Security Management - IT Library : ZDNet Asia

Case Studies

Vendor Webcast

Show all content

Title Date Added Company

Audit Firms and Data Security: A Case Study 2007-01-01 European Professional Software

This case study describes the issue of data safety and availability of an audit firm. Audit firms maintain proper accounting records, prepare quarterly balance sheets and social security reports, and file regularly for taxes on behalf of their clients. The auditor's biggest concern is the safety of computer files containing accounting records. His recurring daily need is to access the data located in his client's files, without having to personally visit each client site whenever a piece of information is needed. The auditor adopted a solution that ensures data security and availability at a surprisingly affordable cost.

Tags: Data Recovery - Security

Strategic Alignment of IT & Security: Yield Compliance by Default 2007-01-01 ReymannGroup

This paper provides forward looking though leadership and recommendations on strategic, operational, and tactical activities to help to properly align the people, processes and technology infrastructure to work in harmony and create a cost effective and continuous risk management culture throughout the enterprise. By adopting a culture of continuous risk management, they have achieved compliance by default - not as a separately funded project for each compliance mandate.

Forensic Data Recovery and Examination of Magnetic Swipe Card Cloning Devices 2007-01-01 Reed Elsevier

Magnetic swipe card technology is used for many purposes including credit, debit, store loyalty, mobile phone top-up and security identification cards. These types of cards and the details contained on them are often relied upon as a form of identification and personal authentication. As such reliance is placed upon them it is surprising that they do not incorporate more stringent security features, and because of this lack of features it is not surprising that they attract the attention of people who wish to exploit them for illegal gain. The paper introduces the type of technology, and range of devices available for manipulating magnetic swipe card data.

Tags: Data Recovery - Security, Magnetic - Optical

A Blueprint for Managing the Windows Environment 2006-12-19 Symantec

With the recent release of the new Windows Vista client operating system to enterprise customers, now is an opportune time for IT departments to assess whether they are doing all they can to provide the most complete protection available against risks to security, availability, performance, and compliance. As today's enterprises know all too well, the complexity and cost of managing Microsoft Windows environments continue to increase. Complicating matters further is the fact that IT staff and resources at most enterprises are limited. The result: Each day, IT departments must struggle to achieve the right balance between satisfying demands for information and ensuring that information is secure and available.

Tags: Windows Vista

Teach Your Apps to Play Nicely With Windows Vista User Account Control 2006-12-16 01:00:21 Microsoft

The primary goal of User Account Control (UAC) is to make the default user token that applications are run with mimic that of a member of the Users group. This starts with creating a restricted, or filtered, token during interactive logon for users with elevated privileges. When more privileges are necessary to execute a restricted operation, the user will be prompted for authorization on the secure desktop. UAC also includes other technologies to support application compatibility and to secure the elevated processes.

Server Security, Patching and Virtualization 2006-12-23 01:00:24 Blue Lane Technologies

The benefits of virtualization far outweigh the challenges, and the rapid rate of adoption of platforms like VMware proves this to be true. Still, challenges remain. Security patching of servers currently plagues the virtual world much as it does the physical, but presents a slightly unique set of problems. The solution to maintaining these virtual environments is to apply the same concept of virtualization to the security patch. PatchPoint is the world's first inline patch proxy capable of replicating the function of the software security patch on the network wire, not on the server. As such, PatchPoint is capable of creating a completely trusted domain in which virtual machines can be protected regardless of their state.

Striking Back at Identity Thieves 2006-12-16 01:00:21 Symantec

As the Internet landscape becomes more crowded with threats designed to steal information for financial gain, consumer confidence in conducting business online has eroded. That confidence will be restored only when consumers know that they have both fraud site and crimeware protection for their personal information at the point of greatest risk - while they are banking or shopping online or on any site where they submit passwords, account numbers, or other personal information.

ACACIA: A Certificate-Based Access-Controlled Internet Architecture 2006-12-09 01:00:18 Alcatel-Lucent

The current Internet architecture supports open connectivity, i.e., any host can send traffic to any other host. This has resulted in a number of security problems such as Distributed Denial-of-Service (DDoS) attacks, worms etc. This paper proposes ACACIA - A Certificate-based Access-Controlled Internet Architecture. In ACACIA, a source must first obtain an access certificate in order to send packets to a destination. This access request is routed through a separate DDoS-resilient Access Control Infrastructure (ACI). The ACI is based on Distributed Hash Table-based servers that isolates attack requests using a load-adaptive replication strategy.

Authenticity by Typing for Security Protocols 2006-12-09 01:00:18 Microsoft

This paper proposes a new method to check authenticity properties of cryptographic protocols. First, code up the protocol in the spi-calculus of Abadi and Gordon. Second, specify authenticity properties by annotating the code with correspondence assertions in the style of Woo and Lam. Third, figure out types for the keys, nonces, and messages of the protocol. Fourth, check that the spi-calculus code is well-typed according to a novel type and effect system presented in this paper. The main theorem guarantees that any well-typed protocol is robustly safe, that is, its correspondence assertions are true in the presence of any opponent expressible in spi.

Types and Effects for Asymmetric Cryptographic Protocols 2006-12-09 01:00:18 Microsoft

This paper presents the first type and effect system for proving authenticity properties of security protocols based on asymmetric cryptography. The most significant new features of the type system are - a separation of public types (for data possibly sent to the opponent) from tainted types (for data possibly received from the opponent) via a subtype relation; trust effects, to guarantee that tainted data does not, in fact, originate from the opponent; and challenge/ response types to support a variety of idioms used to guarantee message freshness. The paper illustrates the applicability of the system via protocol examples.

Jump to 1 2 3 4 5 6 7 8 9 [10]

Title	Date Added	Company
Audit Firms and Data Security: A Case Study	2007-01-01	European Professional Software
This case study describes the issue of data safety and availability of an audit firm. Audit firms maintain proper accounting records, prepare quarterly balance sheets and social security reports, and file regularly for taxes on behalf of their clients. The auditor's biggest concern is the safety of computer files containing accounting records. His recurring daily need is to access the data located in his client's files, without having to personally visit each client site whenever a piece of information is needed. The auditor adopted a solution that ensures data security and availability at a surprisingly affordable cost. Tags: Data Recovery - Security
Strategic Alignment of IT & Security: Yield Compliance by Default	2007-01-01	ReymannGroup
This paper provides forward looking though leadership and recommendations on strategic, operational, and tactical activities to help to properly align the people, processes and technology infrastructure to work in harmony and create a cost effective and continuous risk management culture throughout the enterprise. By adopting a culture of continuous risk management, they have achieved compliance by default - not as a separately funded project for each compliance mandate.
Forensic Data Recovery and Examination of Magnetic Swipe Card Cloning Devices	2007-01-01	Reed Elsevier
Magnetic swipe card technology is used for many purposes including credit, debit, store loyalty, mobile phone top-up and security identification cards. These types of cards and the details contained on them are often relied upon as a form of identification and personal authentication. As such reliance is placed upon them it is surprising that they do not incorporate more stringent security features, and because of this lack of features it is not surprising that they attract the attention of people who wish to exploit them for illegal gain. The paper introduces the type of technology, and range of devices available for manipulating magnetic swipe card data. Tags: Data Recovery - Security, Magnetic - Optical
A Blueprint for Managing the Windows Environment	2006-12-19	Symantec
With the recent release of the new Windows Vista client operating system to enterprise customers, now is an opportune time for IT departments to assess whether they are doing all they can to provide the most complete protection available against risks to security, availability, performance, and compliance. As today's enterprises know all too well, the complexity and cost of managing Microsoft Windows environments continue to increase. Complicating matters further is the fact that IT staff and resources at most enterprises are limited. The result: Each day, IT departments must struggle to achieve the right balance between satisfying demands for information and ensuring that information is secure and available. Tags: Windows Vista
Teach Your Apps to Play Nicely With Windows Vista User Account Control	2006-12-16 01:00:21	Microsoft
The primary goal of User Account Control (UAC) is to make the default user token that applications are run with mimic that of a member of the Users group. This starts with creating a restricted, or filtered, token during interactive logon for users with elevated privileges. When more privileges are necessary to execute a restricted operation, the user will be prompted for authorization on the secure desktop. UAC also includes other technologies to support application compatibility and to secure the elevated processes.
Server Security, Patching and Virtualization	2006-12-23 01:00:24	Blue Lane Technologies
The benefits of virtualization far outweigh the challenges, and the rapid rate of adoption of platforms like VMware proves this to be true. Still, challenges remain. Security patching of servers currently plagues the virtual world much as it does the physical, but presents a slightly unique set of problems. The solution to maintaining these virtual environments is to apply the same concept of virtualization to the security patch. PatchPoint is the world's first inline patch proxy capable of replicating the function of the software security patch on the network wire, not on the server. As such, PatchPoint is capable of creating a completely trusted domain in which virtual machines can be protected regardless of their state.
Striking Back at Identity Thieves	2006-12-16 01:00:21	Symantec
As the Internet landscape becomes more crowded with threats designed to steal information for financial gain, consumer confidence in conducting business online has eroded. That confidence will be restored only when consumers know that they have both fraud site and crimeware protection for their personal information at the point of greatest risk - while they are banking or shopping online or on any site where they submit passwords, account numbers, or other personal information.
ACACIA: A Certificate-Based Access-Controlled Internet Architecture	2006-12-09 01:00:18	Alcatel-Lucent
The current Internet architecture supports open connectivity, i.e., any host can send traffic to any other host. This has resulted in a number of security problems such as Distributed Denial-of-Service (DDoS) attacks, worms etc. This paper proposes ACACIA - A Certificate-based Access-Controlled Internet Architecture. In ACACIA, a source must first obtain an access certificate in order to send packets to a destination. This access request is routed through a separate DDoS-resilient Access Control Infrastructure (ACI). The ACI is based on Distributed Hash Table-based servers that isolates attack requests using a load-adaptive replication strategy.
Authenticity by Typing for Security Protocols	2006-12-09 01:00:18	Microsoft
This paper proposes a new method to check authenticity properties of cryptographic protocols. First, code up the protocol in the spi-calculus of Abadi and Gordon. Second, specify authenticity properties by annotating the code with correspondence assertions in the style of Woo and Lam. Third, figure out types for the keys, nonces, and messages of the protocol. Fourth, check that the spi-calculus code is well-typed according to a novel type and effect system presented in this paper. The main theorem guarantees that any well-typed protocol is robustly safe, that is, its correspondence assertions are true in the presence of any opponent expressible in spi.
Types and Effects for Asymmetric Cryptographic Protocols	2006-12-09 01:00:18	Microsoft
This paper presents the first type and effect system for proving authenticity properties of security protocols based on asymmetric cryptography. The most significant new features of the type system are - a separation of public types (for data possibly sent to the opponent) from tainted types (for data possibly received from the opponent) via a subtype relation; trust effects, to guarantee that tainted data does not, in fact, originate from the opponent; and challenge/ response types to support a variety of idioms used to guarantee message freshness. The paper illustrates the applicability of the system via protocol examples.

Security

Featured Whitepapers

Member Login

10 million IT Folks can't be wrong with their server choice.

Oracle Technology Solutions for Midsize Businesses

Country Report: India