Archive

Archive for the ‘Articles’ Category

Targeted cyber attacks

February 14th, 2007
Comments Off on Targeted cyber attacks

Cyber attack is the name given by (usually sensationalist) articles and documents describing crimes that occur in a virtual world as opposed to tangible attacks such as war. A targeted cyber attack is when the attacker specifically targets someone or a company. A successful attack will typically allow the attacker to gain access to the victim’s assets, allowing stealing of sensitive internal data and possibly cause disruption and denial of service in some cases.
Read more…

Articles

Writing an RFP for a Network Access Control Solution

February 12th, 2007
Comments Off on Writing an RFP for a Network Access Control Solution

When considering network security solutions, many organizations choose network access control (NAC) technology as an integral part of their security fabric. Many industry experts believe that NAC is vital to complete network security. NAC helps to ensure that devices entering the network will not introduce viruses or other potentially debilitating malware. Once devices have been risk-assessed and admitted to the network, NAC continuously monitors their activity the entire time they are on the network.
Read more…

Articles

Yapbrowser: Directing you to Illegal Content

February 9th, 2007
Comments Off on Yapbrowser: Directing you to Illegal Content

Web-browsers. They’re all around you, on every PC across the length and breadth of the planet, yet you probably don’t stop to think about them too much. Why would you? They’re just there, and that’s all that matters, like the mouse or the keyboard – a tool you just plug in to do something else, without worrying about what they happen to be doing internally.
Read more…

Articles

Implementing SSO: Myths, Errors and Best Practices

February 8th, 2007
Comments Off on Implementing SSO: Myths, Errors and Best Practices

In the past decade or so since SSO software came into being, the merchants of doom have been predicting their imminent disappearance in the face of the integration of Kerberos within Windows, the increased Web-enabling of applications, and the development of ADFS and Liberty Alliance.
Read more…

Articles

Pen Testing vs. Vulnerability Analysis Tools, Which is Best?

February 7th, 2007
Comments Off on Pen Testing vs. Vulnerability Analysis Tools, Which is Best?

Over the past several years I have heard people asking the question “should I use vulnerability analysis tools to assess my web based applications or should I look to penetration testing?” I think we, as an industry, may be asking the wrong question. First, let’s look at how the web application industry has grown over the years and how penetration testing has scaled to meet that challenge.
Read more…

Articles

e-Filing for Beginners

January 30th, 2007
Comments Off on e-Filing for Beginners

Email is the new paper. It is now used for over 80% of written business communication. Given the exponential rise in email-based business communication over recent years, there is a definite need for the e-filing cabinet, in order to store, manage and utilise email based information effectively.
Read more…

Articles

Malware creates new challenges for anti virus vendors

January 17th, 2007
Comments Off on Malware creates new challenges for anti virus vendors

Over the past few years those monitoring trends on malicious Internet activities have noticed a significant change. We are seeing a sizeable decrease in the media grabbing pandemic outbreaks of malicious software. Yet with less headlines on high risk infectors we are still seeing an increasing overall number of malware infections, it is this new breed of malware that is costing industry millions every year – yet no-one seems to know about them.
Read more…

Articles

Preventing a Brute Force or Dictionary Attack

January 10th, 2007
Comments Off on Preventing a Brute Force or Dictionary Attack

To understand and then combat a brute force attack, also known as a dictionary attack, we must start by understanding why it might be an appealing tool for a hacker. To a hacker, anything that must be kept under lock and key is probably worth stealing. If your Web site (or a portion of it) requires a user to login and be authenticated, then the odds are good that a hacker has tried to break into it.
Read more…

Articles

Preventing a Brute Force or Dictionary Attack

January 10th, 2007
Comments Off on Preventing a Brute Force or Dictionary Attack

Administrative accounts are not the only problem: many Web applications and Web application frameworks create default users during installation. If the site administrator does not remove these default users or at least change their passwords, these accounts will be easy targets for a dictionary attack. Finally, when users are allowed to choose their own usernames, they often choose their email address, since it is easy to remember. Once again, the user’s laziness is a benefit to a hacker using a brute force attack. Armed with a list of email addresses (perhaps obtained from a spammer) and a dictionary of passwords (easily obtained anywhere), an attacker has an excellent chance of breaking into at least one user’s account.
Read more…

Articles

The Consumerization of IT Demands Policy enforcement

January 5th, 2007
Comments Off on The Consumerization of IT Demands Policy enforcement

Throughout 2007 IT will need to prepare itself for an onslaught of unmanaged IP enabled devices as millions of users plug in new computers, USB drives, music/video players, handheld mobile devices, and even the stray game console into enterprise networks. In addition to new shiny objects, many users install applications like iTunes, VoIP, multi-player games, and all manner of non-compliant software on their enterprise-owned computers, all of which introduce significant security risks. And even if this wave of involuntary consumer technology adoption doesn’t bring actual harm, it will certainly complicate an organization’s ability to fully manage their IT environments against these products.
Read more…

Articles