|
|
| Whitepaper | Comments | Views | Rating | Created | Category |
|
Using Replication for High Availability and Disaster Recovery
An essential part of IT mission is maintaining high availability and disaster recovery capability. This technical case study shows how a company can use SQL Server 2008 database replication to eliminate single points of failure in data centers, and to enable fast recovery from a possible disaster at its primary data center. These strategies and solutions will be of interest to database administrators, senior IT managers, project leads, and architects. |
0 comments | 67 | 01/28/10 17:50:21 |
Disaster Recovery | |
|
Flawfinder
Flawfinder is a program that examines source code and reports possible security weaknesses (flaws) sorted by risk level. It's very useful for quickly finding and removing at least some potential security problems before a program is widely released to the public. It's a static analysis source code auditing tool. |
0 comments | 121 | 01/02/10 23:34:17 |
Auditing Tools | |
|
The Final Nail in WEP's Coffin
The 802.11 encryption standard Wired Equivalent Privacy (WEP) is still widely used today despite the numerous discussions on its insecurity. In this paper, we present a novel vulnerability which allows an attacker to send arbitrary data on a WEP network after having eavesdropped a single data packet. Furthermore, we present techniques for real-time decryption of data packets, which may be used under common circumstances. |
0 comments | 149 | 01/02/10 23:20:24 |
Cracking WEP | |
|
Creating HIPAA-compliant Medical Data Applications with Amazon Web Services
This paper briefly outlines how companies can use Amazon Web Services to power HIPAAcompliant information processing systems. We will focus on the HIPAA sections The Privacy Rule and The Security Rule, and how to encrypt and protect your data in the AWS cloud. |
0 comments | 102 | 12/31/09 15:53:16 |
HIPAA | |
|
CMS Policy for Wireless Client Access
This document establishes a policy for the administration (i.e., access, configuration, management, and monitoring) of Wireless client devices using IEEE 802.11a/b/g/n protocols to access the Centers for Medicare & Medicaid Services (CMS). Other types of wireless access are not addressed in this policy. |
0 comments | 81 | 12/31/09 14:47:23 |
Wireless Security Policies | |
|
IBM Smart Business Technical Whitepaper
IBM Smart Business is about the ease of acquiring and managing business solutions developed by IBM and Business Partners such as ERP, CRM, finance and accounting, mobility, security, e-commerce, and telephony—rather than acquiring IT fixes. So with as little as a few clicks, you can have access to capabilities such as e-mail, as well as many other applications. Solutions are built on a set of open standard interfaces called IBM Smart Business Application Integrator, which makes the installation of new applications, systems management and online services easy to use, consistent, and compatible for businesses. |
0 comments | 60 | 12/31/09 13:46:48 |
IBM | |
|
Improving Systems Management and Availability with x86 Virtualization
The hardware platform on which virtualization is deployed can play a significant role in determining the extent to which users achieve the possible benefits while overcoming potential obstacles. This paper reviews some of the ways that deploying virtualization on leading-edge x86 servers such as IBM’s System x™ and BladeCenter™ platforms, as well as using IBM’s management software, can maximize the manageability and availability benefits of adopting virtualization. |
0 comments | 49 | 12/31/09 13:42:43 |
IBM | |
|
CompTIA A+ Practical Application (2009 Edition) Objectives
The CompTIA A+ Practical Application exam measures the necessary competencies for an entry-level IT professional who has hands-on experience in the lab or the field. Successful candidates will have the skills required to install, configure, upgrade, and maintain PC workstations, the Windows OS and SOHO networks. The successful candidate will utilize troubleshooting techniques and tools to effectively and efficiently resolve PC, OS, and network connectivity issues and implement security practices. |
0 comments | 50 | 12/30/09 22:49:37 |
CompTIA | |
|
CompTIA A+ 2007 Essentials 220-601 Practice Test 1
The actual exam uses weighted questions and a formula to achieve a score between 100 and 900. At the time of this writing, a passing score was 675. To achieve a passing score on this practice test you need to correctly answer at least 70 questions. If you do not correctly answer 70 questions, you need to study more. If you correctly answer 70 questions you are probably ready to take the Essentials exam. CompTIA sets a time limit of 90 minutes for the exam. You should not need the full time allocated for the exam. Remember, the key to success is to be familiar with all test domain objectives, not just most of them. |
0 comments | 45 | 12/30/09 22:24:32 |
CompTIA | |
CompTIA A+ Certification - Installing Power Supply Video - 2009 Edition
This CompTIA A+ certification training video demonstrates how to install a computer power supply. K Alliance offers other CompTIA courses such as Network+ and Security+. |
0 comments | 64 | 12/29/09 23:49:46 |
CompTIA | |
|
Things to practice for CompTIA A+ Practical Application exam 220-702
The CompTIA exam 220-702 is meant for entry-level computer technicians. In order to achieve CompTIA A+ certification, a candidate must register for and pass the CompTIA A+ Essentials (220-701) and CompTIA A+ Practical Application (220-702) exams. However, those who have already achieved A+ certification on 2006 version can upgrade by taking only the A+ Bridge exam (BR0-003). CompTIA A+ Practical Application (220-702) is an extension of the knowledge and skills identified in 220-701, with more of a "hands-on" orientation focused on scenarios in which troubleshooting and tools must be applied to resolve problems. |
0 comments | 41 | 12/29/09 21:23:35 |
CompTIA | |
|
A Stick Figure Guide to Advanced Encryption Standard
This is hilarious and accurate! A play in 4 acts. Please feel free to exit along with the stage character that best represents you. Take intermissions as you see fit. Click on the stage if you have a hard time seeing it. If you get bored, you can jump to the code. Most importantly, enjoy the show! |
0 comments | 72 | 12/17/09 09:20:58 |
Advanced Encryption Standard | |
|
Review of Web Applications Security and Intrusion Detection In Air Traffic Control Systems
This report presents the results of our audit of Web applications security and intrusion detection in air traffic control (ATC) systems. This audit was requested by the Ranking Minority members of the House Committee on Transportation and Infrastructure and its Aviation Subcommittee. |
0 comments | 67 | 12/15/09 22:53:46 |
Intrusion Detection | |
|
Eddie Izzard's Encore on Computers
Hilarious! From his "Glorius" tour, Eddie discusses his love hate relationship with computers and how they will eventually end the world. |
0 comments | 93 | 12/15/09 18:12:53 |
Video | |
|
Computer Forensics Case Assessment and Triage
At present, in 2009, it is commonplace for digital forensic units to have a backlog, several as long as twelve months. Many units have increased in size but have still continued to have a backlog and it is suggested that bringing more staff into a unit will not on its own reduce the backlog of work. This paper discusses how cases submitted to units can be assessed and prioritised, and how software triage can be used to target resources more efficiently. |
0 comments | 105 | 11/28/09 09:35:20 |
Forensics | |
|
How to Use the Debug Diagnostic Tool v1.1
When users experience application stability and performance problems such as crashes, hangs, and unexplained high memory usage, the best first step toward a remedy requires looking at the active process at the time the problem occurs. However, server applications like IIS, Exchange, SQL Server, COM+, and Biztalk often provide no user interface information when they fail and subsequently restart, and this complicates this type of troubleshooting. |
0 comments | 105 | 11/25/09 14:40:02 |
IIS | |
|
How bad are the bad guys? The changing nature of Web security threats
This paper considers some of the Web-related issues that might arise for individuals, and emerging or longer term threats that you may want to keep in mind when modernising or extending your security infrastructure. At the same time, security protections are evolving to meet such needs. Here we also consider what solutions are available and how to start deploying such new levels of protection. |
0 comments | 96 | 11/25/09 12:18:44 |
Web Security | |
|
A Guide to Encrypted Storage Incident Handling
Incident handling and response has become more complicated with the increased use of encrypted storage technology due, in part, to privacy legislation and regulatory compliance mandates. There are many works that have been created previously that discuss Incident Handling but very few relate to the current need to handle encrypted storage. Fortunately, there are tools and processes that aid the Incident Handler in performing their duties. In this paper, I give an overview of the Incident Handling process as it relates specifically to Encrypted Storage. |
0 comments | 421 | 09/21/09 16:56:51 |
Incident Handling | |
|
Techniques and Tools for Recovering and Analyzing Data from Volatile Memory
This paper will cover the theory behind volatile memory analysis, including why it is important, what kinds of data can be recovered, and the potential pitfalls of this type of analysis, as well as techniques for recovering and analyzing volatile data and currently available toolkits that have been developed for this purpose. |
0 comments | 341 | 09/21/09 16:54:00 |
Forensics | |
|
Building an Automated Behavioral Analysis Environment
This paper describes how an automated behavioral malware analysis environment for analyzing malware targeted at Microsoft Windows can be built using free and open source software. The environment described here is an evolving work-in-progress, but what is in place to date is the culmination of lessons learned over the last two years of development by the author. This work was done as part of the author's employment with the AT&T Chief Security Office. While the author uses the royal “we” in places throughout the paper, the work is that of the author except where noted. |
0 comments | 309 | 09/15/09 18:31:15 |
Auditing Tools | |
|
Mac OS X Malware Analysis
As Apple's market share raises so will the Malware! Will incident responders be ready to address this rising threat? Leveraging the knowledge and experience from the mature windows based malware analysis environment, a roadmap will be built that will equip those already familiar with malware analysis to make the transition to the Mac OS X platform. Topics covered will include analysis of filesystem events, network traffic capture & analysis, live response tools, and examination of OS X constructs such as executable file structure and supporting configuration files. |
0 comments | 296 | 09/15/09 18:22:59 |
Forensics | |
|
Security Incident Handling in High Availability Environments
This paper will describe an incident handling process for high-availability systems, compare it to a popular security incident handling model, and propose to the telephony industry ways of sufficiently addressing confidentiality and integrity considerations, all while respecting their business need of maintaining high levels of service availability. |
0 comments | 159 | 09/15/09 18:18:07 |
Incident Handling | |
|
Incident Handlers Guide to SQL Injection Worms
In 2008 a damaging SQL Injection attack took place which became known as the ASPROX Worm. During its height, many hundreds of thousands of web sites were compromised, News sources were reporting grossly exaggerated accounts of the attack, and real solid information to identify and combat this worm was scarce. Having witnessed a number of security professionals overreact or apply panicked solutions to this attack motivated this paper. |
0 comments | 110 | 09/15/09 08:57:49 |
SQL Injection | |
|
Sarbanes-Oxley 404 and Visual Studio Team System 2008
Microsoft Visual Studio Team System 2008 can be used to assist a business in collecting information that concerns its software-development practices, which may be of use towards compliance with a regulatory framework, such as Sarbanes-Oxley section 404 ("Sarbanes-Oxley 404") internal-control verification and testing. |
0 comments | 105 | 09/10/09 08:57:32 |
Sarbanes Oxley | |
|
Hitech Act and Hipaa
The new privacy and security provisions fall under Title XIII, Health Information Technology, which includes the Health Information Technology for Economic and Clinical Health Act (HITECH Act). Under the HITECH Act, the Office for Civil Rights (OCR), which enforces the HIPAA privacy rule for the U.S. Department of Health and Human Services (HHS), will now be funded to ensure industry compliance. The act requires HHS to conduct compliance audits, which previously was not a requirement but merely an allowable method of enforcement, says Chris Apgar, CISSP, president of Apgar & Associates, LLC, in Portland, OR. |
0 comments | 102 | 09/10/09 08:51:59 |
HIPAA | |
|
4G Ahead! A New World of Enterprise Mobile Broadband
This video white paper defines 4G, examines the two leading 4G technologies, and discusses their various features, benefits and the progress of each technology to date. It concludes with a recommendation for companies considering future 4G deployments, and iPass' position. |
0 comments | 146 | 09/08/09 09:10:28 |
Enterprise Security | |
|
Guide to Using Network IPS to Protect Against Next-Generation Cyber Threats
Network security threats are on the rise as cyber criminals continue to develop innovative ways to use compromised computers for their own personal gain, creating havoc and jeopardizing security and privacy in the process. Organizations should understand the likely evolution of the threat landscape and develop an appropriate security strategy to address these evolving threats. This paper discusses how Network Intrusion Prevention Systems (IPS) play a critical role in a layered approach to security to protecting against current and future cyber threats. |
0 comments | 119 | 09/08/09 08:45:17 |
Intrusion Detection | |
|
Electronic Crime Scene Investigation: A Guide for Law Enforcement
This guide is intended to assist State and local law enforcement and other first responders who may be responsible for preserving an electronic crime scene and for recognizing, collecting, and safeguarding digital evidence. It is not all inclusive but addresses situations encountered with electronic crime scenes and digital evidence. |
0 comments | 89 | 09/05/09 11:34:30 |
Forensics | |
|
Forensics is only for Private Investigators Part 6 of 6
Each state has been trying to pass laws to prevent computer forensic people from doing their jobs without having a Private Investigator License. Some states have already made it a felony like Michigan. This is not about Private Investigators enhancing their skills, because this does not change any requirements for a PI to do computer forensics. It only changes YOUR job as a computer forensic specialist by making you work for a PI for two or three years. Your requirements and cost are the only changes. |
0 comments | 211 | 09/05/09 09:42:36 |
Forensics | |
|
Forensics is only for Private Investigators Part 5 of 6
Each state has been trying to pass laws to prevent computer forensic people from doing their jobs without having a Private Investigator License. Some states have already made it a felony like Michigan. This is not about Private Investigators enhancing their skills, because this does not change any requirements for a PI to do computer forensics. It only changes YOUR job as a computer forensic specialist by making you work for a PI for two or three years. Your requirements and cost are the only changes. |
0 comments | 158 | 09/05/09 09:31:39 |
Forensics |