We in the security slice of the technology industry like to fancy ourselves on occasion the center of all things digital. (OK, we admit it's pretty much a constant sentiment.) It's thus quite gratifying when the mainstream press picks up on a security issue to help define perhaps one of the most formative events to strike the technology industry since ... well, since the last crop of technology antitrust litigation.
You can't throw a rock nowadays without hitting some pundit who has his or her own practiced rant about the necessity of security in sustaining the bull run of e-commerce. Oftentimes, that rock also hits outspoken members of the security community who have their own visions on how to build a universal paradigm for network security.
We receive at least a dozen e-mail messages a week that ask in one form or another, "How do I secure my Windows network?" The answer, as always, is "Arm yourself with the right tools, and learn by using." There was a brief period of inactivity when some of the premier Microsoft Corp. Windows assessment tools were devoured by commercial interests, but now a new group of free Windows security-assessment tools is flourishing on the Internet. This week we talk about some of those tools and how they deliver sophistication and comprehensiveness at no cost. Who says Linux is the only platform where free software reigns supreme?
We're always on the lookout for fresh sources of information and tools on security vulnerabilities. This week we want to highlight such a source for Microsoft Corp. Windows NT. We're speaking of NTsecurity.nu, at www.ntsecurity.nu, founded by Arne Vidstrom.
Most network administrators discuss their firewalls in terms of what kinds of inbound traffic they block from the wild and wooly Internet. Not many consider how threatening outbound traffic can be to a site's security.
Unlike the recent DoS (denial of service) attacks on popular e-commerce Web sites, the art of application hacking is an elite skill. Assessing a Web server along with its running software and the application's design, for example, and then formulating an attack based on possible weaknesses in design requires some significant thought and analysis, not to mention a thorough understanding of Web design and programming.
The smattering of DDoS (distributed denial of service) attacks during the week of Feb. 7 was a wake-up call for much of the media, but from our vantage point they were simply par for the course. We've long been writing about the importance of security, explaining that in an instant your business can be brought to a screeching halt by a bored teenager looking for a little fun. The recent security events have only supported our claims.
At the world's largest computer and telecommunications conference, CeBit 2000, held this week in Hanover, Germany, the buzz will undoubtedly focus on securing the wireless world of radio waves.
At the world's largest computer and telecommunications conference, CeBit 2000, held this week in Hannover, Germany, the buzz will undoubtedly focus on securing the wireless world of radio waves. With the enormous attention on wireless this year and the almost endless parade of security and hacker stories making headlines around the world, serious players in wireless will either incorporate transparent, strong security in their products or fade into forgotten history.
Two weeks ago, major Internet Web and e-commerce sites were attacked in the largest known denial of service attack to date. The assaults made inaccessible to visitors Web servers at Yahoo Inc., Etrade Group Inc., eBay Inc., Buy.com Inc., Amazon.com Inc., CNN, and others. Although the attacks did interfere with trading online (Etrade) and purchasing products (Buy.com), by and large they were nothing more than a nuisance.
Our yearly Golden Guardian award recognizes the outstanding work of security product vendors for their efforts in delivering valuable security products to the public. But frequently we come across products that don't fit the traditional mold of full-blown commercial security tools. This week we highlight those products, which include freeware, shareware, and nonsecurity products -- all of which can be used to secure your networks.
While our colleagues detail their opinions on the various pieces of Microsoft Corp.'s Windows 2000 elsewhere in this special section, it naturally falls on us to tell readers what they can expect securitywise from the future of Windows. After working extensively with the final two release candidates for Windows 2000, we are going to lay it on the line and predict great things for this OS.
One of those poignant moments amid the sound and fury of the RSA 2000 conference (www.rsasecurity.com), held Jan. 16-20 in the heart of Silicon Valley, was a brief interlude on the steps outside of the convention center. We had stopped to talk with a high-ranking member of the IT security division at a large company and asked his impression of the show. "Evolutionary, but nothing revolutionary," was his somewhat tired reply.
Out of the blue, your bank issues you a new credit card. Why? Not because the old one expired. Although the bank doesn't publicly admit anything, the explanation during a phone conversation says it all: "The bank decided to issue new cards to all our subscribers for the year 2000." Yeah, and I like to throw money out the window for no good reason. Chances are that the bank's credit card numbers have been compromised.
Out of the blue, your bank issues you a new credit card. Why? Not because the old one expired. Although the bank doesn't publicly admit anything, the explanation during a phone conversation says it all: "The bank decided to issue new cards to all our subscribers for the year 2000." Yeah, and I like to throw money out the window for no good reason. Chances are that the bank's credit card numbers have been compromised.