|
Biometrics industry must challenge
government
The UK government is mis-selling biometrics with its identity card
scheme, argues Phil Booth of the NO2ID campaign group
Why forensic analysis needs
to give up Nintendo
Forensic analysts need to adopt new methodologies to stay effective,
says Harlan Carvey, author of Windows Forensics and Incident
Recovery
Things I would not like to
say about security but have to
Marcos Sêmola, a Brazilian infosecurity professional
working in the UK, gives his view on dealing with risk, people and
vendors
A state of insecurity
Eleanor Dallaway reflects on visiting Israel, and why its people
can be both proud and regretful of their powerful infosecurity industry
Computer forensics - yesterday,
today and tomorrow
The field of computer forensics has come a long way in a few decades,
with today's large disk drives worth five billion of the 1980s'
360k disks, writes Jack Wiles, lead editor of Techno Security's
Guide to E-Discovery and Digital Forensics
When pen testers don Marigolds
If you neglect the physical security of documents, you are making
life too easy for penetration testers - and criminals, says Ken
Munro, managing director of SecureTest
Secure on paper?
Ensuring documents are destroyed rather than leaked requires a methodical
approach, says Brian Gouin, author of Security Design Consulting
Have respect for info-rights
The UK's Information Commissioner Richard Thomas calls for organisations
to protect the personal data they hold, or risk becoming the next
bad infosecurity news story
The Compliance Gamble
Tony Bradley, author of Syngress title PCI Compliance: Implementing
Effective PCI Data Security Standards, says that retailers
should do the right thing rather than gamble with their reputations.
The Holy Grail of infosecurity
Jason Holloway, vice-president of marketing for ExaProtect, believes
infosecurity has much to leave from Monty Python and the Holy Grail,
even if some staff can already recite dozens of quotes from the
film.
A built-in weakness
Ken Munro, managing director of UK penetration tester SecureTest,
says that building management systems - as used within the UK's
major airports - "simply aren't secure enough yet".
Security professionals need to improve
people (and business) management skills
before IT skills
John Colley, CISSP, Board of Directors and Chairman of the European
Advisory Board for (ISC)2 argues that protecting information assets
is more about people management than IT management.
Reflections on Microsoft
keynote at RSA 2007
Kristin Johnsen, senior director of security outreach, Trustworthy
Computing Group at Microsoft spoke to Brian McKenna following the
Bill Gates and Craig Mundie keynote at RSA 2007.
Joe Blow no match for trained
ex-intelligence officers
David Drab is a former FBI investigative agent who
now works as a principal in Xerox Global Services. He is presenting
at RSA 2007 in San Francisco this week on trade secrets. He spoke
to Brian McKenna about why trade secrets are the "orphan child
of intellectual property protection".
The network intelligence Game —
active scanning v. passive asset discovery
It was in the beginning of the 20th century that the founding father
of quantum physics, Werner Heisenberg, made a startling claim that
you could know either how fast a particle moved or where it was,
but you could never know both. Heisenberg’s Uncertainty Principle
implied that some things will forever remain invisible or unknown–
and that to observe something changed it forever.
Radware CEO says networks must
be immunized high up the stack
Roy Zisapel, co-founder of Radware, has served as its president
and chief executive officer and a director since inception. Brian
McKenna spoke to him at the end of 2006 for Infosecurity
magazine about how he sees the network security market.
I capture the castle
Mediaeval castle architects with their concentric, multi-layered
approach can help CIOs protect key applications and business critical
systems.
Six top computer forensics
experts testify to their craft
Forensics is one of the top three areas in demand for training by
information security professionals, according to the latest (ISC)2
Global Information Security Workforce Study, carried out by IDC.
But what do expert digital forensics professionals do? And what
do they think about latest developments in the field? Here we provide
a round up, based on material blogged to a research project carried
out by Sarah Hilley at Dublin City University. We have a line up
of six leaders in the field
Getting the
NAC: Cisco’s Bob Gleichauf at the London Gartner IT Security
Summit
Robert Gleichauf is responsible for the development of secure network
infrastructures across Cisco’s product line. Most recently,
he led the development of Cisco’s Network Admission Control
(NAC) initiative.
He recently spoke at the Gartner IT Security Summit in London, and
spoke to Brian McKenna for Infosecurity about the trials
of decrypting data in crisis situations, security officers of a
new type, and the challenge of vendor interoperability.
Paul Henry — Technical knowledge
gap promoting weak enterprise security
Paul Henry, vice president of strategic accounts at Secure Computing,
is one of the world's foremost global information security experts,
with more than 20 years experience managing security initiatives
for Global 2000 enterprises and government organizations. Here he
speaks to Brian McKenna, for Infosecurity, about recent
and near-future changes to the threat landscape, and how the security
community needs to better shape up.
IBM acquisition changes security
game, says ISS’s Tom Noonan
IBM’s acquisition of Internet Security Systems (ISS) has “changed
the rules of the game”, in the view of Tom Noonan, the President
and CEO of ISS. He recently spoke to Brian McKenna, for Infosecurity
about the significance of the acquisition.
It's political economy,
stupid
Bruce Schneier is an American computer security expert, cryptographer,
and writer. His books include Applied Cryptography (1996),
Secrets and Lies (2000), and Beyond Fear (2003).
He publishes a free monthly newsletter, 'Cryptogram', and blogs
at http://www.schneier.com/blog/.
He is the founder and chief technology officer of Counterpane Internet
Security. This autumn he'll be speaking at ISSE
2006 in Rome, on the topic of the economics of security. He
recently spoke with Brian McKenna for Infosecurity.
Mobile madness: securing the endpoint
Ken Salchow, F5
Networks
Today's computer networks have no boundaries. Their perimeters started
moving a few years ago as road warriors began carrying their laptops
to sales or work sites, logging in for customer information, critical
construction plans and other necessary resources.
Security technology fundamentally flawed,
says ex White House CIO
Former White House CIO Carlos Solari recently joined Lucent Technologies.
He took time out on a recent trip to London to talk to Brian McKenna
for Infosecurity.
The law starts to bite back
Andy Jones, senior research consultant at the Information Security
Forum, argues that IT security professionals ignore increasingly
complex international infosec laws at their peril.
Lost Highway
Ken Munro, managing director, Secure Test
Mischief and worse await public and private transport authorities
as their kit joins the data highway.
Playing chess around the clock in
the war on malcoders
Eugene Kaspersky is the Head of Virus Resarch at Moscow-based Kaspersky
Lab. Today, he is one of the world's leading experts in the information
security field. He has written a large number of articles and reviews
related to computer virology and speaks regularly at specialized
seminars and conferences all over the world.
At the recent Infosecurity Europe show in London, Brian McKenna
caught up with him for Infosecurity.
A return to traditional methods
Web product vulnerability testing has become too easy. A cookbook
approach would be to take one off-the-shelf commercial scanning
tool, point it at the application you want to test, hit the Scan
button, and finally send the report to anyone who's interested.
Industry matures, show demonstrates
Walking round the London Infosecurity 2006 exhibition, I was astonished.
Most of the products and services on sale seemed rational, useful
and sensible.
It was the first time in many years that I've been at the show
and not been on a stand, and perhaps this made the whole experience
more enjoyable. Maybe it clouded my judgement, but exhibitors definitely
seemed to offer fewer than usual useless items.
Erik Guldentops: father of Cobit
Erik Guldentops has been involved in developing the IT governance
framework Cobit (Control Objectives for Information and Related
Technology) since its inception. On 16 December last year, Cobit
version 4 was released by the IT Governance Institute, where Guldentops
chairs the development team. SA Mathieson recently spoke to him
about Cobit, the contemporary threat landscape, and EU/US differences.
Secure Computing’s
CEO on industry to 2010
John McNulty is the CEO of Secure Computing, which recently acquired
firewall vendor Cyberguard. As chairman and CEO of Secure Computing,
John McNulty has over thirty years experience in the hi-tech industry.
Before joining Secure Computing, he was senior vice president sales,
services and business development at Genesys Telecommunications
Laboratories. Prior to Genesys, he was with Intel Corporation, where
in his last position he was director of marketing and business development
for the enterprise server group, which he launched. Brian McKenna
recently spoke to Mr McNulty about the vendor’s strategy,
the rationale for the recent Cyberguard merger, and about the security
industry’s five years ahead.
Network futures: dumb and fast,
or smart and self-defending?
The human immune system is being invoked more and more as a metaphor
for how ICT networks should work. Cisco CEO John Chambers regaled
RSA 2006 delegates last month with a story of how his company’s
self-defending network concept is inspired by human biology. Others
are more sceptical. Evan Kaplan, CEO of SSL VPN supplier Aventail
spoke about this development to Brian McKenna, for Infosecurity,
at RSA in San José.
ISS’s CTO on 2006 –
botnet armies and security services online
Chris Rouland, Chief Technology Officer, Internet Security Systems,
says that for-profit hacking to the mass market saw its real debut
in 2005, and that in 2006 bot armies will replace the worm.
Security in the cloud – the
first line of defence
Dan Nadir, Vice President of Product Strategy for web security company
ScanSafe, says security professionals need to take a closer look
at web security.
Diary of a pen tester
David Beesley, director, Network Defence
Foreign hackers, weak passwords, backdoors and buffer overflows
— just another day at the office for Network Defence's penetration
testers. Here's a look at sample pages from the head tester's diary
— and what companies can learn from the results.
Grow up and work together
Robert Gleichauf, Chief Technology Officer, Security Technology
Group, Cisco Systems draws on this background as synthesizing anthropologist,
and exhorts the IT security community to grow up.
Data evacuation - hurricanes
revealled the networks weakest link
Ed Walsh, CEO, Avamar
A recent Washington Post report discussed the relief of
a New Orleans’ school manager upon finding that 170 computer
backup tapes storing critical financial information were dry and
apparently undamaged in spite of flooding. This and similar stories
in the wake of this year’s hurricane disasters in the United
States are a stark reminder of how vulnerable business data can
be. It has become clear that most companies' disaster recovery plans
are only as good as the last interruption they experienced. It is
likely we will see increases in natural and manmade disasters as
well as data theft in the coming years and businesses need to be
prepared to preserve and retrieve their mission-critical data...more
Enemy identification and
deterrence
Criminals like to go where the money is. Increasingly,
that means on-line. Here’s how to beat them.
Eschelbeck’s Laws
Gerhard Eschelbeck, CTO and VP-Engineering, Qualys, has revealed
the 2005 iteration of his ‘Laws of Vulnerabilities’
research.
Key highlights include:
• Two out of three, or nearly 70% of systems, are currently
vulnerable and in jeopardy of potential exploit or attack.
• 85% of the damage from automated attacks is created within
the first fifteen days of the outbreak – speed is of the essence
Brian McKenna spoke to GerhardEschelbeck at CSI 2005 in Washington...more
Howard Schmidt — international
cyber-security system two years off
Howard Schmidt, former chief security officer at Microsoft and eBay,
and former special advisor to the White House on cyber-space security,
recently keynoted at ISSE 2005 in Hungary. There, he spoke on the
topic of global cyber-security. He is currently president and CEO
of R&H Security Consulting. Brian McKenna caught up with him
in Budapest for Infosecurity...more
Now you read the data, now
you don’t
In general, data sharing can provide a powerful enhancement to the
arsenal in fighting world terrorism, recognise and eliminate fraud,
reduce errors and increase the effectiveness and economy of government
programmes and reveal business opportunities. But inherent in traditional
data sharing is a concern about the security of the data being exchanged.
IPSec bake off in San José
In an effort to avoid the teething pains experienced with the
first go-around of IPsec VPN products, ICSA Labs is hosting multiple
IPsec VPN Interoperability Workshops where vendors can bring their
IKEv2 based beta products out off of their R&D benches and test
them against peers.
Zero day is now
Zero day vulnerabilities provide a back-door into any operating
system or application and represent a serious threat to your organization.
Zero days are reality today. Ten serious zero day Windows vulnerabilities
were made public in late 2004 alone — and extensively exploited
by malicious hackers. EEye's Ben Nagy argues for a proactive approach.
Dorothy Denning on infosec and physical
security
Dorothy Denning is one of the world’s leading information
security experts. Earlier this year (ISC)² gave her the 2004
Harold F. Tipton Award in recognition of her outstanding information
security career. Brian McKenna spoke to Dr Denning at the time of
the award.
Howard Schmidt — bridging
cyber-security gaps
Howard Schmidt, VP and chief information officer for eBay,
recently spoke to Brian McKenna about professional certification,
what civilian IT security managers can learn from law enforcement
and the military, and 9/11. He urges IT security professionals not
to be hide-bound, and to mind the gaps in their knowledge.
Security architect – Marius
Nacht
Check Point Software was a firewall pioneer in the early 1990s.
Co-founder and senior vice president, Marius Nacht recently spoke
to Brian McKenna about the company’s origins, philosophy,
and roadmap.
DDoS: don’t get stuck in
denial
Paul King, Chief Security Architect, Cisco Systems
While moving business processes online brings many advantages to
companies, such as widening customer reach and reducing overheads,
the emergence of organised crime in the online world means that
business needs to be sharper than ever when it comes to security.
The four ages of malware
Roger Thompson, Computer Associates
As malicious code has evolved, one can see four distinct ages. They
show a narrowing gap between the announcement of a vulnerability
and an attack that exploits it, and a shift from a pure technology-based
attack to those that exploit a sophisticated understanding of social
behaviour to trigger the attack.
Through the Barricades: The demise
of traditional perimeter defences
Phil Worms, Director, Marketing NetIntelligence
There is a classic moment during the battle for Helm’s Deep
in the epic film, Lord of the Rings, the Two Towers, when King Theoden
stands atop the supposedly impregnable city. Rain sodden, he surveys
the massed ranks of Suraman’s armies and defiantly shouts
‘Is this all you’ve got?’ A few fateful minutes,
and a well placed explosive, later his confidence is shattered and
replaced with fear as he realises that his fortress has been penetrated.
|
