Anti-Hacking - IT Library : ZDNet Asia

White Papers

Case Studies

Vendor Webcast

Show all content

Title Date Added Company

The Essential Elements of Comprehensive Endpoint Security 26/03/08

Establishing a comprehensive endpoint security solution is complicated, and issues like accounting for unmanaged nodes only increase the scope of the challenge. What's more, selecting and stitching together an appropriate set of counter-measures means navigating a complex landscape of point products. Accordingly, the intent of this white paper is to clarify the the endpoint security problem and identify the functional requirements of a comprehensive endpoint security solution. sponsored by

Protection of Corporated Networks Against Targeted Attacks 2006-04-27 07:21:54

In contrast to typical malicious code attacks, carried out indiscriminately in order to affect as many systems as possible, targeted attacks can be defined as those which look to affect a specific user. A frequent example of a targeted attack is where users receive infected files through instant messaging from people who, having previously won the victim's confidence, are actually IT criminals.

DNS Cache Poisoning: Definition and Prevention 2006-04-27 08:02:19

The Internet would grind to a halt - would not be possible - without a Domain Name System (DNS). As this paper shows, the proper operation of DNS is fundamental to the maintenance and distribution of the addresses for the vast number of nodes around the globe. So it would be too much to hope for crackers (malicious hackers) to ignore DNS as they continuously look for new ways to circumvent your security. There are several facets to DNS security. This paper focuses on one of the most dangerous types of attack - DNS cache poisoning.

Siren: Catching Evasive Malware (Short Paper) 2006-06-14 01:00:26 University of Michigan

With the growing popularity of anomaly detection systems, which is due partly to the rise in zero-day attacks, a new class of threats have evolved where the attacker mimics legitimate activity to blend in and avoid detection. This paper proposes a new system called Siren that injects crafted human input alongside legitimate user activity to thwart these mimicry attacks. The crafted input is specially designed to trigger a known sequence of network requests, which Siren compares to the actual traffic. It then flags unexpected messages as malicious. This paper presents the design, implementation, and evaluation of the Siren activity injection system, as well as a discussion of its potential limitations.

The Economics of Computer Hacking 2006-06-09 01:00:26 West Virginia University

This paper considers various classes of computer hackers, with a special emphasis on fame-driven versus profit-driven hackers. The authors use simple economic analysis to examine how each of these hacking "Markets" work. The resulting framework is employed to evaluate current U.S. policy aimed at reducing the threat of computer hacking and shows that this policy is largely effective. The authors consider policy adjustments consistent with the insights of the framework provided as a means of strengthening cyber security.

Excerpt from O'Reilly's C# Cookbook: Chapter 17: Security 2006-09-11 12:43:56 Compuware

There are many ways to write secure code and protect data using the .NET Framework. Download this 43-page excerpt from O'Reilly's popular C# Cookbook, 2nd Edition to explore a variety of security issues related to C# programming, such as controlling access to types, encrypting and decrypting data, generating random numbers, securely storing data, and using both programmatic and declarative security.

Understanding User and Group Entitlement Reporting 2006-09-12 12:24:44 Symantec

If you've got questions related to User and Group Entitlement Reporting, you're not alone�it's an extremely challenging aspect of network security and regulatory compliance. This white paper from Symantec explores the topic in depth, discussing the complexities involved in reporting and validating access grants. The paper underscores the regulatory requirements that are driving the need for better User and Group Entitlement Reporting, and goes on to explain how Symantec's bv-Control for Windows Version 8.0 specifically addresses the group and user entitlement issue.

The Meta Google Maps "Hack" 2006-04-19 01:17:24 University of California

Since the advent of Google Maps, a slew of developers have built systems which use information from other sources to produce composite maps showing the locations of various items. These systems are commonly referred to as "Google Maps Hacks" due to the fact that they were originally created before Google published the API for creating these systems. The example system considered throughout in this paper is one which shows the locations of movie theaters on a map, given a ZIP code.

Optimizing Your IT Controls Environment for Compliance with Multiple Regulations 2006-09-12 12:24:44 Symantec

This IDC white paper focuses on the compelling need for today's businesses to understand how they can more efficiently manage multi-regulation compliance. It reviews certain regulations and how to track which pieces of what regulations are fulfilled when security solutions are deployed.

The paper:

Reviews a subset of regulatory legislation and industry standards

Illustrates common overlaps in certain regulations and standards

Offers a "best practice" option for tracking certain aspects of each regulation and ensuring each is covered by a corresponding technological solution

The small subset of regulations and standards covered in this white paper include CobiT, HIPAA, ISO 17799:2005, ITIL, the PCI Data Security Standard, and Sarbanes-Oxley (SOX). They are the focus of IDC's research because they affect a large number of corporate entities and their customers. (Sponsored by Symantec)

Hacking Techniques: Web Application Security 2006-06-09 01:00:26 East Carolina University

This paper focuses on hacking techniques of web applications and how the implementation of security through programming can keep intruders from wreaking havoc on your system. The paper will define a web application and discuss the architecture of the web application, as it will explain the multiple tier theory. The paper will discuss security in web applications and will look at basic rules in information security planning. The paper will look at seven steps in web application hacking and the top ten vulnerabilities that criminals can exploit in order to gain access and take control of a computer system.

VeriSign Unified Authentication: The Next Generation of Strong Authentication 2006-01-17 08:26:46

Download this white paper now and learn how VeriSign Unified Authentication leverages a single, integrated platform for all your strong authentication needs. Learn how you can get simplified strong authentication that is designed to integrate with your existing infrastructure for a cost-effective, next-generation solution for access control.

Jump to 1 2 3 4 5 6 [7] 8 9 10

Title	Date Added	Company
The Essential Elements of Comprehensive Endpoint Security	26/03/08
Establishing a comprehensive endpoint security solution is complicated, and issues like accounting for unmanaged nodes only increase the scope of the challenge. What's more, selecting and stitching together an appropriate set of counter-measures means navigating a complex landscape of point products. Accordingly, the intent of this white paper is to clarify the the endpoint security problem and identify the functional requirements of a comprehensive endpoint security solution.		sponsored by
Protection of Corporated Networks Against Targeted Attacks	2006-04-27 07:21:54
In contrast to typical malicious code attacks, carried out indiscriminately in order to affect as many systems as possible, targeted attacks can be defined as those which look to affect a specific user. A frequent example of a targeted attack is where users receive infected files through instant messaging from people who, having previously won the victim's confidence, are actually IT criminals.
DNS Cache Poisoning: Definition and Prevention	2006-04-27 08:02:19
The Internet would grind to a halt - would not be possible - without a Domain Name System (DNS). As this paper shows, the proper operation of DNS is fundamental to the maintenance and distribution of the addresses for the vast number of nodes around the globe. So it would be too much to hope for crackers (malicious hackers) to ignore DNS as they continuously look for new ways to circumvent your security. There are several facets to DNS security. This paper focuses on one of the most dangerous types of attack - DNS cache poisoning.
Siren: Catching Evasive Malware (Short Paper)	2006-06-14 01:00:26	University of Michigan
With the growing popularity of anomaly detection systems, which is due partly to the rise in zero-day attacks, a new class of threats have evolved where the attacker mimics legitimate activity to blend in and avoid detection. This paper proposes a new system called Siren that injects crafted human input alongside legitimate user activity to thwart these mimicry attacks. The crafted input is specially designed to trigger a known sequence of network requests, which Siren compares to the actual traffic. It then flags unexpected messages as malicious. This paper presents the design, implementation, and evaluation of the Siren activity injection system, as well as a discussion of its potential limitations.
The Economics of Computer Hacking	2006-06-09 01:00:26	West Virginia University
This paper considers various classes of computer hackers, with a special emphasis on fame-driven versus profit-driven hackers. The authors use simple economic analysis to examine how each of these hacking "Markets" work. The resulting framework is employed to evaluate current U.S. policy aimed at reducing the threat of computer hacking and shows that this policy is largely effective. The authors consider policy adjustments consistent with the insights of the framework provided as a means of strengthening cyber security.
Excerpt from O'Reilly's C# Cookbook: Chapter 17: Security	2006-09-11 12:43:56	Compuware
There are many ways to write secure code and protect data using the .NET Framework. Download this 43-page excerpt from O'Reilly's popular C# Cookbook, 2nd Edition to explore a variety of security issues related to C# programming, such as controlling access to types, encrypting and decrypting data, generating random numbers, securely storing data, and using both programmatic and declarative security.
Understanding User and Group Entitlement Reporting	2006-09-12 12:24:44	Symantec
If you've got questions related to User and Group Entitlement Reporting, you're not alone�it's an extremely challenging aspect of network security and regulatory compliance. This white paper from Symantec explores the topic in depth, discussing the complexities involved in reporting and validating access grants. The paper underscores the regulatory requirements that are driving the need for better User and Group Entitlement Reporting, and goes on to explain how Symantec's bv-Control for Windows Version 8.0 specifically addresses the group and user entitlement issue.
The Meta Google Maps "Hack"	2006-04-19 01:17:24	University of California
Since the advent of Google Maps, a slew of developers have built systems which use information from other sources to produce composite maps showing the locations of various items. These systems are commonly referred to as "Google Maps Hacks" due to the fact that they were originally created before Google published the API for creating these systems. The example system considered throughout in this paper is one which shows the locations of movie theaters on a map, given a ZIP code.
Optimizing Your IT Controls Environment for Compliance with Multiple Regulations	2006-09-12 12:24:44	Symantec
This IDC white paper focuses on the compelling need for today's businesses to understand how they can more efficiently manage multi-regulation compliance. It reviews certain regulations and how to track which pieces of what regulations are fulfilled when security solutions are deployed. The paper: Reviews a subset of regulatory legislation and industry standards Illustrates common overlaps in certain regulations and standards Offers a "best practice" option for tracking certain aspects of each regulation and ensuring each is covered by a corresponding technological solution The small subset of regulations and standards covered in this white paper include CobiT, HIPAA, ISO 17799:2005, ITIL, the PCI Data Security Standard, and Sarbanes-Oxley (SOX). They are the focus of IDC's research because they affect a large number of corporate entities and their customers. (Sponsored by Symantec)
Hacking Techniques: Web Application Security	2006-06-09 01:00:26	East Carolina University
This paper focuses on hacking techniques of web applications and how the implementation of security through programming can keep intruders from wreaking havoc on your system. The paper will define a web application and discuss the architecture of the web application, as it will explain the multiple tier theory. The paper will discuss security in web applications and will look at basic rules in information security planning. The paper will look at seven steps in web application hacking and the top ten vulnerabilities that criminals can exploit in order to gain access and take control of a computer system.
VeriSign Unified Authentication: The Next Generation of Strong Authentication	2006-01-17 08:26:46
Download this white paper now and learn how VeriSign Unified Authentication leverages a single, integrated platform for all your strong authentication needs. Learn how you can get simplified strong authentication that is designed to integrate with your existing infrastructure for a cost-effective, next-generation solution for access control.

Security

Featured Whitepapers

Member Login

Oracle Technology Solutions for Midsize Businesses

Country Report: India