Security News Letter

April 12th, 2004

 
 
   Download ZoneAlarm Pro

 Download ZoneAlarm Pro Here

Download eEye's Retina Vulnerability Scanner Here
 Jumpline.com VDS Web Hosting

 

 Kaspersky Anti-Virus: Install & Feel Safe!

Cisco Admits Security Problem, Issues Stronger Protocol 
It has released a protocol that it says isn't vulnerable to dictionary attacks.
By Mobile Pipeline News 

Cisco Systems has acknowledged security problems with its proprietary Lightweight Extensible Authentication Protocol (LEAP) and released a new security protocol that it said eliminates the threat. The problems with LEAP were highlighted by the release last week of a tool that attacks the protocol. The tool, called "asleap," was released by Joshua Wright, a security architect for Johnson & Wales University. 
Cisco then released its EAP Flexible Authentication via Secure Tunneling (EAP-FAST) protocol, which it said isn't vulnerable to dictionary attacks. It announced the release--and acknowledged the problems with LEAP--in a security notice posted on Cisco's site. 
In that notice, Cisco acknowledged that, "as with most password-based authentication algorithms, Cisco LEAP is vulnerable to dictionary attacks." It described EAP-FAST as a protocol "for users who wish to deploy an 802.1X Extensible Authentication Protocol type that doesn't require digital certificates and isn't vulnerable to dictionary attacks." 
Cisco suggested that if people want to continue using LEAP, they should create a strong password policy. Otherwise, the security notice suggested, they may wish to migrate to EAP-FAST or similar protocols such as PEAP or EAP-TLS. 

 

 

Security Products:

HIPAA Step by Step Training

April 20th and 22nd classes are closed out Additional class May 20th 

 

 

PestPatrol is a powerful security and personal privacy tool that detects and eliminates destructive pests like trojans, spyware, adware and hacker tools. It complements your anti-virus and firewall software, extending your protection against non-viral malicious software that can evade your existing security and invade your personal privacy. These pests often lurk silently on your computer until something – or someone – sets them off. When that happens, you could lose passwords, personal data, credit card numbers, and - if you telecommute and connect to your office via a VPN - open up a back door for the hacker into your entire company network. Click here for Pest Patrol

 

Intrusion Detection Systems

bulletIntruvert

Vulnerability Scanners

bullet

eEye's Retina

Firewalls

bulletNetscreen
bulletCheckpoint

Management

bulletSolarWinds

Virus Control

bulletMail Marshall

Services

bulletSecurity audit
bulletPerimeter Vulnerability Scan
bulletRouter/ switch optimization for security
bulletFirewall checking and configuration
bulletVPN Design and Implementation
bulletNetwork design
bulletnetwork based application analysis
bulletNetwork Baselining
bulletSecurity baselining

 

 
  BlackICE PC Protection

This mailing has been performed by Aavex Technology Corporation
42w588 Still Meadows Lane, Elburn IL 60119 USA,  630-365-0025 in compliance with the "CAN-SPAM Act of 2003",  approved and signed by the president of The United States of America on Dec. 16, 2003. For this reason, this email cannot be considered SPAM This newsletter contains commercial advertisement.

 

  

Copyright © 2004 Aavex Technology