Latest Knowledgebase News

Five security truths to protect your critical systems
posted on 21/12/2007

Anyone who tells you that your IT network is “100% secure” is either a fool, or greatly mistaken. Security is a moving target, and unfortunately, this target is being manipulated by the bad guys. With 2007 almost behind us, I reflect on the struggle enterprises and governments face in cyber security. This is not a holiday wish list, or resolutions for 2008, but read through these 5 notions and I can guarantee: you will wonder if you are doing all you can to protect your critical systems. 1. Forget the rearview mirror: The bad guys are ahead of you 2. Leave the lights on – always 3. Don’t forget the boiling oil! 4. Your mom was right: change your underwear, often 5. Don’t let vendors put you in their box Forget the rearview mirror: The bad guys are ahead of you You may not know the intent of those attacking your systems; however what you should know is that they probably know more than you. The security industry does not innovate; we simply chase behind the true innovato... [more]

Who is responsible for preventing careless data breaches?
posted on 13/12/2007

Security breaches resulting from lost or stolen laptops can result in serious penalties, including heavy fines or permanent bans from obtaining and holding customer details in the future. This demonstrates the severity of such laxity in the eyes of regulatory bodies. Ineffective security policy enforcement can have a detrimental impact not only on the organisation but also on public confidence in personal data protection and the individuals’ rights to privacy. Stories of ‘yet another IT security lapse by company X’ are hitting the headlines far too often, each time raising the alarm about how little is being done to protect commercially sensitive data on mobile devices and the hidden costs associated with this negligence. Some recent victims of laptop security breaches include organisations in the retail, banking, public sector and local government markets. One local council had an employee laptop, containing the personal details of staff and former personnel, stolen during a street... [more]

Cracking lost or forgotten passwords
posted on 06/12/2007

Everyone locks documents with passwords. Everyone forgets or loses passwords. Every password can be cracked. The question is only how long would it take. This could be a problem to anyone, and you don’t feel fine when you see the window saying that access is denied due to wrong password. Both end-users and people in big businesses have from time to time to lock significant documents with passwords. And both could from time to time forget them. According to surveys , 47% of help desk calls are related to lost or forgotten passwords, and every such call costs from $30 to $50. Now think about the time that is wasted to solve such a problem, and never forget that time is money too. The problem of lost or forgotten passwords has been addressed by software developers, and several methods of password cracking were devised. One of such methods is brute force attack. The idea of brute force attack is that a program tries all possible symbol combinations in order to find the correct password. ... [more]

Storage Security and Key Management in Large Enterprises
posted on 10/09/2007

Stored data is finding its way outside the corporate perimeter and into the hands of malicious individuals. It is hard to pick up a newspaper these days without reading about another high profile data security breach, whether it is the loss of a laptop or a tape. The implication is clear - data is now mobile. No longer can IT assume that important data is only stored within the confines of the glass house. It is shared with business partners, replicated to multiple data centers, and copied onto different media types that may ultimately be transferred to a 3rd party. Taneja Group recently undertook a primary research study to understand the state and direction of storage security deployments in large enterprises. The following are the key findings that emerged from this research: - Compliance & Data Privacy Concerns Are Key Drivers for Storage Security - Not surprisingly regulatory compliance (65% of respondents) and data privacy concerns and liabilities (57% of respondents) ... [more]

Benefits and weaknesses of different types of authentication
posted on 06/07/2007

The impact of the Internet over the last few years has meant fundamental changes in the way we access business systems. The network security perimeter has crumbled at all levels while the number of users wanting network access has grown. The geographical location of users has also widened to a situation where they can be, not just in a different department or company branch office, but anywhere in the world. While there are enormous productivity benefits available from increased access, the security risks have greatly increased. The traditional method of securing system access was by authentication through the use of passwords. Unfortunately, traditional password authentication is totally unsuitable for securing the access requirements of today's distributed users. According to the DTI Information Security Breaches Survey 2006, UK businesses are still overwhelmingly dependent on user IDs and passwords to check the identity of users attempting to access their systems. UK companies ar... [more]

Other Security news and resources