- 1
- 2
- 3
- 4
- < previous
- next >
Web Applications
Of course, not all spies take the low-tech approach; an increasing number are taking advantage of known insecurities in Web applications, according to a SANS Institute report on the Top 20 Internet security risks of 2007. The report names vulnerable Web applications as the top new risk, enabling Web sites to be poisoned, data stolen and computers connected to the Web site compromised. In 2008, the report says, Web application attacks will grow substantially.
How to stop them: Web scanning tools can help find application vulnerabilities, especially when combined with source code review tools and application penetration tests. The SANS Institute also recommends inspecting the Web application framework's configuration and hardening it appropriately. "No one should be engaged to write Web applications unless they can pass the GSSP Secure Software Programming exam that covers the essential security skills and knowledge that developers need to produce more secure applications," the report concludes.
Insider Theft
An efficient way for spies to work is to pay inside employees to steal information. Often, there's nothing high-tech about the maneuver, Winkler says; employees simply use their existing access rights to download greater volumes of data than they ordinarily should.
How to stop them: Use a combination of access control and proactive auditing, Winkler says. For instance, if customer service representatives generally access 30 records a day, he says, and suddenly a couple of people are accessing 100 a day, that's a red flag. So is an employee who suddenly begins accessing data from home, adds Ken van Wyck, a principal consultant at KRvW Associates, a security consultancy. "You're looking for drastic changes in behavior," he says, which can be detected through statistical anomaly detection programs.
It's also important to use the access control capabilities of the operating system, van Wyck adds. "People don't take the time to configure these very well," he says. "Many employees can access more than they need to do their job."
- 1
- 2
- 3
- 4
- < previous
- next >
- +
Why You Shouldn't Look for Your New Job on Company Time 19/12/2007 11:50:55
An open-source algorithm called Author-Topic is now being investigated for analyzing corporate e-mail to flag employee behaviour and attitudes.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Email Archiving 101—Customer Case Study
Strategies for Eliminating .PST Files
Mimosa™ NearPoint™ for Microsoft® Exchange Server: Email Archiving 101
Best Practice in Building an Integrated Information Management Strategy
Email Archiving Implementation: Five Costly Mistakes to Avoid
IT Service Management Needs and Adoption Trends: An Analysis of a Global Survey of IT Executives
Everything you need to know about email and web security (but were afraid to ask)
How to improve employee productivity in small and medium businesses
Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Virtual magic: HR specialist throws out 40 servers, adds 8TB SAN and saves $100,000 for disaster recovery 2008-12-01 15:28:00+11
Sybiz adds up for SMEs in downturn 2008-12-01 14:27:00+11
EXCOM scores back-to-back award trifecta 2008-12-01 10:46:00+11
Citect extends SCADA networks with mobility solutions 2008-12-01 09:48:00+11
Citect extends SCADA networks with mobility solutions 2008-12-01 09:48:00+11
Strategies for Eliminating .PST Files
Join industry expert Martin Tuip to discover best practice strategy for the archival and removal of .PST files using email archiving. Learn how to ensure long-term email records are there when needed, and reduce the risk to your business and clients.
Buying Guides
Buying Guides
