Tuesday, June 21, 2011

NSA wants bulletproof smartphone, tablet security

IT admins gone wild: 5 rogues to watch out for | Vulnerability analyzers offer Web scanning as an option

Network World Security

Forward this to a Friend >>>


NSA wants bulletproof smartphone, tablet security
The National Security Agency, America's high-tech spy agency which also plays a key role in approving hardware and software for use by the Department of Defense, wants to be able to outfit military personnel with commercial smartphones and tablets -- but based on a NSA security design. Read More


WHITE PAPER: AirMagnet

Overlay vs. Integrated Wireless Security
A well-known best practice in the enterprise is to take a layered, defense-in-depth approach to network security to guard against different kinds of attacks and intrusions. Likewise, the wireless LAN (WLAN) environment requires multiple security layers, too. Read now!

WHITE PAPER: F5 Networks

Manageable Application Security
Investments in security solutions have to provide a clear value, which equals additional time spent collecting and documenting proof of this value. The latest version of F5 BIG-IP Application Security Manager(tm) (ASM), v10.1, addresses information overload and the need for agility in implementation. Learn more!

IT admins gone wild: 5 rogues to watch out for
You can't survive without them. They wield enormous power over your systems, networks, and data -- the very lifeblood of your organization. Few people outside IT have any understanding of what they do, and fewer still exercise any oversight over their actions. Read More

Vulnerability analyzers offer Web scanning as an option
Web scanning is different from vulnerability scanning because it looks for bugs in the Web apps themselves, rather than the software installed on the Web server. For example, all of the vulnerability scanners told us about an old embedded system on our network vulnerable to a cross-site scripting attack because of an old version of PHP. That's just normal vulnerability scanning, and depending on your Web applications and Web server settings may turn out a lot of false positives. But actually finding an exploitable script on a Web site requires a more intense search, coming in from the outside, and a more specialized type of scanner. Read More

How we tested vulnerability analyzers
We developed a test methodology and evaluation criteria in six main areas, including results reporting, product controls and manageability, scan results, vulnerability workflow features, interoperability, and updates and protocol support. Read More


WHITE PAPER: CA Technologies

Ponemon: Security of Cloud Computing Providers
This report offers the cloud providers beliefs on the state of cloud security. In addition, it compares the findings from both reports, determining similarities and discrepancies between cloud computing users and providers. Learn More

Vulnerability analysis tools add compliance features
Compliance is a natural extension of a vulnerability analysis tool. Normal vulnerability scanning includes searching for unpatched systems, unprotected directories, and other errors in configuration. Read More

82-year-old Father of the cell phone buys new smartphone every 2 months
Martin Cooper isn't just the father of the cellular phone - he's also an avid user. Cooper, who made the world's first cellular phone call as a Motorola executive in 1973 and who now serves as CEO of wireless software company ArrayComm, says he buys a new smartphone every two months just to keep himself up-to-date on the newest technological trends. Read More

Attackers exploit latest Flash bug on large scale, says researcher
Hackers are aggressively exploiting a just-patched Flash vulnerability "on a fairly large scale," according to a Shadowserver Foundation researcher. Read More


WHITE PAPER: F5 Networks

Secure iPhone Access to Corporate Web Applications
This technical brief describes how the BIG-IP Edge Portal app for iOS devices provides simple, streamlined access to web applications that reside behind BIG-IP APM, without requiring full VPN access, to simplify login for users and provide a new layer of control for administrators. Learn More!

LulzSec launches anti-government crusade, takes down U.K. police site
A day after a pair of hacker groups promised to step up their attacks against government Web sites, one of them claimed to have knocked the U.K.'s Serious Organised Crime Agency (SOCA) offline. Read More

RSA: Lessons learned
Not surprisingly, there's been a lot of discussion about the RSA SecurID debacle among my colleagues at Kuppinger-Cole. Read More

Mozilla to add built-in PDF viewer to Firefox
Mozilla is working on a project that will add PDF rendering to Firefox using HTML5 and JavaScript, eliminating the need for users to run Adobe's own plug-in. Read More

An update on security threats
Each year several vendors and organizations publish updates on the state of the art in security threats. Most of these updates could be entitled "Be nervous, be very very nervous." While it is never fun to read these reports, they do provide helpful insight into vulnerabilities that we should be aware of. With that in mind, we will use this newsletter to highlight some of the findings of a recent IBM report on security threats. Read More

Do you know where your security holes are?
We all worry that there's some lurking security problem in our servers. We do what we can, patching, following best practices, keeping up-to-date with training and news. But wouldn't it be great to have an automated tool to check our work? That's the promise of vulnerability analyzers: products that detect problems in configuration, applications, and patches. Read More



SURVEY: Future-proofing the cloud
Where do you think cloud computing is headed? This survey enables you to share your views on some potential future events, trends and technology changes driven by cloud computing. By compiling the shared knowledge, opinions and insights of survey participants, everyone will get a clearer view on which changes and trends are more, or less, likely to actually occur. That knowledge will be invaluable in helping you shape your private, public and hybrid cloud strategy and plans for the future.Take the survey.

GOODIES FROM THE SUBNETS
Up for grabs from the Subnets: Cisco Subnet: 15 copies of IPv6 for Enterprise Networks books. Microsoft Subnet: A set of classes for a Microsoft Cert from Webucator and Polycom videoconferencing system. Enter here.

SLIDESHOWS

10 SaaS companies to watch
These days, companies are applying the software-as-a-service (SaaS) model to just about everything, from core business functions, including IT, to industry-specific processes. This list, compiled with the help of SaaS trend watchers and users, provides a representative look at what types of software you'll find offered in the cloud.

MOST-READ STORIES

  1. Gartner: IT should be planning, moving to private clouds
  2. Wi-Fi client surge forcing fresh wireless LAN thinking
  3. How RIM is getting left behind
  4. Debate goes on whether HTML5 is "Holy Grail"
  5. The funniest sites on the Web
  6. Many disappointed in virtualization, cloud computing
  7. Attackers exploit latest Flash bug on large scale
  8. 17 super-specific social networks
  9. Do you know where your security holes are?
  10. Cisco distracted by reorg

Do You Tweet?
Follow everything from NetworkWorld.com on Twitter @NetworkWorld.

You are currently subscribed to networkworld_security_alert as security.world@gmail.com.

Unsubscribe from this newsletter | Manage your subscriptions | Subscribe | Privacy Policy

If you are interested in advertising in this newsletter, please contact: bglynn@cxo.com

To contact Network World, please send an e-mail to customer_service@nww.com.

Copyright (C) 2011 Network World, 492 Old Connecticut Path, Framingham MA 01701

** Please do not reply to this message. If you want to contact someone directly, send an e-mail to customer_service@nww.com. **


No comments:

Post a Comment