- +
Your World. . . Hacked 02/10/2007 10:51:23
As your business becomes more collaborative and global, the risks to your company’s trade secrets rise proportionally. Fortunately, there are new strategies to protect the data that allows you to competeThe call to Bob Bailey, an IT executive with a major US government contractor, came on an otherwise ordinary day in October 2003. "Why are you attacking us?" demanded the caller, an IT leader with a Silicon Valley manufacturer. He wanted to know why Bailey's company had launched a denial-of-service attack against his network - +
Strategies for Dealing With IT Complexity 24/12/2007 10:30:47
Every innovation, every business process improvement, comes with an IT complexity tax that must be paid by CIOs in time, money and sweat. Here are strategies to mitigate the increasing complexity of IT as it enables new business.Every innovation, every business process improvement, comes with an IT complexity tax that must be paid by CIOs in time, money and sweat. Here are strategies to mitigate the increasing complexity of IT as it enables new business. - +
Ticked Off at Tick the Box Mentality 04/02/2008 13:01:15
Does your executive search firm know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?Does your executive search firm know its MIS managers from its elbow? Does it even know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Release Management
A Report Card On Ubiquitous Mobility
A Guide to Next-Generation Backup, Recovery and Archive
Choices in Storage Architecture for Oracle Environments
Market Trends: Multienterprise/B2B Infrastructure Market | Worldwide | 2008
The Case for an Untethered Enterprise
Business Mashups: The 10 Commandments
Aligning IT and the Business with Demand Management
Zones provide focussed content from Computerworld and leading technology partners.Newsletter Subscription
A preoccupation with firewalls for information security is dangerous because it can divert attention and resources away from locking systems down, according to a visiting security researcher.
Computer security researcher at the San Diego Supercomputing Centre (SDSC), Abe Singer said companies can spend 90 percent of their security efforts on firewalls and not much of anything else.
"I'm not saying firewalls are completely irrelevant, but how much effort do you spend on security?" Singer asked. "Do security at the host, not just the perimeter. You should be worried about what users are doing, because if an attacker is going through the perimeter [without secure hosts] then it's game over."
In Australia to speak at the Australian Unix and open systems user group (AUUG) security seminars this month, Singer prides himself on the claim that the SDSC has gone four years without a root-level intrusion to its systems - without using a firewall. He believes this is as good as an organization relying on a firewall.
"At the SDSC we don't use a firewall, it's not feasible," he said. "Since we have to secure hosts individually if we had a firewall it would be so open it would be useless."
Singer said there is a perception that a firewall is a must-have. He cited Visa's server requirements for online merchants which stated they must have a firewall, but did not specify any configuration details.
"Too much of the security budget is being spent on firewalls which also get too much attention [and] it's also 'cool' to have a new firewall to play with," he said, adding that other appliances like intrusion detection and prevention systems are an extension of the same idea.
"People are attracted to the idea that security can be bought [and] it's hard to differentiate between marketing hype and reality," he said. "We have a known 'good' config and when we find something is bad it's consistently fixed."
Singer is adamant that intrusion will not be stopped by a firewall and attackers have used Trojan SSH (secure shell) clients to steal usernames and passwords.
Other practices Singer recommends include not running services you don't need, for example, services that are only required internally don't need to be external.
"You really need to think through your processes [and] relying on a firewall means you're probably doing security wrong," he said. "Surveys have shown that 60 percent of security breaches are internal but 70 percent of people are worried about hackers on the outside. Internal breaches are worse, because someone has a level of access and knows where the assets are. If an attacker was really looking at compromising a company's assets he or she would get a job in the mail room."
Computerworld Member Login
Beyond Virtualisation - The Roadmap to 2012
CIO Breakfast Briefing
8:30am - 10:30am
Brisbane | 22 July | Sofitel Brisbane
Sydney | 23 July | Four Seasons Hotel
Canberra | 24 July | The Hyatt
Attend and discover:
- What happens after virtualisation
- The benefits automation drives
- When automated infrastructures will emerge
- What the roadmap to 2012 looks like
- How to deliver an automated architecture
- How to maximise your investment in virtualisation
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Vignette Appoints New Vice President and General Manager Asia Pacific 2008-07-24 15:02:00+10
Vignette Appoints New Vice President and General Manager Asia Pacific 2008-07-24 15:02:00+10
Dimension Data Appoints New General Manager – Application Integration 2008-07-24 14:00:00+10
BlueCentral offers On-Demand Security Solution 2008-07-24 13:36:00+10
iPhone 3G Hits Australia - But be Careful Where You Click, Cautions IDC 2008-07-24 10:20:00+10
EMC Data Profiling for File System and Exchange Server Environments
There has been an explosive and seemingly unmanageable growth of information in business today. Discover how EMC can utilise intelligent data analysis to develop a strategic plan for your business and optimise your organisation’s file system and Exchange Environments.
