Common sense security
A few years back, I was working on getting investment into our business. We had big problems with the lawyer from the other side, who kept raising objections. The issue wasn't that her points were invalid
|
|
Approaches to choosing the strength of your security measures
The rising exploitation of most existing vulnerabilities is combined with the appearance of new ones resulting in a new and powerful threat to Internet users (see, for example, 2001 CSI/FBI Survey, a standard cyber crime statistical reference). The security industry often takes the position that companies should promptly design and implement more and more security, increase its priority within the business and train all computer users in using the multiple layers of enterprise defense. Similar advice is given to small office, home office and individuals using the Internet from home.
|
|
Tracing an e-mail message
First (and easiest) thing to forge is the e-mail return address. Most personal computer posting software lets you type in just about any e-mail address you want to (for example the software I am using to post this message). Unless someone is a real idiot or they truly don"t know they will annoy tons of people, they will forge a fake e-mail return or put in the e-mail of someone they don"t like. It seems that most machines will accept e-mail from any other machine, so don"t send e-mail to postmasters at "upstream" sites that are just passing the message along.
|
|
Secure Web Based Mail Services
There used to be a time when secure email management was simple. "Managing" meant sorting through your email messages, putting them into appropriate folders. Secure email back them meant using a simple password for email access. However, today, with email being a business critical application, more threats against email than ever before, government regulatory concerns, secure email management takes on a whole different meaning. Viruses, spam, worms, and other malicious attacks and non-malicious events can bring email infrastructures to their knees. With recent government legislation in countries such as the U.S., email confidentiality has become a growing concern. One of the more common access to email today is via web browser and web based email access. What security issues should be kept in mind when developing or designing web mail systems?
|
|
S/MIME - great idea, pity about the implementation
If correctly implemented, the S/MIME standard seems an attractive proposition for providing simple signature and encryption "envelope" functions for e-mail and the attachments going with it. However, despite the interoperability challenges of EEMA and others over the last four years it remains a challenge to get one e-mail provider working successfully with another.
|
|
E-mail Security: Threats Facing the Corporate Email System
A variety of different elements weaken your corporate email system and while some are widely known - such as email viruses - others tend to be ignored. Emails carrying offensive messages or confidential corporate information can create immense inconvenience and expense for a company that has not equipped its mail server with the appropriate tools. The same goes for spammers who use the email system at work to send thousands of unsolicited email messages. And what about the vast damage and time-loss caused by email viruses, which seem are making ever more frequent appearances these days?
|
|
The problems with secure e-mail
The ideal system that everyone is searching for - the silver bullet, is to have top security automatically regardless of who you are sending to and what product(s) they happen to be using. The reality is that many e-mail packages are not themselves secure, and do not interoperate cleanly with anything but their own products. For the time being you are better off keeping your security outside of your e-mail or word processing package, and exchanging attachments that are fully protected and not relying upon any of the different systems that people are using. That way you increase the security of the result and do not have to rely on complex interactions between proprietary systems.
|
|
Security is Not a Luxury Anymore for Small Business
Many young, cash-strapped online companies mistakenly consider the security of their e-business a luxury they cannot yet afford, a to-do item for later down the road. This shortsighted thinking is precisely what destroyed one very promising e-business I know in San Francisco. Out of respect for the privacy of this otherwise well-run company, I would like to protect their identity. But their sad tale contains a useful lesson for small businesses everywhere. By telling their story I hope to help other small businesses to avoid making the same mistakes.
|
|
A Beginner's Guide to the Internet
The Internet has become an integral part of daily life. Unfortunately, while many people have come to rely on it, most have little or no understanding of how the Internet works. This can pose serious problems, particularly as issues around information security become more common and more serious. This article will set out to explain to readers who have little or no technical background how the Internet works . It is hoped that this will provide those readers with a good fundamental knowledge of the principles and terminology of the Internet, so that they can begin to protect themselves against the variety of security threats that exist on the Net.
|
|
Securing Privacy, Part One: Hardware Issues
While Internet users may not be able or entitled to control information about them that is held by third parties, they can still take steps to ensure the protection of their privacy. It's never too late to begin safeguarding your privacy. This is the first of a series of three articles that will examine privacy concerns regarding hardware, then software, and then finally the Internet in general. This installment will examine hardware-based privacy issues, specifically: hardware solutions for small networks and wireless devices, hardware-based spyware, and some attempts by hardware vendors to infringe upon users' privacy.
|
|
Securing Privacy, Part Two: Software Issues
In the previous article in this series, we covered hardware firewall-routers. Firewalls are an important part of a privacy protection strategy because they prevent intruders from gaining access to valuable information that is stored on a computer. Now let's look at firewalls that run on individual computers. Known as personal, or PC, firewalls, these are different from hardware firewall-routers in several ways. The best PC firewalls track incoming and outgoing traffic, and allow users to set up rules governing what programs on the computer will be allowed to establish connections to the Internet. Best of all, many PC firewalls are free, although even if they are available commercially, prices tend to be reasonable.
|
|
Securing Privacy Part Three: E-mail Issues
This is the third article in a four-part series that will examine privacy concerns as they relate to security. The first installment in the series examined hardware-based privacy issues and solutions. The second installment discussed software-based issues and solutions. This installment will discuss privacy issues that are particularly relevant to e-mail.
|
|
The Soft Underbelly: Attacking the Client
Since at least 1998 (see Avolio), security experts have warned that a perimeter defense alone is insufficient, and the vast majority of networks are extremely vulnerable as soon as the firewall, proxy service or physical security layer at said perimeter has been breached. The situation today has not changed much since 1998. Most security initiatives still concentrate on the firewalls and other border devices, and virus defense is the only area where a low level of penetration has been achieved in securing each individual client. None of this is news, though the extent of the danger is beginning to surface slowly, as more and more security experts point to the problem. Nevertheless, I believe strongly that the threat is still being underestimated, even by those who condemn perimeter defenses.
|
|
Sniffers: What They Are and How to Protect Yourself
Have you ever thought about how your computer talks with others on a network? Would you like to listen to, or "sniff", the conversation? Network engineers, system administrators, security professionals and, unfortunately, crackers have long used a tool that allows them to do exactly that. This nifty utility, known as a sniffer, can be found in the arsenal of every network guru, where it's likely used everyday for a variety of tasks. This article will offer a brief overview of sniffers, including what they do, how they work, why users need to be aware of them, and what users can do to protect themselves against the illegitimate use of sniffers.
|
|
Page: 1 2 3
|
Actions
Category Stats