|
|
 |
 |
 |
 |
|
|
|
|
|
|
|
|
NOTE: Online postings include all features beginning with January 2000. For a free subscription to the printed version, go to our subscription form. Certain articles have been archived from 1998 and 1999.
|
|
|
|
|
 Introduction: Trends 2002
BY ANDY BRINEY
PEOPLE
Alonzo Ellis
How the young "old-timer" went from a Commodore computer to the industry's first managed VPN service.
BY JUDY MOTTL
Fred Cohen
Old-guard warrior is crusading to dispel "black art" perceptions about infosecurity research.
BY SEAN CORCORAN
Peiter "Mudge" Zatko
From the L0pht to the West Wing.
BY SEAN CORCORAN
Phil Zimmermann
There's nothing cryptic about his passion for privacy rights.
BY PETE LOSHIN
Lisa Pretty
Whether vintner or PKI Forum president, this technologist presses ahead.
BY JUDY MOTTL
Brian Martin
Attrition.org's founder continues to break down the walls of conventional wisdom about hackers and security.
BY DAN VERTON
James Atkinson
In the world of corporate espionage, this counter-surveillance specialist is the man to call.
BY RICHARD THIEME
Doctor, Doctor
Bassam Khulusi and Peter Tippett--two M.D.s curing infosec ailments.
BY SANDRA KAY MILLER
Bob Weaver
From the rubble of the twin towers, the Electronic Crimes Task Force chief rededicates himself to "serving the servers."
BY RICHARD THIEME
John Flowers
SATAN's child, erstwhile hacker, business entrepreneur.
BY JUDY MOTTL
INDUSTRY
PKI
Out of the breakdown lane, onto the highway?
BY PETE LINDSTROM
Disaster Recovery
Sept. 11 changes everything.
BY PHILIP JAN ROTHSTEIN
Security: It's Academic
Campus IT admins deal with their insecurities.
BY NEIL ROITER
Cyberinsurance
As the risk increases, so will the interest in policies and the cost of premiums.
BY COLLEEN BRUSH
The Economy
Security-conscious companies are ready to spend money. The question is, "On what?"
BY ANNE SAITA
The CPO
Newcomers to the executive suite, chief privacy officers decide the fate of corporate--and personal--information.
BY NEIL ROITER
Tripwires
Clones pay file scanner the highest compliment.
BY PETE LOSHIN
PentaSafe
An object lesson in how to recruit and retain top-notch workers.
BY ANNE SAITA
Security Synergy
The new security triad: physical, information and personnel.
BY WINN SCHWARTAU
Outsourcing
Economic insecurity may benefit MSSPs.
BY ANNE SAITA
TECHNOLOGY
Malware
A virus and worm forecast for early 2002.
BY ROGER THOMPSON
War Driving
Computing mobility opens networks to an invasion of the wireless snatchers.
BY SANDRA KAY MILLER
Biometrics
The face of post-Sept. 11 security.
BY SIMSON L. GARFINKEL
ERRATA
*Nix Malware
DShield.org
Physical Security
7799
CAIDA.org
P3P
Privacy & Terrorism
OSS Standards
Honeypots
|
|
|
|
COLUMNS
NOTE
2002: The Year Of...
BY ANDY BRINEY
STANDARDS WATCH
Red Light Protocols
Technologists say the creation of digital provisions for offensive material is unworkable.
BY PETE LOSHIN
LOGOFF
Key Concerns
Sept. 11 opened a new chapter in the crypto policy debate.
BY DOROTHY DENNING
|
|
|
|
DEPARTMENTS
NEWS
ON THE CUTTING EDGE
Terrorism renews crypto control debates; Cybersecurity czar proposes Govnet; New tools making script-kiddie hacking easier; Book writing isn't easy, but rewarding.
NEWS
OFF THE CUFF
SecurityFocus knocked for making money; Mitnick takes white hat role
PRODUCTS
TEST CENTER
Next Generation Firewalling
Check Point's Firewall-1 NG goes where no firewall has gone before
BY SCOTT SIDEL
REVIEWS
SecurityFocus's ARIS Predictor, Asynchrony's PDA Defense v2.01, Courion's Identity Management Suite.
HAPPENINGS: CALENDAR OF EVENTS
Fall and early winter security events on tap.
|
|
|
|
 |
COVER STORY
2001 Industry Survey
2,545 information security practitioners give the lowdown on security budgets, purchasing trends, security breaches and defenses, obstacles to security and much more.
BY ANDY BRINEY
|
|
|
|
|
FEATURES
HOST-BASED SECURITY
Vaulted Sealing
Want to defend against attacks you haven't even heard of? Lock your systems in a cybervault.
BY MIKE BOBBITT
CASE STUDY
Protection Starts With Prevention
BY ANNE SAITA
 Comparison Chart
Q&A
Chief Cyberpunk
Crypto star Ian Goldberg moved from academia to industry, but his passion remains "to live in a world where I can communicate securely and privately."
INTERVIEWED BY RICHARD THIEME
ASP SECURITY
Are You in Good Hands?
Outsourcing key applications can make good business sense, but not if you sacrifice security. Here's how to choose an ASP that protects your enterprise.
BY T. ERTEM OSMANOGLU & JOHN R. SCHRAMM
Screening ASPs: Separating the Wheat From the Chaff
|
|
|
|
COLUMNS
NOTE
Perspective
BY ANDY BRINEY
CURMUDGEON'S CORNER
Pay Your Dues
If you're looking for the fast track to an infosec career, slow down. Like anything worthwhile, it takes time and hard work.
BY JAY HEISER
STANDARDS WATCH
TX.509, It's Getting Real Fine
Delegated Path Validation and Delegated Path Discovery protocols could dramatically improve certificate validation.
BY PETE LOSHIN
LOGOFF
PKI: An Insider's View
Bad karma and a multitude of technical issues have kept the technology from taking off.
BY BEN ROTHKE
|
|
|
|
DEPARTMENTS
VIEWPOINT
Readers sound off on quantum crypto, personal firewalls and AV myths.
NEWS
ON THE CUTTING EDGE
Terrorist attack touches infosec; XP includes security; Baltimore mounts recovery plan; New coalition targets user awareness; Penetrating the digital underground.
NEWS
OFF THE CUFF
No good deed goes unpunished; Coolio finds crime does pay; Ex-husband tapped for cybertapping; "When I grow up..." video; MafiaBoy misunderstood?
PRODUCTS
TEST CENTER
Distributing Access Control Computer Associates' eTAC boasts multi-platform access control policy management.
BY JOEL SNYDER
PRODUCT
REVIEWS
Profiles of CipherTrust's IronMail, Symantec's VelociRaptor, Authentor Systems' SmartPath 2.2 and PatchLink's PatchLink Update 3.0.
HAPPENINGS: CALENDAR OF EVENTS
Fall and early winter security events on tap.
|
|
|
|
|
|
|
|
FEATURES
SECURITY MARKET
Security in Numbers
Pay raises for security professionals continue to outstrip other IT job categories, especially for practitioners with specialized skills and/or professional certifications.
BY DAVID FOOTE
Q&A
Center of Attention
Career FBI agent Ronald Dick has been given the mission of maturing the scope and capabilities of the National Infrastructure Protection Center.
INTERVIEWD BY RICHARD THIEME
SIDEBAR
Banking on Trust
Stanley Jarocki, treasurer and board member of the financial services ISAC, speaks about his still-evolving relationship with the NIPC
CRYPTOGRAPHY
Quantum Leap
Scientists are examining quantum cryptography (QC) as a possible alternative to traditional encryption technologies. But how practical is QC outside the laboratory?
BY EDMUND X. DEJESUS
CASE STUDY
The Mechanics of QC
|
|
|
|
COLUMNS
NOTE
A Firewall by Any Other Name...
BY ANDY BRINEY
TECH TALK
Don't Get Too Attached
Security managers should be more selective in what they allow through their e-mail gateways.
BY PAUL D. ROBERTSON
STANDARDS WATCH
Mastering Your Own Domain
Though still immature, the DNSSEC protocol is a step toward better BIND security.
BY PETE LOSHIN
LOGOFF
Anatomy of a Security Professional
When it comes to infosecurity, diversification is more important than specialization.
BY EDWARD SPENCER
|
|
|
|
DEPARTMENTS
VIEWPOINT
Readers sound off on SSL encryption and Java threats.
TALK BACK
Readers discuss their top security priorities/activities in the event of a layoff.
NEWS: ON THE CUTTING EDGE
Hacked Off; Security Checkup; High-flying Targets; Next Generation Headache?; Greenback Spy.
NEWS: OFF THE CUFF
Do Pay Phone Thieves Get a Phone Call?; "Look, Mommy, I'm on SANS"; Marketing Promotion Gone Awry.
PRODUCTS: TEST CENTER
Running the Gauntlet
Network Associates makes a major update to its Gauntlet 6.0 firewall by adding sought-after features and increasing usability.
BY SCOTT SIDEL
PRODUCTS: REVIEWS
Profiles of PentaSafe's VigilEnt Policy Center 2.0, Waveset's Lighthouse 1.0, Keystone Learning Systems' Windows 2000 Design Network Security and Solagent's Solagent Secure.
HAPPENINGS: CALENDAR OF EVENTS
Fall security events on tap.
|
|
|
|
|
|
|
|
FEATURES
FORENSICS
Supporting Cyber Sleuths
The easier you make it for the cops, the faster they can help you solve a computer crime.
BY TODD G. SHIPLEY
PKI
PKI Policy Pitfalls
A properly developed PKI policy can turn a piece of security technology into an integral part of your organization's trust model.
BY MIKE BOBBITT
SIDEBAR
PKI Crystal Ball
BY MIKE BOBBITT
|
|
|
|
COLUMNS
NOTE
Budget Cuts? Believe It
BY ANDY BRINEY
CURMUDGEON'S CORNER
Crypto: A Hard Sell
Security professionals recognize the utility of applied-crypto applications, but that doesn't mean the market will accept them.
BY JAY HEISER
TECH TALK
Not Dead, But Dying
Macro and script viruses continue to circulate in the wild, but their threat is decreasing.
BY ROGER THOMPSON
STANDARDS WATCH
Security in Writing
The IETF continuesto push for inclusion of security issues in RFCs, but the real need is more participation in the working groups.
BY PETE LOSHIN
EC DOES IT
Common Knowledge
Organizations hemorrhage volumes of low-value data that, when melded together, provide adversaries with tremendous intelligence.
BY MacDONNELL ULSCH
LOGOFF
The Science of Secrets
Cryptology continues to evolve as our need for keeping secrets increases.
BY SHON HARRIS
|
|
|
|
DEPARTMENTS
VIEWPOINT
Readers respond to May's VPN cover story, PKI, and hacking and countermeasures
TALK BACK
Is it OK to launch a counterattack on someone who is trying to hack or DoS your systems?
NEWS: ON THE CUTTING EDGE
After the flood; Hackers reach for power; Surcharge for insecurity; Privacy's pretty penny
NEWS: OFF THE CUFF
SETI@home vulnerable to fraud; Web site fans attack copycat; Hormel's Spam spelling lesson; "The Analyzer" escapes jail time
PRODUCTS: TEST CENTER
Policing Web Traffic
With a little time and effort, WEBsweeper proves to be a beneficial addition to an organization's content-security arsenal
BY ROBERT JAMES
PRODUCTS: REVIEWS
Profiles of Hewlett-Packard's VirtualVault 4.5, PentaSafe's Information Security Roles & Responsibilities Made Easy, Computer Associates' InoculateIT 6.0 and affinitex's VeriMe
HAPPENINGS: CALENDAR OF EVENTS
Summer security events on tap
|
|
|
|
|
|
|
|
FEATURES
MARKET WATCH
Cash & Burn
Nasdaq's tumble hasn't stopped venture capitalists from pumping billions into infosecurity companies. But as many firms have discovered, VC backing is no guarantee of success.
BY JIM REAVIS
SIDEBAR
Niche Investments
BY JIM REAVIS
HACKER PSYCHOLOGY
Understanding "Peopleware"
Psychologists and other social scientists are lending their expertise to the technology-laden infosecurity industry. In return, they're getting an earful.
BY ANNE SAITA
PROTOCOLS
Sealing the Pipes
SSH is a powerful security protocol, but it can prove dangerous if used incorrectly.
BY PETE LOSHIN
SIDEBAR
What's in a Name?
BY PETE LOSHIN
SSH Resources
|
|
|
|
COLUMNS
NOTE
The Only Constant is Change
BY ANDY BRINEY
EXECUTIVE VIEW
Stronger Passwords Aren't
In the real world, an eight-character mixed alphanumeric password is no more secure than a simple four-character password.
BY PETER TIPPETT
CURMUDGEON'S CORNER
Java Malaise
The myths surrounding hostile Java applets are a lesson in the perils of believing everything you hear.
BY JAY HEISER
TECH TALK
Plugging Leaky Holes
Port scanners provide an efficient means for finding soft spots on a network's digital perimeter.
BY GARY C. KESSLER
STANDARDS WATCH
Eliminating IDS Babble
A monthly review of recent security-related RFCs from the IETF.
BY PETE LOSHIN
EC DOES IT
Continental Drift
Why Europe and the U.S. react differently to privacy issues.
BY MacDONNELL ULSCH
LOGOFF
Who You Know
When searching for a new job, don't underestimate the power of networking.
BY STEVE MANZUIK
|
|
|
|
DEPARTMENTS
TALK BACK
Readers offer their perspective on what to do if a hacker claims to have patched a vulnerability on your systems
NEWS
On the Cutting Edge
Finance industry races to compy with GLB Act; Layoffs could create new inside threats; China cyber-syndrome; Higher infosec education; Clarke tapped for cybersecurity czar; E.U. implements electronic-signature initiative; DDoS gets a pulse; Microsoft eyes tighter security; Flannery sets the record straight.
NEWS
Off the Cuff
Virus writer crafts Valentine for Echelon; Legal advocates have advice for arrested hackers.
PRODUCTS
Test Center
Too Many Bytes.
SecureWave's SecureStack v1.0 takes a unique approach in protecting Windows systems from buffer-overflow attacks by looking for changes in "canary" words strategically placed in the stack. While functional, there are signs that the app isn't ready for prime time.
BY ALBERT HOLT
PRODUCTS
Reviews
Profiles of zTrace's zTrace Gold, CHC-3 Consulting's DominoSecurity.org, Lockstep Systems' SiteRecorder v1.0 and Authentify's Authentify Register.
HAPPENINGS
Calendar of Events
Summer security events on tap.
|
|
|
|
|
|
|
|
FEATURES
EMAIL SECURITY: Signed, Sealed & Delivered
A cadre of new e-mail security applications aims to solve the problems that have long plagued PGP and S/MIME.
BY FRED AVOLIO & DAVID PISCITELLO
Comparison Chart (PDF)
Q&A: A Mentor's Mantra
Former Navy man Stephen Northcutt hasnew marching orders: Train the defenders tothink like their attackers.
INTERVIEWED BY RICHARD THIEME
OS SECURITY: The Case for BSD
Whether you're looking for reliability, security, interoperability or performance,chances are a BSD-based solution exists.
BY PETE LOSHIN
CAREER ADVICE: Breaking Into Infosec
Answers to 15 common questions about launching or expanding your career in infosecurity.
BY M.E. KABAY & PHILIP S. HOLT
CASE STUDY: The Long & Winding Road
BY ANNE SAITA
|
|
|
|
DEPARTMENTS
TALK BACK: Readers offer their perspective on a "gold standard" for infosec education..
NEWS: On the Cutting Edge
Libraries: Anovel approach to cybercrime; Extending DNS Security; Senator pushes for security disclosures; Infosec certifications proliferate; NEWS ANALYSIS RSA reflects economy
NEWS: Off the Cuff
Mitnick: Cybercrime expert?; Germany's DoS plans; April Fool's defacements; Scales of espionage; A "pioneering" virus.
PRODUCTS: Test Center
Declaring War on War Dialers.
Two dial-line authentication devices offer security for dial-in modem users.
BY SCOTT SIDEL
PRODUCTS: Reviews
Profiles of Guidance Software's EnCase v3, SpyBlocker Software's SpyBlocker v3.1, WireX Communications's Immunix Server Platform and Webroot Software's Window Washer 4.0
HAPPENINGS: Calendar of Events
|
|
|
|
COLUMNS
NOTE: Reasons to Be Paranoid
BY ANDY BRINEY
EXECUTIVE VIEW: The Crypto Myth
If you assume SSL is essential to Internet security, guess again.
BY PETER TIPPETT
CURMUDGEON'S CORNER: Cultural Divide
To ensure strong security, infosec professionals must bridge the gap between competing belief systems.
BY JAY HEISER
SECURITY MARKET: Translating Security for Managers
Companies spend more on coffee supplies than on security. What can you do about it?
BY FRANK PRINCE
TECH TALK: Break on Through
Tunneling protocols make today's firewall more like a propped-open firedoor.
BY PAUL D. REOBERTSON
STANDARDS WATCH: Microsoft's RFC Tunnel
The software giant tries to burrow its way into the VPN standards spaceby publishing RFCs that challenge IPSec.
BY PETE LOSHIN
LOGOFF: Controlled Chaos
Organized obscurity can help secureprecious information.
BY DANA W. PAXSON
|
|
|
|
|
|
|
|
FEATURES
WEB SERVER SECURITY: Improving Apache
Unix admins swear by Apache's out-of-the-box robustness, but certain configuration steps are needed to ensure the Web server's security.
BY GARY BAHADUR & MIKE SHEMA
CASE STUDY: Hail Apache
BY ANNE SAITA
ROUNDTABLE: Help Wanted
Four industry veterans discuss creative approaches to infosec staffing in an increasingly tight job market.
MODERATED BY ANDY BRINEY
HANDHELD ANTIVIRUS: Airborne Viruses
The only thing standing in the way of handheld virus epidemic may be limitations in the devices themselves.
BY EDMUND X. DEJESUS
CASE STUDY: Securing Thin Air
BY ANNE SAITA
SIDEBAR: Portable Privacy
BY MIKE BOBBITT
Q&A: Profile of a Profiler
Best known for creating an accurate profile of the Unabomber, retired FBI agent Bill Tafoya now works on identifying "the hollow men of hackerdom."
INTERVIEWED BY RICHARD THIEME
|
|
|
|
DEPARTMENTS
VIEWPOINT: Readers respond to security giveaways, laptop theft, insurance takeover and P2P security.
TALK BACK: Readers discuss the pros and cons of applying patches.
NEWS: On the Cutting Edge
Underwriting security risk; Hunting copyright violators; Russian hackers; FBI insider problem.
NEWS: Off the Cuff
GOP forgets privacy; Castro labeled cyberthreat; Coolio not chillin' in jail; Newsletter defaced.
PRODUCTS: Test Center
One Stop Home Security.
While Norton Internet Security products offer enterprise-quality features for the vulnerable home user, issues with configuration and bandwidth remain.
BY GARY C. KESSLER
Spam Be Gone
A new content filtering product helps prevent spam from clogging your inbox.
BY SCOTT SIDEL
PRODUCTS: Reviews
Profiles of eEye Digital Security's eEye Retina, BindView's bv-Control 7.0 and Prentice Hall PTR's Real World Linux Security
HAPPENINGS: Calendar of Events
|
|
|
|
COLUMNS
NOTE: A Matter of Trust
BY LAWRENCE M. WALSH
SECURITY PERSPECTIVES: Threats of Mass Disruption
A cyber Pearl Harbor is not a question of if, but when.
BY NEWT GINGRICH
CURMUDGEON'S CORNER: The Blame Game
Looking for someone to blame for insecure software? You might begin with an error.
BY JAY HEISER
STANDARDS WATCH: Multicast's Missing Pieces
A new working group aims to resolve multicast's security issues.
BY PETE LOSHIN
TECH TALK: Knark & Dagger
A new variation of an old rootkit exploits Linux LKMs to subvert security.
BY AL BERG
EC DOES IT: A Digital Achilles' Heel
Without security, the Internet will provide adversaries with new dangerous attack vectors.
BY MACDONNELL ULSCH
LOGOFF: Moving Forward In Reverse
How a corporate security officer transitioned to infosec consulting . . . and why.
BY TERRY CURRAN
|
|
|
|
 |
COVER STORY
Java Security Meets Smart Cards
Security enhancements in Java Card 2.1.1 will help multi-application smart cards take off in U.S. markets.
BY GARY MCGRAW, KEN AYER & MARK MCGOVERN
CASE STUDY
BY ANNE SAITA
|
|
|
|
|
FEATURES
OPEN SOURCE SECURIT: Open Source Under the Hood
Vendors are increasingly including open-source components in their commercial products. What impact does this trend have on product security?
BY PETE LOSHIN
Q&A: "We're the Freedom People"
Attorney Jennifer Granick has made a career out of defending the "little guys" - a mission that takes on added dimension in her new post at Stanford Law School's Center for Internet and Society.
INTERVIEWED BY RICHARD THIEME
PKI: Acquiring PKI
Having the right process and asking the right questions are critical to acquiring PKI.
BY TOM AUSTIN
CONFERENCE REVIEW
Ready for Prime Time?
CASE STUDY
PKI Protects Patents
CRACKER EXPLOIT: Battle Plans
15 cracker exploits every security professional should know about-and how to defend against.
BY KEN BRANDT, STU GREEN & ENRIQUE ZÚÑIGA
|
|
|
|
DEPARTMENTS
VIEWPOINT: Feedback on reader product survey, security law and full disclosure.
TALK BACK: Readers offer a job description for an "Infosecurity Czar.
NEWS: On the Cutting Edge
Bush's IT security dilemma; DDoS remains unchanged; Honeynet challenges hackers.
NEWS: Off the Cuff
Bulgaria offers hacker a job; No "W" for "W"; De Guzman speaks.
PRODUCTS: Test Center
Kane Enable. The newest version of Kane Security Analyst provides routine assessments of Windows and NetWare boxes. But deficiencies in reporting and overall user friendliness undercut its usefulness in real-world environments.
BY JP VOSSEN
PRODUCTS: Reviews
Profiles of InfoExpress's CyberGatekeeper, Configuresoft's Enterprise Configuration Manager 3.5 and DOShelp.com.
HAPPENINGS: Calendar of Events
Spring security events on tap.
|
|
|
|
COLUMNS
NOTE: NHSA Ain't YASA
BY ANDY BRINEY
NEWS & VIEWS: When You Wish Upon a Czar . . .
Does the U.S. have a legitimate need for a "Counterintelligence Czar?".
BY ROBERT G. FERRELL
STANDARDS WATCH: Switching With MPLS
A monthly review of recent security-related RFCs from the IETF.
BY PETE LOSHIN
EXECUTIVE VIEW: Calculating Risk
Here's a simple equation for quantifying your organization's security risk.
BY PETER TIPPETT
EC DOES IT: An Open Letter to President Bush
Will Security and privacy assurance be hallmarks of the new administration.
BY MACDONNELL ULSCH
LOGOFF: The Little Things
Security begins with the little things. Do them to death. You'll be glad you did.
BY DANA W. PAXSON
|
|
|
|
 |
COVER STORY
P2P
Or Not P2P
Napster, Gnutella, IM and other peer-to-peer
applications are the "flavor of the week." But if you're
not careful, these programs could be used to undermine
your network security
BY
AL BERG
|
|
|
|
|
FEATURES
AV ALTERNATIVES: Extending
Scanner Range
Behavior blockers and other AV
alternatives can enhance defenses against new
malware.
BY
ROBERT VIBERT
Q&A: CyberSecurity
Czar
Richard Clarke has been America's
de facto Security Czar for the past eight years. Facing
an uncertain future in the new Bush administration,
Clarke reflects on the state of national security-and
his roll in bolstering it.
INTERVIEWED BY
RICHARD THIEME
LAPTOP SECURITY: Locking
Down the Laptop
Laptop security can be
broken down into three phases: physical security, access
control/authentication and tracking/recovery. But the
biggest challenge may be changing users' attitudes and
habits.
BY
PAUL KORZENIOWSKI
CASE STUDY
Preemtive
Strike
APPLIED CRYTO: Hardening
EFS
Win2K's Encryption File System
(EFS) provides users with a simple, transparent way to
encrypt files. But before enabling this feature, make
sure to set up and troubleshoot the backend
key-management and -recovery
infrastructure.
BY
ROBERTA BRAGG
CASE STUDY: Controlling
Internet Interest Rates
In
establishing an appropriate use policy for its 70,000
employees, the nation's sixth-largest bank learned a
thing or two about products designed to make enforcement
easier.
BY
JIM RAMSAY
|
|
|
|
DEPARTMENTS
TALK BACK: Readers sound off on hacker zines and Web Sites.
VIEWPOINT: Feedback on online voting, "security through obscurity" and fuzzy math.
NEWS: On the Cutting Edge
Market Insecurity; HIPPA Update; Cyber-stickup.
NEWS: Off the Cuff
Diablo cracks; Singing fish; IIS vulnerabilities.
PRODUCTS: Test Center
You never know what's plugged in.
Connected to your keyboard may be a device that logs every keystroke you make.
BY SCOTT SIDEL
PRODUCTS: Reviews
Profiles of the Systems Audit Group's Disaster Recovery Yellow Pages, Biolink's U-Match Mouse, Blue Spike's Giovanni and eNetSecure's IceMon.
HAPPENINGS: Calendar of Events
Late winter and early spring security events on tap
|
|
|
|
COLUMNS
NOTE: Alarmed
BY
ANDY BRINEY
STANDARDS WATCH: The
Two Sides Of NAT
Watch RFC 2993,
"Architecture Implication of NAT," sparks brisk debate
on Network Address Translation.
BY
PETE LOSHIN
SOS: The
Insurance Takeover
Sooner or later, the
insurance industry will sell everyone antihacking
policies.
BY
BRUCE SCHNEIER
CURMUDGEON'S CORNER: Think
Securely
It's often been said that the mark
of a good security professional is the ability to "think
securely." What exactly does that mean?
BY
JAY HEISER
SURGEON GENERAL'S REPORT: A
Plague on the Internet
IIS, like most
Microsoft software, is one of those applications that
proves the axiom, "What you don't know can hurt
you."
BY
RUSS COOPER
LOGOFF: Security
Giveaways
How to turn a $1.86 I.D.
badge holder into a security lesson that employees
remember for months to come.
BY
CHARLES HUDSON JR.
|
|
|
|
 |
COVER STORY
Managing Managed Security
Several dozen companies now offer managed security services, and no two are exactly the same. Here's how to match up your organiztion
BY EDMUND X. DEJESUS
|
|
|
|
|
FEATURES
THE INSIDER PROBLEM: To Fire, Or Not to Fire
Many companies simply terminate "problem" IT staffers, fearing they may hack or sabotage internal systems. While that may be the quickest solution, it's usually not the best one.
BY ERIC SHAW
ROUNDTABLE: Infosec Job Market Flies High
Despite signs of a slowing economy, technology recruiters say the demand for security professionals will remain strong.
MODERATED BY ANDY BRINEY
READER REVIEWS: First-Rate Security
We Asked Information Security
subscribers to rate products in three categories: firewalls, intrusion detection systems, and vulnerability assessment scanners. Here what they said.
BY ANDY BRINEY
|
|
|
|
DEPARTMENTS
TALK BACK: Readers offer peer-to-peer advice on password guidelines and standards.
NEWS: On the Cutting Edge
A new approach to patching vulnerabilities; 2001 A virus odyssey.
NEWS: Off the Cuff
eBay takes Mitnick down; 007 blows his cover; Holy viruses.
PRODUCTS: Test Center
ISA Breaks Security Ground. Enterprise Security, performance and manageability in one product?
BY MIKE BOBBITT
PRODUCTS: Reviews
Profiles of CCCL's Computer and Audit & Infosec "jargon buster" and OKENA's StormWatch.
HAPPENINGS: Calendar of Events
Late winter and early spring security events on tap
|
|
|
|
COLUMNS
NOTE: The New Ironside Law
BY ANDY BRINEY
STANDARDS WATCH: RFC's A to Z
A monthly review of recent security-related RFC's from the IETF.
BY PETE LOSHIN
EXECUTIVE VIEW: Sweat the Easy Stuff!
Most security problems can be mitigated through inexpensive, easy-to-adopt practices.
BY PETER TIPPETT
CURMUDGEON'S CORNER: Full Disclosure? Full Complicity!
Deconstructing the myths behind the full-disclosure debate.
BY JAY HEISER
EC DOES IT: The Sound & Fury
New toold help security managers integrate the human and technical sides of policy compliance.
BY MacDONNELL ULSCH
LOGOFF: Why I Love Biometrics
It is "liveness," not secrecy, that counts.
BY DOROTHY E. DENNING
|
|
|
|
|
 |
 |
 |
|
