Search This Blog

Tuesday, February 24, 2009

Database Crime Scene Prevention; Why ex-employees are stealing your data

Protecting your database and preventing it from becoming a crime scene
Network World logo

Security Alert

NetworkWorld.com | Security Research Center | Update Your Profile


Sponsored by Juniper Networks
rule

Live Webcast: A Simplified Data Center
Contain costs and improve efficiency and reliability by simplifying your data center architecture. On March 12, data center design and implementation experts share in-depth advice on new approaches and examples of deployments - including price, performance and savings. Register for this Live Webcast now.

rule

Spotlight Story
Database Crime Scene Prevention

By Amichai Shulman
A good detective understands the criminal mind, techniques, and tools of the trade. To protect your database and prevent it from becoming a crime scene, it is crucial to understand the common methods of attack, data theft, and cover up techniques. The suspect line-up can come from outside hackers and from within the ranks of trusted employees, contractors, and partners. Some threats are easily prevented or contained; while others more elusive. Fortunately, many of the security mechanisms and tools required to protect databases are readily available. Read full story

Related News:

Podcast: Why ex-employees are stealing your data Dr. Larry Ponemon talks with Tim Greene about a study that showed 59% of employees who had quit, were fired or laid off admitting to stealing company data. What's being stolen? How can companies stop this? Ponemon and Greene discuss these issues. (15:09)

Techies end-run feds on DNS security The Internet engineering community is forging ahead with an alternative approach to allow DNSSEC deployment without the DNS root zone being signed. Known as a Trust Anchor...

Three months, three breaches at Florida university For the second time in three months, the University of Florida in Gainesville has acknowledged a major data breach -- and a statement posted on the University's Web site indicates that there was a third, less public, breach discovered by the school during the same period.

10 Steps for Mitigating Data Risk During a Merger Merger and acquisition activity stands to increase as global markets struggle to stay afloat during the worst economic slowdown in decades. What will you do when you find out you're about to acquire or consolidate with another firm or division? Are you aware of the risks you may be inheriting? What data is going to demand the highest availability? What IT regulations will you have to address and how do you know if existing controls already address them?

Starbucks sued after laptop data breach A Chicago-area Starbucks employee has brought a class-action lawsuit against the coffee retailer, claiming damages from an October 2008 data breach.

Arrests soar after new wiretap law Criminal arrests made under more powerful wiretapping laws have increase by 96% following reforms that make it easier for police to intercept and access telecommunications.

Another payment processor said to suffer data breach Just weeks after Heartland Payment Systems disclosed what may be one of the largest breaches of payment card data thus far, news is emerging of what could be another major breach involving a payment processing ...

BigFix hits rivals with 50% price chop Tough times could be driving increased competition in enterprise software with the news that BigFix is to undercut its rivals' patch management renewal licensing by up to 50%.

Fed agencies push new security audits Several federal agencies today expressed backing for the "Consensus Audit Guidelines," a set of proposed 20 cybersecurity controls, that could end up as network and application security requirements for federal agencies and their contractors.

Juniper SRX 5800: Biggest firewall ever If the Guinness Book of World Records had an entry for "biggest firewall ever," Juniper's new SRX 5800 would certainly qualify.

How we tested Juniper's SRX 5800 We assessed the Juniper SRX 5800 in terms of performance, features and usability. Because the product is marketed as a security appliance, our tests focused on security performance. We did not look at router metrics, such as BGP performance, although the SRX-5800 does have the full multiprotocol and multilayer JunOS 9.3 routing engine inside. Our security performance tests included separate sets of measurements using stateful TCP and stateless UDP traffic. For both sets of tests, we offered test traffic to 16 10-gigabit Ethernet interfaces.

Manageability problems with Juniper's firewall Our woes with Netscreen Security Manager began when we tried to use it to manage the SRX 5800. With eight years of experience using NSM in Opus One’s labs, we were looking forward to the unification of JunOS and ScreenOS management. We started out needing to change IP addresses, a common enough task. For a ScreenOS system, this takes three clicks: two clicks to see a summary interfaces and IP addresses, and third to begin editing.

Controversial data-security rules slow to take hold in state Massachusetts officials this month gave companies a second reprieve on complying with new regulations aimed at any entity that stores the personal data of state residents. They also softened a particularly contentious provision requiring businesses to ensure that third parties handling such data are in compliance with the rules.

Cutting Through the Fog of Cloud Security Daniel Flax, CIO at New York-based investment banking and financial services firm Cowen and Co. , relies on cloud computing to automate his company's sales activities. While he's satisfied with cloud technology's potential to lower upfront costs, decrease downtime and support additional services, he admits that he has had to work hard to get a handle on the emerging technology's security weaknesses . "Security is one of the things we've had to come to grips with," he says.

The scourge of the Internet: Malformed Messages A malformed message is a protocol message with wrong syntax and VoIP systems are not immune. Cisco Subnet blogger explains one favorite type, Protocol Fuzzing.

An unhackable payment and ID managment system? Cisco Subnet blogger Jamey Heary has ventured into the land of science fiction to give you a glimpse if IT -- and its security -- in the year 2109 based on the science of today.

February giveaways from Cisco Subnet and Microsoft Subnet
Up for grabs: One American Express gift card worth $250 from Global Knowledge; One Microsoft training course worth $2,995 from Global Knowledge; 15 copies each of the hot book titles Voice over IP Security, and CCNA Wireless Official Exam Certification Guide and 15 copies of Exchange Server 2007 How-To: Real Solutions for Exchange Server 2007 SP1 Administrators. Get all the entry details here.


Tweet to compete
Tweet to competeSmart social networking has become essential for most IT execs.

2009 MWC highlights
Top 10 hot spot safety tipsMobile World Congress: Cool gadgets and hot new tech from the world's largest exhibition for the mobile industry.

Sponsored by Juniper Networks
rule

Live Webcast: A Simplified Data Center
Contain costs and improve efficiency and reliability by simplifying your data center architecture. On March 12, data center design and implementation experts share in-depth advice on new approaches and examples of deployments - including price, performance and savings. Register for this Live Webcast now.

rule

A Simplified Data Center - Live March 12
Contain costs and improve efficiency and reliability by simplifying your data center architecture. On March 12, data center design and implementation experts share in-depth advice on new approaches and examples of deployments - including price, performance and savings.
Register today for this Live Webcast.


The Power of LAN Test Tools.
Successfully deploy a wired/wireless Ethernet network and keep it running with exceptional up-time. Ensure your network is ready for new technologies by running assessment tests that provide you with the data you need. Resolve connectivity issues and quickly address network performance complaints. Get all of the details today.
Download this whitepaper now.

 

02/24/09

Today's most-read stories:

  1. Conflicker worm gets an evil twin
  2. Citrix drops price of hypervisor to zero
  3. Bring in the iPhone clones
  4. Five fantastic open source tools for Windows admins
  5. 9 dirty tricks: Social engineers' favorite pick-up lines
  6. More than half of booted workers steal data on way out
  7. Proposed law might make Wi-Fi users help cops
  8. Lessons from a light socket
  9. A $99,999 keyboard is the best bargain I've seen yet
  10. Forget the Oscars: Sit back for the 404 Awards


Webcast: Data center server selection.
Forrester Research's Brad Day helps IT professionals refine their server selection criteria in this informative Webcast, "Beyond Systems Performance." Ensure you will make the right decision for your next-generation data center. Get Day's tips on creating a cost-efficient environment that delivers the performance and long-term resiliency you require.
Watch this Webcast now.



IT Buyers guide

 


This email was sent to security.world@gmail.com

Complimentary Subscriptions Available
for newsletter subscribers. Receive 50 issues
of Network World Magazines, in print or
electronic format, free of charge, Apply here.

Terms of Service/Privacy

 

Subscription Services Update your profile
To subscribe or unsubscribe to any Network
World newsletter, change your e-mail
address or contact us, click here.

Unsubscribe

Network World, Inc., 492 Old Connecticut Path, Framingham, MA 01701
Copyright Network World, Inc., 2009

www.networkworld.com

 

 



No comments: