Access "Unwelcome Callers"
This article is part of the June 2005 issue of With SSL VPNs on the offense, will IPSec VPNs eventually be benched?
BITS & BOLTS Insecure RPCs can leave you wide open. Take steps to protect your network. Remote Procedure Calls (RPCs) are at the heart of client/server computing, from Windows to *nix, allowing networked devices to seamlessly call services and components from one another. They're also the source of numerous vulnerabilities and exploits. RPC is ubiquitous, and that's the dilemma: You can't simply turn it off. That said, you're not without security options. RPC isn't inherently insecure: Developers can write secure code using RPC, and there are alternatives. You can defend your networks against known RPC exploits. Why RPC? Since almost every system runs RPC services, it's an obvious target. RPC reduces the complexity of network programming by handling communication over UDP. The programmer writes client/server code with identical parameters and leaves the networking to the protocol, allowing the protocol to span multiple OSes and networks. Most RPC vulnerabilities are simply the result of sloppy coding. Poor error-checking leaves an app open to buffer-overflow... Access >>>
Premium Content for Free.
Nothing But 'Net: SSL VPNs provide cheap secure remote access
by Michael S. Mimoso, Editorial Director
SSL VPNs provide The Sports Authority, and a growing number of enterprises, with cheaper secure remote connectivity. Will they eventually slam dunk IPSec?
CrossTec's NetOp Desktop Firewall 3.0 Product Review
In this product review of small and medium sized business (SMB) Cross Tec NetOp Desktop Firewall 3.0 product, get information on the products logging, reporting and policy capabilities.
Unsecured RPCs can leave you open to attack. Take steps to secure your networks.
Hot Pick: Sana Security's Primary Response 3.0
Sana Security's Primary Response 3.0
Secure Reads: The Black Book on Corporate Security
Read a review of The Black Book on Corporate Security.
- Nothing But 'Net: SSL VPNs provide cheap secure remote access by Michael S. Mimoso, Editorial Director
Microsoft's regular patch release cycle is a combination of information, process and automated tools that makes updates go more smoothly.
Exploit frameworks are the machine guns of automated attacks. Don't get caught on the wrong end of the barrel.
TriGeo Network Security's TriGeo Security Information Manager 3.0
A review of the security information management product: TriGeo Network Security's TriGeo Security Information Manager 3.0.
E-mail Security: Symantec Mail Security 8200 series
Symantec's Symantec Mail Security 8200 series
Recent Releases: Security product briefs, June 2005
Learn about security products released in June 2005.
- Patch Tuesday
More Premium Content Accessible For Free
As more security professionals take on greater roles in global risk management, Global 2000 companies are investing in cybersecurity measures above ...
All indications show that DDoS attacks are increasing in variety, number and size. No network system is immune and information security pros can't ...
The Fast Identity Online (FIDO) standards reached the public draft stage in February, and the first deployments of FIDO-ready technologies followed ...