Member Login

E-mail:    Password:  




 TitleDate AddedCompany
whitepaper Web application security: automated scanning versus manual penetration testing2008-01-01 IBM
  Web sites are vulnerable to Web application attacks and a great percentage of these attacks occur over the HTTP/S protocols, ports that are often exposed to the entire online community. It's essential for organizations to take serious measures to help secure their Web applications.

There are two primary methods for discovering Web application vulnerabilities: using manual penetration testing and code review or using automated scanning tools and static analysis. The purpose of this paper is to compare these two methods.

Tags: Best Practices, Security Management		   
whitepaper Take a holistic approach to business-driven security2008-06-11 IBM
  Organisations often take a bottoms-up approach to security because security solution vendors typically promote this approach to their clients. But this methodology often creates an excessively complex and disjointed security infrastructure.

This paper introduces actions that organisations can take to drive security efforts from a business and operational perspective and discusses how security leadership from IBM can help enable their success

Tags: Security Standards, Security Management, Security Tools, Best Practices		   
whitepaper SprintSecure Message Protection Fact Sheet2008-05-28 Sprint
  SprintSecure(sm) Message Protection keeps businesses safe from potential security risks due to the explosive growth of email. Read this solution brief to see how to keep your email assets safe and protected against viruses, worms, denial-of-service attacks, and spam.

Tags: Denial of Service, Security Tools, Email, Spam - E-mail Fraud - Phishing		   
whitepaper Cisco Security Advisory: Cisco IOS Secure Shell Denial of Service Vulnerabilities2008-05-21 Cisco Systems
  The Secure Shell server (SSH) implementation in Cisco IOS contains multiple vulnerabilities that allow unauthenticated users the ability to generate a spurious memory access error or, in certain cases, reload the device. The IOS SSH server is an optional service that is disabled by default, but its use is highly recommended as a security best practice for management of Cisco IOS devices. SSH can be configured as part of the AutoSecure feature in the initial configuration of IOS devices, AutoSecure run after initial configuration, or manually. Devices that are not configured to accept SSH connections are not affected by these vulnerabilities.

Tags: Denial of Service		   
whitepaper CAMNEP: Agent-Based Network Intrusion Detection System2008-05-16 IFAAMAS
  This paper presents a prototype of agent-based intrusion detection system designed for deployment on high-speed backbone networks. The main contribution of the system is the integration of several anomaly detection techniques by means of collective trust modeling within a group of collaborative detection agents, each featuring a specific detection algorithm. The anomalies are used as an input for the trust modeling. In this stage, each agent determines the flow trustfulness from aggregated anomalies. The aggregation is performed by extended trust models that model the trustfulness of generalized situated identities, represented by a set of observable features. The system is based on traffic statistics in NetFlow format acquired by dedicated hardware-accelerated network cards, and is able to perform a real-time surveillance of the gigabit networks.

Tags: Security Tools, Intrusion Detection Systems		   
whitepaper No More FTP: Eliminate FTP and Email Attachment Issues2008-05-14 Proofpoint
  Today's business environment requires ad hoc and instantaneous sharing of information. Systems for sending large files have not kept pace with the needs of today's enterprise, where increasingly large and sophisticated business documents, files and media need to be quickly transmitted and shared with coworkers, business partners and customers around the world.

Existing solutions for sending large files fall short in several regards: Email does not handle large files efficiently and FTP is too difficult to manage, administer and use. End users often resort to time-consuming workarounds such as burning CDs or using unapproved (and uncontrolled) technologies such as third-party file transfer services or instant messaging.

But new technologies for secure file transfer can eliminate these problems. Download this free whitepaper from Proofpoint and learn:
  • Why conventional FTP and email attachment methods are no longer the preferred solution for large file transmission
  • The security and compliance risks associated with traditional file transfer methods
  • The pros and cons of different file transfer methods
  • Regulatory compliance benefits of an appliance-based approach to secure file transfer
  • How Proofpoint Secure File Transfer makes it easy and secure for users to send large or sensitive files, while reducing IT admin and email infrastructure costs


Tags: Security Management, Security Tools, Data Recovery - Security, Email		   
whitepaper Raising the bar for hackers (Security)2008-05-09 siemens
  Many production plants are linked to the Internet and utilize standard software, which makes them a potential target for hackers. Siemens is making these systems more secure.

Tags: Network Security, Intrusion Detection Systems, Cyber Security		   
whitepaper Extending PCI Compliance to the Mobile Workforce2008-05-07 Fiberlink Communications
  The Payment Card Industry (PCI) Security Standards Council developed an explicit Data Security Standard (DSS) which outlines the minimum controls necessary to protect the system components that support cardholder data environments. The Council added teeth to the security standard by enforcing it through regular audits and assessments conducted by authorized agencies. The controls outlined in the 12 requirements of PCI DSS specifically address system components - the point-of-sale devices, servers, network, applications and storage - that support cardholder data environments. Consequently, this is the network segment that organizations focus on when devising, implementing, maintaining and assessing their security controls.

Tags: Best Practices		   
whitepaper NAC at the endpoint: Control your network through device compliance2008-05-01 Sophos
  Protecting IT networks used to be a straightforward case of encircling computers and servers with a firewall and ensuring that all traffic passed through just one gateway. However, the increase in mobile workers, numbers and type of device and the amount of non-employees requiring network access, has led to a dissolving of that network perimeter. Access requests can come from anyone and anywhere, which is why organizations are turning to network access control (NAC) technologies. This paper discusses why NAC is important and how it should be implemented on the endpoint for maximum protection.

Tags: Network Security, Security Management, Intrusion Detection Systems, Best Practices		   
whitepaper Gartner MarketScope for Network Access Control, 2008 brought to you by Sophos2008-05-01 Sophos
  About half of the vendors in the network access control market are startup companies, most of which will grow in 2008. Starting in 2009, the overall market will begin to consolidate, as established network and security vendors embed and enhance NAC functions into their products. This Gartner report assessed vendors on the following criteria: market understanding, marketing strategy, sales strategy, offering (product) strategy, overall viability (business unit, financial, strategy, organization) and sales execution and pricing. This report is brought to you by Sophos.

Tags: Network Security, Security Management, Security Tools, Intrusion Detection Systems