SearchSecurity.com
More from SearchSecurity.com -- January 2007
 |
|
|
|
|
|
Information Security magazine's January issue takes a deep dive into the security issues you need to be proficient with today--like endpoint security and strong authentication-- and what you'll need to keep an eye on for tomorrow--RFID and securing virtual machines.
|
||||
|
|
|||
|
||||
Wide world of endpoint security
Network perimeters have dissolved as your employees, contractors and partners access data from virtually anywhere. All of those endpoints introduce risk to your network. Expert David Strom hosts a webcast Jan. 17 at noon ET, that will explain what makes up a successful endpoint security strategy and how evolving vendor partnerships are affecting NAC product sets.
>> Register for this webcast.
FFIEC Crash Course
Financial institutions that offer online banking are required by the Federal Financial Institutions Examination Council (FFIEC) to implement strong authentication to secure transactions. Now that the first FFIEC deadline has passed, keep this crash course on FFIEC and strong authentication handy as a resource guide.
>> Review Two-factor authentication and the FFIEC: A crash course
RFID primer
Is RFID in your company's future? Expert Joel Dubin explains some of the security issues that exist and would need to be resolved before RFID becomes a mainstream tracking technology for your supply chain.
>> Review RFID tags: Do they have a secure future?
Snort and syslog
Snort is probably the most popular network intrusion detection system in deployment, but admittedly, it doesn't do a good job with syslog traffic, expert Mike Chapple says. In this tip, he points you to some of the best alternatives for monitoring Snort log data.
>> Read Can Snort read multi-platform syslogs?
Zero Hour
This list lays out zero-day flaws in Windows that were discovered in 2006 and when they were patched:
| Month | Flaw | Appeared | Patched | Patch | Payload |
|---|---|---|---|---|---|
| January | WMF | Dec. 28, 2005 | Jan. 5 | MS06-01 | Spyware infections, spam relays |
| March | IE createTextRange | March 22 | April 11 | MS06-013 | Remote code execution |
| May | Word malformed object pointer | May 10 | June 13 | MS06-027 | Remote code execution |
| June | Excel document processing | June 16 | July 11 | MS06-037 | Remote code execution |
| July | PowerPoint malformed shape container or record | July 12 | Aug. 8 | MS06-048 | Remote code execution |
| September | IE Vector Markup Language buffer overflow | Sept. 18 | Sept. 26 | MS06-055 | Botnet; remote code execution |
| PowerPoint | Sept. 27 | Oct. 10 | MS06-058 | Remote code execution | |
| Word | Sept. 2 | Oct. 10 | MS06-060 | Remote code execution | |
| November | Visual Studio Object Broker ActiveX control | Nov. 1 | Dec. 12 | MS06-073 | Remote code execution |
| XML Core Services XMLHTTP 4.0 ActiveX control | Nov. 3 | Nov. 15 | MS06-071 | Remote code execution | |
| December | Word | Dec. 5 | Unpatched | Remote code execution | |
| Windows Media Player | Dec. 7 | Dec. 12 | MS06-078 | DoS; remote code execution | |
| Word | Dec. 10 | Unpatched | Remote code execution |
PING
In this exclusive interview with Information Security magazine Nikk Gilbert, IT security and telecom director reviews the obstacles he encountered when placed at the helm of an enterprise that didn't have a dedicated security team and what enterprise security professionals can do secure their network.
>> Read the interview with Nikk Gilbert