Print Page      Email Page
2004 Security Articles

Handheld Security Part 4 - The Mobile VPN
Transmitting data insecurely over wireless connections presents a security risk. If you use your Personal Digital Assistant (PDA) to transfer sensitive information or files, you really ought to be using a VPN to ensure that the confidentiality and integrity of your data transfer is not exploited. In this article Laura Taylor helps you understand how to select a VPN for your PDA.
December 6, 2004

Handheld Security Part 3 - Evaluating Security Products
PDAs are vulnerable to a vast number of security exploits. However, an extensive array of security products exist which can protect the confidentiality, integrity, and availability of your information. The key is to understand what it is that you want to protect, and then evaluate those types of products. Laura Taylor fills you in on how to evaluate security products for your PDA.
November 1, 2004

Handheld Security: Part 2 - Understand Vulnerabilities
PDAs and smartphones are susceptible to a host of security exploits. In this article, we'll take a closer look at specific vulnerabilities that affect these devices. Even if you are not a security expert, you can establish safeguards to protect valuable information—not to mention the device itself.
August 23, 2004

HIPAA-Watch for Security Speeds Up Compliance
HIPAA-Watch for SecurityTM is a tool designed to guide organizations through the risk analysis required by the Health Insurance Portability and Accountability Act (HIPAA) compliance process. Relevant Technologies evaluated HIPAA-Watch for SecurityTM to verify how well it performed in guiding organizations through the HIPAA security risk analysis process.
July 18, 2004

Security Certification and Accreditation 101
All federal agencies in the United States must have their IT systems and infrastructure certified and accredited. Among industry experts, this certification and accreditation process is more informally known as C&A. It is a picayune process where auditors inspect reams of security documentation on an agency's IT systems and infrastructure, and either pass them or fail them.
June 23, 2004

Taking Patch Management to the Next Level
Without a doubt, one of the most tedious chores that network administrators must routinely perform is patch management. Hardly a week goes by that Microsoft doesn't release some sort of patch. It is the network administrator's responsibility to download the latest patches and apply them to all of the organization's computers. As tedious as patch management is though, it is one chore that really shouldn't be neglected. Not only do the various patches resolve security vulnerabilities, once a patch is released the specific vulnerability addressed by the patch is made public, making the vulnerability much more likely to be exploited on unpatched machines.
June 21, 2004

Learn the Basics of Handheld Security
Use of Personal Digital Assistants (PDAs) continues to increase as new applications become available for them on almost a daily basis. While the PDA market has not grown as quickly in the last two years as it did in the mid and late '90s, as the U.S. economy recovers, the market will likely get a second wind. If your organization has not taken PDA security into consideration previously, now is the time to do so. While PDA security is often a forgotten piece of the security infrastructure, PDAs have the ability to transmit and receive viruses, and can be exploited in numerous ways.
June 2, 2004

Vulnerabilities and Threats 101
Vulnerabilities and threats pose on-going risks to enterprise networks. Finding vulnerabilities on your systems and networks is the first step to mitigating potentially extensive damage through network attacks. It is important to pro-actively look for vulnerabilities on a regular basis so that they can be resolved before persistent threats exploit them.
April 21, 2004

Who Else is Using Your Wireless Network?
Information Technology (IT) security industry experts continue to warn us that wireless networks have significant vulnerabilities. Taking precautions is a smart way to mitigate risks. Relevant Technologies tested Wireless Watch Home 2.0 (WWH) to evaluate its claim as an effective and affordable intrusion detection system (IDS) for home wireless networks.
March 25, 2004

Snooping: It’s Not Just For Geeks Anymore
It might just be my imagination, but lately it seems like just about every person in my entire family has been pressuring me to trade in my DSL connection for a cable modem. Whenever this happens, I always try to explain to who ever I happen to be talking to at the moment that cable modems have certain inherent security risks.
March 20, 2004

Pass CompTIA’s Network + Exam
Understanding networking fundamentals will bolster your ability to understand information security issues. Obtaining a reputable network certification makes it clear to prospective employers that you understand the basic fundamentals of computer networking and are ready to take on bigger challenges. To that end, Troy Thompson helps you understand what you need to know to pass the CompTIA Network + exam (N10-002).
March 7, 2004

Assessing The Risks of E-Mail Fraud
Pretty much no one who uses E-mail is a stranger to fraudulent mail. My mailbox gets flooded with hundreds of fraudulent messages every single day. These messages promise everything from being able to lose ten pounds in ten minutes to making thousands of dollars a day with no effort. In fact, I once saw a rather humorous cartoon that said to imagine what life would be like if every SPAM that you received came true. The cartoon character was young, rich, well endowed, and was living a rather enviable life style.
March 7, 2004

Tools For Fighting Ad Ware and Spy Ware
Are you being inundated with pop-up ads and you cannot figure out where they are coming from? This problem seems to be growing every day but if you understand the problem, you are better equipped to prevent it.
February 16, 2004

Detecting Intrusions with your Firewall Log and OsHids
Many articles have been published about intrustion detection systems (IDSs), categories of IDSs (Network-Based, host-Based), IDS signatures, etc. But what I have noticed is that people always forget the basic methods of intrusion detection. They think that the only way to detect an attack is by using tools like Snort, Portsentry or any other commercial IDS. Actually, any device or software that is able to detect an attack (or system misuse) can be called an IDS.
January 22, 2004

Secure Coding Principles 101
Writing secure code is the first step in producing applications that are secure and robust. For custom applications that are already written, and commercial off-the-shelf (COTS) products, tools exist to audit for existing security deficiencies. Understanding the security vulnerabilities that exhibit themselves in existing products allows you to make better-informed decisions on patching and enables you to come up with other strategies to make these weak links in your infrastructure more secure.
January 20, 2004

DHTML Menu By Milonic JavaScript