this month's most important Windows update can be installed. Continue Reading
-
News
06 Aug 2006
Security Bytes: CA fixes eTrust Antivirus flaws
Online thieves steal $700,000 from personal accounts, researchers expose e-passport vulnerability; and arrests are made in the VA security breach case. Continue Reading
-
News
03 Aug 2006
Ajax threats worry researchers
Black Hat: While it makes smooth Web applications like Google Maps possible, the rush to adopt Ajax may fuel haphazard development and a feeding frenzy among hackers. Continue Reading
-
News
03 Aug 2006
Vendors reject preferential knowledge sharing
While Cisco continues to investigate a potential PIX firewall flaw, it and other vendors say sharing security information quickly and indiscriminately is always the best policy. Continue Reading
-
News
03 Aug 2006
EMC updates SAN Advisor design tool
EMC's SAN design tool now recognises zones and allows users to customise rules; HP and EMC sign five-year cross-licensing deal. Continue Reading
-
Feature
03 Aug 2006
Countering attackers with NAC, IPS
Product review: Information Security magazine's Wayne Rash says ForeScout Technologies' flexible CounterACT appliance combines NAC with IPS and is worth the investment. Continue Reading
-
Feature
03 Aug 2006
Akonix A-Series offers complex, best-of-breed IM security
Product review: Information Security magazine's Sandra Kay Miller says The Akonix A-Series instant messaging security appliances works well but needs better documentation. Continue Reading
-
Feature
03 Aug 2006
Thwarting IM management challenges
Product review: Information Security magazine's Sandra Kay Miller says Symantec's IM Manager 8.0 has limited public network features, but offers excellent reporting Continue Reading
-
Feature
03 Aug 2006
Security event management, no strings attached
Product review: Information Security magazine's Joel Snyder says Check Point's vendor-agnostic Eventia Analyzer 2.0/Eventia Reporter is worth consideration despite limited BI options. Continue Reading
-
News
02 Aug 2006
Twelve Microsoft fixes coming on Patch Tuesday
Microsoft Tuesday will release a dozen new security bulletins for its Windows and Office products, likely including fixes for several outstanding PowerPoint flaws. Continue Reading
-
News
02 Aug 2006
Mobile security begins with policy
Mobile security can no longer be an afterthought. Mobile experts say security starts, but doesn't end, with policy. Continue Reading
-
News
02 Aug 2006
Possible Cisco zero-day exploit revealed at Black Hat
Details of an alleged flaw related to SIP and PIX appliances, briefly mentioned in a Wednesday Black Hat presentation, are being kept under wraps as Cisco and US-CERT investigate. Continue Reading
-
News
02 Aug 2006
SRM tools improve storage planning and deployment, page 2
Storage administrators are struggling to identify their storage resources and utilise those resources to their best potential Continue Reading
-
News
01 Aug 2006
Arun Taneja: Blogs and more
Monthly blogs by Arun Taneja, as well as other material by this storage expert. Continue Reading
- Feature 01 Aug 2006
-
News
01 Aug 2006
Security Bytes: Exploits targeting freshly patched Apple flaw
Apple patches nearly two dozen holes in OS X, but not before exploits are unleashed. Plus McAfee fixes a critical flaw and EMC gets the OK to buy RSA. Continue Reading
-
News
01 Aug 2006
Litchfield: Database security is 'IT's biggest problem'
At Black Hat USA 2006, database security guru David Litchfield unveils 20-plus IBM Informix flaws that attackers could exploit to create malicious files, gain DBA-level privileges and access sensitive data. Continue Reading
-
Feature
01 Aug 2006
PING with Heidi Kujawa
Heidi Kujawa, director of enterprise architecture services for Sony Pictures Entertainment, explains how combatting piracy takes more than just keeping bootleggers out of the theatres Continue Reading
-
News
31 Jul 2006
Security Bytes: ISS warns of new Microsoft Windows flaw
Attackers could exploit the latest Microsoft Windows flaw to crash vulnerable machines and Symantec fixes a Brightmail AntiSpam flaw. Continue Reading
-
Feature
31 Jul 2006
Beyond HIPAA and GLBA
Most firms are familiar with HIPAA, Gramm-Leach-Bliley and Sarbanes-Oxley, but newer regulations are pushing certain industry sectors to adopt strong authentication Continue Reading
-
News
30 Jul 2006
EqualLogic updates storage provisioning software
Users have more options when it comes to pooling storage with version 3.0 of EqualLogic's array software, but some are wondering whatever happened to the SAS disks. Continue Reading
-
News
27 Jul 2006
ITIL framework finds new stakeholders with v3
Too many companies today don't have an accurate count of their assets, and therefore are underutilizing systems and being unproductive. A CMDB framework, used in support with an ITIL project, can provide databases and analysis tools to help IT organizations avoid redundancies and effectively manage their resources. Continue Reading
-
News
26 Jul 2006
Mozilla issues critical security updates
New patches to fix 13 software security flaws, eight of which have been deemed critical. Continue Reading
-
News
26 Jul 2006
DHS puts Zitz in charge of cybersecurity division
American career intelligence officer Robert S. Zitz has taken over day-to-day operations of the US National Cyber Security Division, but his department still has numerous digital defence problems to remedy. Continue Reading
-
News
26 Jul 2006
Blue Cross bears burden of 'no wireless' policy
Blue Cross of Idaho had a "no wireless" policy on paper but never really enforced it. That is, until a team of auditors said the company had better do something. Continue Reading
-
News
25 Jul 2006
Employee monitoring should be done with care
Employee monitoring is on the rise as firms try to safeguard their sensitive information and increase productivity. Continue Reading
-
News
24 Jul 2006
Security Bytes: New Microsoft exploits in the wild
The exploits target issues Microsoft patched earlier this month. Meanwhile, flaws are reported in Oracle for OpenView and a Mozilla Firefox keystroke logger is on the loose. Continue Reading
- News 19 Jul 2006
-
News
18 Jul 2006
Midsized firms reach out to backup service providers
Data growth and ever-tightening compliance rules are among the factors driving some organizations to turn to service providers for help with backups. Continue Reading
-
News
16 Jul 2006
VPNs and remote access quiz
Take this five-question quiz to see how much you've learned about VPNs and remote access. Continue Reading
-
Feature
16 Jul 2006
Endpoint security quiz
Take this five-question quiz to see how much you've learned about endpoint security. Continue Reading
-
News
14 Jul 2006
CSI survey: Data breaches still being swept under the rug
The annual CSI/FBI Computer Crime and Security Survey shows companies are reporting fewer financial losses from data breaches. That doesn't mean the good guys are winning. Continue Reading
- News 14 Jul 2006
-
News
13 Jul 2006
Security Bytes: Investigators slam VA over data breach
Meanwhile: Cisco patches a router application flaw, a Washington law firm sues IBM over a server attack; and spammers sucker Web surfers with fake Vladimir Putin death reports. Continue Reading
-
News
13 Jul 2006
Trojan targets Microsoft PowerPoint flaw
Update: The exploit might be tied to an older flaw in Excel. Attackers who exploit the serious flaw could launch arbitrary code. Microsoft says it is investigating. Continue Reading
-
News
11 Jul 2006
Critical flaws found in Excel, Flash Player
FrSIRT says holes in Microsoft's spreadsheet program and Adobe's media player could allow attackers to take control of affected machines and initiate malicious commands. Continue Reading
-
News
11 Jul 2006
Microsoft patches seven July security holes, five critical
The software giant's monthly batch of fixes includes critical repairs for Internet Explorer and Windows' networking features, plus "important" bulletins for Internet Information Server. Continue Reading
-
Feature
11 Jul 2006
Inside MSRC: Debunking Excel exploits
Microsoft's Christopher Budd puts the magnifying glass to Microsoft's July bulletinsand says one alleged Excel exploit isn't what it seems. Continue Reading
-
News
11 Jul 2006
Looking ahead to life without passwords
Security pros know that passwords are nothing but trouble. For them, single-sign on, two-factor authentication and federated ID represent the path to stronger authentication. Continue Reading
- News 10 Jul 2006
-
News
10 Jul 2006
Security Bytes: Data breach affects 100,000 military personnel
Meanwhile: Phishers use a phone trick to dupe PayPal users; the PCI security standard will get more teeth and a survey illustrates an increase in security breaches Continue Reading
- News 10 Jul 2006
-
News
06 Jul 2006
Strong authentication for businesses large and small
Product review: Customer service could return calls more quickly when there's a problem. But overall, RSA SecurID Appliance 2.0 delivers robust, scalable protection. Continue Reading
-
News
30 Jun 2006
More from SearchSecurity -- July 2006
Highlights from the July 2006 issue of Information Security magazine. Continue Reading
-
News
26 Jun 2006
Dundee to teach ethical hacking BSc
A degree in ethical hacking will be on offer at a Scottish university from the new academic year. Continue Reading
- News 13 Jun 2006
-
News
01 Jun 2006
FullArmor lives up to its name
PolicyPortal provides an Internet interface to easily configure, monitor and enforce near real-time Active Directory-based policy compliance through client agents. Continue Reading
-
News
01 Jun 2006
BlueCat appliance offers rock-solid security
Hot Pick: The Adonis 1000 appliance bundles DNS and DHCP into an enterprise-class appliance for the centralized secure operation of network addressing. Continue Reading
-
Tip
27 Apr 2006
How to create and enforce employee termination procedures
In this Ask the Expert Q&A, Shon Harris, our security management expert, reviews how the the security group, HR and management should work together to define and enforce employee termination policies, and reviews what should be done during each stage of employment. Continue Reading
-
Feature
11 Apr 2006
Questions that need to be answered on NHS IT plan
Four years ago the government announced to a grateful NHS a national IT programme that would become the world's largest civil computer scheme. Continue Reading
-
News
06 Apr 2006
Adding 'fudge' to your passwords
Safe passwords are integral to web application security. Unfortunately, recalling many complicated passwords is difficult. If you must write down your passwords to remember them, use this tip to create a safer password record. Continue Reading
-
News
28 Mar 2006
Outsourced way to hire contract staff
IT services company FDM has launched a "straight through" recruitment service to help IT departments in the finance sector recruit contract staff. Continue Reading
- News 07 Mar 2006