|
|
Free Newsletters
|
|
|
|
|
|
IT trainer offers master's degree for hackers In an effort to produce the next generation of chief security officers and IT systems defense experts, an online training company is offering a new master's degree program in security science. Security outsourcing on the rise As one of the world's largest outsourcing providers, Wipro Technologies is ramping up its security services business in a big way.  September 20, 2:30 p.m. PDT Fear of insider threats hits home The more money that companies spend on securing their IT operations from external attack, the more it seems they become aware that the potential threat posed by their own employees remains their most significant risk. September 18, 10:42 a.m. PDT Infrastructure threats: Botnets show DoS who's boss Malware-infected botnet PCs have overtaken DoS attacks as the top security issue facing Internet service providers and other Web infrastructure hosting players, according to a new survey of the organizations. September 18, 3:54 a.m. PDT Cisco says acquisitions don't impede best-of-breed Cisco executives speaking at the ongoing Security Standard Conference claim that the networking giant hasn't sapped innovation in the security companies it has acquired in its efforts to add to its own expanse of IT systems-defense products, while some customers clearly feel otherwise. September 10, 4:38 p.m. PDT Best of open source in security In areas such as CRM software and portals, open source gained a foothold because users were willing to compromise -- less could be more, because the price was right. In security, open source rushed in because commercial vendors fell down on the job. As security problems in the enterprise outstripped the capabilities of commercial solutions, a number of talented security researchers stepped into the breach via the open source model. September 10, 3:00 a.m. PDT Forrester security show stresses risk management Enterprise security decision makers have long been more likely to be swayed by flashy new technologies than by the notion of comprehensive IT restructuring to protect data and other corporate assets, but the situation is evolving rapidly, according to experts participating in Forrester Research's ongoing Security Forum. September 5, 11:33 a.m. PDT FBI: Enterprises need counterintelligence The Chinese government has denied involvement in a series of hacks carried out against IT systems at the Pentagon in June this week, but the threat of technology-driven espionage has forced the FBI to push businesses and academic institutions to better prepare for such attacks. September 4, 3:45 p.m. PDT Intel's vPro chips in more security for businesses With the introduction of its latest vPro microprocessors on Monday, Intel contends it is injecting a heavy dose of new security capabilities for the benefit of business customers and third-party technology providers alike. August 27, 8:00 a.m. PDT Intel adds desktop NAC to latest chips Intel's move to provide new integration with NAC (network access control) tools in its latest vPro desktop processors could provide interesting opportunities for use with the device authentication systems while further strengthening the technology standards it supports, according to industry watchers. August 27, 8:00 a.m. PDT Mobile workers still struggling with security A fair amount of business users remain oblivious or unconcerned about many of the security issues involved with mobile devices, according to a new study published by Cisco and the National Cyber Security Alliance. August 21, 3:08 p.m. PDT Pundits on parade: What’s next in tech You’ve heard of Christmas in July, that classic advertising gimmick designed to lure shoppers into stores despite the oppressive heat and humidity. We’ll, we’ve got New Year’s in August, which invites you to stay indoors and read “The next big things in IT” -- 15 predictions about the future of technology. August 20, 3:00 a.m. PDT Apps security to dominate Black Hat Black Hat kicks off this week in Las Vegas with a big shift in focus from Internet viruses to application security. July 31, 3:00 a.m. PDT Cisco pushes IronPort smarts to firewalls Cisco Systems will begin offering IronPort's security filtering tools to its firewall customers after the networking giant's acquisition of the company closes on June 25. June 22, 10:05 a.m. PDT Homeland Security to detail IT attacks Officials from the U.S. Department of Homeland Security will hold a hearing on Capitol Hill on June 20 to discuss the findings of an investigation into the agency's own problems in battling electronic attacks and IT systems intrusions. June 15, 11:26 a.m. PDT Microsoft unveils integrated security Microsoft shared details of its long-term security product strategy as part of its ongoing TechEd 2007 training conference on June 4, lifting the lid on plans to deliver an integrated suite of its software by mid-2009. June 4, 7:24 a.m. PDT Companies open wallets for secure data An annual VanDyke Software-sponsored survey of IT network and systems administrators finds that businesses have increased their spending on secure data communications technologies and also have undertaken significant work to improve their internal processes to benefit security. May 22, 11:42 a.m. PDT Microsoft, TCG get closer on NAC The Trusted Computing Group (TCG) is tying its authentication software standard to Microsoft's proprietary network access protection platform -- a move that leaders in the network access control (NAC) segment tout as a major step toward getting products made by different vendors to work together. May 21, 8:20 a.m. PDT IBM pitches risk management strategy IBM unveiled a new IT governance and risk management strategy on May 15 that it will market to enterprise customers as a means to weave together security and compliance projects to ease planning and help drive down related expenses. May 15, 12:42 p.m. PDT Infrastructure security powers up He may not have known it at the time, but Lonnie Charles Denison helped prove the need for tighter security at many infrastructure businesses when he launched a multifaceted attack against California Independent System Operator, a quasi-governmental agency responsible for management of the state's power grid. May 9, 4:17 a.m. PDT Nokia expands security appliance line Nokia introduced two new network security appliances on April 30, adding high- and low-end models that aim to help companies filter out malware traffic before it penetrates their IT systems. April 30, 2:17 p.m. PDT Rootkits: The next big enterprise threat? Late at night, a system administrator performed a routine check of a crashed server, one of 48 systems comprising a major online infrastructure that generated about $4 million per month in revenue. He was a bit surprised that the system had gone down, as it had been humming for months without any indication of being prone to crashing. The check uncovered three encrypted files. The administrator called on MANDIANT to analyze them. April 30, 3:00 a.m. PDT Large enterprises still serving up spam Well-known enterprise companies are still having their IT systems hijacked by spammers despite investing in many different types of technologies aimed at stopping the problem. April 17, 3:04 p.m. PDT P2P worms get their turn Massive networks of infected computers controlled by attackers worldwide will serve as a powerful engine for the new breed of so-called P2P worm that is currently echoing across cyberspace. April 16, 11:17 a.m. PDT McAfee: Cyber-crime will continue to pay The latest research report from McAfee's Avert Labs paints a frightening picture for enterprise IT administrators and end-users, predicting continued maturation of cyber-crime and the technological means being used to carry out external attacks. April 10, 9:00 p.m. PDT ShmooCon hacker event gets under way The third annual ShmooCon convention kicked off in Washington, D.C., on March 23 and will run throughout the weekend with a series of lectures and presentations covering a wide range of enterprise security issues. March 23, 2:12 p.m. PST Mac users gain off-the-shelf VPN box A powerful and secure virtual private network solution for businesses with Macs has been announced by Billion Electric. March 7, 3:55 p.m. PST More IT war stories Off the Record, the real-world slice of life that graces the last page of InfoWorld, is one of our most popular columns. I know this from reader surveys and from all the e-mail I receive about it. As reader Roland Sickenberger put it recently, “It’s my favorite part of the magazine, kind of like a ‘Dilbert come to life’ thing.” March 5, 3:00 a.m. PST NAC: How we tested Our test infrastructure for the NAC reviews included an edge switch for the client systems, a core switch with server VLANs for the common and secured servers, and a RADIUS server for authentication. Client systems connected into the edge switch, authenticated as defined for the specific scenarios, then accessed (or attempted to access) the various areas of the network: Internet, enterprise, and limited access. We created additional policy networks for remediation and scanning as well. February 5, 3:00 a.m. PST NAC policy management wags the watchdog The most critical element of a NAC system is the policy management system. As every administrative interface that an administrator must use requires specialized focus and understanding, the ease with which an administrator can launch the policy management system, make the changes desired, view reports, and perform other management tasks is critical. No administrator is likely to have hours to devote to these systems each day, so the simplification and visualization provided by the system should be a primary consideration for shoppers (and a prime opportunity for differentiation among the vendors). February 5, 3:00 a.m. PST Microsoft ships SSL VPN software Microsoft has introduced a new product combining the Whale Communications virtual private networking (VPN) software it bought last year with the latest version of its Internet Security and Acceleration Server (ISA Server), the company said Wednesday. February 1, 6:59 a.m. PST Women in technology: A call to action A quick scan of almost any IT department -- from the trenches to the corner office -- confirms it: Women who embrace technology as a lifelong career remain a rare breed. To be sure, opportunity for women in technology has advanced in the past few decades, as have education initiatives aimed at leveling the playing field, but for every woman rising to prominence or embarking on a profession in IT, there seems to be another opting out of her career in technology. January 29, 3:03 a.m. PST Back to school: Getting girls into IT Despite the success of various education initiatives in the past several years, there’s little doubt that the shortage of women in technology begins on the playground. As such, many industry leaders and experts believe the long-term solution to the gender imbalance in IT lies in women technologists going back to school -- way back, to high schools and even elementary schools to mentor young girls, who too often give up on math and science at an early age. January 29, 3:02 a.m. PST Activism provides competitive advantage for IT Encountering another woman working in technology was a rare event for me when I started out in IT many years ago. In the years since, women have made significant strides, sometimes against great odds, proving their mettle as both tech execs and engineers. January 29, 3:01 a.m. PST Gender crisis in IT You don’t need a degree in statistics to recognize that IT is a men’s club. Just walk the floor of any tech conference or, in all likelihood, your own office — XY chromosomes everywhere you look. January 29, 3:00 a.m. PST Technology of the Gods January is named after Janus, the two-faced Roman deity of beginnings and endings, who reportedly was able to look both forward and back. So for our Jan. 1 issue, we pay homage to the mythological immortal with our seventh annual Technology of the Year Awards, an analysis of where IT has been and where it’s going in 2007. January 1, 3:00 a.m. PST Security: A year of reassessment New products and press fascinations come and go (mobile worms, anyone?), but IT security managers will stick with what works -- until it doesn’t. A few years from now, we may look back on 2006 and 2007 as that kind of turning point, when enterprise IT security folks took a good hard look at some of the products that were mainstays of their defensive strategy and asked whether they are pulling their weight. January 1, 3:00 a.m. PST Review of reviews It’s coming up on closing time for 2006. All around us, everyone is going into holiday mode. Not to be curmudgeonly contrarians, InfoWorld will be following suit, taking a one-week break before returning on Jan. 1 with our first print issue of the year. (It’s really only a semi-hiatus; InfoWorld.com will continue to perk over the holidays with a slightly reduced slate of stories.) December 18, 3:00 a.m. PST Virtual concerns Call it the Year of Virtualization. I can’t read a magazine or walk down a corporate hallway without encountering conversations about VMware, Microsoft's Virtual Server, Xen, hypervisor, or some other virtual machine technology. December 1, 3:00 a.m. PST Redefining innovation Innovative ideas are a dime a dozen, according to Jim Andrew, senior partner at big-time consultancy BCG. In fact, at most companies, coming up with great concepts for a product, service, or process isn’t even an issue. But turning those ideas into money … ah, there’s the rub. October 30, 3:00 a.m. PST Government: Unlocking data, locking down access The federal government is often seen as a laggard in IT, a bloated bureaucracy that runs well behind the innovations of private industry. But look closely and you’ll find programs that are truly groundbreaking. August 21, 3:00 a.m. PDT Betting on authentication If Paul Roberts ever goes to the track, I’m gonna let him place a few bets for me. He has a knack for picking winners. Case in point, a few weeks back, the InfoWorld senior editor suggested the time was right for a story on the enterprise’s need for stronger, brainier authentication to clamp down on fraud. No sooner had he finished writing this week's authentication cover story than EMC announced plans to buy authentication vendor RSA Security. A week later, it was Secure Computing buying CipherTrust (with its e-mail reputation system), while digital identity vendor Entrust snapped up fraud-detection company Business Signatures. The vendors clearly appreciate Roberts’ trend-spotting abilities. July 24, 3:00 a.m. PDT Building smarter authentication In March and April, small bunches of e-mail messages arrived at the offices of defense agencies and contractors in the U.S. and Europe. To recipients, the messages seemed credible: Each was addressed to a specific worker, with a valid return address within the organization and visual elements that made it look like internal e-mail. Too sparse and sophisticated to trip anti-spam filters, the messages exploited a previously unknown hole in Microsoft Word that allowed them to slip by anti-virus filters. Those recipients who were unlucky enough to open the e-mails’ malicious attachments unwittingly installed a Trojan horse, which used the Internet Explorer Web browser to report back, through the network firewall, to machines in China and Taiwan. July 24, 3:00 a.m. PDT Hack Tales: Keeping thin clients synced from coast to coast I once consulted for a medical-records company that was rolling out thin clients to nearly 50 offices around the United States. The goal was to build a large Citrix MetaFrame farm over WAN links to the main datacenter, which was located outside Boston, providing a Windows desktop for every user without dealing with hardware problems at each site. May 29, 3:00 a.m. PDT Hack Tales: Network auditing on a shoestring What do you do when the auditors are breathing down your neck, wanting to see an exhaustive report on the Windows network security of a 2,000-user network across eight sites? That’s easy. Break out a text editor and start writing some Perl. May 29, 3:00 a.m. PDT Determina pre-hacks applications against intruders Malicious hackers are constantly exploiting software vulnerabilities. Vendors and IT staff alike spend countless hours racing to update protection signatures and install patches before their exposed systems can be compromised. It’s a never-ending battle that favors the hackers. May 15, 3:00 a.m. PDT Tech startups to watch Startups are back! or at least, startup fever is back. Scan the latest numbers from PricewaterhouseCoopers and you won’t find any hockey sticks -- the level of investment in enterprise-related technology startups has actually remained fairly flat, hovering between $1.5 and $2.3 billion per quarter from 2003 through 2005. May 15, 3:00 a.m. PDT ConSentry locks down the network Traditionally, enterprise networks have been built on trust: Anyone connected is assumed to be authorized because they have to be on the premises. But the growing prevalence of wireless networks, remote access, and nonstaff workers have turned networks into easy targets. “The LAN is now the new DMZ,” says Tom Barsi, CEO of ConSentry. May 15, 3:00 a.m. PDT Telecommuting security concerns grow >Telecommuting has become a way of life as more companies let employees work from home to do jobs that might otherwise be done on corporate premises. As a result, IT managers are adapting security policies to encompass home PCs. April 18, 3:27 p.m. PDT Top six steps toward disaster-recovery I recently got to write a fun piece for InfoWorld called "Stupid user tricks" about protecting your network from human error. Researching the article revealed to me how many variables folks tend to miss when running a network, as well as when planning to protect and recover that network. (By the way, if you were one of the folks who submitted anecdotes for this article, check out the SMB IT blog to see whether you’re on the list for a free InfoWorld backpack.) April 13, 3:00 a.m. PDT Secure remote access to small and branch offices SonicWall made its name in the small office market, and although the company is expanding rapidly into the enterprise, products such as the SSL-VPN 200 show that it hasn’t lost the value touch. SonicWall has positioned this VPN appliance to combine the ease-of-use advantage associated with SSL VPNs with a smaller form factor and an attractive price tag: less than $600 for roughly 10 concurrent SSL VPN tunnels. A bigger sibling, the SSL-VPN 2000, is available for larger networks at about $2,300. April 10, 3:00 a.m. PDT Product Previews Fujitsu unveils eight-socket server blade Fujitsu last week announced an eight-socket server blade based on dual-core AMD Opteron processors. Taking up a good chunk of a Primergy BX600 chassis -- which otherwise supports as many as 10 two-socket blades or five four-socket blades -- the Primergy BX630 can be installed alongside one or two other blades running AMD Opteron or Intel Xeon processors. The eight-socket BX630 blades will be available in the second quarter of this year, priced at less than $36,000. Windows Server 2003, Red Hat Enterprise Linux, Suse Linux Enterprise Server, and VMware ESX Server operating systems are supported. Primergy BX630, Fujitsu Computer Systems March 20, 3:00 a.m. PST Elemental extends visibility and control In an impressive debut release, Elemental Security’s Elemental Compliance System 1.1 advanced the cause of enterprisewide system monitoring and access control with exceptional reporting and granular policy management. Version 2.0 of the agent-based system, renamed ESP (Elemental Security Platform), advances on both of these fronts by broadening the client platform support and adding more than 300 new predefined rules. March 20, 3:00 a.m. PST UK firms weak against ID theft Only 1 percent of U.K. companies use all methods available to control access to their IT systems and prevent security problems, according to the Department of Trade and Industry (DTI). March 16, 8:05 a.m. PST Survey: More U.S. gov't employees teleworking Forty-three percent of U.S. government employees sometimes telecommute instead of driving into the office, up from 19 percent a year ago, according to a survey released Monday. March 6, 12:52 p.m. PST It takes an extraprise to secure your business Back in May, I wrote a column about our country's lack of an overall plan to protect critical infrastructure in case of attack -- telecommunications and fiber in particular. Consider this Part 2. February 21, 3:00 a.m. PST RSA - FBI director: Cyber threats 'fluid and far-reaching' Hacker hunters need to develop new techniques to take on the latest generation of sophisticated and better-organized cyber criminals. That's what U.S. Federal Bureau of Investigation Director Robert Mueller told attendees of the RSA Conference 2006 in San Jose, California, Wednesday. February 15, 3:45 p.m. PST Aventail and F5 extend their security reach to network access control During the past few years, SSL VPNs have matured from devices offering very basic application support to enterprise-ready security jacks-of-all-trades, capable of handling thousands of users and a wide range of connectivity options. Security features are evolving, with extensive host checking taking place prior to user log-on and adaptive, dynamic security policies being applied accordingly. February 3, 3:00 a.m. PST Hackers lurk in AMD Web site Users of Advanced Micro Devices Inc.'s (AMD's) microprocessors may want to think twice before looking for technical support on the company's Web site. Customer support discussion forums on the forums.amd.com site have been compromised and are being used in an attempt to infect visitors with malicious software, an AMD spokesman confirmed Monday. January 30, 12:39 p.m. PST Startup Mu Security looks to lock down code A Sunnyvale, California, startup backed by US$4 million in venture funding and a team of former Juniper Networks Inc. executives says that it has developed a way to make networking products and applications more secure. Mu Security Inc. says it will soon begin selling a new vulnerability assessment product that lets technology vendors and enterprise developers test their products with known hacker techniques, allowing them to fix bugs before products are put into use. January 27, 11:03 a.m. PST State CIOs need more IT security support from DHS The U.S. Department of Homeland Security (DHS) must improve its support for U.S. state and local governments so they can better protect their IT infrastructures from attackers, two organizations of top IT officials said Wednesday. January 25, 2:57 p.m. PST Top technologies of the year Welcome to our first issue of the year. For those of you who took a break, re-entry into the heady universe of work may be a bit discombobulating. Fortunately, last Saturday, the world’s ever-considerate timekeepers saw fit to give us an extra sliver of time -- a leap second-- to prep for the new year. And now, with the pop of the cork (or was that the buzz of a pager?), we’re ready to herald 2006, a potential banner year for the enterprise. January 2, 3:00 a.m. PST Tech reviews for the holidays Even IT takes a holiday now and then. Same goes for the InfoWorld staff, which chills out by taking a one-week break following the publication of this, our 51st and final issue of the year. December 19, 3:00 a.m. PST IAnywhere upgrades remote access platform IAnywhere Solutions on Tuesday introduced the latest version of M-Business Anywhere, the platform that enables remote access to corporate databases. M-Business Anywhere 6.0 adds support for Asian languages, enables remote client software upgrades and supports Web services integration. December 6, 4:12 a.m. PST Check Point and Sygate corral end points At their core, Check Point Integrity and Sygate Enterprise Protection are effectively policy-based firewalls. That’s the cake. The icing is their capability to monitor other applications for compliance with configuration requirements and send errant machines to quarantine until they can be updated with the latest anti-virus definitions, Windows patches, or other necessities. December 5, 3:00 a.m. PST Hardware isn't enough IT buyers live in a golden age of commodity hardware. Processors, servers, networks, storage, you name it: Every segment of the IT stack keeps getting faster, cheaper, and more commoditized. No surprise, then, that IT managers often resort to a checkbook-waving strategy, throwing hardware at every IT problem, from a balky WAN to an application speed bump. November 28, 3:00 a.m. PST Sonicwall buys two companies to expand SMB line Security appliance maker SonicWall Inc. has acquired data backup technology maker Lasso Logic Inc. and the assets of remote access developer EnKoo Inc., the company said Monday. Financial terms of the deals were not disclosed. November 21, 10:24 a.m. PST Exclusive: ConSentry keeps a watchful eye on users Network security is going through a paradigm shift. It is no longer enough to secure just the network edge against unknown attackers trying to break in; traffic inside the network must come under increased scrutiny, as well, to ensure that users are following established policy or meeting regulatory requirements. And when users misbehave, there must be a way to enforce the policy by denying access to sites, applications, and protocols. November 14, 3:00 a.m. PST Identity management in action Think you’re ready to deploy IDM (identity management) in your organization? John Aisien, vice president of marketing at IDM vendor Thor Technologies, won’t kid you about the realities. October 7, 3:00 a.m. PDT VeriSign develops tools for wireless roaming Mobile users typically move among multiple networks: a wired DSL connection at home, a Wi-Fi hot spot at the airport, a landline connection at a hotel, and 3G service in between. Today, users must use a connection manager to log off one service and log on to another manually. Future smart clients, however, will be able to detect available networks and switch among them based on which networks are fastest, which are cheapest, and which are most secure for business use. September 22, 1:00 p.m. PDT Wireless broadband's long and winding road First, the good news: for companies planning to deploy broadband connectivity to their mobile workforces, the options have never looked better. Initial rollouts of 3G (third-generation) cellular data technology are fulfilling the technology’s promise. Sales and field forces can connect to the Internet and corporate applications from virtually anywhere, network speeds are reasonable, and deploying the technology requires only minimal IT investment. September 22, 1:00 p.m. PDT The summer of PKI love The annual PKI Deployment Summit at Dartmouth College is becoming a summer tradition. Universities differ from other large enterprises in ways that make them bellwethers for IT's future. University user populations are transient, platform monocultures cannot be imposed, and collaboration across institutional borders is mission-critical. These are excellent circumstances in which to evolve methods of identity management that will also meet the requirements of corporations as they increasingly outsource, connect with customers through the Web, and engage with partners in federations of Web services. August 10, 10:30 a.m. PDT VMware holds a virtual edge for remote access I just have to say it: I love VMware. I've dinged around with several virtual-machine applications now, including Redmond's own Virtual PC and Virtual Server, and VMware simply kicks booty. August 4, 5:00 a.m. PDT Microsoft aims to host regular hacker meetings Microsoft is working on plans to make a recent hacker meeting held on its Redmond, Washington, campus a twice-yearly event, according to a spokesman for the vendor's security group. August 1, 4:56 p.m. PDT The dumb remote office Management, compliance, and security concerns have made consolidation all the rage in large organizations, which have increasingly moved their applications and data from globally dispersed servers to a few centralized, tightly secured data centers. With the trend toward intelligent networks, we may one day see remote offices with very little intelligence of their own. July 18, 5:00 a.m. PDT Lessons learned from the MasterCard/Visa heist How could MasterCard and Visa allow 40 million customer credit card numbers to be sucked out of their systems and into the hands of criminals? Last week I called them both to find out. June 28, 5:00 a.m. PDT W3C gets proactive with Mobile Web Initiative The World Wide Web Consortium (W3C) formally launched the Mobile Web Initiative at its WWW2005 Conference in Chiba, Japan, on Wednesday, putting out a call for participants to join two working groups focused on making Web access from mobile devices as natural and easy as making a telephone call. May 11, 5:18 a.m. PDT Sun buys Tarantella for $25 million Sun Microsystems has agreed to buy Tarantella, a vendor of tools to secure remote access to applications, for about $25 million in cash, the companies said Tuesday. May 10, 8:06 a.m. PDT A whole lot more than a firewall In a landscape already cluttered by secure, managed remote-access solutions, Caymas Systems’ Caymas 525 Identity-Driven Access Gateway further blurs the lines between application firewall, end-point access control, and remote-application portal. April 8, 3:00 p.m. PDT Group encourages government workers to telecommute WASHINGTON -- A group of technology vendors, along with U.S. government technology leaders, on Tuesday launched an effort to encourage federal workers to explore telecommuting as an option. April 5, 11:42 a.m. PDT The consultant's view Steve Manzuik is an independent IT security consultant. March 28, 6:00 a.m. PST The CTO's perspective Kevin Bernstein is CTO of platinum capital group. March 28, 6:00 a.m. PST Product previews Novell extends lifecycle management for Linux Novell this month took the wraps off its Linux management system, with an emphasis on lifecycle-management capabilities. Intended to lower the overall costs of an IT operation, ZENworks 7 Linux Management taps policy-based automation to deploy and centrally manage Linux-based resources. Version 7.0 works with Suse Linux and Red Hat Enterprise Linux and features new imaging, configuration lockdown, remote management, inventory, and software-management capabilities. Novell has integrated the product’s management features in with its Linux Desktop and Suse Linux Enterprise Server 9 products. Another new capability allows IT workers to use Web-based administration through the product’s Control Center, a task-oriented management console for deploying, managing, and maintaining Linux systems. March 21, 6:00 a.m. PST Secure architectures Thanks to complex perimeters, sophisticated application-level threats, and regulations that hold CEOs and CIOs accountable for company data, security must now be regarded as more than a bunch of technologies tacked onto the network. “Companies are realizing they must approach security at the enterprise level,” says Rich Caralli, senior member of the technical staff at the CERT Coordination Center’s survivable enterprise management group. “Rather than chasing the latest threat, they’re working on identifying and securing directly the core business processes and information assets essential to the company mission.” March 11, 3:00 p.m. PST Your CEO, exposed! On a recent business trip with a couple of colleagues, I learned that my otherwise sober workmate had a special fondness for trashy tabloids like Star Magazine and Us Weekly. When offered a glance at these publications on a long cross-country flight, I firmed my grip on my New Yorker and kept my Harvard Business Review at the ready. I would have none of this Brad-and-Jen prattle. I sneered at celebrity garbage, resting comfortably in my superiority to “journalists” who depend on the antics of the rich and famous for their livelihood. March 4, 3:00 p.m. PST Toward an end-point security standard VPNs, whether IPSec- or SSL-based, allow remote PCs access to the network. Sometimes these computers are under corporate management, but many times they are not. They are home-office PCs, business partner systems, or public Internet terminals. Any might lack up-to-date anti-virus signatures; indeed, they already may be full of malware. February 4, 3:00 p.m. PST Supercharge your WAN It wasn’t so long ago that calling a telco to order frame-relay circuits was the only feasible way to securely connect remote offices to headquarters. The typical frame-relay network consists of T1 and fractional T1 circuits connected via a frame switch located in a telco CO (central office), with all these circuits aggregated on a central circuit in the corporate datacenter. The recurring fees are costly, leaving IT directors little choice but to severely limit the bandwidth to remote sites. If 128Kbps circuits can do the job, albeit slowly, then up they go. January 21, 3:00 p.m. PST Check Point VPN layers the protection Competing in a crowded SSL VPN market, Check Point’s Connectra 2.0 is positioned as not just a secure remote access solution, but also a complete Web security gateway. As such, Connectra not only validates client PCs for anti-virus and personal firewall status, but also scans for malware and quarantines unruly clients. Further, by tying into Check Point’s SmartCenter management platform, Connectra takes advantage of other Check Point technologies such as SmartDefense packet inspection and the Integrity personal firewall. January 21, 3:00 p.m. PST U.S. Secret Service data compromised in T-Mobile hack A malicious hacker penetrated the network of mobile phone company T-Mobile USA and accessed information on 400 of the company's customers, including sensitive information from the account of a U.S. Secret Service agent, according to statements by T-Mobile and the Secret Service. January 13, 12:58 p.m. PST Hands across the enterprise Viewed as a pipe dream only a few years ago, the “autonomous datacenter” gained momentum in 2004, leading some to claim IT as we know it will be dead within a decade. But that’s obvious, isn’t it? In 1994, Usenet was still useful, and Spam tasted great at 1 a.m. The question remains, How soon will we get there -- and who’s behind the wheel? December 30, 3:00 p.m. PST Remote Desktop returns with style Boy, sometimes I wish this was the Linux column. It would certainly be fun to write a Novell column for this week: a half billion dollars, a new desktop OS product in the same week that Microsoft attacks Intuit, and an announcement that it's trying to patent half the Internet technologies on the planet. It all makes my fingers tingle. November 12, 3:00 p.m. PST Study: Information security field to grow steadily WASHINGTON - The number of cybersecurity professionals is projected to grow at an annual compound rate of nearly 14 percent from now until 2008, according to a study released this week during the Computer Security Institute (CSI) trade show in Washington, D.C. November 9, 1:26 p.m. PST CA integrates PestPatrol anti-spyware Computer Associates International (CA) will announce Monday that it has integrated an anti-spyware product from its purchase of PestPatrol with its own eTrust Security Management portfolio. November 8, 6:00 a.m. PST Big picture security There was a time when cutting-edge network security meant a firewall on your perimeter and anti-virus software on the desktop. No longer. With the advent of polymorphic Internet worms, application-layer attacks, Trojan horses, adware, spyware, and wireless hacks, the network security picture is more complicated than ever. October 29, 3:00 p.m. PDT Product Previews SurfControl Beefs Up Enterprise Content Filters SurfControl has updated its complete line of Internet content-filtering products. Web Filter 5.0 adds a spyware category to its threat database, as well as the ability to block p-to-p application sites. Administrators can now monitor all SurfControl installations from a single console. In addition, the product’s filtering agent has been enhanced for greater accuracy. Instant Message Filter 2.5 supports the latest AIM, ICQ, MSN, and Yahoo! messaging protocols, as well as the BitTorrent, OpenNapster, and WinMX p-to-p networks. The new Mobile Filter product facilitates filtering for remote or seldom-connected users. In a typical 500-user installation, Web Filter costs $19 per user, Instant Message Filter costs $9.50 per user, and Mobile Filter costs $6.65 per user with a $2,500 one-time server fee. SurfControl Filters, SurfControl September 17, 3:00 p.m. PDT Better security through identity This article has been modified from its original version. Certain quoted material has been removed because its veracity could not be confirmed. September 3, 3:00 p.m. PDT Cisco warns of IOS flaw Cisco Systems Inc. warned of another security vulnerability to its products last week, one that could allow an attacker to disable remote administration access to a Cisco device running IOS. August 30, 5:41 a.m. PDT Nokia, Pointsec team on mobile data security Enterprises seeking higher security for their growing number of mobile devices may be interested in new encryption technology that Nokia Corp. is deploying in its smart phone products. August 26, 4:50 a.m. PDT The shaky state of enterprise security Faced with a seemingly endless onslaught of virulent Internet worms, spam, and e-mail scams, less than half of IT professionals report strong confidence in the security of their enterprise networks, according to the results of the 2004 InfoWorld Security Survey. July 23, 3:00 p.m. PDT Patrolling an always-on network Butch Johnstone looks back at the past year with a mixture of pride and concern when it comes to the issue of enterprise security. July 23, 3:00 p.m. PDT > Networking > Security |
|
|
||||||||||||||||||
