Friday, April 4, 2008
I'm outta here for Spring Break. Woohoo. No RSA for me this year. Bad timing.
Windows Mobile OS security: Get it locked down
For all of my past information security content be sure to check out www.principlelogic.com/resources.html.
Thursday, April 3, 2008
Kevin Beaver, independent information security expert with Atlanta-based Principle Logic, LLC, will be keynoting the IDC Security Conference 2008 in Milan, Italy. Kevin will apply his practical and no-nonsense approach to security in his discussion titled Real World Security Problems You Can't Afford to Overlook. He will outline information security risks that many professionals haven’t considered or are viewing from the wrong perspective and Kevin will make his case for information security issues that he believes need attention now.
“I’m very honored to have been invited to speak at a conference with such high visibility.” says Beaver. “The general message of the IDC show is indicative of what’s going on worldwide. There are serious business problems associated with the lack of information security that need more direct attention than they’re getting now.”
"IDC believes that information protection and control will be a major area of investment over the next five years.” says Alessia Massari of IDC Southern Europe. “Reasons at the bottom line are that IPC is needed to protect sensitive information. We expect to see more examples of high-profile incidents in which customer records, confidential information and intellectual property are leaked. The Conference in Milano will give an updated overview on what is going on in one of the key markets in EMEA".
For more information visit the IDC Security Conference site at www.idc.com/italy/events/security08/security08_keynote.jsp and Principle Logic’s Web site at www.principlelogic.com.
About Principle Logic, LLC and Kevin Beaver
As the sole-proprietor of Principle Logic, LLC, Kevin Beaver performs security-related keynote speaking engagements, expert witness services, independent security assessments of networks and Web applications, and information security pre-audits and gap analyses. Kevin has authored/co-authored seven books on information security including Hacking For Dummies, Hacking Wireless Networks For Dummies, Laptop Encryption For Dummies, Securing the Mobile Enterprise For Dummies, and The Practical Guide to HIPAA Privacy and Security Compliance. He is a regular contributor to SearchWindowsSecurity.com, SearchSoftwareQuality.com, SearchSQLServer.com, and Security Technology & Design magazine. Kevin is also the creator and producer of the Security On Wheels audio programs and blog providing security learning for IT professionals on the go (securityonwheels.com).
Wednesday, April 2, 2008
FTP Sites Vulnerable to Data Breaches
FTP poses risks?? Uh, yeah! It's just like another technology or host on the network. If it's software, addressable via IP, and has a user login prompt - then, it's undoubtedly going to have holes that are exploited eventually. Especially when network admins and security managers ignore it for the most part. And, in the case of this article, when employees are managing it on their own. [side note: I'm not sure how employees are able to setup their own FTP servers unless the firewall is wide open. I can't even get legitimate FTP to work through my firewall most the time!]
So, Tumbleweed now has a new freeware tool that will monitor the network for FTP traffic (didn't they used to make an email filtering product?) and shows on what's going on. Wooo.... A new tool that looks for FTP traffic, analyzes the data and then creates a pretty report outlining who did what. Um...there's been a tool to do this that's been around for a loooong time - a couple of decades. It's called a network analyzer. Oh, and there's the free Cain tool that'll do this as well. It even has a handy password capture tool so you don't have to goto the trouble of setting up a filter in a network analyzer. Tamosoft has had their tool NetResident out for a long time. It does this same stuff.
I've been telling people to monitor their network traffic just inside or outside the firewall to see what's going on for a long long time. It provides unbelievable insight into protocols in use, top talkers, policies being violated - you name it! Now, a product vendor is using the RSA conference to debut their new technology/solution to this problem. Nothing new here except for the marketing types trying to reposition old technologies and old vulnerabilities. I could kick myself...I guess I've missed the boat - again.
Monday, March 31, 2008
Power Users: Pc Operators Who Eventually Ruin, Unload, Screw up, Erase, and Remove Software
I love it!!!
BTW, sorry my posts have been light as of late....been out sick.