THE MAGAZINE

Governance, risk management, and compliance (GRC) have become buzzwords since the passage of legislation like the Sarbanes-Oxley Act. But what exactly do they mean? And how should companies promote their effective use? A white paper from The Compliance Consortium, a year-old international group working to create GRC best practices, answers these questions.

To make the network secure, it was necessary to log onto the router’s Web-based user interface. I first customized the wireless network’s name (this name is known as the SSID) to something that would be easily recognizable to me in case multiple wireless networks are available. By default the SSID is visible to any computer scanning for a wireless network to attach to. That doesn’t mean they can necessarily attach to it, but turning this off—accomplished by removing a check mark—makes the network invisible.

The dirt on pharming, solving Internet annoyances, the latest in wireless routers, a study of insider attacks, and more.

Test your knowledge of tech terms.

Wireless cards are typically set up to connect to the strongest connection that they detect and are authorized to join. In most cases, that’s just how you want it to work. But if someone sets up a computer as an access point with a strong enough signal and gives it a name that sounds like a real network, nearby computers may automatically connect to it and use it to access the Internet. If that happens, it’s possible that sensitive data can be captured by this imposter without the knowledge of the victim. What is this predatory access point called?

Hint: Think of a doppelgänger who doesn’t have such a nice personality.

Answer: Evil twin

Going to Chicago and wondering where to park your car while you’re in your meeting? Stick to a parking garage rather than looking for a spot on the street, where your car is much more likely to be stolen. Web developer Adrian Holovaty took data about crime put online by the city of Chicago and married it with maps from Google to pinpoint the precise spots where cars have been stolen in recent months. His crime map is now available online to any interested surfer.

The book’s ten chapters cover every kind of potential irritant, from security issues to e-mail and spam to using AOL. The book is aimed at novice users, so no in-depth knowledge of programming is needed to put these fixes into action.

Government agencies are not taking the proper procedures to ensure that wireless networks are secure, leaving their networks susceptible to attack. That is the alarming conclusion of a Government Accountability Office (GAO) study of security controls at 24 agencies and assessments of wireless security at six federal agencies in the nation’s capital.

A quarter of companies surveyed have fired workers for misusing the Internet or e-mail, according to the 2005 Electronic Monitoring & Surveillance Survey, cosponsored by the American Management Association and The ePolicy Institute.

The study, conducted by the U.S. Secret Service and Carnegie Mellon University’s CERT/CC, found that more than 60 percent of the 49 attacks examined in the study were carried out with “relatively unsophisticated methods of attack,” such as social engineering; only 39 percent used a toolkit or other program designed to cause havoc.

Going to Chicago and wondering where to park your car while you’re in your meeting? Stick to a parking garage rather than looking for a spot on the street, where your car is much more likely to be stolen. Web developer Adrian Holovaty took data about crime put online by the city of Chicago and married it with maps from Google to pinpoint the precise spots where cars have been stolen in recent months. His crime map is now available online to any interested surfer. Other crime-related data can be found on maps as well, from the precise locations of bomb threats in Chicago to the places that have been held up by robbers without a weapon, or where personal property has been damaged by fire or explosion, along with the date of each crime. The wealth of information combined with Google’s mapping functionality is an example of how online data will likely be mapped in the future, making it A Site to See. Find this month’s A Site to See at SM Online.

Two amendments to the 2006 appropriations bill for the Department of Homeland Security (H.R. 2360) would mandate new cargo security measures. The first amendment would require that all air cargo be inspected before being loaded onto passenger airplanes. This provision would take effect in 2008. The second amendment to the bill, which would take effect immediately after the bill is enacted, would require that passengers be notified that unscreened cargo is being loaded onto their flight. H.R. 2360 has been approved by the House and is now awaiting action in the Senate.

The Iowa Supreme Court has ruled that a company cannot require an employee to pay the cost of his drug test. In the case, the company hired a new employee, Thomas Tow, on the condition that he pass a background check and drug test. Tow’s drug test was inconclusive. The company told Tow that he would have to pay for a new test before he would be hired. Tow sued the company. The court ruled that, in Iowa, a company must pay for such tests. (Thomas J. Tow v. Truck Country of Iowa, Inc., Supreme Court of Iowa, No. 04-0462, 2005)

A bank invests in e-mail encryption.

Tiller does a fantastic job explaining the process of the ethical hack from beginning to end. By way of charts, diagrams, graphs, and comparisons, the reader is led step by step through a penetration test. Also provided are sample incident reports and response forms, examples of documentation needed for the test, and an example of how the finished penetration-test document should be presented.

One of the most useful, and untapped, security tools at any business is the human resources department. HR serves as the operational equivalent of an access control system, keeping problem employees off the payroll. Many companies fail to take full advantage of this department.

Forensic Discovery is not for technical novices; readers must have a solid understanding of computer file systems, networking concepts, and computer processes. The authors focus on computer forensics for UNIX (Solaris, FreeBSD, and Linux) computers, with scant information provided about Windows. The authors explain how to obtain reliable digital evidence from running UNIX systems, uncover changes to system utilities and kernel modules, and identify suspicious activity. Sample computer compromises illustrate the concepts.

The face of terrorism today is Osama bin Laden. Yet for all the publicity surrounding him, he remains an elusive figure who has become larger than life throughout the Muslim world. Merely mentioning his name evokes adulation among his devotees and revulsion in the Western world. When he issues a video or audiotape, terror alerts spike all over the world. Therefore, knowing as much as possible about him is useful for those  tasked with trying to counter his activities and those of his supporters. This book is an excellent effort to do just that.

In this book, author Marc McElhaney shares his experience, perspective, programs, and conclusions with regard to aggressive and threatening behavior in the workplace. His easy-to-read style blends comprehensive coverage with enough detail to make the book a practical tool.