Features

Are infosec pros complacent?

Are infosec pros complacent?

I had a very interesting conversation with a colleague recently. He had a disturbing take on the state of information security and, particularly, practitioners (of which he is one). He took the position that security professionals who have been around a while are becoming – no, making themselves – dinosaurs. Having been in this field well over 20 years myself, I, of course, found that a disturbing notion. You know what happened to the dinosaurs. Not a pretty thought.
Peter Stephenson,CeRNS, Feb 7 2006 8:00PM Security
Second-factor authentication

Second-factor authentication

Three or four years ago Howard Schmidt commented that we should have moved away from username and password as an authentication mechanism years before. I recall nodding in agreement with his statement. So I was hardly surprised when the The Federal Financial Institutions Examination Council (FFIEC) issued its guidance calling for the use of second-factor authentication in online banking. In the view of many vendors, this guidance — after an earlier FDIC advisory on internet banking security — “represents a definitive step toward eliminating single-factor authentication by financial institutions.” There are alternative views.
Dave Cullinane Feb 7 2006 7:46PM Security
Got something to say?

Got something to say?

Send your comments, praise or criticisms to SCFeedbackUS@haymarketmedia.com. We reserve the right to edit letters.
Staff Writers Feb 7 2006 7:40PM Security
Self-assessment questionnaires

Self-assessment questionnaires

A CIO for a marketing company was in a state of panic. He recently received a 20-page information security audit questionnaire from one of the company’s largest clients, a national bank. The questionnaire was a detailed self-assessment asking the company to verify the actions it took to protect bank information as per the Gramm-Leach-Bliley Act.
Richard Menta Feb 7 2006 7:21PM Security
Shed-ding Light on Enterprise Security

Shed-ding Light on Enterprise Security

It’s 4am, cold, dark and I’m running as fast as I can, wearing only a dressing gown. What’s going on? And what has this to do with IT security?
Jason Holloway Feb 6 2006 12:31PM Security
Warning MP3s Could Seriously Damage Your Reputation

Warning MP3s Could Seriously Damage Your Reputation

So you’re in love with your MP3, you go jogging with it, you sleep with it and you listen to it on the way to work! This year the workplace has become flooded with them as the cheapest MP3s are now sold for as little as £20 storing around 256MB of data. At the top end of the market, digital jukeboxes with storage of 20GB start at under £150 while a 60GB Apple iPod Video player can be had for just £300. That is the same storage capacity as a lot of corporate notebooks.
Martin Allen Feb 3 2006 12:58PM Security
Review: Auditor Enterprise

Review: Auditor Enterprise

NetClarity’s Auditor is a fine example of a fully featured appliance that offers not just vulnerability assessment, but also ties results to compliance and ongoing information systems audit programs. Beginning from the superb documentation and ending with the high value for the money, this product shines.
Peter Stephenson,CeRNS, Feb 1 2006 12:00AM Security
Review: AZScan

Review: AZScan

AZScan has a way to go to become a world-class vulnerability assessment tool – the product is not intuitive. First, one needs to know quite a bit about the product being audited. Second, there is no online help or tool tips. Third, the menu choices don’t always behave as expected. Set-up seems easy at first, but details often don’t work.
Peter Stephenson,CeRNS, Feb 1 2006 12:00AM Security
Review: BindView Control Compliance Suite

Review: BindView Control Compliance Suite

The BindView Compliance Control Suite includes bv-Control for Windows, bv-Control for Internet Security and Compliance Center. This is a very complex suite of products and is part of a complete compliance and assessment toolkit that offers virtually every view necessary of the security compliance status of an enterprise. This very strength makes configuration and use of the product difficult at first.
Peter Stephenson,CeRNS, Feb 1 2006 12:00AM Security
Review: Core Impact

Review: Core Impact

Core Impact is different in that while it performs vulnerability assessment, it is primarily a penetration testing tool. It behaves like a hacker, performing vulnerability and port scans then attempting to penetrate the target using the vulnerabilities it finds. There are real benefits to this approach.
Peter Stephenson,CeRNS, Feb 1 2006 12:00AM Security
Review: GFI LANGuard Network Security Scanner

Review: GFI LANGuard Network Security Scanner

This is a straightforward vulnerability scanner that also manages patch deployment. It can push patches and service packs out to target computers by means of a patch agent installed on the target. We found it generally competent and straightforward to install on our Windows 2000 notebook.
Peter Stephenson,CeRNS, Feb 1 2006 12:00AM Security
Review: Nessus/NeWT

Review: Nessus/NeWT

Nessus has been a mainstay of vulnerability scanning since the Nessus Project was started by Renaud Deraison in 1998. The Nessus website claims that over 75,000 organizations worldwide use the program.
Peter Stephenson,CeRNS, Feb 1 2006 12:00AM Security
Review: NeXpose

Review: NeXpose

As an appliance, NeXpose fits into our category of fully featured products, but it is also available as software only. Uniquely, Rapid 7 also offers a managed service for organizations with limited resources.
Peter Stephenson,CeRNS, Feb 1 2006 12:00AM Security
Review: SAINT Scanner

Review: SAINT Scanner

Saint is a venerable product with its roots in the earliest days of automated vulnerability assessment. It has been dressed up in a new suit of clothes since becoming a commercial product, but retains its strong Unix roots.
Peter Stephenson,CeRNS, Feb 1 2006 12:00AM Security
Review: RSA SecurID Appliance

Review: RSA SecurID Appliance

This appliance is aimed at SMEs wanting two-factor authentication, but which cannot manage their own authentication server. It supports up to 250 users, and automates much of the normal hassle of configuration and management. Despite the SME focus, a larger enterprise might use it to give a core group of users strongly authenticated access to intranet resources.
Jon Tullett Feb 1 2006 12:00AM Security
Review: BlackSpider MailControl

Review: BlackSpider MailControl

BlackSpider’s services have performed well in our previous, more filtering-oriented tests. The company is focused on mail and web filtering, and unlike other services, it has no plans to offer long-term mail archival, claiming limited demand — surprising, but there are good arguments for separating email management from archiving.
Jon Tullett Feb 1 2006 12:00AM Security
Review: Mimecast Online

Review: Mimecast Online

Mimecast offers its technologies as an appliance and a managed service for smaller enterprises, run from three data centers. The service is almost wholly automated, with clients not expected to do much admin work at all beyond reporting.
Jon Tullett Feb 1 2006 12:00AM Security
Review: MIMEsweeper Email Managed Service

Review: MIMEsweeper Email Managed Service

Clearswift is well-known for its MIMEsweeper filtering software, but entered two new markets in 2005. First, it introduced an appliance format of the product, and then launched a managed service with no fanfare.
Jon Tullett Feb 1 2006 12:00AM Security
Review: SoftScan

Review: SoftScan

SoftScan services clients around the world, but while its support hours are European, 24x7 telephone support is available for a fee.
Jon Tullett Feb 1 2006 12:00AM Security
Review: ReadyARM

Review: ReadyARM

Avanton’s ReadyARM is an IDS appliance aimed at SMEs. It is based on open-source IDS and vulnerability-scanning software and has custom wrappers to hold it together, a web GUI and prepackaged reports.
Jon Tullett Feb 1 2006 12:00AM Security

Log In

  |  Forgot your password?