For any corporate wireless infrastructure to remain secure, using 802.1X for authentication is a must - after all, it provides much more granular control of authentication credentials and can provide accounting for wireless LAN usage. Setting everything up can be a complex process fraught with choosing the right EAP type that both your clients and your RADIUS server supports in addition to putting in place the PKI infrastructure that some EAP types require. During this whole process one thing can often be overlooked - the security of the RADIUS server itself.
Data leakage prevention (DLP) refers to a class of detection and enforcement technologies aimed at securing internal information. The latter can be anything from compliance-related data (social security and credit card data) to intellectual property (IP). Enforcement capabilities extend from detection and alerting all the way to blocking, quarantining, or encrypting the outbound network traffic. Initial technology deployments focused on e-mail (an easily proxied protocol) but have recently begun to include HTTP, FTP, and various chat or IM services as well as encrypted transports such as SSL and SSH.
So, you've just installed Ubuntu 7.04, otherwise known as the "Feisty Fawn" release of everyone's favorite (for now) flavor of Linux. You booted the <a href="http://releases.ubuntu.com/feisty/" target="_blank">installation disc</a> , looked around the test environment to discover that your hardware was working, and double-clicked the Install icon on the desktop. The Ubuntu installer helped you make room for Linux on your hard drive, and even copied over some of your documents and settings from Windows.
How do you know if your computer, or any of the computers in the network you manage, has become infected with zombie code? After all, the programs that turn a computer into an undead slave for spammers and phishers don't install a desktop icon or an entry on the Windows Start menu. A survey of experts reveals some agreement on basic steps you can take to reduce the risk of having your machines join the army of the evil botnet undead.
MAC spoofing on a wireless network creates an interesting problem - you want to locate the imposter, but how do you tell the different between it and the legitimate device from the network's perspective? Like Ethernet, 802.11 makes use of a device's MAC address to uniquely identify it on the network. However, it's trivial to change the MAC address of a wireless interface under most operating systems. While MAC spoofing can be detected it can be difficult to locate the offending device once you know it's occurring.
In a world where there's too much to do -- and too little time to do it in -- we're always looking for shortcuts. So when we stumbled upon <a href="http://kurtsh.spaces.live.com/blog/cns!DA410C7F7E038D!1665.entry" target="_blank">a blog entry</a> by Kurt Shintaku over on Windows Live Spaces that promised to let us install Vista from a flash drive instead of an optical disc, there was certainly interest.
Corporate response to the influx of Web 2.0 technologies is as varied as companies themselves. Here are some tips for developing security policies and practices that best fit your company, from restrictions on social sites to rules on mini devices and instant messaging. Plus, we offer expert tips for communicating these new Web 2.0 policies to workers.
Written by Computerworld Staff •
14 March 07 13:09
One reader asks: "My company is expecting to make the move to VoIP in the next year or so. I would like to learn some basics before the move is made and hopefully be able to ask the rights questions as the selection is made. Without hocking the family jewels, is there a way that I can build some experience?"
Virtualization -- the move to go from real, physical hardware to virtual hardware -- is being seen as one of the "next big things" in IT. There are more virtualization options for IT departments than ever before, including open-source applications from Xen and Virtual Iron; Microsoft's Virtual Server taking off like wildfire; and the venerable VMware products.
As heavy power users, IT departments have a key part to play in reducing greenhouse gas emissions. And apart from the environmental impact, they need to make sure they don't exhaust their capacity. A recent Gartner report notes that 50 percent of data centres will have insufficient power and cooling capacity by 2008.
One reader asks: "I have been asked to connect a building to our network that isn't currently connected. While this building, albeit a small one, is a stone's throw from two other buildings, the decision was made when the fiber backbone was installed between the building to not include this building because it was due to be torn down in the near future. That was several years ago and before my time but the building still exists. I have now been asked by a department head to provide costs estimates for connecting connecting the building to the network. After consulting the drawings for the fiber backbone, there is conduit running to the building but only phone lines were run to the building. Only a couple of people are expected to be in this building at any given time. What will be the best option for connecting this building to the network?"
The popularity of wireless LANs is increasing as is the use of wireless Internet access points, so the need for secure and encrypted e-mail exchanges is becoming more critical. While there are many implementations of e-mail encryption, one of the most popular e-mail servers is Microsoft Exchange 2003 Server which has built-in encryption capabilities.
A few years ago, there was lots of excited chatter about how we were on the brink of becoming a paperless society. No longer would offices be cluttered up by reams of reports. Faxes would be replaced by electronic communiques. Even items that it seemed would have to be printed because they required a physical signature would disappear as we learned to trust digital signatures on e-mails.
OK, you're in the home stretch. You've issued your telecom RFP, assessed the responses and concluded your contract negotiations. You've got rates you can live with and services that represent a net improvement over what you're getting now. You're done, right?
Techies usually hate dealing with sales folk, because we seem to come from different worlds. Engineering is about honesty: Either that bridge will hold or it won't. Sales is about deceit (or so we geeks assume): Lie to the customer and cash the commission.
Copyright 2015 IDG Communications. ABN 14 001 592 650. All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.