admini – Page 178 – CyberSecurity Institute

Users: Encryption No Silver Bullet

Posted on June 27, 2007December 30, 2021 by admini

U.S. Trust’s Axelrod would not reveal what forms of endpoint security he uses within his organization, although he explained his back-end storage philosophy. “I believe in data restriction,” he said, explaining that his primary requirement “is to get rid of it as soon as it becomes obsolete.” “We have a branch of the military that we’re working with — they have a 15-character minimum password and you have to change the last 10 characters every 90 days,” said Kevin Gillis, vice president of secure file transfer at vendor Ipswitch.

Other users at the event cited the challenges posed by removable media and laptops, something that’s become a major headache for IT managers and CIOs.

A number of vendors, including SanDisk, Lexar, and Seagate, are currently touting solutions, designed to lock down data on laptops and USB drives, which is quickly catching on with IT managers and CIOs.

In a show of hands at another of today’s panel discussions, around a quarter of the 20-plus audience members confirmed that they are encrypting their laptop hard drives.

http://www.darkreading.com/document.asp?doc_id=127750&WT.svl=news1_2

Security Fears Slow Virtualization

Posted on June 23, 2007December 30, 2021 by admini

Among the respondents to the emedia survey, the chief security concerns were about virtualization patching and updates (32 percent), guest-to-guest attacks (27 percent), and the addition of new host software (22 percent).

IT professionals plan to attack these threats by taking various safety measures, including staff training/improving understanding (51 percent), patching/updating/hardening servers (38 percent), using firewalls (30 percent), and separating networks/subnetting/routing (25 percent).

http://www.darkreading.com/document.asp?doc_id=127420&WT.svl=news1_2

Online Attacks Increase at Financial Institutions

Posted on June 23, 2007December 30, 2021 by admini

For the last year RSA’s Anti Fraud Command Center has seen attacks moving progressively downward, particular targets are the federal credit unions, and smaller, regional institutions. The fraudsters, said Hinrichsen, are accomplishing their collection of information through spear phishing. He noted that the Internal Revenue Service was one of the first government agencies to be attacked. “At the end of the day, where ever there is a valuable credential, the fraudsters will go after it.”

Hinrichsen noted that the use of crimeware, like the Man-in-The-Middle phishing kit that RSA researchers first discovered in January continues to be used, “there is greater use of multi redirectors in phishing attempts. “It depends on what research you’re reading, consumers aren’t always know to look for the locks, but for the percent of internet users who do look for the lock, the attack is given that much more credibility,” he explained. “This is basically the same type of phishing attack of old, but now instead of using static attack pages, the phishers are replacing those with the real website pages from the institution.”

http://www.bankinfosecurity.com/articles.php?art_id=475

Securing the ‘Company Jewels’

Posted on June 22, 2007December 30, 2021 by admini

The problem, Oltsik says, is that although enterprises are mostly satisfied that they are keeping their IP safe, they are mostly dissatisfied with the amount of time and effort they have to expend to do it. “The bad guys want to steal what they can sell, and often, that’s a company’s IP.”

As a result, upcoming spending on intellectual property security will probably be geared toward automating the IP discovery, classification, and protection processes, Oltsik suggests.

http://www.darkreading.com/document.asp?doc_id=127306&WT.svl=news1_4

Log management push has its roots in compliance

Posted on June 21, 2007December 30, 2021 by admini

Log management tools can help organizations drill down and look for specific data strings such as full track data from credit cards; PCI prohibits storage of such information, so companies can then take corrective action. The log management market includes tools from LogLogic, LogRhythm, Splunk, syslog-focused products such as Kiwi Enterprises’ Syslog Daemon and freeware like Unix’s syslog daemon. Also, security information management (SIM) vendors have begun tailoring their product lines to meet the demand for log management by offering options that focus on providing more storage capacity than correlation capability.

At the Burton Group Catalyst Conference, Jay Leek — manager of corporate IT security services at Nokia — plans to talk about practical considerations for log management and how a centralized system can improve compliance, incident response and troubleshooting while also saving time and money. Without any control over what’s being logged, companies can spend a great deal of time and effort searching through log data during an incident investigation or when trying to troubleshoot an IT problem, he said.

http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1261647,00.html

Feds choose 10 vendors to secure mobile data

Posted on June 19, 2007December 30, 2021 by admini

The 10 winning contractors are:
* MTM Technologies, with Mobile Armor
* Rocky Mountain Ram, with SafeBoot
* Carahsoft Technology, with Information Security Corp.’s SecretAgent
* Spectrum Systems, with SafeBoot
* SafeNet
* HiTech Services, with Encryption Solutions’ SkyLock
* Autonomic Resources, with WinMagic
* GovBuys, with WinMagic
* Intelligent Decisions, with Credant Mobile Guardian
* Merlin International, with Guardian Edge Technologies

Federal officials are urging commercial industry to follow its lead on encrypting data stored on mobile devices. “Whenever we band together to look for products that raise the bar for security, we’re helping everybody, including our private sector partners,” Wennegren said.

http://seclists.org/isn/2007/Jun/0075.html