Information Security magazine's January issue takes a deep dive into the security issues you need to be proficient with today--like endpoint security and strong authentication-- and what you'll need to keep an eye on for tomorrow--RFID and securing virtual machines.
Wide world of endpoint security
Network perimeters have dissolved as your employees, contractors and partners access data from virtually anywhere. All of those endpoints introduce risk to your network. Expert David Strom hosts a webcast Jan. 17 at noon ET, that will explain what makes up a successful endpoint security strategy and how evolving vendor partnerships are affecting NAC product sets.
>> Register for this webcast.
FFIEC Crash Course
Financial institutions that offer online banking are required by the Federal Financial Institutions Examination Council (FFIEC) to implement strong authentication to secure transactions. Now that the first FFIEC deadline has passed, keep this crash course on FFIEC and strong authentication handy as a resource guide.
>> Review Two-factor authentication and the FFIEC: A crash course
Is RFID in your company's future? Expert Joel Dubin explains some of the security issues that exist and would need to be resolved before RFID becomes a mainstream tracking technology for your supply chain.
>> Review RFID tags: Do they have a secure future?
Snort and syslog
Snort is probably the most popular network intrusion detection system in deployment, but admittedly, it doesn't do a good job with syslog traffic, expert Mike Chapple says. In this tip, he points you to some of the best alternatives for monitoring Snort log data.
>> Read Can Snort read multi-platform syslogs?
This list lays out zero-day flaws in Windows that were discovered in 2006 and when they were patched:
|January||WMF||Dec. 28, 2005||Jan. 5||MS06-01||Spyware infections, spam relays|
|March||IE createTextRange||March 22||April 11||MS06-013||Remote code execution|
|May||Word malformed object pointer||May 10||June 13||MS06-027||Remote code execution|
|June||Excel document processing||June 16||July 11||MS06-037||Remote code execution|
|July||PowerPoint malformed shape container or record||July 12||Aug. 8||MS06-048||Remote code execution|
|September||IE Vector Markup Language buffer overflow||Sept. 18||Sept. 26||MS06-055||Botnet; remote code execution|
|PowerPoint||Sept. 27||Oct. 10||MS06-058||Remote code execution|
|Word||Sept. 2||Oct. 10||MS06-060||Remote code execution|
|November||Visual Studio Object Broker ActiveX control||Nov. 1||Dec. 12||MS06-073||Remote code execution|
|XML Core Services XMLHTTP 4.0 ActiveX control||Nov. 3||Nov. 15||MS06-071||Remote code execution|
|December||Word||Dec. 5||Unpatched||Remote code execution|
|Windows Media Player||Dec. 7||Dec. 12||MS06-078||DoS; remote code execution|
|Word||Dec. 10||Unpatched||Remote code execution|
In this exclusive interview with Information Security magazine Nikk Gilbert, IT security and telecom director reviews the obstacles he encountered when placed at the helm of an enterprise that didn't have a dedicated security team and what enterprise security professionals can do secure their network.
>> Read the interview with Nikk Gilbert
|December 2006||November 2006||October 2006||September 2006||August 2006||July 2006|
|June 2006||May 2006||April 2006||March 2006||February 2006||January 2006|
|December 2005||November 2005||October 2005||September 2005||August 2005||July 2005|
This was first published in January 2007