|
|
 |
 |
 |
 |
|
|
|
|
|
|
|
|
NOTE: Online postings include all features beginning with January 2000. For a free subscription to the printed version, go to our subscription form. Certain articles have been archived from 1998 and 1999.
|
|
|
|
|
|
|
|
|
FEATURES
20th Century Fox
Lights, Camera?Security
Fighting today's malware requires a synergistic approach.
BY JEFF USLAN, director of information protection and security
DuPont
InfoSec University
Every company is starved for qualified infosec employees. Here's how DuPont is addressing the challenge.
BY MICHAEL LEACH, chief security officer of corporate IT
Visa
Secure, Everywhere You Want to Be
Growing consumer security concerns are driving companies like Visa to incorporate security into their marketing.
BY JAMES CHRISTIANSEN, senior vice president of information security
Microsoft
Protecting the Home Front
Tens of thousands of Microsoft employees connect to our corporate network from home. My job is to make sure those connections are secure.
BY HOWARD A. SCHMIDT, corporate security officer
Fannie Mae
Securing the American Dream
Homeownership will become easier through trusted financing networks.
BY CHRISAN HERROD, director of information security
U.S. Department of State
Foreign Intelligence
Comprehensive training programs help reinforce the defenses of America's diplomatic missions.
BY BRUCE R. MATTHEWS, information security training manager
Fidelity
The E-Signature (R)evolution
How do you ensure trust and security in the "global village?"
BY JERRY L. ARCHER, senior vice president of information security
First Union
Peter Browne on due diligence
U.S. Postal Service
Howard Cox on securing 10,000 LANs
University of Washington
Dave Dittrich on automated attacks
Lockheed Martin
A. Padgett Peterson on enterprise AV
Federal Reserve Bank of New York
Paul Raines on reputational risk
The Kincaid Group
Kathleen Kincaid on the great wall(s) of China
Province of Ontario
Kirk Corkery on security culture
i2 Technologies
John Frazier on securing the supply chain
FedEx
Ron Wallace on preventing dial-up disaster
webMethods
Jeremy Epstein on defense-in-depth
OnMoney
Paul Plant on the jump from blue suit to dot-com
Georgetown University
Richard Kogut on building a VPIN
U.S. Treasury Department
Donald Hagerling on dollars and sense
Vanguard
Gordon Zacrep on building a security "crew"
Nationwide Insurance
Eddie Schwartz on proactive intelligence
Pershing
C. Warren Axelrod on the next Y2K
Exodus Communications
Charles Neal on the lessons of Thomas Jefferson
MassMutual
Bruce Bonsall on directory services
Netzee
Mike Shaw on multi-tasking
Cerner
Walt Foultz on the impact of HIPAA
Clareon
Frank Jaffe on security in the age of hypergrowth
Detroit Edison
Ken Jaworski on change management
Booz, Allen & Hamilton
Stan Kiyota on integrated architectures
|
|
|
|
DEPARTMENTS
NOTE: In Their Own Words
BY ANDY BRINEY
|
| NEWS: Software piracy hits close to home; NT attacks on the rise |
HAPPENINGS: Calendar of events
|
|
|
|
COLUMNS
NEWS AND VIEWS: Tunneling Under Napster and other P2P clients are giving network users a reason to violate security policies.
BY AL BERG
|
HEISER ON TRAQ: Traqpourri
BY JAY HEISER
|
EC DOES IT: Future Tense
You think the ?Net is a dangerous place now? Cyberterrorism experts say today's attacks are only the tip of the iceberg.
BY MacDONNELL ULSCH
|
LOGOFF: Security at the Speed of Thought
2001 is right around the corner, and the spirit of HAL is alive and well.
BY GARY C. KESSLER
|
|
|
|
 |
COVER STORY
The New Holy Grail?
Authorization policy servers make single sign-on a reality in multi-application Web environments.
BY JOEL SNYDER
|
|
|
|
|
FEATURES
WIRELESS SECURITY: Locking Down the Wavelengths
Wireless devices are flooding the airwaves with millions of bits of information. Securing those transmissions is the next challenge facing e-commerce
BY EDMUND X. DeJESUS
|
PAYMENT PROTOCOL: Cache on Demand
This is the story of how I joined a dot-com startup and built a security infrastructure virtually from scratch. Suffice to say, it's been a wild ride.
BY JOE JUDGE
|
SECURE STRATEGIES: Avoiding IS Icebergs
Part four of "Audits, Assessments & Tests (Oh, MY)" delves into information systems auditing, the often maligned but always necessary practice of evaluating technologies and security procedures to ensure they work as intended
BY DAN SWANSON
|
Q & A: All Geered Up
Dan Geer, @Stake CTO ad the new president of USENIX, muses about privacy, security culture and the importance of self-reliance in the age of ubiquitous networks.
BY RICHARD THIEME
|
|
|
|
DEPARTMENTS
NOTE: Sorry, SSL
BY ANDY BRINEY
|
VIEWPOINT: No Longer Silent
|
NEWS: Empty Promises
BY LAWRENCE WALSH
|
HAPPENINGS: Calendar of events
|
|
|
|
COLUMNS
NEWS AND VIEWS: Disarming the Black Hats?
BY DOROTHY E. DENNING
|
HEISER ON TRAQ: You'll Hear From My Lawyer
BY JAY HEISER
|
EC DOES IT: Laying Down the Law
Federal privacy regs are coming soon to an industry near you.
BY MacDONNELL ULSCH
|
|
|
|
 |
COVER STORY
2000 INDUSTRY SURVEY
Security Focused
Security budgets are way up. So are security breaches. As the challenges multiply, the 2000 Information Security Industry Survey explores how to maintain your focus.
BY ANDY BRINEY - 542Kb .pdf
|
|
|
|
|
FEATURES
DATABASE SECURITY: Securing Oracle
New utilities and third-party "add-on" tools take security in Oracle 8.1.6 to the next level.
BY KEN IHRER
|
SECURITY POLICIES: Adero's Security Guy
This is the story of how I joined a dot-com startup and built a security infrastructure virtually from scratch. Suffice to say, it's been a wild ride.
BY JOE JUDGE
|
SECURE STRATEGIES: Penetration Testing Exposed
Part three of our series on "Audits, Assessments & Tests (Oh, My)" explores penetration testing, the controversial practice of simulating real-world attacks by discovering and exploiting system vulnerabilities.
BY GEORGE KURTZ and CHRIS PROSISE |
SIDEBAR: Penetration Testing: MYTH vs. REALITY
BY GEORGE KURTZ and CHRIS PROSISE |
Q & A: A Wizard Gets Wiser
Fearing ever-increasing "hacker-related pain," MARCUS RANUM turns his focus from technology to social change.
BY RICHARD THIEME
|
|
|
|
DEPARTMENTS
NOTE: Survey Sound Bytes
BY ANDY BRINEY
|
VIEWPOINT: Readers comment on the "people security" problem, BS 7799 and air gaps.
|
NEWS: On the Cutting Edge
Divine Intrusion Protection
BY AL BERG
|
HAPPENINGS: CALENDAR OF EVENTS
Fall security events on tap
|
|
|
|
COLUMNS
NEWS AND VIEWS: Magic in the Mix?
BY RICHARD THIEME
|
HEISER ON TRAQ: Renaissance Men
BY JAY HEISER
|
EC DOES IT: The Perils of Privacy
Anonymizer services bolster 'Net privacy, but they're not without their own set of risks.
BY MacDONNELL ULSCH
|
LOGOFF: The Next War
Most AV strategies defend against known attacks. More innovative thinking is needed to guard against future threats.
BY ROBERT VIBERT
|
|
|
|
 |
COVER STORY
Authentication- Patterns of Trust
There are plenty of options for user authentication, but none is a "one-size-fits-all" solution. With so many available technologies, how do you select the right one for your organization's needs?
BY RICK SMITH
|
|
|
|
|
FEATURES
ACCESS CONTROL: Beyond Firewalls
In most organizations, firewalls are now a commodity: everyone has at least one. In the future, access controls will need to become more granular, all the way down to the data level.
BY STEPHEN D. REED
|
|
APPLICATION SECURITY: Securing the Final Frontier
New security solutions can protect Web applications before- and after- you run them.
BY EDMUND X. DeJESUS |
|
COUNTERPOINT: Beware the Red Herring
BY JAY HEISER |
|
SECURE STRATEGIES: Audits, Assessments & Tests (Oh, My)
On the surface, all vulnerability assessment scanners perform essentially the same way. Here's how to decide which one-if any-is right for your requirements.
BY AL BERG |
|
|
|
DEPARTMENTS
NOTE: Reassessing Microsoft
BY ANDY BRINEY
|
|
OFF THE CUFF: Hacking NASA |
|
NEWS: On the Cutting Edge
Alice doesn't sign here anymore; Mitnick: Unlikely security advice |
|
HAPPENINGS: CALENDAR OF EVENTS
Late summer and early fall security events on tap
BY MacDONNELL ULSCH |
|
|
|
COLUMNS
HEISER ON TRAQ: Leave me Alone
BY JAY HEIESER
|
|
CRYPTORHYTHMS: The Fallacy of Trusted Client Software
Controlling what a user can do with a piece of data assumes a trust paradigm that doesn't exist in the real world.
BY BRUCE SCHNEIER |
|
SECURITY MARKET: (Out)Source of Concern
Practical tips for choosing a security- conscious service provider.
BY GREGORY L. MACHLER |
|
EC DOES IT: Silent Partner
Is SilentRunner a productivity boost or privacy bane?
BY MacDONNELL ULSCH |
|
AUDIT & ASSESSMENT: Ironclad Security
Mainframe security has become lax at the same time the potential for catastrophic damage has mushroomed. New audit and assessment tools can help you batten down the hatches.
BY PAUL KORZENIOWSKI |
|
LOGOFF: Hitting the Bull's Eye
When it comes to information security, there are no "silver bullets."
BY KEN CUTLER |
|
|
|
|
 |
COVER STORY
(Un)Bridging the Gap
It's been said that the only way to really secure a system is to take it off the network. That might turn out to be a practical solution, after all.
BY MICHAEL BOBBITT
|
|
|
|
|
FEATURES
VPNs: Handle With Care
The business case for remote access virtual private networks (VPNs) is clear-cut. Making them work in the real world is another matter.
BY EDMUND X. DEJESUS
|
Managing the Threat From Within
You've heard it time and time again: Insiders constitute the greatest threat to your organization's security. But what can you do about it?
BY ERIC SHAW, JERROLD POST AND KEVEN RUBY
|
Securing Cable Modems
GARY C. KESSLER
|
SECURE STRATEGIES: Audits, Assessments & Tests (Oh, My)
Systems security tests come in three basic flavors. Here's how to make sure you're performing only the test(s) you really need. (Part 1 of 4).
BY IRA WINKLER
|
BCP Comes of Age
Three senior business continuity planners discuss new dimensions in the relationship between BCP, disaster recovery and information security.
MODERATED BY PHILLIP JAN ROTHSTEIN
|
|
|
|
DEPARTMENTS
NOTE: The Dinner-Party Meter
BY ANDY BRINEY
|
VIEWPOINT: Defending Oracle
|
NEWS: RSA: Time's Up
As the patent on the world's most famous encryption algorithm expires, the industry reacts with a collective yawn.
BY BEN ROTHKE
|
|
|
|
COLUMNS
HEISER ON TRAQ: Preferred Policies
BY JAY HEISER
|
EC DOES IT: SECURITY STRATEGIES FOR E-COMPANIES
It took a $12 million loss for Omega Engineering to learn that security is everybody's business.
BY MacDONNELL ULSCH
|
LOGOFF: Identity Crisis
Unlike most crimes, if a thief steals your identity, you're responsible for recovering it.
BY M. E. KABAY
|
|
|
|
COVER STORY
ENTERPRISE SECURITY: PKI: Be Careful What You Wish For?
What's it gonna take for public-key infrastructures to deliver on their promise?
BY ANISH BHIMANI
|
|
|
| FEATURES
LOAD BALANCERS: A Balanced Approach to DoS
It's virtually impossible to block denial-of-service attacks. But you can take steps to mitigate their impact, including deploying intermediate devices such as load balancers.
BY ALISTAIR A. CROLL and ERIC PACKMAN
|
OS SECURITY: OS Guard Dog
Can you afford to get Argus Systems's PitBull? Can you afford not to?
BY RICHARD THIEME |
SECURE STRATEGIES: Secure Directory Services for E-Business (Part 2 of 3)
Properly secured, directories can be an effective tool for authorization to back-office legacy applications.
BY DENNIS SZERSZEN |
|
|
| DEPARTMENTS
NOTE: Naked DB Realities
BY ANDY BRINEY
|
| HAPPENINGS |
|
|
| COLUMNS
HEISER ON TRAQ: Potent Portals
BY JAY HEISER
|
EC DOES IT: Web Democracy
While the Web gives dot-coms some business advantages over traditional brick-and-mortars, it may also put them at a disadvantage when it comes to security.
BY MACDONNELL ULSCH |
LOGOFF: Full Disclosure?
To disclose or not to disclose? When it comes to vulnerabilities and viruses, that is the question.
BY M.E. KABAY |
|
|
|
COVER STORY
Web of Worries
Web security on your mind these days? It should be, 'cause securing your company's Web architecture is a never-ending process.
BY GARY C. KESSLER
|
|
|
|
FEATURES
CONTENT SECURITY: Pulling the Plug on Surfing and Spam
URL blockers and spam filters help you fend off content-related threats, preserve bandwidth and improve worker productivity. But without employee education and an acceptable use policy, these tools will have only limited success.
BY AL BERG
|
|
Q&A: Banker's Trust
An interview with Guy Tallent, CEO of the Identrus PKI Consortium.
INTERVIEWED BY RICHARD THIEME
|
|
MULTIMEDIA SECURITY: Tapping the Next Stream
As the market for streaming media matures, encryption, access control and bandwidth managment will become key parts of securing this newest form of intellectual property.
BY MARGOT SUYDAM
|
|
SECURE STRATEGIES: Secure Directory Services for E-Business, Part 1
Extending your business to the Web requires a firm understanding of directories, what they offer and the
challenges you'll face in deploying them.
BY DENNIS SZERSZEN
|
|
|
|
DEPARTMENTS
NOTE: Good Question
BY ANDY BRINEY
|
|
NEWS: ON THE CUTTING EDGE
Government Security: Better Late Than Never?
|
|
INFOSECOND: Key players in the Symantec/L-3 merger: Cress Carter, President of L-3 Network Security, and HenriI Isenberg, Vice President of Business Development, Symantec
|
|
|
|
COLUMNS
NEWS & VIEWS: Who's to Blame?
Should programmers be held responsible for how their software is used? The answer is more complicated than it seems.
BY BEN ROTHKE
|
|
HEISER ON TRAQ: Secret Squirrel Stuff
BY JAY HEISER
|
|
CRYPTORHYTHMS: The Process of Security
BY BRUCE SCHNEIER
|
|
OPEN SOURCES: How Easy Is Too Easy?
BY PETE LOSHIN
|
|
LOGOFF: Privacy, Please
BY SIMSON L. GARFINKEL
|
|
|
|
COVER STORY
DIGITAL FORENSICS: Crime Seen
How can the feds track down the DDOS perps? The same way you would-through a disciplined, methodical investigation, one that involves equal parts technology, sociology and criminology.
BY BILL BETTS
|
|
|
|
FEATURES
I&A TOOLS: Mapping Form to Function
Is biometrics technology poised to become the next killer app for individual authentication?
BY MICHAEL THIEME
|
|
MESSAGING SECURITY: (In)Security From End to End
The myth of secure e-mail is that all you need to do is install the right products or protocols, and away you go. The reality is much more complicated.
BY JAMES M. GALVIN
|
|
SECURE STRATEGIES: Mastering the Fundamentals, Part 3
Getting all the details right may still leave your business insecure?maybe even unsecurable. Amazingly, many organizations miss the big picture entirely.
BY RICHARD MACKEY and JONATHAN GOSSELS
|
|
|
|
DEPARTMENTS
NOTE: Break-Away Security
BY ANDY BRINEY
|
|
"Developing and Implementing Organizational Policy"
Chapter from The NCSA Guide to Enterprise Security
BY M.E. KABAY
|
NEWS ON THE CUTTING EDGE: DDoS Debriefing
What the Heck Is Intrusion Prevention? |
INFOSECOND: John Ryan, President & CEO, Entrust Technologies
|
| OFF THE CUFF: Fool's Gold |
|
|
|
COLUMNS
NEWS & VIEWS: DDoS: The High Cost of Apathy
The February denial-of-service attacks were preventable, if only we'd paid more attention to the warning signs.
BY WINN SCHWARTAU
|
|
HEISER ON TRAQ: The Real Deal on Malware
BY JAY HEISER
|
|
EC DOES IT: Culture Shock
Anything less than a robust security culture in the Internet age is an invitation to an unpleasant party.
BY MACDONNELL ULSCH
|
|
LOGOFF: Firm Conviction
Harsh punishments will deter some cybercriminals some of the time. But if we hope to achieve a better solution, we must first re-examine our own assumptions about legal rights and social responsibility.
BY VESSELIN BONTCHEV
|
|
|
|
COVER STORY
OPEN-SOURCE SECURITY: Linux Security
Is open source too open for its own good?
BY PETE LOSHIN
|
|
|
|
FEATURES
AV TOOLS: Enterprise-Class AV
An extended, heterogeneous computing environment places new demands on antivirus scanning, updating and administration. How well do today's AV products meet the challenge?
BY ROGER THOMPSON
|
|
M&A MANIA: How to Survive Merger Madness
What should you do when your favorite infosec vendor gets acquired?
BY EDMUND X. DeJESUS
|
|
SECURE STRATEGIES: Mastering the Fundamentals, Part 2
Extending your business to the Web requires securing your corporate perimeter, identifying and fixing vulnerabilities and conducting best practices in e-commerce security.
BY RICHARD MACKEY and JONATHAN GOSSELS
|
|
|
DEPARTMENTS
ROUNDTABLE: Win2K: Worth the Wait?
Feb. 17 marks the long-anticipated public release of Windows 2000. We invited four NT security experts to discuss the merits and shortcomings of Microsoft's "next-generation" NOS, and to answer the question on everyone's mind: Does Win2K deliver on its promise?
MODERATED BY ANDY BRINEY
|
|
|
|
|
|
|
|
COLUMNS
HEISER ON TRAQ: Dueling Bugtraqs
BY JAY HEISER
|
|
SECURITY MARKET: Roaming Securely
Today's roaming PKI certificates are the forerunner of tomorrow's any-to-any "virtual VPNs."
BY GARY C. KESSLER
|
|
LOGOFF: A Crisis of Confidence
Until infosec professionals can prove their value to employers and clients, expect the "ethical hacker" debate to go on...and on.
BY IRA WINKLER
|
|
|
|
COVER STORY
CRYPTO ACCELERATORS: Fast?& Secure
Crypto accelerators can cure a variety of e-security headaches. But be sure to choose the right one for your IT strategy, ?cause one size does not fit all.
BY ALISTAIR CROLL & BEN ROTHKE
|
|
|
|
FEATURES
BROADBAND SECURITY: Securing DSL
Without a well-thought-out security strategy, "always on" DSL Internet connections can translate into "inherently vulnerable."
BY RANDY DAY
|
|
Q&A: Uncompromising Position
Where online privacy is in jeopardy, code sniffer Richard M. Smith has been there to uncover it.
INTERVIEWED BY RICHARD THIEME
|
|
SECURE STRATEGIES: Mastering the Fundamentals, Part 1
Encryption Technology provides a valuable means to guarantee confidentiality, integrity and authenticity in today's networked world.
BY RICHARD MACKEY and JONATHAN GOSSELS
|
|
|
|
DEPARTMENTS
NOTE: Crime and Deterrence
BY ANDY BRINEY
|
|
INFOSECOND: Sophos senior technical consultant Graham Cluley
|
|
|
|
COLUMNS
HEISER ON TRAQ: The Essestials: RISKS and CERT
BY JAY HEISER
|
|
SECURITY MARKET: Safety on the Auction Block
While technical advances in infosecurity can make the virtual world a safer place, what people believe about the safety of their transactions will ultimately determine whether they accept the Internet as a secure place to do business.
BY JOSH BOYD
|
|
EC DOES IT: Secure (e)-Business
As companies outsource more and more services to third-party hosts, SLAs will be a critical tool in avoiding reputational risk.
BY MacDONNELL ULSCH
|
|
LOGOFF: Infowar of Words
Are you tired of hearing about cyberterrorism yet? The DoD has expended more resources sending out the alarm than determining how to protect the U.S. against it.
BY GEORGE SMITH
|
|
|
|
|
 |
 |
 |
|
