Peter Stephenson,CeRNS,

Recent articles by Peter Stephenson,CeRNS,

Review: NETASQ F800 UTM Appliance

Review: NETASQ F800 UTM Appliance

The NETASQ F800 appears to have a simple setup, but configuration was another story. After going through a setup procedure that involves changing IP addresses of its interfaces and the management computer, the appliance then has to be licenced.
Aug 9 2006 12:00AM
Review: CounterACT

Review: CounterACT

This product has a simple, straightforward setup and initial configuration, and generally, we found it easy to work with. Understanding the console takes some reading of the documentation, though. ForeScout uses many non-traditional icons and the interface can be confusing to start with, but the console user guide is very helpful in explaining how to use the interface.
Aug 8 2006 12:00AM
Review: Coroner's Toolkit

Review: Coroner's Toolkit

The Coroner’s Toolkit, or TCT is an open-source set of forensic tools for performing post-mortem analysis on Unix systems. Written by Dan Farmer and Wietse Venema, both very well known in security circles for such programs as SATAN, TCT is not an easy product to use. A serious knowledge of Unix is a prerequisite for success, but if you can manage it, this is an extremely powerful set of tools.
Jul 11 2006 12:00AM
Review: EnCase Forensic

Review: EnCase Forensic

This new version of EnCase shows its pedigree as the oldest of the GUI-based IT forensic tools. We found it very simple to operate and use.
Jul 11 2006 12:00AM
Review: Forensic ToolKit

Review: Forensic ToolKit

The Forensic ToolKit (FTK) is very powerful and comes loaded with features, although it is naturally difficult to make such a powerful tool completely simple to use. The program interface can overwhelm at first glance, with all its different features and options, but after reading the documentation and getting to know the program, it becomes much more intuitive.
Jul 11 2006 12:00AM
Review: i2 Analyst's Notebook

Review: i2 Analyst's Notebook

This is a very different type of analysis tool from those infosec professionals are used to. Link analysis, a crucial aspect of incident response, is usually done manually or by trying to use log correlators. This is a true link analyser with a long pedigree in analysing complex crimes and security incidents.
Jul 11 2006 12:00AM
Review: LogLogic LX 2000

Review: LogLogic LX 2000

LogLogic’s LX 2000 is an excellent log analysis tool. It is powerful, can be distributed, and is a mature and useful product. But it is not for the faint-hearted. While its user interface is excellent, it has many hidden capabilities that require some time to understand.
Jul 11 2006 12:00AM
Review: Mandiant First Response

Review: Mandiant First Response

First Response is a freeware audit tool and is a little difficult to use in the beginning. The interface, deploying agents and gathering data can also be a little awkward at first, but this program can be very useful once the user has a grasp on what it does and what it is capable of.
Jul 11 2006 12:00AM
Review: NetWitness

Review: NetWitness

NetWitness is a network traffic security analyser that the vendor describes as a “security intelligence” tool. Setup is simplified by its new installation wizard, that worked correctly the first time, and was a breeze. We then fed it a set of snort packet logs, that it accepted without complaint, and were able to begin analysis within an hour.
Jul 11 2006 12:00AM
Review: ProDiscover Incident Response

Review: ProDiscover Incident Response

ProDiscover IR is a complete IT forensic tool that can access computers over the network (with agents installed) to enable media analysis, image acquisition and network behaviour analysis.
Jul 11 2006 12:00AM
Review: Sleuth Kit & Autopsy Browser

Review: Sleuth Kit & Autopsy Browser

Sleuth Kit and Autopsy Browser are excellent examples of what happens when a talented developer builds on good prior work. These products, used together, are freeware open-source computer forensic tools built on the Coroner’s Toolkit. But the developer, Brian Carrier, has taken his considerable expertise in file systems of all kinds and applied it here.
Jul 11 2006 12:00AM
Structure found in process

Structure found in process

As technically oriented security professionals we often don’t pursue structure in our testing. We simply use the same vulnerability scans and penetration tests we’ve been using for years — updated, of course, for the latest network nasties. Today, that simply is not enough.
Jun 5 2006 9:35PM
Review: AppSense Application Manager and Environment Manager

Review: AppSense Application Manager and Environment Manager

The AppSense Application Manager (AM) can be set up as a standalone product in a test environment before actual deployment. The standalone preconfiguration enables an administrator to get to know and tweak the program for the best configuration for each particular environment.
Jun 1 2006 12:00AM
Review: LANDesk Security Suite

Review: LANDesk Security Suite

This product incorporates all the features of a great endpoint security product in one program. LANDesk must be installed on a central server, which must pass certain security and version tests before install will begin. After installation, policies can be set for access, applications, software versions, service packs, anti-virus, and so on. Agents planted across the network also allow the console administrator to take remote control of machines in violation of policies. Security Suite is part of a larger set of integrated products.
Jun 1 2006 12:00AM
Review: Safe Access

Review: Safe Access

This appliance comes loaded with features. Three default security policies monitor for up-to-date service packs, critical updates, anti-virus programs and updates, and the presence of worms, viruses or Trojans.
Jun 1 2006 12:00AM
Review: Spectator Professional

Review: Spectator Professional

Promisec’s Spectator Professional software combines the functionality of an appliance with the simplicity of standalone software.
Jun 1 2006 12:00AM
On colleagues and support

On colleagues and support

We all have colleagues with whom we keep in touch. We all have colleagues who we call on from time to time for help when we run into knotty problems. And we all have organizations we turn to when we need specific advice. The trouble is that many of us do not mix those three groups to the benefit of our systems’ security, and we should.
May 10 2006 8:05PM
Boards need to pay the cost

Boards need to pay the cost

In our organisations, we need to take a strong lead in many areas. The first is awareness. I remember a commercial where a smirking executive tells an IT engineer that he just opened an email attachment – like he was told not to. We know that sort of thing happens somewhere in our organisations.
May 9 2006 4:23PM
Review: ActiveScout

Review: ActiveScout

The ActiveScout appliance is a very basic intrusion prevention system that uses behaviour, not signatures to address a possible attack. It will identify whether the network is being scanned and then attempt to block the potential intrusion.
May 1 2006 12:00AM
Review: Ally ip100

Review: Ally ip100

We were amazed at what this little product could do and how strong it was. When it first arrived, we did not believe that this little piece of plastic could be a functional IPS. We were wrong.
May 1 2006 12:00AM

Log In

Email:
Password:
  |  Forgot your password?