Welcome!


Security

Implement the predictive analytic process that is designed to assess/score risk attributes during authentication so that Access Management can determine whether to require the user to complete further authentication steps. Does this sound familiar? Ann, sitting at her desk eating lun...
Information security professionals often find themselves filling a critical but unique role within an organization. An effective security approach must balance required business operations and system availability while still ensuring the confidentiality and integrity of these same syst...
IT professional have a poor track record when it comes to defining and assessing risk. One of the most important responsibilities of the information security professional (or any IT professional, for that matter) is to help management make well-informed decisions. Unfortunately, this ...
Let’s take the notion of a user identity – or to be more precise, the user’s avatar – and consider it to be a Cloud resource. The user, that is, we can provision such avatars as we see fit. And because they’re in the Cloud, they’re location independent. Facebook could use our avatar. A...
The Open Group's Jim Hietala recaps presentations at the recent Open Group Conference on cybersecurity and protecting global supply chains. Cybersecurity is at a critical juncture, and conference speakers highlighted the threat and attack reality and described industry efforts to move...
Today’s software development is geared more towards building upon previous work and less about reinventing content from scratch. Resourceful software development organizations and developers use a combination of previously created code, commercial software, open source software, and th...
If you were happily running your IT system but needed some additional performance, chances are you turned to some kind of SSD caching solution to improve performance at a lower cost point than adding more servers or storage. You went on what I am calling a “cache diet” (no, not the “cr...
If you work in information technology and you passed through the city of London over the last week it would have been hard not to notice the InfoSec IT security conference being held at the Earl’s Court exhibition center. Logically, of course, certain themes and trends came out of th...
Today, security is undoubtedly the biggest risk and negative side effect to cloud computing. Fortunately, the status quo is about to change. The Trusted Computing Group (TCG), a not-for-profit organization that has developed open standards for computers, networks, storage and mobile de...
Sharing files with friends has never been easier. Whether it is via old-school hard copy methods like CDs, DVDs and USB drives, nefarious peer-to-peer torrents like BitTorrent or new shared, private cloud storage services like Dropbox, getting a photo or music file from one person to a...
The purpose of this article is to describe some tools and techniques in performing the planning, scoping, and recon portion of a penetration test. In covering these tools and techniques the reader will learn how to use them to find vulnerabilities in their organization and help improve...
United States military contractors are under unprecedented pressure to find ways to cut costs for their federal government customers despite the interest in developing new technologies to fight the war on terrorism. Gone are the days when contracts would swell exponentially without any...
Ever wondered how to use the autopwn feature in Metasploit on Unbuntu? Want to run nessus from within metasploit? What database should I use: sqlite3 or postgres? I will explain the benefits of both. Nessus is a vulnerability scanner program, it is free for personal use using the ness...
There's been a flurry of discussion this week among Internet and Web standards heavy-hitters around WebSocket, the new communications protocol supported in Chrome 4 and Safari 5. What was the main issue? Is there some kind of fundamental security vulnerability with the WS protocol? Web...
Imagine the CIO of a consumer bank who thinks he is running 50 Oracle databases, but now finds out that in fact he has 100 databases installed behind his firewall. He doesn't have any idea where the other 50 came from. He doesn’t know the name of the vendor(s) supporting them. And he d...
Hybrid applications made up of proprietary, open source and third-party components are the result of today's fast-paced and complex software development landscape. Applications developed within the last five years - whether internal or external - are at least 50% open source software (...
Throughout the last decade, society has witnessed an explosion of network connectivity among PCs and mobile devices as well as a vast proliferation of networked applications, ranging from Web-based email to online banking. The end result of this is that network connectivity has become ...
Efforts to modernize enterprise infrastructure have never been more complex. While the need is certainly there on multiple fronts - competitive edge, cost savings and new business initiatives, to name just a few - new hurdles seem to pop up no matter where an IT administrator might loo...
Data corruption is an insidious problem in storage. While there are many forms of corruption, there are also many ways to prevent them. For example, enterprise class servers use error checking and correcting caches and memory to protect against single and double bit errors. System buse...
Some years ago, a small manufacturing firm was hijacked by its IT employees. They didn't use weapons, but they did commit murder: They killed the business. Unfortunately, they were aided and abetted by the company's own lax security policies.
In an environment with more than a few Linux servers, managing users, groups, and other information securely across those systems is critical. Pluggable Authentication Modules (PAM) and the Lightweight Directory Access Protocol (LDAP) give administrators a way to accomplish this withou...
The security benefits and risks of Open Source code is one of the most debated topics in information security today. The views of proponents of the Open Source model are typified by Eric Raymond's argument that Open Source software is intrinsically more secure since its open nature let...