IT security

Security Blog Log: Dissecting Firefox 2.0

This week, bloggers examine the security features of Firefox 2.0 and come away with mixed reviews. Does it fare better than Internet Explorer 7? Continue Reading

Review: Arbor Networks' Peakflow X 3.6

Hot Pick: Peakflow isn't cheap and requires an intimate understanding of data flows, applications and network infrastructure. But the investment will pay dividends. Continue Reading

By

• Sandra K. Miller, Contributing Writer

Review: Network Intelligence's enVision

enVision offers excellent value and is highly configurable, though typically that means you have to put a lot into it to get the most out of it. Continue Reading

By

• Brent Huston, Contributing Writer

Review: SPI Dynamics' WebInspect 6.1

SPI Dynamics has created a powerful tool for novices as well as advanced users who will appreciate the time and effort it saves. Continue Reading

By

• Phoram Mehta, Contributing Writer

Tor network privacy could be cracked

The Tor network is used by those who want to keep their IP addresses private. But new research shows that it's possible to compromise the system and unmask the user. Continue Reading

By

• Bill Brenner

Download Advanced Storage Guide Chapter 2: Backup/Data protection (PDF)

A printable version of our Advanced Storage All-In-One Guide. Download Chapter 2: Backup/Data protection in .pdf format now. Continue Reading

Flaw found in Firefox 2.0

Attackers could exploit the security flaw to crash versions 1.5.0.7 and 2.0 of the browser, according to various security advisories. Continue Reading

By

• Bill Brenner

Podcast: The state of Oracle security

In this edition of Security Wire Weekly, Oracle DBA Jon Emmons gives his observations about Oracle's new critical patch update format. Continue Reading

By

• SearchSecurity.com Staff

E-vaulting's many faces can confuse IT efforts

E-vaulting is the process that describes how enterprise IT departments ship backup tapes and replicate data to remote disk arrays and VTLs. E-vaulting is not a new concept, but more recently it has grown to mean remote backups and replication for SMBs/SMEs using third-party services. This article examines e-vaulting, highlights the major considerations and roadblocks in implementation, examines the impact of e-vaulting on real-life users and looks ahead at future e-vaulting trends. Continue Reading

Messaging Security School

SearchSecurity.com's Messaging Security School has brought together some of the most knowledgeable experts in the messaging security field to offer you personal instruction on how to secure the information handled by your organization's knowledge workers. Continue Reading

Countermeasures for malicious email code

Today's malware continues to raise the security stakes. Enterprises are now facing numerous evolving threats like targeted and blended attacks, zero-day exploits, botnets and phishing schemes. The attacks aren't the only things evolving; so are today's product sets. In this lesson, attendees will get an overview of the email threat landscape, tips for malware protection success and guidance on the future of email attacks. Continue Reading

By

• Tom Bowers

Survey: Data breach costs surge

A new study by the Ponemon Institute finds a 31% increase in the costs associated with a data breach. Continue Reading

By

• Robert Westervelt, TechTarget

Achieving compliance: a real-world roadmap

A security manager's responsibilities extend beyond the technical aspects of the job. These days, effective governance and compliance are just as essential. Continue Reading

Security Blog Log: The never-ending PatchGuard debate

This week, security vendor fright over the Windows Vista PatchGuard feature permeates the blogosphere. Is Microsoft the boogeyman, or just misunderstood? Continue Reading

Research shows massive botnet growth

Reports from McAfee and Microsoft show bot herders are gaining ground and threatening national infrastructure. Some suppliers hope to strike back by sharing resources. Continue Reading

By

• Bill Brenner

What storage managers are buying and why, page 7

What storage managers are buying and why Continue Reading

What storage managers are buying and why, page 6

What storage managers are buying and why Continue Reading

Security researcher, professor influences students for life

Dorothy Denning, a professor of defense analysis at the Naval Postgraduate School, has contributed to the field of data security. Her work earned her a Security 7 award. Continue Reading

By

• Marcia Savage, Editor

SDL expected to help fulfil Vista security promises

Windows Vista is expected to be the most secure Microsoft product released thanks to the company's implementation of the Security Development Lifecycle (SDL). Continue Reading

By

• Michelle Davidson, TechTarget

Information Security Decisions Session Downloads

Session Downloads from Information Security Decisions 2006 Conference. Continue Reading

Enhanced Identity and Access Management

From consolidating directories to automating provisioning and rolling out single sign-on, these sessions identify how leading organizations are strengthening authorization and enforcing access controls. Continue Reading

Snyder On Security: An insider's guide to the essentials

Joel Snyder, senior partner with consultancy Opus One, provides an in-depth look at information security trends and technologies. Continue Reading

Rural Payments Agency project failed after IT system costs spiralled

Delays in implementing a bespoke IT system led to the Rural Payments Agency (RPA) failing to pay subsidies to farmers on time, according to a National Audit Office report. Continue Reading

By

• Will Hadfield

Nmap Technical Manual

By now, most infosec pros have heard of Nmap, and most would agree that even though the popular freeware tool is invaluable, installing, configuring and running it in the enterprise is no easy task. With that in mind, SearchSecurity.com, in collaboration with security expert Michael Cobb, has produced an Nmap Tutorial, detailing how this free tool can help make your organization more secure. Continue Reading

Security Bytes: Flaws fixed in Bugzilla

Meanwhile, security holes are also plugged in Cisco's Wireless Location Appliance software and Clam AntiVirus. Continue Reading

By

• Bill Brenner

Microsoft caves to pressure over Vista security

To accommodate third-party security vendors and appease antitrust regulators in Europe, Microsoft will make some final tweaks to Windows Vista. Continue Reading

By

• Bill Brenner

Microsoft to fold security into Windows division

The software giant said the move would make future Windows development efforts more efficient. The changes take effect after Microsoft releases Vista. Continue Reading

By

• SearchSecurity.com Staff

Security Blog Log: Taking Google Code Search for a spin

This week, the blogosphere is buzzing about Google Code Search. Despite concerns that the tool will aid attackers, some see it as a boost for security. Continue Reading

What to do when your server goes down

When a server goes down at a particular time every night without the prompt of a virus, our expert, Puneet Mehta, can tell you what the problem is and what you can do to avoid it. Continue Reading

By

• Puneet Mehata

Brief: Malicious Web site poses as Google

A malicious Web site poses as Google's Italian site, but attempts to install malicious ActiveX controls on victim's machines and ultimately redirect them to adult content. Continue Reading

By

• SearchSecurity.com Staff

Inside MSRC: Public vulnerability disclosures on the rise

Even though irresponsible publicly disclosed vulnerabilities seem to be on the rise, Microsoft's Christopher Budd discusses how the software giant was able to quickly release a fix for the recent VML flaw, plus offers best practices on how to make sure all of this month's software updates are installed correctly. Continue Reading

McAfee CEO Samenuk retires in wake of options probe

The investigation into stock option grants is complete and company president Kevin Weiss has been fired, as well. Continue Reading

By

• Dennis Fisher

Google Code Search gives security experts a sinking feeling

The new search tool from Google can help developers find useful code examples. But security experts worry that it also will make attackers' jobs that much easier. Continue Reading

By

• Dennis Fisher

Banking on the future

As the banking landscape changes and global competition takes hold, IT offers banks a way of differentiating themselves from the competition, so how do they balance innovation and imitation in this tough market sector? Continue Reading

Midmarket IT pros have NAC for identity, access management

Midmarket firms may not have the budgets of large companies, but IT pros can build identity and access management programs that are as effective as what the big guys have. Continue Reading

By

• Bill Brenner

Symantec unveils Security 2.0 initiative

As part of Security 2.0, Symantec unveiled new products and partnerships with VeriSign and Accenture to help customers secure their databases, manage risk and fight ID theft. Continue Reading

By

• Bill Brenner

Tiered storage becoming tried and true

Tiered storage matches the value of data with the performance (and expense) of storage. Ideally, tiered storage can save money, while easing the access demands to any single storage tier. While tiered storage has clearly brought storage costs and performance into focus, it has yet to reach its full potential in the enterprise. Continue Reading

School district expels outsourced backup, enrolls CDP

Revere School District dumps tape and outsourced backup, and deploys SonicWall's continuous data protection product. Continue Reading

By

• Alex Barrett, News Director, Data Center Media Group

Test your IQ: Business continuity -- ANSWER

This type of plan specifies a means of maintaining essential services at the crisis location. Continue Reading

DPM's Diary: 3 October 2006

Monday Continue Reading

By

• C P Bound

ZERT rekindles third-party patching debate

This week in Security Blog Log: IT security pros express more reservations about third-party patching, including the CEO of a company that released one a few months ago. Continue Reading

PING with Suzanne Hall

In this exclusive interview with Information Security magazine, Suzanne Hall, AARP director of IT operations and security, examines how security professionals can enable telecommuters and mobile workers while keeping their data secure. Continue Reading

More from SearchSecurity September 2006

This month's round up weighs the pros and cons of security information management systems (SIMs) plus four case studies illustrating the different roadblocks security managers can encounter Continue Reading

On privacy laws, every state is one of confusion

It's getting increasingly difficult for US firms to comply with regulations . David A. Meunier feels that it's time to develop safeguards and processes for this ever-changing regulatory environment. Continue Reading

By

• David A. Meunier

Top 5 free Windows security downloads

The place where you can find free tools that help you crack passwords, remove troublesome spyware and enhance network security. Check out our five most popular tools and find out what you've been missing. Continue Reading

Voice over IP Fundamentals: Chapter 9, 'Billing and Mediation Services'

Voice over IP Fundamentals: Chapter 9, 'Billing and Mediation Services' Continue Reading

Stration worm targets Windows machines

The worm uses several fake email messages, including one claiming to be a security update. Users are advised to avoid unsolicited email attachments. Continue Reading

By

• Bill Brenner

Symantec Dark Vision app monitors underground IRC servers

New research project keeps tabs on the hacker underground, providing new insight on activities like credit card theft and spamming. Continue Reading

By

• Dennis Fisher

IT pros worried about unsecured devices

IT admins keep working to make networks secure even as more unsecured personal gadgets their way into companies. Continue Reading

By

• Eileen Kennedy, News Writer

Hijacked consumer machines target the enterprise

Attackers continue to strike gold by targeting consumers who lack the security savvy to address desktop application flaws, according to Symantec Corp. Enterprises ultimately pay the price. Continue Reading

By

• Bill Brenner

NetApp operations chief talks growth

Tom Georgens, executive vice president and general manager at NetApp -- also rumoured to be in the running as next CEO -- discusses what's driving its growth. Continue Reading

By

• Jo Maitland, TechTarget

Apple fixes Mac Wi-Fi flaws

Updated: Attackers could exploit flaws in Apple's wireless technology to cause a denial of service or run malicious code, resulting in the full takeover of vulnerable Mac machines. Continue Reading

By

• Bill Brenner

Secure network perimeter to result from Symantec-Juniper deal

Juniper and Symantec announced a deal to integrate Symantec's client security software with Juniper's security hardware. The result will allow endpoint compliance and access control platforms to secure the enterprise perimeter. Continue Reading

By

• Amanda Mitchell, News Editor

Three ways to create clustered storage

Clustered storage systems run on storage servers, NAS gateways and hosts. Here's how to determine which clustered file-system architecture is best for your needs and storage environment. Continue Reading

Dell and EMC: Five more years

Dell leans on EMC for support in the face of an SEC investigation and possible delisting from NASDAQ. Continue Reading

By

• Alex Barrett, News Director, Datacenter Media Group

Big security fixes for QuickTime, Flash Player

Apple and Adobe warned that attackers could exploit multiple flaws in QuickTime and Flash Player to run malicious code on targeted machines. Continue Reading

By

• Bill Brenner

Secure network perimeter to result from Symantec-Juniper deal

Juniper and Symantec announced a deal to integrate Symantec's client security software with Juniper's security hardware. The result will allow endpoint compliance and access control platforms to secure the enterprise perimeter. Continue Reading

By

• Amanda Mitchell

Data storage compliance's impact on storage product choices

Data storage compliance is having a tremendous impact on the storage organization, as well as the management practices employed to retain, search, certify and destroy data. It's not just regulations like SOX or HIPAA that influence storage -- there are well over 10,000 regulations that affect data storage, backup and protection across a range of industries. But companies are often left alone in their quest to identify the regulations that relate to them, identify what data should be saved and implement storage to meet those regulations. This article covers the essential goals of data storage compliance, examines implementation considerations and obstacles and reviews the impact of compliance on storage. Continue Reading

Security Bytes: Hackers target the Terminator

In other news, Symantec upgrades its Norton product line and the Anti-Phishing Working Group says phishing activity soared this summer. Continue Reading

By

• SearchSecurity.com Staff

Storage upstarts are tipping the vendor scales

The big storage vendors are always trying to steal a piece of each other's pie. But some small tech upstarts might play big parts in determining who comes out on top. Continue Reading

Fast Guide: VoIP encryption

A guide to encryption within VoIP networks Continue Reading

Security Bytes: New flaw in Cisco IOS

Security news including Cisco, Mozilla hires a former Microsoft strategist to bolster security, a new "pump-and-dump" stock spam campaign is discovered and TippingPoint lists info on new flaws. Continue Reading

By

• SearchSecurity.com Staff

Security Blog Log: Word doc scam evades spam filters

Also this week: A researcher gets a harsh reward after flagging a University of Southern California Web site flaw, and more blogs are keeping an eye on the latest security breaches. Continue Reading

ControlGuard targets rogue devices

ControlGuard Access Manager is an effective tool for controlling what devices users can add to their workstations and how they are used. Continue Reading

By

• Harris Weisman, Contributing Writer

Proofpoint delivers strong messaging security

Proofpoint Messaging Security Gateway is a highly recommended, affordable solution for big enterprises that need protection from email-based attacks. Continue Reading

By

• Phoram Mehta, Contributing Writer

Cisco, Microsoft unveil NAC/NAP interoperability

Nearly two years into their partnership, Cisco and Microsoft yesterday announced a joint architecture combining their network access security solutions. Continue Reading

By

• Andrew R. Hickey

Cisco, Microsoft unveil NAC/NAP interoperability

Nearly two years into their partnership, Cisco and Microsoft yesterday announced a joint architecture combining their network access security solutions. Continue Reading

By

• Andrew R. Hickey

Revamped Cisco WAFS worth the wait, users say

Months late, Cisco has finally released a combined Wan optimisation and WAFS product, while startups like Riverbed have been snapping up the customers. But some Cisco beta testers say it has been worth the wait. Continue Reading

By

• Beth Pariseau, Senior News Writer

Protecting wireless networks: Step 3

Security testing expert Kevin Beaver covers the tools and techniques needed to find and exploit insecure wireless networks. Continue Reading

Protecting wireless networks: Step 2

Security testing expert Kevin Beaver covers the tools and techniques you'll need to find and exploit insecure wireless networks. Continue Reading

Wireless network security testing

Attack your own wireless networks to find vulnerabilities before malicious hackers do. Continue Reading

Attacks against MS06-040 on the rise

Six pieces of malware are now going after the Windows Server Service flaw outlined in MS06-040, and a spike in attacks has led Symantec to raise its ThreatCon to Level 2. Continue Reading

By

• Bill Brenner

Emulex acquisition could cloud future of FC-SATA spec

New Emulex subsidiary Sierra Logic's strength is in FC-SATA bridging technology. Meanwhile, ONStor launches midrange clustered NAS, and Quantum shareholders withhold votes. Continue Reading

By

• Beth Pariseau, Senior News Writer

Identity and Access Management Security School

This Security School explores critical topics related to helping security practitioners establish and maintain an effective identity and access management plan. Continue Reading

Survey: Data breaches difficult to spot, prevent

IT pros worry that false positives and a lack of resources are preventing them from blocking data breaches Continue Reading

By

• Bill Brenner

Symantec CIO vies with virtualization, device policy

Symantec CIO David Thompson says virtualization is a big part of the security giant's future and it has developed a policy to mitigate virtualization security risks. Continue Reading

By

• Dennis Fisher

Malware database access sparks debate

Should an emerging database of more than 300,000 malware samples remain a walled community for trusted users, or is open access the best way to fight off digital desperados? Continue Reading

By

• Bill Brenner

AT&T breach affects 19,000 customers

Online outlaws hacked into an AT&T computer system and stole credit card data on thousands of customers. AT&T has offered to pay for credit monitoring services for those affected. Continue Reading

By

• Bill Brenner

An era ends as Tandberg buys Exabyte

The once-dominant player in the tape market has ended a long downward spiral by selling off its assets. At least customers can now count on continued support, analysts say. Continue Reading

By

• Beth Pariseau, Senior News Writer

Risk management: Data organization and impact analysis

This first article of the Insider Risk Management Guide explains how to data organization is the first step in implementing insider threat controls. Continue Reading

Risk management: Implementation of baseline controls

This fourth article in the Insider Risk Management Guide examines the implementation of baseline controls. Continue Reading

Risk management: Baseline management and control

Identifying baseline controls is the second step to implementing insider threat controls as described in this article from SearchSecurity's Insider Risk Management Guide. Continue Reading

Risk management references

References for our Insider Risk Management Guide. Continue Reading

Risk management audit

This article explores the audit function in the insider risk management process. Continue Reading

BackTrack: The gotta-have, free, network security tool you've never heard of

Get the power of Linux-based security tools on Windows with this free suite of open source security tools. Contributor and vulnerability assessment expert Kevin Beaver introduces BackTrack and explains its network security testing features. Continue Reading

By

• Kevin Beaver, Principle Logic, LLC

Microsoft probes alleged Internet Explorer flaw

A research group claims attackers could launch malicious code using a flaw in the way Internet Explorer instantiates certain COM objects' ActiveX controls. Continue Reading

By

• Bill Brenner

Third-party patching: Prudent or perilous?

Security patches issued by third parties have become more prevalent in recent months, and while some security pros endorse them, others say they're more trouble than they're worth. Continue Reading

By

• Bill Brenner

Look through the over-hyped storage terms; find the value

Storage expert Marc Staimer discusses the storage vendor trend of using over-hyped terms to sell their products, and how you can find the true value in what they're selling. Continue Reading

Are tape backups a thing of the past when it comes to disaster recovery?

I guess we have to look at disaster recovery, when it comes to tapes, in order of priorities. So, if we're talking about your most critical applications nowadays -- your most critical data -- tape backup is actually losing favor to disk backup or data replication. Continue Reading

Security Blog Log: Opinions abound on IBM/ISS deal

Bloggers ponder what IBM's acquisition of ISS says about the industry as a whole. Is the end in sight for independent security vendors? Continue Reading

How do I identify what data to replicate and what data to simply backup?

It goes back again to the value of the data to your organization -- or the impact of losing access to this data. Typically, from a business continuity perspective, the best way to establish this is through what we call a "business impact analysis," which really measures the impact of an outage on your revenue stream or your organization from a public perception point of view. Continue Reading

What is the difference between RPO and RTO (from a backup perspective)?

The recovery point objective (RPO) and the recovery time objective (RTO) are two very specific parameters that are closely associated with recovery. The RTO is how long you can basically go without a specific application. This is often associated with your maximum allowable or maximum tolerable outage. Continue Reading

What is the most important aspect of data protection when it comes to DR?

You could answer that with one word really, and I would have to say "testing." Just "testing." Whatever you do when you're protecting data, whether it's a backup, whether it's replication, whatever it is, make sure that you test what you put in place. Just because the vendor's glossy ad said that theproduct allows you to restore "virtually in seconds," I wouldn't necessarily take their word for it. Continue Reading

Weekly compilation of storage news

Symantec peddles enterprise vault toolT and the new features developed because of a recent update to the US Federal Rules of Civil Procedure. Continue Reading

By

• SearchStorage.com Staff

Aren't backups and archives essentially the same thing?

The answer to that can be a "yes" and "no." If we look at a very high level, a copy of data is a copy of data, and that's where a lot of people confuse both as being somewhat the same -- one copy is just kept longer. When we start digging into what a backup is for and what an archive is for, that's when we really start seeing the distinction between the two. Continue Reading

What do tiered storage and ILM have to do with disaster recovery?

That idea ties back into the topics of data growth, data control, data management and recoverability. Once you start categorizing your data based on criticality and recovery priority, it gives you an indication of your data segments. We have our high-priority data, we have our medium criticality data and we have our low restore priority data. Continue Reading

How far apart should my production and alternate recovery sites be?

As a good consultant, I would have to use the typical answer; it depends. We have a few things to consider here. First, what kind of disaster are you trying to protect yourself (or your organization) from? Second, what is your geography like? Continue Reading

Cisco patches flaws in multiple products

Attackers could corrupt files, cause a denial of service and bypass security restrictions via flaws in several of Cisco's firewall and VPN products. Continue Reading

By

• Bill Brenner

Remote access, WAN optimization, and network analysis news

Briefs: Remote access from Positive Networks helps with disaster recovery plans; Ipanema Technologies provides WAN optimization; Lancope rolls out network behavior analysis and response system tools. Continue Reading

By

• Andrew R. Hickey

Briefs: VoiceCon in the news

This week at VoiceCon we saw everything from managed VoIP services to IP phones made to make mobile workers right at home, wherever they are. Continue Reading

By

• Amanda Mitchell, News Editor