- +
10 of the Best for Security 08/03/2006 16:14:49
As enterprises continue to automate processes and extend beyond traditional boundaries, they need to ensure that a strong security awareness program is in place.The typical computer network isn't like a house with windows, doors and locks. It's more like a gauze tent encircled by a band of drunk teenagers with lit matches". - +
Green Lights to Nowhere Fast 07/07/2006 16:47:57
It is so easy for project members to deceive themselves and others partly because seemingly watertight methodologies for software estimation and resultant metrics or measures are anything but.All program teams run the risk of developing a culture that encourages deception and self-delusion. Here's how to avoid fostering an environment of "wishful thinking" and keep your projects out of strife - +
A Travel Guide to Collaboration 04/02/2005 10:49:08
To arrive at collaboration, companies will need to get over their win-lose mentality, and solve a host of technical and cultural challenges. Here's a road map for the journey - +
Getting Clueful: Five Things CIOs Should Know About Software Requirements 03/04/2007 12:37:05
Software requirements documentation was supposed to itemize everything that the application required. But the project was late, the users were unhappy, and the budget spun out of control. Why? Just ask the developersSome days, you wish you had telepathy. You just know that your development staff is holding back in some way, but you don't know how to get them to communicate. Is the project in trouble, but they're afraid to tell you? - +
Stuck on ROI 07/03/2005 09:23:32
Executives and senior managers have learned to greet ROI claims with a generous sprinkle of scepticism, doubting claimed benefits can be realized and that identified costs will fall in lineWhat's a good CIO to do when facing a clamour from executives, boards and shareholders to present a compelling business case, while knowing almost no one will believe that business case when presented?
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Zones provide focussed content from Computerworld and leading technology partners.Newsletter Subscription
Microsoft's new focus on security is paying off, but the company still has a long way to regain its customers' trust, according to the company's security program manager, Jesper Johansson.
Johansson — a Ph.D who left academia in search of more hands-on tasks — discovered security holes in Windows and warned Microsoft, and eventually got offered a job in Redmond.
He is the author of several documents with practical tips on how to avoid security gaffes and tips on hardening Windows installations.
Some of the work he is involved in at Microsoft includes building security into the design lifecycle of applications.
“We train developers to write better code and build threat models that show how an attack could happen,” he said.
A fan of OpenBSD, the open source operating system that emphasised security over everything, Johansson said Microsoft also vetted its code for holes.
“Automated tools check code for known security issues, and we have an internal penetration testing team plus use third-party consultants for this,” he said.
Although Johansson has said that system could not ever be completely secure — at least not if you were planning on using it and that the best security tool was a wire-cutter (for snipping the network connection to the system), he maintained that despite this, it was possible to achieve a workable level of security.
“Security is a process that changes constantly” he said, when asked to explain his statements.
The conflict lies in usability — the best-working IT solution is the one that is transparent to users — which hurts security as it increases the attack surface, according to Johansson.
Usability and security could marry, but it wasn't cheap due to the greater amount of effort required, he said. Does management understand this?
“Not quite,” Johansson said. "They are beginning to understand, but we are still seeing the ‘stare so hard at a tree that you don’t see the whole forest’ syndrome with customers.”
He admitted that Microsoft had "lost a lot of trust” due to the way it traded off security for usability and features in the past, and said it would be a gradual change before users discover that our products were safe.
He held up the small number of security advisories for Windows Server 2003 as an example of the emphasis on safe computing is working and what customers should consider.
“We have halved the number of security advisories for Windows Server 2003 compared to Windows 2000,” Johansson said. However, he said there was room for improvement because Microsft was not proud that there had been 25 advisories for Windows Server 2003.
The real success security success story was the latest version of Microsoft's web server, IIS 6, he said.
There has only been one security advisory for IIS 6, and that was for an obscure hole that would be difficult to exploit, according to Johansson.
Computerworld Member Login
Beyond Virtualisation - The Roadmap to 2012
CIO Breakfast Briefing
8:30am - 10:30am
Brisbane | 22 July | Sofitel Brisbane
Sydney | 23 July | Four Seasons Hotel
Canberra | 24 July | The Hyatt
Attend and discover:
- What happens after virtualisation
- The benefits automation drives
- When automated infrastructures will emerge
- What the roadmap to 2012 looks like
- How to deliver an automated architecture
- How to maximise your investment in virtualisation
- +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future. - +
Data Management Edition #9: Data centre makeover 24/04/2008 07:43:06
This week CW Live looks at the death of the old style data centre which is undergoing its first makeover in more than 30 years.
Zepto release the Mythos, the 2nd installment in the Centrino 2 refresh 2008-07-09 12:05:00+10
Symantec Data Protection Solutions Preferred by Users and Industry Experts 2008-07-09 11:56:00+10
Residential VoIP: Let’s Get Naked, Declares IDC 2008-07-09 10:43:00+10
Frost & Sullivan: Australia’s Mobile Advertising Spend to Grow 300 Per Cent in 2008 2008-07-09 07:57:00+10
DIARY ALERT - Symantec data leakage prevention seminars 2008-07-08 17:20:00+10
Using EMC Celerra IP Storage with Vmware Infrastructure 3 over iSCSI and NFS
Learn to tie virtualized computing to virtualized storage, to offer a dynamic set of capabilities within the data centre and create improved performance and system reliability. Discover how best to utilize EMC Celerra in a VMware ESX environment.
