Fighting Network threats with a Network Analyzer; Wireless endpoint security
Fighting Network threats with a Network Analyzer; Wireless endpoint security
This week, perhaps the most interesting articles include "Security: The
root of the problem", "Fighting Network threats with a Network Analyzer",
"Wireless endpoint security: Tie up the loose ends" and "Seven habits of
highly secure companies".
>>> Need to Secure Multiple Domain or Host Names?
Securing multiple domain or host names need not burden you with unwanted
administrative hassles. Learn more about how the cost-effective Thawte
Starter PKI program can streamline management of your digital
certificates. Click here to download our Free guide:
---- LINUX ADVISORY WATCH: This week, advisories were released for apache, dhcp, kernel, mailman, gzip, Pavuk, Esearch and libpng. The distributors include Debian, Fedora, FreeBSD, Gentoo, Mandrake, Suse and Trustix. ---- Open Source Leaving Microsoft Sitting on the Fence? The open source model, with special regard to Linux, has no doubt become a formidable competitor to the once sole giant of the software industry, Microsoft. It is expected when the market share of an industry leader becomes threatened, retaliation with new product or service offerings and marketing campaigns refuting the claims of the new found competition are inevitable. However, in the case of Microsoft, it seems they have not taken a solid or plausible position on the use of open source applications as an alternative to Windows. Interview with Brian Wotring, Lead Developer for the Osiris Project Brian Wotring is currently the lead developer for the Osiris project and president of Host Integrity, Inc.He is also the founder of knowngoods.org, an online database of known good file signatures. Brian is the co-author of Mac OS X Security and a long-standing member of the Shmoo Group, an organization of security and cryptography professionals. Guardian Digital Launches Next Generation Secure Mail Suite Guardian Digital, the premier open source security company, announced the availability of the next generation Secure Mail Suite, the industry's most secure open source corporate email system. This latest edition has been optimized to support the changing needs of enterprise and small business customers while continually providing protection from the latest in email security threats. Host Security News: * Another big Apache hole found Linux and Unix vendors are releasing fixes for a critical bug in the popular Web server Apache that could allow attackers to crash the system or execute malicious code. The bug affects Apache 1.3.x installations configured to act as proxy servers, which relay requests between a Web browser and the Internet. * Security: The root of the problem It doesn't seem that a day goes by without someone announcing a critical flaw in some crucial piece of software or other. Is software that bad? Are programmers so inept? What the heck is going on, and why is the problem getting worse instead of better? One distressing aspect of software security is that we fundamentally don't seem to "get it." * ISO endorses key security certification The International Standards Organization last week gave its stamp of approval to the CISSP security certification for IT workers, and a half-dozen security managers said the endorsement should help enhance the certification's legitimacy and acceptance. Network Security News: * Fighting Network threats with a Network Analyzer This article shows how a network analyzer, historically used for network troubleshooting, can also be used to defend against the security threats. Certain features of a network analyzer can be set to monitor for virus and attack signatures and offer quick ways of isolating infected systems. For those organizations that are looking to invest in a network analyzer there are certain key features that should be considered. * Cookie Path Best Practice Cookies provide a method for creating a stateful HTTP session and their recommended use is formally defined within RFC2965 and BCP44. Although they are used for many purposes, they are often used to maintain a Session ID (SID), through which an individual user can be identified throughout their interaction with the site. For a site that requires authentication, this SID is typically passed to the user after they have authenticated and effectively maintains the authentication state. * 802.11 Wireless LAN Fundamentals - Book Review Wireless networks and technologies are no longer a new concept. The freedom of flexibility, increase of productivity and the much sought-after mobility are only few of the benefits that 802.11-based networks provide. This appeals to the enterprise and home users to take the next step and deploy a wireless network onto their network and business infrastructure. * Wireless endpoint security: Tie up the loose ends Endpoint security transcends the use of personal firewalls and antivirus software. Endpoint devices such as laptops, home-office and remote desktops, and Internet-enabled handhelds are some of the biggest headache sources for security managers.It's hard enough keeping your in-house workstations and servers secure with up-to-date antivirus software and the latest patches and updates. General Security News: * Usenix: Experts debate security through diversity The sheer number of worms and viruses directed at Microsoft Corp.'s Windows operating system and Internet Explorer browser have many in the computer industry wondering whether the cyberworld would be more secure if more users relied on alternatives to Microsoft's products. That description appeared to fit about two-thirds of the few hundred system administrators and engineers attending a debate between two prominent security experts at the Usenix 2004 conference in Boston yesterday. * Seven habits of highly secure companies Companies, like the humans who make them run, are creatures of habit. Some of those habits can make information systems more secure, rather than less. There's no such thing as absolute security, of course. But the seven best practices of highly secure companies are a standard against which CEOs can measure their organizations.
