AttackPrevention: New Links: Whitepapers and Tools

Whitepaper	Comments	Views	Rating	Created	Category
Top 5 Tips for Email and Web Security Learn the top 5 tips to protect your business from email and web threats. The Internet and Email brings many advantages, however the ever increasing number of Internet based security threats such as viruses, spyware and spam pose significant danger to your organization. Failure to protect your business can result in costly downtime, lost productivity, financial losses and worse. Learn the top 5 tips to protecting your business.	0 comments	136		06/06/09 23:36:02	Web Security
NERC CyberSecurity Solutions for CIP 002 - CIP 009 NERC deadline approaching � Are you prepared for the new 2009 cybersecurity regulations? Find out how to prepare for the new NERC cybersecurity regulations. All bulk power system owners, operators, and users are responsible for compliance with regulations, measures and standards developed by North American Electric Reliability Corporation (NERC) starting July 2009, including preparations for auditable compliant requirements in 2010.	0 comments	71		06/06/09 23:30:58	Corporate Compliance
Oracle Database Vault Aprenda c�mo Oracle Database Vault trata requisitos reguladores comunes de la conformidad y reduce el riesgo de las amenazas del iniciado. Oracle Database Vault es la soluci�n principal de la seguridad de la base de datos de la industria para tratar conformidad y preocupaciones reguladoras por la amenaza del iniciado. Las ayudas Oracle Database Vault tratan los requisitos del control de acceso asociados a regulaciones tales como PCI y Sarbanes-Oxley. Oracle Database Vault est� disponible para el lanzamiento 2 de la base de datos 9i de Oracle, el lanzamiento 2 de la base de datos 10g de Oracle y el lanzamiento 1 de la base de datos 11g de Oracle. Oracle Database Vault se ha validado con los usos de Oracle PeopleSoft.	0 comments	66		06/06/09 23:25:54	Oracle
Security: The Wireless Revolution is Here Learn to address security risks in wireless handheld computing systems with a solution that provides end-to-end security. Maintaining security while providing mobile workers with access to the information they need when and where they need it is complex. Protecting enterprise IT infrastructure requires a deep understanding of the risks associated with mobile applications, handhelds and wireless networks. This paper outlines how the Good wireless handheld computing system provides end-to-end security and how the Good System places security completely in the hands of IT managers and does not require users to set security parameters or make any security decisions.	0 comments	798		12/30/08 09:57:12	WIFI Security
Hak5 WiFi Pineapples In this season premiere episode of Hak5 Mubix joins us to talk about what's new in Maltego, an open source forensics and intelligence gathering tool. Shannon rocks out with Audio surf, and Darren heads downtown to the coffee shop to own a wireless network with a pineapple. Grab some hax0rflakes 'cause the bricks are gone and we're back!	0 comments	673	5/5 with 1 votes	12/30/08 09:46:04	WIFI Security
WEP Cloaking for Legacy Encryption Protection Wired Equivalent Privacy (WEP) is the encryption protocol defined in the original IEEE 802.11 standard for Wireless Local Area Networks (WLANs). Several known vulnerabilities and attack tools have compromised WEP, making it unsuitable for secure WLAN implementations without additional layers of security. Motorola�s WEP Cloaking solution is designed to make WEP virtually invulnerable to known attacks and tools, making existing WEP deployments much stronger than they otherwise would be.	0 comments	447		12/30/08 09:15:47	Cracking WEP
Browser Rider �Browser Rider� is a hacking framework to build payloads that exploit the browser. The project aims to provide a powerful, simple and flexible interface to any client side exploit. Browser Rider is not a new concept. Similar tools such as BeEF or Backframe exploited the same concept. However most of the other existing tools out there are unmainted, not updated and not documented. Browser Rider wants to fill those gaps by providing a better alternative.	0 comments	347		12/14/08 12:29:40	Security Tools
Maximizing Site Visitor Trust Using Extended Validation SSL Trust in site security is declining and consumers are scaling back their online transactions � or opting out entirely. Now, you can definitively demonstrate your identity to customers, and customers will be able to confirm this identity before trusting sites � all thanks to Extended Validation (EV) SSL Certificates.	0 comments	116		12/14/08 12:15:03	Web Security
War Driving This video was created by Kevin Rose at The Broken for the purpose of demonstrating how one can scan for wireless networks.	0 comments	212		11/11/08 11:38:23	Video
Microsoft releases emergency patch for 0day exploits MS has released an out-of-band security update for a critical vulnerability affecting all Windows systems. Installation is strongly encouraged.	0 comments	188		11/11/08 11:25:38	Microsoft
Microsoft Patch Tuesday for November 2008: two bulletins Microsoft will patch two vulnerabilities on Tuesday. One of the vulnerabilities are marked "Critical," and the other is "Important." Details on both are inside.	0 comments	138		11/11/08 11:22:26	Microsoft
Battered, but not broken: understanding the WPA crack WiFi security takes a hit with the disclosure of an effective exploit for small packets encrypted with the TKIP flavor of WiFi Protected Access. The technique is fiendishly clever; the security solution, simple: switch to AES-only in WPA2.	0 comments	203		11/11/08 11:19:54	WIFI Security
FTP Demystified In episode 129, Andy and Sean explain file transfer protocol and how you can use it.	0 comments	224		10/11/08 20:46:41	Video
Wireless Security In-Depth If we had told you eight years ago, when 802.11b was really taking off, that one day in the future you would be able to pick up at least ten different wireless networks on any given block of a major metropolitan city, you might have believed us. But if we had also told you that many of these would be either unsecured, or secured using methods that were widely known to be flawed and easily crackable (i.e. WEP and MAC address filtering	0 comments	264		10/07/08 12:45:44	WIFI Security
Operationalizing Security & Policy Compliance: A Unified Approach for IT, Audit and Operation Teams Learn the five major information security areas where progress has been made in Security and Policy Compliance, and the ongoing need for continuous improvement. This paper provides a detailed discussion of the internal and external regulatory challenges now faced by organizations, the scope of these challenges, and the ways in which they can be addressed through better business processes and automation.	0 comments	409		08/12/08 11:54:09	Policies and Procedures
Engaging with the new eLearning 12 strategies for engaging and retaining learners through compelling online experiences. eLearning enables us to deliver both learning and information at will�dynamically and immediately; to tap the knowledge of experts and nonexperts and catapult those messages beyond classroom walls and into the workplace; and to know, through the magic of technology, who is learning, referring, and contributing�and who is not. eLearning helps organizations increase knowledge and improve skills by connecting people, ideas, and information in online courses with engaging interactive content. eLearning can include formal online courses and simulations as well as informal and workflow learning using web conferencing, mobile performance support tools, digital learning games, publications, and podcasts.	0 comments	231		08/12/08 11:38:14	Certifications
Full Data Encryption2 Full Disk without the Risk. Outdated encryption methods require unwelcome compromises to IT operations and can't provide the level of data security companies now need. New Full Data Encryption2 Protects What Matters: Your Data.	0 comments	310		08/12/08 11:21:36	Cryptology
Optimizing HP Servers with Microsoft SQL Server 2008 When implementing a hardware consolidation project, one major step involves consolidating corporate data, which is mostly managed by multiple database engines. This activity requires high-performance servers with multiple CPUs and addressable memory capacity. The objective of this white paper is to show how Microsoft SQL Server 2008, specifically on 64-bit platforms, together with the resources and technologies available on HP servers offer unique solutions for consolidating corporate data.	0 comments	247		08/10/08 09:06:06	Servers
Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks Multiple Cisco products are vulnerable to DNS cache poisoning attacks due to their use of insufficiently randomized DNS transaction IDs and UDP source ports in the DNS queries that they produce, which may allow an attacker to more easily forge DNS answers that can poison DNS caches. To exploit this vulnerability an attacker must be able to cause a vulnerable DNS server to perform recursive DNS queries. Therefore, DNS servers that are only authoritative, or servers where recursion is not allowed, are not affected.	0 comments	216		08/10/08 09:01:49	Exploits
Rethinking Remote Access: Pervasive Enterprise Mobility Remote access solutions, much like wireless connections, which were once a connection of convenience that were nice to when they worked, but the experience wasn�t consistent. Increasingly they are becoming the primary connection for workers into the corporate environment either working from home or traveling on business. The connectivity requirement is for pervasive connections. The user expects an assured, available connection to corporate resources from anywhere on the planet. This is a new vision of connectivity and mobility with full identity based access to both data and voice. This connectivity allows users to remain connected and productive no matter where they are in the world with the assurance that their communications are protected.	0 comments	179		08/10/08 08:55:42	Enterprise Security
Sophos Security Threat Report: Mid-Year Update Read this report and learn how leading-edge technology can provide the proactive protection and rapid response businesses need to safeguard their security and productivity. Hackers attack businesses, blogs and Web 2.0 sites... The latest Security Threat Report from Sophos gives you a comprehensive insight into the very latest methods being used by cyber criminals to try to out-fox traditional security systems. Download a copy and benefit from the expert analysis and opinion that will help you stay ahead of today's increasingly covert threats.	0 comments	192		08/05/08 08:43:33	Exploits
SDT Cleaner SDT Cleaner is a tool that intends to clean the SSDT (system service descriptor table) from hooks. The SDT Cleaner allows you to clean hooks installed by Anti-Virus and Firewalls. This little tool (in this first release) tries to collect info from your current kernel and then switches to kernel land and if there are any hooks in SSDT, this tool will replace them with the original entries.	0 comments	244		08/05/08 08:35:36	Security Tools
The Hidden Root Problem In this paper we study a novel computational problem called the Hidden Root Problem, which appears naturally when considering fault attacks on pairing based cryptosystems. Furthermore, a variant of this problem is one of the main obstacles for efficient pairing inversion. We present an algorithm to solve this problem over extension fields and investigate for which parameters the algorithm becomes practical.	0 comments	251		08/05/08 08:08:24	Cryptology
Vulnerability Management for Dummies Get all the Facts and See How to Implement a Successful Vulnerability Management Program. As a business owner, or someone responsible for network security within your organization, you need to understand how to prevent attacks and eliminate network weaknesses that leave your business exposed and at risk. Vulnerability Management for Dummies arms you with the facts and shows you how to implement a successful Vulnerability Management program. Whether your network consists of just a handful of computers or thousands of servers distributed around the world, this 5-part book will help.	0 comments	308		07/31/08 10:12:20	Vulnerability Management
SOVoIP: True Convergence of Data and Voice Network Voice Over Internet Protocol (VoIP) is the reality of future telephony provided over the Internet. In the process it is claimed that, voice and data networks are converging into one network. However, such claim only introduced new protocols for telephony on the Internet which are not truly interoperable with existing protocols. Thus we propose a service oriented VoIP architecture, Service Oriented VoIP (SOVoIP), which not only ensures inclusive convergence of Internet and telephony but also ensures Quality of Service (QoS), Enhanced 911 (E911), Communication Assistance for Law Enforcement Act (CALEA), NAT and firewall traversal issue.	0 comments	206		07/31/08 10:08:24	Architecture
Bill Hornish: Splunk for FISMA Bill Hornish, Splunk's Federal Business Development Manager, delves into the Federal Information Security Management Act (FISMA). Bill discusses what FISMA is and why Splunk is a great FISMA solution.	0 comments	243		07/31/08 09:33:25	Video
Informal Learning: Extending the Impact of Enterprise Ideas and Information Forward-thinking organizations are turning to enterprise learning in their quest to be better informed, better skilled, better supported at the point of need, and more competitive in their respective marketplaces. It is clear that as enterprise learning becomes a central part of strategic business alignment, the anytime, anywhere promises of eLearning are more likely to be met by extending the metaphor of the classroom and taking better advantage of today's informal learning tools, resources, and techniques.	0 comments	141		07/27/08 19:44:58	Enterprise Security
ITIL V3 Improves Information Security Management The major difference with V3 is that it moves from a major operational view of IT service management to a more business lifecycle view of IT service management. This paper will begin with an historical overview of ITIL and then move into a high level overview of Version 3, with particular focus on the Information Security Management process. This paper will address how this process has matured and how organizations can better ensure the confidentiality, integrity, and availability of their IT services by implementing the ITIL framework.	0 comments	276		07/27/08 19:39:33	Security Management
IDABench IDABench is a framework of Perl scripts that allows the analyst to query packet captures with a number of open source analysis tools. It's a complementary tool to IDS/IPS to quickly allow queries into captured packets to investigate alerts, incidents or research. IDABench is NOT intended to be an intrusion detection system, although it can be used as such. One of the primary design goals was to provide intrusion analysts easy access to the tools & utilities that they already are familiar with through a convenient web interface. CGI scripts are extended via simple plugins that pass packet data to (and output from) libpcap-based tools such as tcpdump, tethereal, ngrep, etc.	0 comments	220		07/27/08 19:31:37	Security Tools
Web Application Security: Don't Bolt It On; Build It In The only way to succeed against Web application attacks is to build secure and sustainable applications from the start. Yet, many businesses find they have more Web applications and vulnerabilities than security professionals to test and remedy them � especially when application vulnerability testing doesn't occur until after an application has been sent to production. This leads to applications being very susceptible to attack and increases the unacceptable risk of applications failing regulatory audits. In fact, many forget that compliance mandates like Sarbanes-Oxley, the Health Insurance Portability and Accountability Act, Gramm-Leach-Bliley, and European Union privacy regulations, all require demonstrable, verifiable security, especially where most of today's risk exists � at the Web application level.	0 comments	303		06/26/08 08:09:02	Web Security