Security Management Strategies for the CIOAccess "Perspectives: SSL No Security Blanket"
This article is part of the February 2008 issue of Does security make the grade in Windows Server 2008?
Encryption cannot patch the holes created by insecure software. Security practitioners love SSL, and with good reason. It is well designed with support for multiple encryption protocols, and is easily reconfigured in case any should get cracked or outdated. It is an incredibly useful tool, protecting transactions as they cross otherwise insecure channels such as the Internet. It's also great for certificate-based bilateral authentication, provided of course you actually have the cash and personnel resources to maintain it. If anything, SSL is too well implemented, and people think it covers all their needs, like a giant security blanket. They forget there is much more to security than just using SSL. Gene Spafford famously once said, "Using encryption on the Internet is the equivalent of arranging an armored car to deliver credit card information from someone living in a cardboard box to someone living on a park bench." He's still right today. Although operating systems are more secure than they were 10 years ago, and we are much better at patching them, ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Data Loss Prevention Tools Offer Insight into Where Data Lives
DLP tools help mitigate incidents and aid with data discovery.
- Viewpoint: FIPS concepts applicable beyond governments
-
KoolSpan's TrustChip secures cell phones, other mobile apps
KoolSpan has incorporated its authentication/encryption technology into a Secure Digital (SD) card, which can be plugged into any compatible cell phone.
-
Product review: Titus Labs' Message Classification
DOCUMENT CLASSIFICATION
-
Survey: Security Pros Identify Priorities for 2008
Security professionals prioritize mobility and security, identity and access management, protecting data and intellectual property and vulnerability management.
-
Data Loss Prevention Tools Offer Insight into Where Data Lives
-
-
Examine Security Features and Tools of Microsoft Windows Server 2008
Unwrap Windows Server 2008, the first server revision under Trustworthy Computing. Microsoft promises it is secure by design, default and deployment.
-
Product review: BreakingPoint Systems' BPS-1000
NETWORK DEVICE TESTING
-
Product review: Application Security Inc.'s DbProtect
DATABASE SECURITY & COMPLIANCE
-
Webroot Antispyware Corporate Edition product review
Protect against antispyware and antivirus with Webroot Antispyware Corporate Edition. In this product review get info on installation, cost, management and policy control.
-
Security Services: Postini Message Discovery, Archive editions
At Your Service
-
Examine Security Features and Tools of Microsoft Windows Server 2008
-
Columns
-
March of the Trojans: The rising Trojan threat
by Dennis Fisher
Trojans such as Storm, the Nugache worm and a host of other botnets have compromised millions of PCs, most without the knowledge of the machine's owners.
-
Governance: Security is tiny portion of IT budgets
by Robert Westervelt, News Director
A Burton Group survey says security budgets typically make up 2% of IT budgets.
-
Interview with Troon Golf's Cary Westmark
PING: Cary Westmark
-
Layer8: Applying numbers to risk management
Quality Counts, Not Quantity
-
Key Security Initiatives Abound
Editor's Desk: Everything Goes
-
Perspectives: SSL No Security Blanket
Encryption cannot patch the holes created by insecure software.
-
March of the Trojans: The rising Trojan threat
by Dennis Fisher
More Premium Content Accessible For Free
Next-generation firewalls play by new rules
E-Zine
Firewalls started their journey to the next generation at about the same time as the Star Trek TV series. While the products have advanced with ...
Developing your endpoint security management transition plan
E-Handbook
This TechGuide will help you develop your endpoint security management transition plan. Articles focus on overcoming the challenges of Web-based ...
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...