Features

Review: Coroner's Toolkit

Review: Coroner's Toolkit

The Coroner’s Toolkit, or TCT is an open-source set of forensic tools for performing post-mortem analysis on Unix systems. Written by Dan Farmer and Wietse Venema, both very well known in security circles for such programs as SATAN, TCT is not an easy product to use. A serious knowledge of Unix is a prerequisite for success, but if you can manage it, this is an extremely powerful set of tools.
Peter Stephenson,CeRNS, Jul 11 2006 12:00AM Security
Review: EnCase Forensic

Review: EnCase Forensic

This new version of EnCase shows its pedigree as the oldest of the GUI-based IT forensic tools. We found it very simple to operate and use.
Peter Stephenson,CeRNS, Jul 11 2006 12:00AM Security
Review: Forensic ToolKit

Review: Forensic ToolKit

The Forensic ToolKit (FTK) is very powerful and comes loaded with features, although it is naturally difficult to make such a powerful tool completely simple to use. The program interface can overwhelm at first glance, with all its different features and options, but after reading the documentation and getting to know the program, it becomes much more intuitive.
Peter Stephenson,CeRNS, Jul 11 2006 12:00AM Security
Review: i2 Analyst's Notebook

Review: i2 Analyst's Notebook

This is a very different type of analysis tool from those infosec professionals are used to. Link analysis, a crucial aspect of incident response, is usually done manually or by trying to use log correlators. This is a true link analyser with a long pedigree in analysing complex crimes and security incidents.
Peter Stephenson,CeRNS, Jul 11 2006 12:00AM Security
Review: LogLogic LX 2000

Review: LogLogic LX 2000

LogLogic’s LX 2000 is an excellent log analysis tool. It is powerful, can be distributed, and is a mature and useful product. But it is not for the faint-hearted. While its user interface is excellent, it has many hidden capabilities that require some time to understand.
Peter Stephenson,CeRNS, Jul 11 2006 12:00AM Security
Review: Mandiant First Response

Review: Mandiant First Response

First Response is a freeware audit tool and is a little difficult to use in the beginning. The interface, deploying agents and gathering data can also be a little awkward at first, but this program can be very useful once the user has a grasp on what it does and what it is capable of.
Peter Stephenson,CeRNS, Jul 11 2006 12:00AM Security
Review: NetWitness

Review: NetWitness

NetWitness is a network traffic security analyser that the vendor describes as a “security intelligence” tool. Setup is simplified by its new installation wizard, that worked correctly the first time, and was a breeze. We then fed it a set of snort packet logs, that it accepted without complaint, and were able to begin analysis within an hour.
Peter Stephenson,CeRNS, Jul 11 2006 12:00AM Security
Review: ProDiscover Incident Response

Review: ProDiscover Incident Response

ProDiscover IR is a complete IT forensic tool that can access computers over the network (with agents installed) to enable media analysis, image acquisition and network behaviour analysis.
Peter Stephenson,CeRNS, Jul 11 2006 12:00AM Security
Review: Sleuth Kit & Autopsy Browser

Review: Sleuth Kit & Autopsy Browser

Sleuth Kit and Autopsy Browser are excellent examples of what happens when a talented developer builds on good prior work. These products, used together, are freeware open-source computer forensic tools built on the Coroner’s Toolkit. But the developer, Brian Carrier, has taken his considerable expertise in file systems of all kinds and applied it here.
Peter Stephenson,CeRNS, Jul 11 2006 12:00AM Security
Review: KeyGhost USB Keylogger

Review: KeyGhost USB Keylogger

Physical keyloggers top the list of security nightmares for most in the profession. While full-blown remote access trojans are worse, they are also fairly easy to identify and block, both at installation and in use, but physical keyloggers are much harder to identify.
Jon Tullett Jul 11 2006 12:00AM Security
Cover Story: Working for Gold

Cover Story: Working for Gold

For all of the change that occurs in the industry, there remains one immutable consideration that every IT security manager must deal with: the justification of security costs.
Ericka Chickowski Jul 10 2006 8:48PM Security
Industry evolution

Industry evolution

There is no denying the IT security market is alive and well. Depending on who you ask, between 400 and 1,500 security companies are in business worldwide, offering solutions ranging from anti-virus software to network access control appliances to consulting services. This, of course, should come as no surprise — especially when one considers enterprises are spending more money than ever before to meet compliance requirements and to defend against sophisticated and targeted attacks that could lead to embarrassing, costly breaches.
Dan Kaplan Jul 10 2006 8:41PM Security
Traffic control

Traffic control

How do you spell trust? Not I-P-S — at least, not if you're an enterprise security manager deploying an intrusion prevention system (IPS) for the first time. Once heralded as the "smarter" cousin of the intrusion detection system (IDS) — destined to eventually kick its kin out of the data center because of its "intelligent" ability to block, not just identify, security threats — the IPS instead has reached a sort of détente with the IDS. Rather than supplanting the IDS with an IPS, many enterprises use the two devices in complementary fashion.
Jim Carr Jul 10 2006 8:30PM Security
The money trail

The money trail

To the law-abiding internet user, online payment systems offer immediacy, convenience, safety and a global reach, while keeping transaction costs to a minimum. To the cybercriminal, such services offer the same benefits — plus something even more attractive: secrecy.
Dan Kaplan Jul 10 2006 8:23PM Security
Fun in the sun

Fun in the sun

Nearly 50 security practitioners met in May in Hilton Head Island, S.C. for another successful SC Forum event — the first of two forums this year.
Staff Writers Jul 10 2006 8:11PM Security
Review: Astaro Security Gateway

Review: Astaro Security Gateway

The ASG 425 is at the top end of Astaro’s 1U appliance range, with several smaller versions and two larger options available. The unit offers eight ports, but just one is active by default and is used for the internal segment (and web management). The rest must be specifically enabled and configured, which is our preferred default configuration: everything blocked by default.
Jon Tullett Jul 10 2006 12:00AM Security
Review: DFL-2500

Review: DFL-2500

D-Link’s DFL-2500 offers more network control than we expected, and does it at a good price for its class.
Jon Tullett Jul 10 2006 12:00AM Security
Review: Firebox XCore 2500

Review: Firebox XCore 2500

The Firebox range is always easy to pick out of a group, with its trademark red casing. The unit ships with a full complement of hardware, some enabled through software licenses.
Jon Tullett Jul 10 2006 12:00AM Security
Review: FortiGate-1000A

Review: FortiGate-1000A

We were pleased to see that this unit’s web GUI was one of the few being tested that defaults to a secure HTTPS connection. There is also a fully featured console available through serial connection, although it has a blank default password. That can be set, but a lot of users might forget, leaving their systems vulnerable.
Jon Tullett Jul 10 2006 12:00AM Security
Review: Kerio WinRoute Firewall

Review: Kerio WinRoute Firewall

This was the only software being tested. WinRoute is intended to be installed on Windows systems, and there must be doubts about the product’s viability as Microsoft continues building features into ISA Server. For now, WinRoute is cheaper and offers features ISA does not.
Jon Tullett Jul 10 2006 12:00AM Security

Log In

  |  Forgot your password?