Recent articles by Peter Stephenson,CeRNS,
Review: GFI LANGuard Network Security Scanner
This is a straightforward vulnerability scanner that also manages patch deployment. It can push patches and service packs out to target computers by means of a patch agent installed on the target. We found it generally competent and straightforward to install on our Windows 2000 notebook.
Feb 1 2006 12:00AM
Security
Review: Core Impact
Core Impact is different in that while it performs vulnerability assessment, it is primarily a penetration testing tool. It behaves like a hacker, performing vulnerability and port scans then attempting to penetrate the target using the vulnerabilities it finds. There are real benefits to this approach.
Feb 1 2006 12:00AM
Security
Review: BindView Control Compliance Suite
The BindView Compliance Control Suite includes bv-Control for Windows, bv-Control for Internet Security and Compliance Center. This is a very complex suite of products and is part of a complete compliance and assessment toolkit that offers virtually every view necessary of the security compliance status of an enterprise. This very strength makes configuration and use of the product difficult at first.
Feb 1 2006 12:00AM
Security
Review: AZScan
AZScan has a way to go to become a world-class vulnerability assessment tool – the product is not intuitive. First, one needs to know quite a bit about the product being audited. Second, there is no online help or tool tips. Third, the menu choices don’t always behave as expected. Set-up seems easy at first, but details often don’t work.
Feb 1 2006 12:00AM
Security
Review: Auditor Enterprise
NetClarity’s Auditor is a fine example of a fully featured appliance that offers not just vulnerability assessment, but also ties results to compliance and ongoing information systems audit programs. Beginning from the superb documentation and ending with the high value for the money, this product shines.
Feb 1 2006 12:00AM
Security
Defend against cyberwarfare
Most of the national and international TV news is taken up with the “war on terror” or the “war in Iraq.” In our area (metro Detroit), these stories have their own logos and intense theme music. Depending upon the political bent of the news source, these “wars” either are the right or wrong thing to do. We are either winning or we are not.
Dec 15 2005 7:41PM
Security
Review: SecureDoc
SecureDoc is a competent full disk encryptor that uses the AES algorithm and SHA-2 hashing. It works with a token to which the user can save the key file, rather than saving it on the computer. This adds significant extra security – if the user does not store the USB token in their laptop case. The product also supports basic password security and quite a wide range of third-party pre-boot authentication products.
Nov 20 2005 12:00AM
Security
Open doors and open eyes
Nov 11 2005 11:01AM
Security
Without clarity you will fail
Oct 21 2005 4:23PM
Security
Opinion - Without clarity you will fail
Some readers will recall that I can be a bit picky when using terms to describe things. We run into confusion when we are vague about terms and descriptions. This can be especially troublesome when we are handling an incident and adrenaline is running high.
Oct 10 2005 6:11PM
Security
Review: OfficeLock
This is not a disk encryptor like most of the products on test, because it encrypts individual document files transparently. Indeed, it was designed and intended completely for enterprise use, and requires an external copy of Microsoft SQLServer in order to install.
Oct 3 2005 12:00AM
Security
We must all play our part
Aug 26 2005 2:25PM
Security
The next generation is here
I recently attended the graduation of the latest class of Norwich University's Master of Science in Information Assurance program. It was one of the high points of my lengthy career. In the spirit of full disclosure, I've been teaching in this program, for mid-career adults, since its inception. This was the second graduation in the 18-month program.
Jul 22 2005 2:32PM
Security
We are dead wrong about risk
Jul 1 2005 2:02PM
Security
Is risk an overused buzzword?
Jun 21 2005 11:10AM
Security
