AttackPrevention: New Links: Whitepapers and Tools

Whitepaper	Comments	Views	Rating	Created	Category
The ABCs of securing your wireless network In this practical introduction to the basics of securing your home wireless network, we'll cover the important, high-level points that ordinary users need to know in order to secure a network of game consoles, phones, and PCs. Along the way, we'll also recap some of the relevant information from the original wireless blackpaper, which I recommend if you want to pursue the topic further. So look through the guide, and if you're already technically savvy then send it along to your uncle or your sister-in-law, and you may get one less phone call when it comes time for them to set up their new WLAN.	0 comments	71		05/01/08 15:29:19	WIFI Security
8 Considerations for a Complete Application Performance Solution Explore the top 8 considerations that require attention when evaluating products and strategies to establish a complete application performance solution. As your operations become increasingly more global, your enterprise network faces greater application performance challenges. Whether it's bottlenecks or security risks, high-performance businesses need a solution that allows LAN-like application access for employees, partners, vendors and clients�regardless of location.	0 comments	33		05/01/08 09:22:41	Application Security
Understanding the Security Challenges of FISMA Compliance Join Mike Nelson, president of SecureNet Technologies and author of the upcoming Pocket Guide to FISMA, and Tripwire's Studio T host Mark Blevis for a lively discussion of the challenges in meeting FISMA.	0 comments	62		05/01/08 08:21:03	Podcasts
Communication Skills and Basic Competencies Courses for Programmmer's Wives Women think they already know everything, but wait... new communication skills and basic competencies courses are now available for women married to programmers.	0 comments	36		05/01/08 07:39:18	Techie Humor
Linux Kernel Development How Fast it is Going, Who is Doing It, What They are Doing, and Who is Sponsoring It The Linux kernel is an interesting project to study for a number of reasons. It is one of the largest individual components on almost any Linux system. It also features one of the fastest-moving development processes and involves more developers than any other open source project. This paper looks at how that process works, focusing on nearly three years of kernel history as represented by the 2.6.11 through 2.6.24 releases.	0 comments	24		04/29/08 19:57:35	Servers
DaniWeb IT Discussion Community.	0 comments	14		04/29/08 10:55:38	Link Directory
Protecting Content During Business Disruption: Are You Covered? Learn how to protect your business from an unexpected disaster by implementing an Enterprise Content Management (ECM) solution. Significantly improve productivity, streamline business processes, and reduce the time and cost of managing routine business documents and information. The unfortunate rise in business disruptions from natural disasters, accidents, and human intervention increasingly proves how business continuity and disaster readiness planning is necessary to any responsible business operation. While the nature, degree, and consequences of a disruption will vary, well-thought planning and the right systems infrastructure can clearly make the difference between inconvenience and catastrophe in the event of sudden interruption.	0 comments	20		04/29/08 09:56:20	Disaster Recovery
The Role of Linux Servers and Commercial Workloads This IDC White Paper presents IDC's perspectives on the changing opportunity for Linux SOE deployments and the workloads that are supported by Linux. This paper considers both workload data and the ecosystem that has grown up to support the opportunity for Linux deployments, including application software, application development and deployment software, and infrastructure software.	0 comments	17		04/29/08 09:50:33	Servers
Cisco ASA 5500 Series IPS Edition Video Data Sheet The Cisco ASA 5500 Series IPS Edition provides proactive, full-featured intrusion prevention services to stop malicious traffic, including worms and network viruses, before they can affect your network.	0 comments	18		04/29/08 09:04:52	Video
PacketSaver: More Efficient, More Reliable VoIP Voice over Internet Protocol (VoIP) offers a wide range of benefits to both enterprises and communications/network service providers. These include lower costs, unified management of voice and data infrastructure, and - perhaps most importantly - the ability to deploy a new generation of converged voice/data applications. Although use of VoIP is growing rapidly, several factors have inhibited more rapid adoption across all market segments. These factors include concerns about maintaining consistent voice quality over IP networks, especially during periods where other types of traffic on the IP network suddenly 'spike' - potentially putting the squeeze on voice packets and momentarily threatening voice quality.	0 comments	15		04/28/08 10:11:45	VoIP
A Practical Approach to Managing Phishing In the summer of 2006, the authors of this white paper examined PayPal�s approach to managing phishing. We realized that our strategy was based on preventing financial loss in the victim�s account � long after the original phishing email had duped its victim. However, it became rapidly clear to us that there was a holistic dimension that our previous approach missed. Equally clear was the fact that we couldn�t eradicate this problem on our own � to make a dent in phishing, it would take collaboration with the Internet industry, law enforcement, and government around the world.	0 comments	14		04/28/08 10:06:32	Spam
The Psychology of Security This essay is my initial attempt to explore the feeling of security: where it comes from, how it works, and why it diverges from the reality of security. Four fields of research�two very closely related�can help illuminate this issue. The first is behavioral economics, sometimes called behavioral finance. Behavioral economics looks at human biases�emotional, social, and cognitive�and how they affect economic decisions. The second is the psychology of decision-making, and more specifically bounded rationality, which examines how we make decisions. Neither is directly related to security, but both look at the concept of risk: behavioral economics more in relation to economic risk, and the psychology of decision-making more generally in terms of security risks. But both fields go a long way to explain the divergence between the feeling and the reality of security and, more importantly, where that divergence comes from.	0 comments	26		04/28/08 09:55:00	Security Basics
The End of Application Deployment Secure and Manage delivery of your mission critical business applications. Delivering Windows applications globally to remote offices and mobile users creates significant performance, security and management challenges. Learn how to reduce the cost of delivering them anywhere, on any network and on any device, while increasing security and performance.	0 comments	29		04/23/08 13:16:30	Application Security
Crouching Powerpoint - Hidden Trojan A step-by-step whitepaper on how to control the value and distribution of information; deny, deceive, and destroy attackers; cultural differences of attacks; and how to defend against the dark arts.	0 comments	37		04/23/08 13:10:40	Worms and Viruses
AnonAccess This paper gives an overview of the AnonAccess-system, which tries to provide access to users which may be known by name, pseudonym or a shared pseudonym, to a given functionality (ex. open a door). The shared pseudonym access feature is tried to be extended and implemented in such a way that it can be claimed to be anonymous.	0 comments	18		04/23/08 13:02:18	Cryptology
Ten Easy Steps for Email and Web Best Practices Whether your organization is a mid-sized company, a small family business, or a publicly traded corporation, any time you allow employees to access the Web and email, you put your organization's assets, future, and reputation at risk. Accidental misuse and intentional abuse - of email and the Internet can create potentially costly and time-consuming legal, regulatory, security, and productivity headaches for any size employer. The ePolicy Institute and MessageLabs have created this business guide to provide best-practices guidelines for developing and implementing effective Email and Web Acceptable Usage Policies for the U.S. workplace. Through the implementation of clearly written Acceptable Usage Policies, employers in the U.S. can maximize employee compliance while minimizing their risk of various electronic and legal disasters.	0 comments	41		04/20/08 09:34:23	Web Security
Crack WEP for Beginners part 2 After you have installed the proper commview drivers, this will show you how to use airowizard to obtain the necessary quantity of data packets in around 10 minutes and than crack it using ptw	0 comments	44		04/20/08 09:16:27	Video
Enclave Security Technical Information Guide This Security Technical Implementation Guide (STIG) on Enclave security provides the information protection guidance necessary to implement secure Information Systems (ISs) and networks while ensuring interoperability. This document is aimed at identifying mitigating controls to aid in securing and protecting the perimeter and computing environment and achieving the objectives as identified in the DoD Directive, "Information Assurance, 8500.1," and the Department of Defense Instruction, "Information Assurance (IA) Implementation, 8500.2."	0 comments	20		04/20/08 09:11:01	STIGs
SQLiX SQLiX is a SQL Injection scanner, able to crawl, detect SQL injection vectors, identify the back-end database and even execute system commands for MS-SQL. The concepts in use are different than the one used in other SQL injection scanners. SQLiX is able to find normal and blind SQL injection vectors and doesn't need to reverse engineer the original SQL request (using only function calls). This tool is being developed as a part of the OWASP Web Security Project.	0 comments	9		03/31/08 18:35:46	Security Tools
Business Continuity - Issues, Trends, and Directions on IBM System i (AS/400) Get expert guidance on how to achieve business continuity. Listen to this informative 20 minute podcast on System i business continuity that brings you up to speed on the best strategies for reducing downtime. This podcast offers expert-level guidance from IBM's Steve Finnes on how System i environments can achieve easy, reliable business continuity. If downtime or data loss poses a risk to your organization, you'll be glad you took time to hear his presentation.	0 comments	98		03/29/08 10:36:33	Podcasts
Crack WEP for Beginners Setting Up The Drivers A video showing people how to crack a WEP network using PTW attack. This is a step by step tutorial for beginners. It uses aircrack-ng rather than commview for wifi which is more designed for WEP cracking (still need commview for wifi drivers though)	0 comments	715	5/5 with 1 votes	03/29/08 10:08:24	Video
Advanced Encryption Standard Questions and Answers A five page fact sheet from NIST over the Advanced Encryption Standard.	0 comments	97		03/29/08 09:57:27	Advanced Encryption Standard
Comfortable Remote-Access without Compromises: SSL-VPN in comparison with traditional VPN technologies Discover why there are SSL VPNs, and why they are able to compete with other solutions in terms of security. This white paper offers a detailed and informative discussion comparing the advantages and disadvantages of traditional VPN technologies and SSL VPN solutions and why client-based SSL VPNs, offer a valid alternative to conventional remote access software.	0 comments	107		03/27/08 12:06:37	SSL
The Day The Routers Died The Day The Routers Died... a song performed by the secret-wg in the closing plenary of the RIPE 55 conference.	0 comments	82		03/27/08 11:57:12	Video
Oracle Forensics Part 1: Dissecting the Redo Logs This paper represents the first in a series of papers on performing a forensic analysis of a compromised Oracle database server. The research was performed on an Oracle 10g Release 2 server running on Windows. It is important to note that just because something is the way it is in this version of Oracle running on Windows it may not be true of another version of Oracle running on a different operating system. That said, this paper will still provide guidance to a forensic examiner that needs to perform an analysis. Further, as and when I have new information with regards to the "correctness" of this paper as it relates to other systems I will update this paper.	0 comments	30		03/27/08 11:46:57	Oracle
Enterprise Mobility: How to Unshackle Your Mission-Critical Applications Learn the key issues a multi-national enterprise needs to consider when determining the requirements for deploying a global wireless messaging project. Multi-national enterprises must be prepared to reckon with a mobile workforce that will grow larger every year, driven by the requirements of global business and the increasing need to stay in close contact with customers and increase productivity while keeping an eye on the bottom line. The paper describes how the Good Mobile Messaging solution addresses those key issues, and finally, provides two case studies of recent Good Technology customer deployments.	0 comments	115		03/16/08 09:35:28	Enterprise Security
Strongly Unforgeable ID-based Signatures In 1984, Shamir [17] introduced the concept of ID-based cryptosystem, in which the private key of an entity was generated from his identity information (e.g. an e-mail address, a telephone number, etc.) and a master key of a trusted third party called a Private Key Generator (PKG). The advantage of this cryptosystem is that certiﬁcates as used in a traditional public key infrastructure can be eliminated.	0 comments	100		03/16/08 09:28:27	Cryptology
Oracle Forensics Part 2: Locating Dropped Objects After a successful compromise of a database server an attacker will usually attempt to hide their activities and this may include the dropping and purging of objects that they have created along the way, for example tables, functions and procedures. As this second paper in the Oracle Forensics series will show, even when an object has been dropped and purged from the system there will be, in the vast majority of cases, fragments left �lying around� which can be sewn together to build an accurate picture of what the actions the attacker took � or at least some of their actions. Perhaps, depending upon how quickly an investigation takes place from the incident in question, even all data pertaining to the dropped object or objects may still be found.	0 comments	83		03/16/08 09:17:49	Oracle
Get Serious About SOA Governance: A 5-Step Action Plan for Architects Build an airtight yet flexible governance plan to avoid risk and get the most out of SOA investment. In this white paper, you'll learn why governance is so crucial to reaping the full benefits of Service-Oriented Architecture (SOA). Learn how the lack of governance can expose your organization to serious risks; discover five key practices to consider as you build your SOA governance plan; understand the importance of flexibility and enforcement; and more.	0 comments	106		03/14/08 12:48:40	Architecture
A New Way to look at Networking Today's research community congratulates itself for the success of the internet and passionately argues whether circuits or datagrams are the One True Way. Meanwhile the list of unsolved problems grows. Security, mobility, ubiquitous computing, wireless, autonomous sensors, content distribution, digital divide, third world infrastructure, etc., are all poorly served by what's available from either the research community or the marketplace. I'll use various strained analogies and contrived examples to argue that network research is moribund because the only thing it knows how to do is fill in the details of a conversation between two applications. Today as in the 60s problems go unsolved due to our tunnel vision and not because of their intrinsic difficulty. And now, like then, simply changing our point of view may make many hard things easy.	0 comments	73		03/14/08 11:06:11	Video