Security

Case Studies

Vendor Webcast

Show all content

Title Date Added Company

Detecting and Preventing Attacks Using Network Intrusion Detection Systems 2008-03-05 Sathyabama University

Intrusion detection is an important technology in business sector as well as an active area of research. It is an important tool for information security. A Network Intrusion Detection System is used to monitor networks for attacks or intrusions and report these intrusions to the administrator in order to take evasive action. Today computers are part of networked; distributed systems that may span multiple buildings sometimes located thousands of miles apart. The network of such a system is a pathway for communication between the computers in the distributed system. The network is also a pathway for intrusion. This system is designed to detect and combat some common attacks on network systems. It follows the signature based IDs methodology for ascertaining attacks.

Tags: Security Tools, Intrusion Detection Systems

Physical Security Attacks on Windows Vista 2008-03-05 SEC Consult

There are several attacks known today which leverage physical access to fully patched systems to read or patch system memory. One of them is the Cold Boot Attack, which allows copying the system memory after the system has been powered off and extracting the keys of encrypted harddisks from it. Another technique known for years now is the copying and manipulation of memory using firewire which, among other things, also can be used to retrieve encryption keys. Several papers describe the technical background of the firewire attack. In a nutshell, it is possible to access the system memory of other nodes on a firewire bus via DMA and firewire's addressing scheme.

Tags: Security Management, Windows Vista

Moving Toward Network Security and Firewalls for Protecting and Preserving Private Resources on the Internet 2008-03-04 Journal of Theoretical and Applied Information Technology

Computer and network security are challenging topics among executives and managers of computer corporations. Internet security is the practice of protecting and preserving private resources and information on the Internet. Even discussing security policies may seem to create a potential liability. As a result, enterprise management teams are often not aware of the many advances and innovations in Internet and intranet security technology. Without this knowledge, corporations are not able to take full advantage of the benefits and capabilities of the network.

Tags: Network Security, Security Tools

Assessing endpoint security solutions: Why detection rates aren't enough 2008-03-04 Sophos

Evaluating the performance of competing endpoint security products is a time-consuming and daunting task. Enterprise decision-makers have to rely on independent competitive comparisons, performance benchmarks, and detection certifications, all covering different solutions and criteria, providing conflicting results. This paper highlights the pitfalls of simply looking at virus detection rates and investigates the effect of the rapidly developing IT environment and fast-moving threat landscape on assessment criteria. It gives the six critical questions businesses need to ask to ensure the most successful outcome to their evaluations.

Tags: Network Security, Security Standards, Security Management, Intrusion Detection Systems

Governance, Risk, and Compliance: A Practical Guide to Points of Entry 2008-03-01 Sun Microsystems

The implementation of new initiatives in Governance, Risk, and Compliance (GRC) may be an overwhelming prospect for many organizations. With multiple views and aspects of GRC, it can be difficult to know where to begin. This paper proposes that the solution is to break GRC initiatives into a number of constituent components that can be addressed one at a time, beginning with those that are easiest to plan for and implement. Choosing the first area on which to focus may mean drilling down from the big picture of enterprise GRC to the IT framework that enables it, and then to some manageable aspect of that framework.

Getting Started With McAfee Host Data Loss Prevention 2008-03-01 McAfee

Though external threats and attacks remain a major concern for CIOs and CSOs, loss of the company's most valued data often is the result of insider actions. Some of these actions are intentional and malicious, but the larger percentage is accidental and unintended, the result of employees' ignorance about data protection policies or their willingness to skirt policies in order to work more productively. In response to this challenge, enterprises are deploying Data Loss Prevention (DLP) solutions to block sensitive information from leaving the company via unauthorized channels, while still enabling legitimate business activity.

Tags: Data Recovery - Security

Data Security - Complexity, Cost and Potential Legislation 2008-03-01 Kaulkin Ginsberg

Currently, there is no uniform standard for data security - either voluntary or mandated by the federal government. However, the large number of bills introduced in recent Congresses suggests that the House and the Senate are no longer looking the other way. With the significant possibility of legislative changes establishing a whole new series of compliance requirements, there is a strong case for the financial services industry to create one on its own. As businesses grapple with the issues of data security and identity theft, the financial services industry has developed a number of standards and certifications in its attempts to ensure compliance with existing federal guidelines for the storage and sharing of consumer information.

Tags: Data Recovery - Security

Overcoming Mobile Enterprise Security Challenges 2008-03-01 SOTI

Increasingly powerful feature sets and rich functionality are driving the wide-spread use of mobile devices by banks, security and law enforcement agencies, government authorities and other security conscious organizations. Mobile workforces are taking advantage of mobile devices to remotely access confidential emails, spreadsheets, databases, customer data, order information, credit card data, medical history, and patient information among other sensitive corporate data. Mobile devices are now the most vulnerable entry points for malware and other threats to the corporate network to which they are connected. Additionally, mobile devices are increasingly more dispersed geographically and at the forefront of operations in the field. So is sensitive corporate data!

Tags: Mobile - Wireless Communications

Making Use of SPNEGO in Your J2EE and .NET Client Applications 2008-02-28 IBM

SPNEGO, or the Simple and Protected GSSAPI Negotiation Mechanism, enables a straightforward Single Sign-On (SSO) environment for WebSphere in Microsoft Active Directory environments. In addition to SSO for web applications, SPNEGO can also be used to authenticate both J2EE and .NET web services clients. This paper explain how both J2EE clients and .NET clients can generate client stubs from exported web services, and then engage the SPNEGO protocol to provide SSO authentication to the WebSphere Application Server hosting these services. RedHat Enterprise Linux 4 was used as the OS to host the instance of WebSphere Application Server for the examples. An instance of Windows Server 2003 hosted the Active Directory and a Windows XP instance in the AD domain was used to host the application clients.

Tags: .NET, J2EE

Stop Spam, Viruses and Spyware: Endpoint and Perimeter Malware Guide 2008-02-28 Webroot Software

IT systems are under constant, increasingly sophisticated attack. Today's cyber criminals are using highly evolved, blended malware to access corporate and customer data at an alarming rate. Additional layers of protection at the perimeter are essential to combat the sheer volume of this increasing threat and to prevent networks from being clogged by spam.

Read this paper to learn about the prevalence and types of emerging threats and how to recognize them. This paper also provides recommendations on endpoint and perimeter security, as well as advice on addressing budgetary constraints, regulatory requirements, and much more.

Tags: Security Management, Security Tools, Spam - E-mail Fraud - Phishing, Spyware

Jump to 1 2 3 4 5 6 [7] 8 9 10

Title	Date Added	Company
Detecting and Preventing Attacks Using Network Intrusion Detection Systems	2008-03-05	Sathyabama University
Intrusion detection is an important technology in business sector as well as an active area of research. It is an important tool for information security. A Network Intrusion Detection System is used to monitor networks for attacks or intrusions and report these intrusions to the administrator in order to take evasive action. Today computers are part of networked; distributed systems that may span multiple buildings sometimes located thousands of miles apart. The network of such a system is a pathway for communication between the computers in the distributed system. The network is also a pathway for intrusion. This system is designed to detect and combat some common attacks on network systems. It follows the signature based IDs methodology for ascertaining attacks. Tags: Security Tools, Intrusion Detection Systems
Physical Security Attacks on Windows Vista	2008-03-05	SEC Consult
There are several attacks known today which leverage physical access to fully patched systems to read or patch system memory. One of them is the Cold Boot Attack, which allows copying the system memory after the system has been powered off and extracting the keys of encrypted harddisks from it. Another technique known for years now is the copying and manipulation of memory using firewire which, among other things, also can be used to retrieve encryption keys. Several papers describe the technical background of the firewire attack. In a nutshell, it is possible to access the system memory of other nodes on a firewire bus via DMA and firewire's addressing scheme. Tags: Security Management, Windows Vista
Moving Toward Network Security and Firewalls for Protecting and Preserving Private Resources on the Internet	2008-03-04	Journal of Theoretical and Applied Information Technology
Computer and network security are challenging topics among executives and managers of computer corporations. Internet security is the practice of protecting and preserving private resources and information on the Internet. Even discussing security policies may seem to create a potential liability. As a result, enterprise management teams are often not aware of the many advances and innovations in Internet and intranet security technology. Without this knowledge, corporations are not able to take full advantage of the benefits and capabilities of the network. Tags: Network Security, Security Tools
Assessing endpoint security solutions: Why detection rates aren't enough	2008-03-04	Sophos
Evaluating the performance of competing endpoint security products is a time-consuming and daunting task. Enterprise decision-makers have to rely on independent competitive comparisons, performance benchmarks, and detection certifications, all covering different solutions and criteria, providing conflicting results. This paper highlights the pitfalls of simply looking at virus detection rates and investigates the effect of the rapidly developing IT environment and fast-moving threat landscape on assessment criteria. It gives the six critical questions businesses need to ask to ensure the most successful outcome to their evaluations. Tags: Network Security, Security Standards, Security Management, Intrusion Detection Systems
Governance, Risk, and Compliance: A Practical Guide to Points of Entry	2008-03-01	Sun Microsystems
The implementation of new initiatives in Governance, Risk, and Compliance (GRC) may be an overwhelming prospect for many organizations. With multiple views and aspects of GRC, it can be difficult to know where to begin. This paper proposes that the solution is to break GRC initiatives into a number of constituent components that can be addressed one at a time, beginning with those that are easiest to plan for and implement. Choosing the first area on which to focus may mean drilling down from the big picture of enterprise GRC to the IT framework that enables it, and then to some manageable aspect of that framework.
Getting Started With McAfee Host Data Loss Prevention	2008-03-01	McAfee
Though external threats and attacks remain a major concern for CIOs and CSOs, loss of the company's most valued data often is the result of insider actions. Some of these actions are intentional and malicious, but the larger percentage is accidental and unintended, the result of employees' ignorance about data protection policies or their willingness to skirt policies in order to work more productively. In response to this challenge, enterprises are deploying Data Loss Prevention (DLP) solutions to block sensitive information from leaving the company via unauthorized channels, while still enabling legitimate business activity. Tags: Data Recovery - Security
Data Security - Complexity, Cost and Potential Legislation	2008-03-01	Kaulkin Ginsberg
Currently, there is no uniform standard for data security - either voluntary or mandated by the federal government. However, the large number of bills introduced in recent Congresses suggests that the House and the Senate are no longer looking the other way. With the significant possibility of legislative changes establishing a whole new series of compliance requirements, there is a strong case for the financial services industry to create one on its own. As businesses grapple with the issues of data security and identity theft, the financial services industry has developed a number of standards and certifications in its attempts to ensure compliance with existing federal guidelines for the storage and sharing of consumer information. Tags: Data Recovery - Security
Overcoming Mobile Enterprise Security Challenges	2008-03-01	SOTI
Increasingly powerful feature sets and rich functionality are driving the wide-spread use of mobile devices by banks, security and law enforcement agencies, government authorities and other security conscious organizations. Mobile workforces are taking advantage of mobile devices to remotely access confidential emails, spreadsheets, databases, customer data, order information, credit card data, medical history, and patient information among other sensitive corporate data. Mobile devices are now the most vulnerable entry points for malware and other threats to the corporate network to which they are connected. Additionally, mobile devices are increasingly more dispersed geographically and at the forefront of operations in the field. So is sensitive corporate data! Tags: Mobile - Wireless Communications
Making Use of SPNEGO in Your J2EE and .NET Client Applications	2008-02-28	IBM
SPNEGO, or the Simple and Protected GSSAPI Negotiation Mechanism, enables a straightforward Single Sign-On (SSO) environment for WebSphere in Microsoft Active Directory environments. In addition to SSO for web applications, SPNEGO can also be used to authenticate both J2EE and .NET web services clients. This paper explain how both J2EE clients and .NET clients can generate client stubs from exported web services, and then engage the SPNEGO protocol to provide SSO authentication to the WebSphere Application Server hosting these services. RedHat Enterprise Linux 4 was used as the OS to host the instance of WebSphere Application Server for the examples. An instance of Windows Server 2003 hosted the Active Directory and a Windows XP instance in the AD domain was used to host the application clients. Tags: .NET, J2EE
Stop Spam, Viruses and Spyware: Endpoint and Perimeter Malware Guide	2008-02-28	Webroot Software
IT systems are under constant, increasingly sophisticated attack. Today's cyber criminals are using highly evolved, blended malware to access corporate and customer data at an alarming rate. Additional layers of protection at the perimeter are essential to combat the sheer volume of this increasing threat and to prevent networks from being clogged by spam. Read this paper to learn about the prevalence and types of emerging threats and how to recognize them. This paper also provides recommendations on endpoint and perimeter security, as well as advice on addressing budgetary constraints, regulatory requirements, and much more. Tags: Security Management, Security Tools, Spam - E-mail Fraud - Phishing, Spyware

Featured Whitepapers

Member Login

10 million IT Folks can't be wrong with their server choice.

Oracle Technology Solutions for Midsize Businesses

Country Report: India