admini – Page 339 – CyberSecurity Institute

New Threats Ahead

Posted on December 5, 2004December 30, 2021 by admini

Web services and ubiquitous wireless access will continue to add new security threats.

“Businesses battened down their network years ago and hackers moved up to applications,” says John Pescatore, a security analyst with research firm Gartner. “As certain areas of security improve and technology grows, hackers will move to new weaknesses.” To confront the threats more effectively, antivirus and firewall software will become more commonplace for smart devices, as will Web-services firewalls.

Embedded-chip maker Phoenix Technologies Ltd. has built device authentication with public key infrastructure and secure crypto-key storage into its hardware so companies can identify trusted systems before they’re allowed to log on to their networks.

“The large [software vendors] got caught with their pants down, and they’re now putting more money into their development processes,” says Lloyd Hession, chief security officer at Radianz, a provider of financial-services networks.

“My worst fear is someone is going to whack our customers, and I do everything to avoid that,” says Mary Ann Davidson, chief security officer at Oracle. Software quality “is a systemic industry problem,” she says. Oracle conducts secure coding training and has 100 pages of formal design specifications its developers use to engineer reliability and safety into applications.

IBM Tivoli continuously improves software development by conducting design-code reviews, and it has stepped up the number of applications it runs through the Common Criteria certification process, an international security evaluation standard, says Bob Blakley, chief scientist of security and privacy. “If there’s a perception out there that software is more fragile, that’s because it’s subject to more hostile attacks today than in the past. It’s fair to say that software quality is improving but that the threat environment is worsening.”

And that’s one trend business-technologists can expect will continue for some time to come.

Government surveillance helps keep us secure, and better corporate information makes the economy more productive.

http://www.securitypipeline.com/news/54202035;jsessionid=XF2C5R4SIDHHWQSNDBCSKH0CJUMEKJVN

Guarding the Grid

Posted on December 1, 2004December 30, 2021 by admini

As a result, companies that are implementing grid technologies need to pay special attention to issues such as user authentication, authorization and access control, as well as auditing and data integrity — both when data is in storage and while it’s in transit.

Ensuring that adequate measures are in place for responding to the effects of worms and viruses, which can be amplified in a grid setup, is also crucial in grid computing, IT managers say.

Most of the problems that users have to deal with in a grid environment are similar to the ones they face in nongrid environments, says John Hurley, senior manager for distributed software and systems integration at The Boeing Co.’s mathematics and computing technology group in Seattle.

A grid installation harnesses the combined power of numerous servers and PCs to run applications and services as one large system.

The potential severity of grid-related security problems depends largely on the context in which grids are being used, says Dane Skow, deputy computer security executive at the Fermi National Accelerator Laboratory in Batavia, Ill.

“When you talk to people about grids, they have different scenarios in mind — everything from clusters in the same room run by the same infrastructure team to global power-grid-like infrastructures,” says Skow.

Research grids, for instance, typically provide access to users from multiple organizations and security domains. User access, authentication and authorization in such an environment can be a big challenge, given the fact that there’s no single identity authority, says Skow, who is also part of the security group at the Global Grid Forum, a Lemont, Ill.-based organization with members from more than 400 vendors and user companies.

In contrast, a grid being run by a private-sector company typically uses internal resources and is accessed by users whose identities are already stored in an internal directory. As a result, it’s easier to get a grip on identity management in a company grid than it is with grids in a research setting, Skow says.

Companies that are deploying grids also must protect data during transmission on the network via encryption, says Jikku Venkat, chief technology officer at United Devices Inc., an Austin-based vendor of technologies for aggregating computing resources into clusters and grids.

Addressing grid security may not involve new technologies, but because of the increased potential vulnerability, protective measures become more urgent.

http://www.computerworld.com/securitytopics/security/story/0,10801,97815,00.html

CIOs and IT Managers prefer Linux for e-mail

Posted on December 1, 2004December 30, 2021 by admini

The research also revealed that 21 percent of executives would prefer Linux for their entire email infrastructure if they could scrap their current email infrastructure, and over 40 percent said they would replace their backend messaging infrastructure for one with better performance and lower costs.

“The survey shows that Linux is a key platform for messaging and its market share is increasing,” said Michael Osterman, head of Osterman Research.

The study is part of Linux related research reports, which were published in a whitepaper entitled “”Linux and eMail Infrastructure: A Business and Technology Perspective”. The whitepaper was released by Scalix, a Linux email software company, to help IT managers extend the technology benefits of Linux to their email infrastructure.

http://www.ebcvg.com/articles.php?id=427

Windows XP SP2 For Embedded Devices Is Out

Posted on December 1, 2004December 30, 2021 by admini

The latest is a version for embedded devices running Windows XP Embedded.
http://www.microsoft-watch.com/article2/0,1995,1734101,00.asp
The embedded XP SP2 release includes many of the same security fixes and new features as Microsoft delivered in the full version of SP2.

http://www.microsoft-watch.com/article2/0,1995,1734130,00.asp?kc=MWRSS02129TX1K0000535

IT pros called to become boys in blue

Posted on December 1, 2004December 30, 2021 by admini

The request has apparently been welcomed by commissioner of the Metropolitan police Sir John Stevens.

“I think we should be using special constables,” said chairman of EURIM Brian White, MP. “IT managers could be given special powers. If they were trained in evidence gathering, they could report straight to the Crown Prosecution Service. Secure crime scenes and give records to court, for example.”

The recommendations follow findings earlier this year that only 240 people were qualified to work in digital forensics and evidence recovery. EURIM is proposing to increase the number of skilled police officers patrolling the cyber world.

White said that legislation alone was not enough to fight cybercrime, and more had to be done to improve the level of skilled police for the Internet. As part of EURIM’s proposals, White added that the UK needed better methods of reporting cybercrime because local police stations were ill-equipped to handle the task.

EURIM also proposed that some of the barriers to becoming a special constable should be removed, especially for IT specialists.

“One of the things you need to be [to join the special constables] is physically fit,” said Philip Virgo, secretary general for EURIM. “There would probably be lots of people who could monitor Internet chat rooms who couldn’t police the town on a Friday night. There are lots of boundaries to this that don’t need to be there.”

EURIM also called for IT specialists to contribute ideas for Internet policing, as the debate for what role the Serious Organised Crime Agency will play will begin over the next few weeks.

EURIM said it wanted to use the opportunity to ensure that people had a centralised point of contact when they needed to report a cybercrime.

http://news.zdnet.co.uk/0,39020330,39175660,00.htm

Customer ID: Frontier Bank Seeks New Level Of Security

Posted on December 1, 2004December 30, 2021 by admini

New account holders had to be verified to near certainty and screened against the OFAC database and other government watch lists to thwart crooks, scam artists and potential terrorists.

The bank needed a cost-effective and compliance-ready solution through automated ID verification software, a niche IT product that seamlessly works with existing new account procedures to enhance identity safeguards and build a database of documentation showing the bank’s compliance with Section 326, the customer identity regulations in the Patriot Act.

The answer, in this case eFunds’ ID verification system, which came packaged with Scottsdale, AZ-based eFunds’ ChexSystems fraud prevention and risk management solution already employed by Frontier.

The new system could track what records new account reps were pulling for customer verification, allowing Roush to determine which employees are not completing full records checks, or those who aren’t clearing up “false positives” that mistakenly rejected customers.

Bankers Systems acquired Atchley Systems in October 2003 to broaden its Patriot Act compliance offerings.

Sheshunoff Information Services bank compliance consultant Lorraine Hyde believes most banks are largely taking the necessary steps from a “safety and soundness standpoint,” but not just for examinations.

http://www.banktechnews.com/article.html?id=20041101ZV7Q0QP5