Host-Based Protection Protects Servers
Last Line of Defense
We've been saying it for ages -- perimeter-based security is just not enough. Find out how a proactive, host-based approach will protect your endpoints from multifront assaults.
Mike DeMaria , Network
Computing news
Who says Americans aren't as soccer-adept as the rest of the world? We think the best matches take place not in the stadiums of Italy or Peru, but on fields in Everytown, U.S.A. In one recent barn burner, a kid charged straight toward the goal, and the goaltender lined up to deflect a direct kick. In a surprise attack, the player kicked the ball right, bouncing it off the forehead of his teammate and into the goal. The crowd went wild. Corporate security administrators should take note. Mistake No. 1 is thinking that attacks will come from a single, defined and visible location: the Internet. In truth, strikes come from every angle, and attackers aren't going to storm the front gate without first trying all the windows. Case in point: When the MS SQL Slammer worm broke out, administrators thought they were safe if they'd blocked traffic to UDP Port 1434 on the firewall. Wrong. Remote laptop users picked up the worm and brought it into many organizations. That brings us to the second point. Defense becomes exponentially more difficult when you're guarding multiple fronts. Most large enterprises have numerous firewalls, VPNs, remote-user authentication devices, IDS sensors, antivirus gateways and desktop software packages, and traffic shapers, making even something as seemingly simple as blocking a port or an IP address vastly complex. An attacker needs to find only one hole, and he or she is in.
More....
Linux/Windows security debate rolls on
PCW
No overall winner as analysts ponder pros and cons of both operating systems
Analysts are split over which is more secure: Windows or its operating system rival, Linux. Forrester Research has concluded that Windows is actually as secure as Linux, suggesting that Microsoft provides security updates more quickly than companies such as Red Hat.
But the Linux distributors covered by the report - Red Hat, SuSE, MandrakeSoft and Debian - have insisted that Forrester did not take into account that they handled critical flaws much faster, often within hours.
And another report, from the Robert Frances Group, and sponsored by IBM, rates Linux an A- for server and A for desktop patch management, versus Windows at C+ and C- respectively.
The report states: "Windows requires substantial improvements before it will be on a par with Linux, and desktops receive the lowest score because of the high cleanup costs many companies have experienced dealing with viruses."
More....
Q&A: Securing Mobile Workers
By 2006, over half the U.S. workforce will be mobile. Security managers face a daunting task.
by Mathew Schwartz
Thank the dot-com boom for loosening company attitudes toward telecommuting and working on the go. Kudos to Moore’s Law, broadband, and Wi-Fi for not only enabling slim, powerful portables, but the network pipes to move information quickly.
Then thank it all for the resulting security problems. Simply put, security hasn’t kept pace with the mobile revolution. As a result, “IT managers find it virtually impossible to keep up with the increasing security threats that mobility presents,” notes Yankee Group analyst Matthew
Kovar.
Users able to connect from anywhere while using corporate machines means one thing: security problems. Security managers have a hard time ensuring the tall guy in the corner table with a latte isn’t using a wireless packet sniffer to watch any sensitive corporate information flying by.
The problem is only going to increase with the number of mobile users. According to an Access Markets International survey, by 2006 over half the U.S. workforce—67 million workers—will be mobile. Of course, they’ll want to connect from hotels, café Wi-Fi hotspots, their hotel rooms, and home broadband connections. Each poses its own security risks.
To discuss the difficulty of securing mobile workers, and what companies can do about it, Security Strategies spoke with Skip Taylor, vice president of product marketing at Fiberlink Communications, a remote access software maker and managed VPN services provider.
How has the mobile connectivity security landscape changed in recent years?
More....
Five Signs Your Enterprise Needs Distributed Security
After years of merely reacting to new vulnerabilities, a centralized security model can no longer counter today's threats.
by Irfan Salim
Nothing stays the same. Technology that lit the world on fire yesterday will be inadequate tomorrow. This is especially true for security technology.
On an intellectual level, we all know this. It is ironic, then, that while we wring every bit of productivity out of new technologies, we spend far less time preparing our defenses for the vulnerabilities these technologies bring. After years of merely reacting to new security vulnerabilities, we find ourselves in a castle built on sand; the centralized security model that served so well in the past is old and, while it still has its uses, is not able to counter all of today's threats.
Here are five common enterprise scenarios. They may seem innocent enough, but if you rely too much on legacy, centralized security, they are exposing you to risk. Do they sound familiar?
More....
TCP
catastrophe?
New router vulnerability could be a crisis — but you can take
steps to avert it
By Wayne Rash
Last week's announcement hit
the security community like a love tap from a sumo wrestler.
Nearly every router on the Internet, even those only distantly
connected, was vulnerable
to a potential exploit that could shut down whole sections of
a network and maybe even the Internet itself. Worse, the
vulnerability was something so basic -- the design of TCP itself
-- that the problem touches everyone. (You can find a detailed,
very technical description at Cisco.)
In brief, the vulnerability allows a TCP connection to be
reset. This isn’t a big deal most of the time, but if enough
such resets happen quickly, the device that is terminating the
session (a switch, router, firewall, or something similar) can be
effectively shut down and will then be removed from the Internet
routing tables. If the device is the only means to access a
network segment, then that segment is effectively removed from the
Internet.
Until now, the assumption was that it would be impossible for
someone to guess the information required to attack a device and
cause these session resets to happen, but it turns out it’s not
so hard after all. More....
Will Trade Passwords For Chocolate
By Mitch Wagner, Security
Pipeline
Almost three quarters of office workers in an impromptu man-on-the-street survey were willing to give up their passwords when offered the bribe of a chocolate bar. The organizers of the conference Infosecurity Europe 2004 plans to announce on Tuesday that they surveyed office workers at Liverpool Street Station in England, and found that 71 percent were willing to part with their password for a chocolate bar.
The survey also found the majority of workers would take confidential information with them when they change jobs, and would not keep salary details confidential if they came across the details.
Some 37 percent of workers surveyed immediately gave their password. If they initially refused,
More....
