Information Security magazine highlights January 2007

A deep dive into the security issues you need to be proficient with today and what you'll need to keep an eye on for tomorrow


Information Security magazine's January issue takes a deep dive into the security issues you need to be proficient with today--like endpoint security and strong authentication-- and what you'll need to keep an eye on for tomorrow--RFID and securing virtual machines.

Wide world of endpoint security
Network perimeters have dissolved as your employees, contractors and partners access data from virtually anywhere. All of those endpoints introduce risk to your network. Expert David Strom hosts a webcast Jan. 17 at noon ET, that will explain what makes up a successful endpoint security strategy and how evolving vendor partnerships are affecting NAC product sets.
>> Register for this webcast.

FFIEC Crash Course
Financial institutions that offer online banking are required by the Federal Financial Institutions Examination Council (FFIEC) to implement strong authentication to secure transactions. Now that the first FFIEC deadline has passed, keep this crash course on FFIEC and strong authentication handy as a resource guide.
>> Review Two-factor authentication and the FFIEC: A crash course

RFID primer
Is RFID in your company's future? Expert Joel Dubin explains some of the security issues that exist and would need to be resolved before RFID becomes a mainstream tracking technology for your supply chain.
>> Review RFID tags: Do they have a secure future?

Snort and syslog
Snort is probably the most popular network intrusion detection system in deployment, but admittedly, it doesn't do a good job with syslog traffic, expert Mike Chapple says. In this tip, he points you to some of the best alternatives for monitoring Snort log data.
>> Read Can Snort read multi-platform syslogs?

Zero Hour
This list lays out zero-day flaws in Windows that were discovered in 2006 and when they were patched:

Month Flaw Appeared Patched Patch Payload
January WMF Dec. 28, 2005 Jan. 5 MS06-01 Spyware infections, spam relays
March IE createTextRange March 22 April 11 MS06-013 Remote code execution
May Word malformed object pointer May 10 June 13 MS06-027 Remote code execution
June Excel document processing June 16 July 11 MS06-037 Remote code execution
July PowerPoint malformed shape container or record July 12 Aug. 8 MS06-048 Remote code execution
September IE Vector Markup Language buffer overflow Sept. 18 Sept. 26 MS06-055 Botnet; remote code execution
  PowerPoint Sept. 27 Oct. 10 MS06-058 Remote code execution
  Word Sept. 2 Oct. 10 MS06-060 Remote code execution
November Visual Studio Object Broker ActiveX control Nov. 1 Dec. 12 MS06-073 Remote code execution
  XML Core Services XMLHTTP 4.0 ActiveX control Nov. 3 Nov. 15 MS06-071 Remote code execution
December Word Dec. 5 Unpatched   Remote code execution
  Windows Media Player Dec. 7 Dec. 12 MS06-078 DoS; remote code execution
  Word Dec. 10 Unpatched   Remote code execution

In this exclusive interview with Information Security magazine Nikk Gilbert, IT security and telecom director reviews the obstacles he encountered when placed at the helm of an enterprise that didn't have a dedicated security team and what enterprise security professionals can do secure their network.
>> Read the interview with Nikk Gilbert

December 2006 November 2006 October 2006 September 2006 August 2006 July 2006
June 2006 May 2006 April 2006 March 2006 February 2006 January 2006
December 2005 November 2005 October 2005 September 2005 August 2005 July 2005

Read more on IT risk management