09/20/2007 - Every day, analysts and security experts—all volunteers—from the SANS Internet Storm Center dissect the latest threats, monitor for Web-based “storms” such as virus or worm outbreaks, and dig through sanitized intrusion-detection and firewall logs sent in from people around the world. The incident “handlers” at the Internet Storm Center maintain a regular diary of security incidents and information, from how and where to submit tips about child pornography to details and screenshots of the latest phishing attempts. The site also includes lots of graphics showing, for example, the most targeted ports or where in the world most port scans originate. It’s this month’s A Site to See.
@ Get to the Internet Storm Center via SM Online.
09/20/2007 - SSL traffic is all but invisible to an enterprise, according to a survey of 319 IT security and networking professionals by Blue Coat Systems. More than 72 percent said they had no way to look inside SSL traffic, a situation that nearly 90 percent of the respondents said was risky, particularly as it can pass through firewalls unseen and untouched.@ Highlights from the survey are at SM Online.
09/20/2007 - Half of 218 companies surveyed admitted that they had active user accounts belonging to former employees (an increase of 6 percent from 2004); nearly a quarter identified unauthorized personnel with administrator rights (a 4 percent increase); and more than half had worms compromise their networks. If there was a bright spot in the 2006 Mazu Networks Internal Threat Report, it was that 71 percent of worm infections were remediated in less than 24 hours. The IT professionals who responded to the survey came from 18 industries and government agencies. @ The full report is at SM Online.
09/20/2007 - Threats to your computer can range from gnatlike annoyances such as pop-up ads to the pointed hooks The Forsythe survey notes that 28 percent of the respondents had little or no confidence that they had detected all significant security breaches in the past year; even more alarming was that a similar number rated their current IT environment as more vulnerable than a year before. That, says John Kiser, CEO of Gray Hat Research Corporation, may be a sign that time or money spent by IT professionals on ensuring compliance to top management are resources taken away from other crucial security tasks.
09/19/2007 - This is the first in a series of four pieces that will highlight resources available from Microsoft. ASIS International is partnering with Microsoft to help raise IT awareness among its security professional membership.
09/19/2007 - The Essential Computer Security: Everyone’s Guide to Email, Internet, and Wireless Security can serve as the owner’s manual for anyone serious about ensuring the security of their computer and the data contained therein.