INFORMATION

Site Map - IT Security

Forensic Discover

- Forensic Discovery is not for technical novices; readers must have a solid understanding of computer file systems, networking concepts, and computer processes. The authors focus on computer forensics for UNIX (Solaris, FreeBSD, and Linux) computers, with scant information provided about Windows. The authors explain how to obtain reliable digital evidence from running UNIX systems, uncover changes to system utilities and kernel modules, and identify suspicious activity. Sample computer compromises illustrate the concepts.

DEFINING MOMENTS

- Test your knowledge of tech terms. Wireless cards are typically set up to connect to the strongest connection that they detect and are authorized to join. In most cases, that’s just how you want it to work. But if someone sets up a computer as an access point with a strong enough signal and gives it a name that sounds like a real network, nearby computers may automatically connect to it and use it to access the Internet. If that happens, it’s possible that sensitive data can be captured by this imposter without the knowledge of the victim. What is this predatory access point called? Hint: Think of a doppelgänger who doesn’t have such a nice personality. Answer: Evil twin

Quick Bytes: Five steps to cybersecurity

- In a new paper, the Business Software Alliance calls on lawmakers to take five steps to deter cybercrime: Ratify the Council of Europe’s Convention on Cybercrime; improve cross-jurisdictional cooperation to make investigating cyberattacks in other countries easier; ensure that law enforcement has the proper tools and training to fight online lawlessness; create a presidential commission on organized cybercrime and identity theft that will make recommendations for raising awareness of, and fighting, these problems; and increase enforcement by setting up an inter-agency organized task force to fight phishing, spam, spyware, and other online threats.

Worth a Look.

- To make the network secure, it was necessary to log onto the router’s Web-based user interface. I first customized the wireless network’s name (this name is known as the SSID) to something that would be easily recognizable to me in case multiple wireless networks are available. By default the SSID is visible to any computer scanning for a wireless network to attach to. That doesn’t mean they can necessarily attach to it, but turning this off—accomplished by removing a check mark—makes the network invisible.

Digging Up the Dirt on Pharming.

- The dirt on pharming, solving Internet annoyances, the latest in wireless routers, a study of insider attacks, and more.

Five steps to cybersecurity

- In a new paper, the Business Software Alliance calls on lawmakers to take five steps to deter cybercrime: Ratify the Council of Europe’s Convention on Cybercrime; improve cross-jurisdictional cooperation to make investigating cyberattacks in other countries easier; ensure that law enforcement has the proper tools and training to fight online lawlessness; create a presidential commission on organized cybercrime and identity theft that will make recommendations for raising awareness of, and fighting, these problems; and increase enforcement by setting up an inter-agency organized task force to fight phishing, spam, spyware, and other online threats.@ Securing Cyberspace in the 21st Century is available via SM Online.

When Insiders Attack.

- A study based on interviews with insiders who had been apprehended after attacks on company networks found that systems were vulnerable to the simplest exploits. The study is called Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors.

Digging Up the Dirt on Pharming

- While phishing scams are still going strong, scammers are moving toward a more high-tech method of online fraud known as pharming.

With IT, you Get Escrow

- When companies live by their code—their critical software programs—they’d better know how to protect it.

Spyware

- A bill (H.R. 744) that would prohibit the use of spyware has been approved by the House and is now pending in the Senate Judiciary Committee.

Quick Bytes: Kill the zombies

- The Federal Trade Commission (FTC) is working with dozens of organizations around the world to put pressure on Internet service providers (ISPs) to take voluntary steps, such as quarantining infected computers to try to reduce the onslaught of spam sent through so-called “spam zombies,” computers that have been hijacked to send spam.

Quick Bytes: Security product holes.

- The late gonzo journalist Hunter S. Thompson once wrote, “Kill the head and the body will die.” For IT professionals, the phrase might be reconfigured “Kill the security products and the network will die,” as was the case with last year’s Witty worm that targeted security software and infected systems worldwide in 75 minutes. Such attacks on security software are increasing, according to the Yankee Group’s

Quick Bytes: The weakest link

- Thirty-five percent of the world’s top 100 global financial institutions were victimized by attacks from within their organizations (versus 26 percent from external sources), up from 14 percent the previous year, according to the 2005 Global Security Survey conducted by Deloitte Touche Tohmatsu.
 




Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.