Access "Unwelcome Callers"
This article is part of the June 2005 issue of With SSL VPNs on the offense, will IPSec VPNs eventually be benched?
BITS & BOLTS Insecure RPCs can leave you wide open. Take steps to protect your network. Remote Procedure Calls (RPCs) are at the heart of client/server computing, from Windows to *nix, allowing networked devices to seamlessly call services and components from one another. They're also the source of numerous vulnerabilities and exploits. RPC is ubiquitous, and that's the dilemma: You can't simply turn it off. That said, you're not without security options. RPC isn't inherently insecure: Developers can write secure code using RPC, and there are alternatives. You can defend your networks against known RPC exploits. Why RPC? Since almost every system runs RPC services, it's an obvious target. RPC reduces the complexity of network programming by handling communication over UDP. The programmer writes client/server code with identical parameters and leaves the networking to the protocol, allowing the protocol to span multiple OSes and networks. Most RPC vulnerabilities are simply the result of sloppy coding. Poor error-checking leaves an app open to buffer-overflow... Access >>>
Premium Content for Free.
Nothing But 'Net: SSL VPNs provide cheap secure remote access
by Michael S. Mimoso, Editorial Director
SSL VPNs provide The Sports Authority, and a growing number of enterprises, with cheaper secure remote connectivity. Will they eventually slam dunk IPSec?
CrossTec's NetOp Desktop Firewall 3.0 Product Review
In this product review of small and medium sized business (SMB) Cross Tec NetOp Desktop Firewall 3.0 product, get information on the products logging, reporting and policy capabilities.
Unsecured RPCs can leave you open to attack. Take steps to secure your networks.
Hot Pick: Sana Security's Primary Response 3.0
Sana Security's Primary Response 3.0
Secure Reads: The Black Book on Corporate Security
Read a review of The Black Book on Corporate Security.
- Nothing But 'Net: SSL VPNs provide cheap secure remote access by Michael S. Mimoso, Editorial Director
Microsoft's regular patch release cycle is a combination of information, process and automated tools that makes updates go more smoothly.
Exploit frameworks are the machine guns of automated attacks. Don't get caught on the wrong end of the barrel.
TriGeo Network Security's TriGeo Security Information Manager 3.0
A review of the security information management product: TriGeo Network Security's TriGeo Security Information Manager 3.0.
E-mail Security: Symantec Mail Security 8200 series
Symantec's Symantec Mail Security 8200 series
Recent Releases: Security product briefs, June 2005
Learn about security products released in June 2005.
- Patch Tuesday
More Premium Content Accessible For Free
Cloud and mobility in the enterprise has caused a heightened need for organizations to take a closer look at next generation authentication ...
Virtualization and cloud computing are part and parcel of enterprise networks today. Virtualization security, however, is still a bolt-on affair ...
Mobile device security is one of the biggest nightmares InfoSec pros face in the era of bring your own everything (BYOE). Simply banning employees ...