Features

Review: Passive Vulnerability Scanner

Review: Passive Vulnerability Scanner

The Tenable Passive Vulnerability Scanner (PVS) is a most interesting product. It is truly passive in that it does not perform active scans of any kind. It is, simply, a very smart sniffer. The product depends for its usefulness on the way that it collects and reports vulnerability data. Since the PVS is always listening, it constantly collects information from the normal data flows on the network. This is superior to active scanners in two important ways.
Peter Stephenson,CeRNS, Jan 29 2007 12:00AM Security
Review: Secude Secure Notebook

Review: Secude Secure Notebook

The Secude Secure Notebook has the ability to authenticate the user using two-factor authentication, such as smart cards and USB tokens. The drive encryption product is broken into two pieces — one that provides the boot time authentication, and a second piece that provides the actual hard drive encryption.
Justin Peltier Jan 29 2007 12:00AM Security
Hot or Not: Remote access breaches

Hot or Not: Remote access breaches

Just like the detectives do on weekly television crime dramas, put yourself in the mind of the bad guy. Pretend that you're the criminal who brokers stolen personal information with organised crime syndicates overseas. Put yourself behind the eyes of the malicious hacker who plans to breach merchant networks and compromise wholesale volumes of consumer payment card information, the kind of information that can be bartered within the internet's dark underbelly.
J. Andrew Jan 24 2007 9:11PM Security
Can security expenditure end with profits?

Can security expenditure end with profits?

Ever since the arrival of the first anti-virus software in the mid-1980s, accountants have been battling with IT managers to control and quantify the efficiency of IT security software.
Steve Gold Jan 24 2007 7:07AM Security
Good enough for your business?

Good enough for your business?

If you're part of a financial institution, chances are you've memorised the Federal Financial Institutions Examination Council (FFIEC) guidance chapter and verse, and, with risk assessment in hand, are in the midst of rolling out some form of consumer authentication.
Joe DeSantis, Jan 24 2007 12:37AM Security
Patching process

Patching process

There are many different names for the second Tuesday of every month: Patch Tuesday, Super Tuesday, Black Tuesday — and maybe even some other unsavory nicknames not suitable for print. This day, when Microsoft rolls out security updates, is the fulcrum around which most organisations' whole patch management cycles revolve. But just as there are different nicknames for the day, there are also differing opinions about how it should be handled and how quickly organisations should respond with changes.
Ericka Chickowski Jan 22 2007 12:14AM Security
Review: DriveCrypt Plus Pack

Review: DriveCrypt Plus Pack

If James Bond had encryption software he would have the DriveCrypt Plus Pack. This software includes many more features than the other products in this category. Are they all useful to the typical corporate road warrior? Probably not, but they are all cool and definitely have some merit.
Justin Peltier Jan 22 2007 12:00AM Security
Train to prevent social media attacks

Train to prevent social media attacks

If there is one certainty in the security business, it is that security professionals and hackers are in a constant battle to protect and exploit vulnerabilities.
Mark Zielinski, Jan 17 2007 11:42PM Security
Implementing compliance through privacy policy

Implementing compliance through privacy policy

The internet age has revolutionised how organisations communicate, publish and find information. While this technology has created new opportunities for global communication and commerce, it has also created new challenges in risk management.
Kurt Mueffelmann, Jan 17 2007 11:22PM Security
Legal matters: How to make AUPs stick

Legal matters: How to make AUPs stick

Can organisations enforce Acceptable Use Policies? Tamzin Matthew investigates.
Jan 17 2007 12:15PM Security
Review: PGP Whole Disk Encryption 9.5

Review: PGP Whole Disk Encryption 9.5

PGP Whole Disk Encryption provides the easiest to install hard drive encryption package we tested. Both the standalone and enterprise products were easy to configure and were easy enough that most end-users could perform the installation with only the quick start guide.
Justin Peltier Jan 15 2007 12:00AM Security
Hot or not: Early Vista flaws

Hot or not: Early Vista flaws

There's been plenty of talk about the security capabilities of Windows Vista, but what's at the heart of the security defenses within Microsoft's latest operating system? This article aims to take a close look at the technology that will make a difference.
Amol Sarwate, Jan 10 2007 10:29PM Security
From Carriage to Content - The future of telcos

From Carriage to Content - The future of telcos

Carriers have long acknowledged that they need to bolt innovative and appealing content services onto their fixed and mobile communications services if they are going to weather the inevitable decline in access charges.
David Binning Jan 10 2007 12:04PM Telco/ISP
Product Section: Two staples of information protection

Product Section: Two staples of information protection

This month, we have juxtaposed two of the foundations of information security: data protection and vulnerability assessment. On the protection side, we look at some of the key products in the area of whole disk encryption.
Peter Stephenson,CeRNS, Jan 8 2007 10:02PM Security
Review: SealedMedia E-DRM

Review: SealedMedia E-DRM

SealedMedia is a client/server implementation with four components. A license server manages what the company calls a classification-based rights model; a management website offers provisioning for users, rights model management and documentation; and a management console is used for administration. The final part is the desktop, the user's tool for sealing documents.
Patrick Love, Head of Fiduciary Support, Global Wealth Sol Jan 8 2007 12:00AM Security
Beyond v1@gr@ - spam's new image

Beyond v1@gr@ - spam's new image

We've all heard about the recent rise in spam, and while I dislike spam as much as the next person, I recently received a spam message that got me quite excited.
Andrew Graydon, Jan 2 2007 11:05PM Security
Is someone listening to your keyboard?

Is someone listening to your keyboard?

Floppies are obsolete, CRT monitors are a dying breed and CPU cores are multiplying every year. Since the early days of modern computers, research companies have redesigned, reinvented and revolutionised every aspect of computers except one: the ever faithful keyboard.
Gil Sever, Jan 2 2007 10:57PM Security
Match your company policies with your solutions

Match your company policies with your solutions

The headlines are scary for both CIOs and the companies they work for. "Stolen Computer Holds Information of 16,000 Driver's License Holders," "Vulnerability Auctions Killing Responsible Disclosure," "Hacking for Dollars: Is The Botnet Battle Already Lost?" "Online Brokerage Account 'Incursions' Worry SEC."
Dan Farmer, Jan 2 2007 9:30PM Security
Virtualisation - the next step in enterprise security

Virtualisation - the next step in enterprise security

The complexity, frequency, and malicious intent of security attacks from many sources are increasing in today's enterprise.
Leo Cohen, Jan 2 2007 8:16PM Security
Encryption a perfect response to the Year of the Breach

Encryption a perfect response to the Year of the Breach

2006 will be recorded as the year that security breaches reached the consciousness and awareness of the mainstream consumer. Breaches are certainly not a new phenomena, especially to security professionals.
Phillip M. Dec 27 2006 9:57PM Security

Log In

  |  Forgot your password?