Security Management - IT Library : ZDNet Asia

Case Studies

Vendor Webcast

Show all content

Title Date Added Company

Cisco Security Advisory: Cisco IOS Secure Shell Denial of Service Vulnerabilities 2008-05-21 Cisco Systems

The Secure Shell server (SSH) implementation in Cisco IOS contains multiple vulnerabilities that allow unauthenticated users the ability to generate a spurious memory access error or, in certain cases, reload the device. The IOS SSH server is an optional service that is disabled by default, but its use is highly recommended as a security best practice for management of Cisco IOS devices. SSH can be configured as part of the AutoSecure feature in the initial configuration of IOS devices, AutoSecure run after initial configuration, or manually. Devices that are not configured to accept SSH connections are not affected by these vulnerabilities.

Tags: Denial of Service

Why a Security Policy? 2008-04-22 IBM

A security policy, in its purest sense, is a document or set of documents that defines how an organization intends to protect its assets. By definition, a security policy provides high-level guidance for the organization but does not specifically cover technologies or techniques. This paper shows how to create a security policy and discusses some of the tools one can use to develop the policy and enforce it later.

Best Practices in SAS 9 Security Configurations 2008-04-02 SAS Institute

SAS 9 provides many enhancements in the area of single sign-on technology. This paper presents several best-practice configurations for systems that are based on Windows and systems that are based on other operating systems. These configurations maximize the use of single sign-on technology and minimize the necessity to store and pass system credentials. For all systems, the paper focuses on identity-passing technology in SAS 9, and new ways to configure servers for better security in common UNIX and z/OS deployments. In addition, for Windows, the paper discusses the configuration of Integrated Windows Authentication for single sign-on.

Tags: Best Practices

A Practical Approach to Managing Phishing 2008-04-01 PayPal

Surely only a few individuals, who have been living a life of seclusion on the French Riviera for the last few years, won't know what the crime of "phishing" is. Yet, according to Gartner estimates, 3.3% of the 124 million consumers who received phishing email last year were victimized and lost money because of the attacks. In short, phishing is a "con trick" by which consumers are sent email purporting to originate from legitimate services like banks or other financial institutions.

Effective email policies: why enforcing proper use is critical to security 2008-04-01 Sophos

The unmonitored and unguarded use of email by employees poses a multitude of risks to organizations. The distribution of inappropriate or offensive content, malicious emails, and the risks of data leakage all threaten working environments, IT resources and an organization's reputation. A comprehensive, transparent and enforceable email acceptable use policy (AUP), combined with robust email security solutions, dramatically reduces exposure to these risks. This paper provides practical guidance on developing and enforcing an email AUP that meets the combined requirements of an organization's IT, HR and legal departments.

Tags: Email, Spam - E-mail Fraud - Phishing, Best Practices, Spyware

Effective Web policies: ensuring staff productivity and legal compliance 2008-04-01 Sophos

Employees increasingly expect to use the Internet at work for their own personal use in return for longer hours, working from home and interrupting vacations. This has a number of security, productivity, bandwidth and legal ramifications that require organizations to create and implement a Web usage policy that is backed up by effective Web filtering tools. This paper discusses how to create a policy that balances an organization's need for protection against an individual's expectations.

Tags: Web Filtering, Resources Mgmt., Best Practices, Spyware

Managing and Securely Determining Security Clearance 2008-03-18 Isode

Access controls based on Security Labels are made by matching the Security Label against the Security Clearance of the user or location for which the access control check is being made. In order for this check to be valid, it is essential that the correct value of the Security Clearance is used. If an incorrect value of the Security Clearance (e.g., a forged one) was used, the access control check would be worthless. This paper looks at how to ensure that the correct Security Clearance is used, and the role of directory in achieving this.

White Paper: Self-Service Password Management 2008-03-05 NetWrix Corporation

The self-service reset of forgotten passwords and account lockouts offers cost-effective management of the most common user problem in virtually every IT-using organization. Password Manager from Netwrix offers a self-service solution that incorporates the best of the reset solution design features. Easy to use and simple to deploy, Password Manager allows for database preloading of user validation information so users with problems can be self-assisted from Day 1. The product can be configured for enforced enrollment, guaranteeing that all users will go through the validation information process before logging on to the network. Password Manager partitions its data management cleanly, storing sensitive information in a local secure database and enabling resets without making alterations in Active Directory schema.

Tags: Data Recovery - Security

Overcoming Mobile Enterprise Security Challenges 2008-03-01 SOTI

Increasingly powerful feature sets and rich functionality are driving the wide-spread use of mobile devices by banks, security and law enforcement agencies, government authorities and other security conscious organizations. Mobile workforces are taking advantage of mobile devices to remotely access confidential emails, spreadsheets, databases, customer data, order information, credit card data, medical history, and patient information among other sensitive corporate data. Mobile devices are now the most vulnerable entry points for malware and other threats to the corporate network to which they are connected. Additionally, mobile devices are increasingly more dispersed geographically and at the forefront of operations in the field. So is sensitive corporate data!

Tags: Mobile - Wireless Communications

Getting Started With McAfee Host Data Loss Prevention 2008-03-01 McAfee

Though external threats and attacks remain a major concern for CIOs and CSOs, loss of the company's most valued data often is the result of insider actions. Some of these actions are intentional and malicious, but the larger percentage is accidental and unintended, the result of employees' ignorance about data protection policies or their willingness to skirt policies in order to work more productively. In response to this challenge, enterprises are deploying Data Loss Prevention (DLP) solutions to block sensitive information from leaving the company via unauthorized channels, while still enabling legitimate business activity.

Tags: Data Recovery - Security

Jump to [1] 2 3 4 5 6 7 8 9 10

Title	Date Added	Company
Cisco Security Advisory: Cisco IOS Secure Shell Denial of Service Vulnerabilities	2008-05-21	Cisco Systems
The Secure Shell server (SSH) implementation in Cisco IOS contains multiple vulnerabilities that allow unauthenticated users the ability to generate a spurious memory access error or, in certain cases, reload the device. The IOS SSH server is an optional service that is disabled by default, but its use is highly recommended as a security best practice for management of Cisco IOS devices. SSH can be configured as part of the AutoSecure feature in the initial configuration of IOS devices, AutoSecure run after initial configuration, or manually. Devices that are not configured to accept SSH connections are not affected by these vulnerabilities. Tags: Denial of Service
Why a Security Policy?	2008-04-22	IBM
A security policy, in its purest sense, is a document or set of documents that defines how an organization intends to protect its assets. By definition, a security policy provides high-level guidance for the organization but does not specifically cover technologies or techniques. This paper shows how to create a security policy and discusses some of the tools one can use to develop the policy and enforce it later.
Best Practices in SAS 9 Security Configurations	2008-04-02	SAS Institute
SAS 9 provides many enhancements in the area of single sign-on technology. This paper presents several best-practice configurations for systems that are based on Windows and systems that are based on other operating systems. These configurations maximize the use of single sign-on technology and minimize the necessity to store and pass system credentials. For all systems, the paper focuses on identity-passing technology in SAS 9, and new ways to configure servers for better security in common UNIX and z/OS deployments. In addition, for Windows, the paper discusses the configuration of Integrated Windows Authentication for single sign-on. Tags: Best Practices
A Practical Approach to Managing Phishing	2008-04-01	PayPal
Surely only a few individuals, who have been living a life of seclusion on the French Riviera for the last few years, won't know what the crime of "phishing" is. Yet, according to Gartner estimates, 3.3% of the 124 million consumers who received phishing email last year were victimized and lost money because of the attacks. In short, phishing is a "con trick" by which consumers are sent email purporting to originate from legitimate services like banks or other financial institutions.
Effective email policies: why enforcing proper use is critical to security	2008-04-01	Sophos
The unmonitored and unguarded use of email by employees poses a multitude of risks to organizations. The distribution of inappropriate or offensive content, malicious emails, and the risks of data leakage all threaten working environments, IT resources and an organization's reputation. A comprehensive, transparent and enforceable email acceptable use policy (AUP), combined with robust email security solutions, dramatically reduces exposure to these risks. This paper provides practical guidance on developing and enforcing an email AUP that meets the combined requirements of an organization's IT, HR and legal departments. Tags: Email, Spam - E-mail Fraud - Phishing, Best Practices, Spyware
Effective Web policies: ensuring staff productivity and legal compliance	2008-04-01	Sophos
Employees increasingly expect to use the Internet at work for their own personal use in return for longer hours, working from home and interrupting vacations. This has a number of security, productivity, bandwidth and legal ramifications that require organizations to create and implement a Web usage policy that is backed up by effective Web filtering tools. This paper discusses how to create a policy that balances an organization's need for protection against an individual's expectations. Tags: Web Filtering, Resources Mgmt., Best Practices, Spyware
Managing and Securely Determining Security Clearance	2008-03-18	Isode
Access controls based on Security Labels are made by matching the Security Label against the Security Clearance of the user or location for which the access control check is being made. In order for this check to be valid, it is essential that the correct value of the Security Clearance is used. If an incorrect value of the Security Clearance (e.g., a forged one) was used, the access control check would be worthless. This paper looks at how to ensure that the correct Security Clearance is used, and the role of directory in achieving this.
White Paper: Self-Service Password Management	2008-03-05	NetWrix Corporation
The self-service reset of forgotten passwords and account lockouts offers cost-effective management of the most common user problem in virtually every IT-using organization. Password Manager from Netwrix offers a self-service solution that incorporates the best of the reset solution design features. Easy to use and simple to deploy, Password Manager allows for database preloading of user validation information so users with problems can be self-assisted from Day 1. The product can be configured for enforced enrollment, guaranteeing that all users will go through the validation information process before logging on to the network. Password Manager partitions its data management cleanly, storing sensitive information in a local secure database and enabling resets without making alterations in Active Directory schema. Tags: Data Recovery - Security
Overcoming Mobile Enterprise Security Challenges	2008-03-01	SOTI
Increasingly powerful feature sets and rich functionality are driving the wide-spread use of mobile devices by banks, security and law enforcement agencies, government authorities and other security conscious organizations. Mobile workforces are taking advantage of mobile devices to remotely access confidential emails, spreadsheets, databases, customer data, order information, credit card data, medical history, and patient information among other sensitive corporate data. Mobile devices are now the most vulnerable entry points for malware and other threats to the corporate network to which they are connected. Additionally, mobile devices are increasingly more dispersed geographically and at the forefront of operations in the field. So is sensitive corporate data! Tags: Mobile - Wireless Communications
Getting Started With McAfee Host Data Loss Prevention	2008-03-01	McAfee
Though external threats and attacks remain a major concern for CIOs and CSOs, loss of the company's most valued data often is the result of insider actions. Some of these actions are intentional and malicious, but the larger percentage is accidental and unintended, the result of employees' ignorance about data protection policies or their willingness to skirt policies in order to work more productively. In response to this challenge, enterprises are deploying Data Loss Prevention (DLP) solutions to block sensitive information from leaving the company via unauthorized channels, while still enabling legitimate business activity. Tags: Data Recovery - Security

Security

Featured Whitepapers

Member Login

Webcast: Maximizing Data Protection with Disk-Based Backup

HP Simply StorageWorks D2D Backup System

Industry Watch: Healthcare