Enterprise Security

E4b33dbe234685965beb3e9f2a0ad456

Need to consolidate information security compliance efforts? Try open source.

March 12, 2010 Added by:Ted LeRoy

Many organizations have to comply with multiple regulatory requirements for their information security infrastructures.  Fragmented efforts to comply Sarbanes-Oxley (sarbox or SOX), Gramm Leach Bliley Act (GLBA), Health Insurance Portability and Accountability Act (HIPAA),  Payment Card Industry - Data Security Standard (PCI-DSS), and ISO 27000 series, to name a few, can result in c...

Comments  (0)

6d117b57d55f63febe392e40a478011f

Hacker Releases Second Video of Enhanced XerXeS DoS Attack on Apache Vulnerability

March 11, 2010 Added by:Anthony M. Freed

Infosec Island has once again gained exclusive access to a video demonstration of the XerXeS DoS. This new video shows a little more of the XerXeS dashboard, and reveals even more about the attack technique – watch the text box on the left as Jester mentions “Apache” for the first time outside of our private conversations.

Comments  (15)

2ae549cf604c064a34019c7bd4a81e24

Newbie Introduction to Digital Forensics Part 2

March 08, 2010 Added by:Juan Granados

The information available on the internet can be a blessing and a curse at the same time. The multitude of information can be overwhelming for the newly annointed "Padawan" learner. One thing was clear....Forensic analysis was an art rather than a science. My hope of finding a "Cliff's Notes" version of "Digital Forensics" would prove to be impossible.

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Simple Log Review Checklist Released!

March 08, 2010 Added by:Anton Chuvakin

Today, many people are looking for very simple solutions to big and complex problems – and the area of logging and log management is no exception. Following that theme, we have created a "Critical Log Review Checklist for Security Incidents" which is released to the world today.

Comments  (1)

2ae549cf604c064a34019c7bd4a81e24

Newbie introduction to digital forensics Part 1.

March 08, 2010 Added by:Juan Granados

The economic and business challenges of the last year have forced changes to business priorities in many areas. For IT, increased scrutiny was placed on data leakage and security. When times are good, businesses can become distracted with new products and technologies. It is not until budgets are cut that the focus moves inward.

Comments  (1)

E4b33dbe234685965beb3e9f2a0ad456

Google, Adobe, and Big Oil Attack Commonalities

March 07, 2010 Added by:Ted LeRoy

The work of protecting information is becoming more difficult with time.  The recently discovered attacks on Google, Adobe, Marathon Oil, ExxonMobil, and ConocoPhillips illustrate an alarming trend.  The attacks even gave rise to a new attack model, the Advanced Persistent Threat (APT).

Comments  (0)

A3e8b5e0becdbfb1b1c706b452b6c388

Road Map for an Application/Software Security Architect (Part 6)

February 26, 2010 Added by:Stephen Primost

So, the application designer has disclosed that the solution for the web services being designed will involve the (1) need to authenticate; (2) need to determine levels of authorization; and (3) [by the way] need to have some personalized data be carried forward to the application. If you, as a the security architect involved in the security assessment process, are smart, you would have a security...

Comments  (0)

1e44bd91360d3c685c3d78efcf0bea2e

Consider Outsourcing Your Network Security

January 27, 2010 Added by:Ken Leeser

As more and more critical applications and services move to the cloud, organizations are increasingly receptive to the idea of using a managed security service to protect their network and information assets.

Comments  (1)

A3e8b5e0becdbfb1b1c706b452b6c388

Road Map for an Application/Software Security Architect (Part 5)

December 30, 2009 Added by:Stephen Primost

Without a Digital Identity, how would you expect to do any authentication? And with an incomplete Digital Identity, how would you expect to get the authorization done correctly? Without the proper data model and the expectation that it would have the correct data (besides being in the right place at the right time), securing a system is impossible, although having the information, it is the easies...

Comments  (0)

09e5dbdf8a3bd6dccce5621459b11e26

Containment Phase - Incident Response

December 19, 2009 Added by:Mark Bennett

...the whole point of Incident Response..Having a Plan! In the containment phase of Incident Response you want to prevent the attacker from getting any further into the organization or spreading to other systems.

Comments  (0)

634ff692af43fd4dc5dab3b8590c77d6

Virtualization : the maneuver tactic !

December 17, 2009 Added by:K S Abhiraj

The lure of virtualization is clear. From the business perspective, it means faster time-to-market for new technology enabled services and a strong foundation for new strategic initiatives, such as cloud computing. For technology organizations, virtualization promises faster server provisioning, increased hardware utilization, and lower costs for disaster recovery (DR).

Comments  (0)

A3e8b5e0becdbfb1b1c706b452b6c388

Road Map for an Application/Software Security Architect (Part 4)

December 15, 2009 Added by:Stephen Primost

Planning your application's use of the digital identity is not an after-thought of system architecture. At the least, it might offer the occasional lack of reliable and conflicting information. At the worst, it provides little, if no protection, at all. And like the proverbial little dutch boy, you will be putting fingers in the holes of the dike, attempting to shore up an weak infrastructure with...

Comments  (0)

F6bae6ee0c7dfe5b62860cc8ebf311fe

Boole server - Data centric remote access, auditing and encryption

December 09, 2009 Added by:John England

Maintaining confidentiality and protection of data from unauthorized access are basic requirements for a security system. Boole Server is able to fulfil these protection requirements to a very high standard. Ease of use and versatility in configuration enables Boole Server to be the development platform delivering all the tools necessary for the complete protection of information circu...

Comments  (0)

D5e39323dd0a7b8534af8a5043a05da2

Packet fragmentation vs the Intrusion Detection System

December 08, 2009 Added by:Fred Williams

How well does Snort IDS handle packet fragments when the fragments could contain a potentially malicious software attack? Let's read on.... I found a really great article written in 2007 on how an author setup a lab environment to test this theory.

Comments  (2)

7fef78c47060974e0b8392e305f0daf0

'Mafia Wars' CEO Brags About Scamming Users from Day One

November 29, 2009 Added by:Infosec Island Admin

I've never played Mafia Wars myself, but it's a very popular Facebook game that many of my friends play and annoy me with the constant broadcast news feed messages. It's one of the more popular Facebook applications and -like most of them- pose a real risk to the players and players friends within the Facebook community.

Comments  (3)

6d117b57d55f63febe392e40a478011f

Internet Security Alliance: Cyber Security is Economic Issue

November 18, 2009 Added by:Anthony M. Freed

"The President is correct in his appreciation of the need to view cyber security as... an economic one as well. In the 21st century - the digital century - economics and security are opposite sides of the same coin. You cannot affect one without impacting the other..."

Comments  (0)

Page « < 74 - 75 - 76 - 77 - 78 > »