Site Map - IT Security

Quick Bytes: WAN worries.

- The Department of Homeland Security (DHS) lacks the automated network security tools that would help identify the cause of messages received from automated security devices, says a report by the DHS Office of the Inspector General (OIG). That’s no small problem: the report shows that from February to April 2005, more than 65 million security events were logged, and without automated tools in place, it is impossible for administrators to separate the real threats from the false alarms. @ The OIG’s report, management of the DHS Wide Area Network Needs Improvement, is available at SM Online.

A Site To See

- As the number of Internet-based threats grows, it becomes more and more difficult to assign a single name to malicious code. Spyware, malware, crimeware what word can be used to describe a whole galaxy of threats? A new Web site established by experts at several top universities and sponsored by high-tech companies like Google and Sun Microsystems offers a suggestion: badware. The site,, was created by the Berkman Center for Internet & Society at Harvard University, the Oxford Internet Institute, and Consumer Reports WebWatch.The sheer size of the badware problem makes this site particularly timely and useful, and thus A Site to See this month.

Worth a Look: Traveling With Encryption

- Travelers looking to take sensitive documents with them on the road can burn that data to a CD while simultaneously encrypting it using a new product from Ricoh called EncryptEase. Then, they can decrypt those documents using any computer that has an attached CD writer, add to or alter the data, and then burn it back to the same CD while reencrypting it. The twist is, the encryption software and the space for burning the files are on the same disk. Where to get one. Balancing these reservations is the fact that the disks are cheap; they retail for $6.99 each at Ricohs Web site. Get there via "Beyond Print" links at SM Online.

Cybercriminals Turn Pro

- Research from Symantec finds that computer hacking is becoming a full-time vocation.

Capitalist Crooks

- Security researchers see 2005 as the year in which cyberattackers turned from braggarts to capitalists.

Land of Phishing

- Websense, a provider of employee Internet management solutions, offers updates on phishing attacks.

Quick Bytes: Proliferating Bots

- The growth of malicious Web robots, or bots, this year will likely surpass the 413 percent growth rate seen for rootkits last year, according to a Sana Security warning.

Quick Byes: Wireless holes

- Computer vulnerabilities are well documented by Web sites such as the one hosted by The Mitre Corporation known as Common Vulnerabilities and Exposures (CVE). Vulnerabilities in wireless systems, including 802.11 and Bluetooth, now are getting similar attention.

NEW IN PLAINTEXT: Securing Windows XP

- More than seven out of 10 home computers run Windows XP, so locking down these computers is an essential task, because poorly protected home computers are often the source of attacks against corporate networks.

Worth a Look: Web Browsing Under Wraps

- Anonymizer Anonymous Surfing prevents Web sites from collecting data from your visits because it creates an encrypted tunnel between your computer and the Anonymizer network while you surf; then, any page you visit will see Anonymizer’s IP address, not yours. The software installs after a quick download and can be used with either Internet Explorer or Firefox browsers.

Quick Bytes: Data breaches

- More than half the retailers that collect information from consumers for promotions and marketing campaigns have assigned responsibility for protecting consumer-specific data to a security-program coordinator; an even greater number have provided training to employees regarding consumer privacy and information security.

Phone forensics

- Now that cell phones have morphed into miniature computers, they contain more information than ever before. In addition to phone numbers and a record of calls made and received, phones can now contain e-mail or text messages, photos, and a host of other data that could be of value when investigating a crime.

Scans and Attacks

- A paper entitled An Experimental Evaluation to Determine if Port Scans are Precursors to an Attack describes the results of an experimental approach to determine the correlation between port scans and attacks.

Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.