| IT admins gone wild: 5 rogues to watch out for | Vulnerability analyzers offer Web scanning as an option | ||||||||||
| Network World Security | ||||||||||
 | NSA wants bulletproof smartphone, tablet security The National Security Agency, America's high-tech spy agency which also plays a key role in approving hardware and software for use by the Department of Defense, wants to be able to outfit military personnel with commercial smartphones and tablets -- but based on a NSA security design. Read More WHITE PAPER: AirMagnet Overlay vs. Integrated Wireless Security A well-known best practice in the enterprise is to take a layered, defense-in-depth approach to network security to guard against different kinds of attacks and intrusions. Likewise, the wireless LAN (WLAN) environment requires multiple security layers, too. Read now! In this Issue
WHITE PAPER: F5 Networks Manageable Application Security Investments in security solutions have to provide a clear value, which equals additional time spent collecting and documenting proof of this value. The latest version of F5 BIG-IP Application Security Manager(tm) (ASM), v10.1, addresses information overload and the need for agility in implementation. Learn more! IT admins gone wild: 5 rogues to watch out for You can't survive without them. They wield enormous power over your systems, networks, and data -- the very lifeblood of your organization. Few people outside IT have any understanding of what they do, and fewer still exercise any oversight over their actions. Read More Vulnerability analyzers offer Web scanning as an option Web scanning is different from vulnerability scanning because it looks for bugs in the Web apps themselves, rather than the software installed on the Web server. For example, all of the vulnerability scanners told us about an old embedded system on our network vulnerable to a cross-site scripting attack because of an old version of PHP. That's just normal vulnerability scanning, and depending on your Web applications and Web server settings may turn out a lot of false positives. But actually finding an exploitable script on a Web site requires a more intense search, coming in from the outside, and a more specialized type of scanner. Read More How we tested vulnerability analyzers We developed a test methodology and evaluation criteria in six main areas, including results reporting, product controls and manageability, scan results, vulnerability workflow features, interoperability, and updates and protocol support. Read More WHITE PAPER: CA Technologies Ponemon: Security of Cloud Computing Providers This report offers the cloud providers beliefs on the state of cloud security. In addition, it compares the findings from both reports, determining similarities and discrepancies between cloud computing users and providers. Learn More Vulnerability analysis tools add compliance features Compliance is a natural extension of a vulnerability analysis tool. Normal vulnerability scanning includes searching for unpatched systems, unprotected directories, and other errors in configuration. Read More 82-year-old Father of the cell phone buys new smartphone every 2 months Martin Cooper isn't just the father of the cellular phone - he's also an avid user. Cooper, who made the world's first cellular phone call as a Motorola executive in 1973 and who now serves as CEO of wireless software company ArrayComm, says he buys a new smartphone every two months just to keep himself up-to-date on the newest technological trends. Read More Attackers exploit latest Flash bug on large scale, says researcher Hackers are aggressively exploiting a just-patched Flash vulnerability "on a fairly large scale," according to a Shadowserver Foundation researcher. Read More WHITE PAPER: F5 Networks Secure iPhone Access to Corporate Web Applications This technical brief describes how the BIG-IP Edge Portal app for iOS devices provides simple, streamlined access to web applications that reside behind BIG-IP APM, without requiring full VPN access, to simplify login for users and provide a new layer of control for administrators. Learn More! LulzSec launches anti-government crusade, takes down U.K. police site A day after a pair of hacker groups promised to step up their attacks against government Web sites, one of them claimed to have knocked the U.K.'s Serious Organised Crime Agency (SOCA) offline. Read More RSA: Lessons learned Not surprisingly, there's been a lot of discussion about the RSA SecurID debacle among my colleagues at Kuppinger-Cole. Read More Mozilla to add built-in PDF viewer to Firefox Mozilla is working on a project that will add PDF rendering to Firefox using HTML5 and JavaScript, eliminating the need for users to run Adobe's own plug-in. Read More An update on security threats Each year several vendors and organizations publish updates on the state of the art in security threats. Most of these updates could be entitled "Be nervous, be very very nervous." While it is never fun to read these reports, they do provide helpful insight into vulnerabilities that we should be aware of. With that in mind, we will use this newsletter to highlight some of the findings of a recent IBM report on security threats. Read More Do you know where your security holes are? We all worry that there's some lurking security problem in our servers. We do what we can, patching, following best practices, keeping up-to-date with training and news. But wouldn't it be great to have an automated tool to check our work? That's the promise of vulnerability analyzers: products that detect problems in configuration, applications, and patches. Read More | | ||||||||
| ||||||||||
SURVEY: Future-proofing the cloud Where do you think cloud computing is headed? This survey enables you to share your views on some potential future events, trends and technology changes driven by cloud computing. By compiling the shared knowledge, opinions and insights of survey participants, everyone will get a clearer view on which changes and trends are more, or less, likely to actually occur. That knowledge will be invaluable in helping you shape your private, public and hybrid cloud strategy and plans for the future.Take the survey. GOODIES FROM THE SUBNETS Up for grabs from the Subnets: Cisco Subnet: 15 copies of IPv6 for Enterprise Networks books. Microsoft Subnet: A set of classes for a Microsoft Cert from Webucator and Polycom videoconferencing system. Enter here. SLIDESHOWS 10 SaaS companies to watch These days, companies are applying the software-as-a-service (SaaS) model to just about everything, from core business functions, including IT, to industry-specific processes. This list, compiled with the help of SaaS trend watchers and users, provides a representative look at what types of software you'll find offered in the cloud. MOST-READ STORIES
| ||||||||||
| Do You Tweet? Follow everything from NetworkWorld.com on Twitter @NetworkWorld. You are currently subscribed to networkworld_security_alert as lisab509.pcnews@blogger.com. Unsubscribe from this newsletter | Manage your subscriptions | Subscribe | Privacy Policy If you are interested in advertising in this newsletter, please contact: bglynn@cxo.com To contact Network World, please send an e-mail to customer_service@nww.com. Copyright (C) 2011 Network World, 492 Old Connecticut Path, Framingham MA 01701 ** Please do not reply to this message. If you want to contact someone directly, send an e-mail to customer_service@nww.com. ** | ||||||||||
No comments:
Post a Comment