Microsoft’s initial move into the security products market, the ISA Server, has evolved well beyond its firewall roots. Now known as the Threat Management Gateway, the product is being positioned as a comprehensive Web security gateway. But as Eric Ogren writes in his review of the Threat Management Gateway [SearchSecurity.com], the beta release offers enterprise IT shops some solid capabilities, but also has some considerable drawbacks.
Browsing Category: Compliance
A startup out of the University of Texas today released a new open protocol and related technology that addresses the inherent security risks to Web 2.0-type application mashups, according to a new report [darkreading.com].
By Roel Schouwenberg
As Dancho Danchev pointed out, the BBC leased itself a botnet [zdnet.com]. I couldn’t quite believe it when I read it. The BBC, arguably one of the very best TV producers in the world, surely should have known better? There are so many things wrong about this that I hardly know where to start.
Firstly, given their figures, they seem to have spent quite an amount of money purchasing the botnet. Regardless of how much the total sum was, they sponsored the underground economy. Paying money to criminals (for illegal goods) is not only unethical but also considered illegal in most countries. The BBC broke the law right there and then already, not when they actively started using the botnet.
The economy is still terrible and will likely continue to get worse in the near term, and the picture is just as ugly for enterprise security staffs. Peter Kuper, a longtime investment banker and software analyst at Morgan Stanley, said security shops can expect to see their budgets be flat at best this year and cut sharply next year for the first time in more than half a decade.
Tech security company Fortify and security consulting firm Cigital are getting ready to release a set of best practices that tech companies and other businesses can follow to ensure that the software they develop is secure.
The authors developed the model by studying the security practices at Google, Microsoft, Adobe, and other tech companies, as well as non-tech companies that write their own software like Wells Fargo, and Depository Trust & Clearing Corp.
By Andrew Storms
Transparency is a common theme in politics and Wall Street these days. The 2008 elections, dealings of TARP, financial institutions run a-muck are all places where we hear the word transparency bandied about on a daily basis. While many security professionals speak about transparency when it comes to information security, very few definitions fit the overarching idea of transparency. I believe that the time has come for information security professionals to both dig deeper and out of the idea of transparency to gain a better understanding of this concept.
With the economy cratering, staffs and budgets being cut and resources scarce, cloud computing has quickly become the prettiest girl at the prom. IT managers love its convenience and power and accounting departments are quite fond of its cost efficiencies.
But what of security and privacy? Where do they factor into the equation, if at all?
internetnews.com’s Kenneth Corbin has the scoop on plans by Google to launch a members-only security forum for businesses, law enforcement, government agencies and others to combat malware and fraud on the Web.
In addition to Google, the Internet Security Community will draw participation from Xerox PARC, representatives of the Federal Trade Commission and others.
MIT Lincoln Laboratory has developed a Network Security Analysis application known as NetSPA to help identify potential avenues of attack in computer networks.
One of my favorite talks on computer security is this one by Ivan Krstic, the former head of security development for the ambitious One Laptop per Child project: