Problem solve Get help with specific problems with your technologies, process and projects.

Eye on Security Update wants to help you keep your Eye on Security. Each month, we'll compile all of the new security information we've added to the site and put it in one convenient package right here. Additions for March include Best Web Links, several tips, and the new Executive Security Briefing column.


Pushing firewall performance
How fast is your firewall's performance? While many network administrators don't think of their firewalls in terms of speed, it's becoming a more and more important issue in an era of high bandwidth-consumption. Network World Fusion held a bake-off of leading firewalls, singling out Cisco, CyberGuard and NetScreen for top honors in the end.
Source: Network World Fusion

Building a firewall rulebase
Spending money on a top-tier firewall is only the beginning of getting your money's worth -- the real work is in configuring it. This 8wire article covers the basics, examining rules and rule order and citing examples with 8wire's typical clarity.
Source: 8wire

A look at Microsoft's Internet Security and Acceleration Server
8wire explores Microsoft's ISA Server, which is designed to act as a combination firewall/cache server. Varying aspects of the product are examined in detail, including installation, features, security, and the general theory of distributed caching in terms of the product's implementation.
Source: 8wire

Users warming to outsourced intrusion detection
Network World Fusion examines the latest outsourced niche: intrusion detection. Provided: several case studies of companies which did and did not take the outsourced road (and their rationales in each case), a look at the underlying technology, and a list of relevant providers, both of the source services (such as Counterpane) and their partners (such as Exodus Communications).
Source: Network World Fusion

A sharp eye for security
If you really want to cover the security territory -- and money isn't a problem -- you might consider hiring a security auditing firm to evaluate your network. eWeek did just that in an attempt to demonstrate the pros and cons of security consulting, and in this feature-length article, turns a spotlight on three such auditors: Guardent Inc., PricewaterhouseCoopers and System Experts Corp.
Source: ZDNet

NFR appliance nips, analyzes attacks
Review of Version 5.0 of NFR Security's Network Intrusion Detection software running on the company's Network Flight Recorder Intrusion Detection Appliance. While the product performs admirably, and caught virtually every simulated intrusion/hack the reviewers threw at it, it's limited by the range of attack signatures it recognizes. NFR's response: daily online updates.
Source: ZDNet

Heading off hack attacks
Intriguing ZDNet article concerning an innovative approach taken by two security software vendors, WatchGuard Technologies Inc. and Entercept Security Technologies. Their joint mission statement: Hackers will inevitably be able to get root access in your network, and the thing to do is minimize or eliminate the damage they can do with it.
Source: ZDNet

How to fill Wi-Fi's security holes
ZDNet opinion piece on Wi-Fi (802.11b) wireless LAN technology and its security shortcomings. Among other remedies suggested: polling vendors on specific security issues and integrating key general-purpose security technologies such as a firewall and PGP (Pretty Good Privacy) software in conjunction with your wireless LAN.
Source: ZDNet

WEP: No weapon against hackers
If you want to secure your wireless LAN against the possibility of hacker intrusion, it's all about Wireless Encryption Protocol (WEP), right? Not necessarily, says Bob Currier. In addition to interoperability problems, WEP has recently been demonstrated to be a weak protocol, cryptographically speaking. One possible solution for smaller nets: monitoring MAC addresses to limit access only to specific 802.11b cards.
Source: ZDNet

Know your enemy: A forensic analysis of a network break-in
This fascinating article from 8wire acts as a deliberately manufactured case study of a hacker's attempted network intrusion. After setting up a largely defenseless network accessible from the public Internet to act as a lure -- or "honeypot" -- 8wire techs allowed a hacker to invade it and create her own accounts for subsequent use. The complete breakdown of what she tried to do, and how 8wire went about monitoring and analysing her activity, follows in the article. Command-line text depicts it all in comprehensive detail.
Source: 8wire

Vulnerability assessment scanners
Designed to detect common, known security holes in today's most frequently deployed network technology, vulnerability scanners follow through by alerting network administrators to those holes when they find them. At least that's the theory. In this article, Network Computing attempted to find a clear winner from a pack of eight leading solutions and, dismayed that none of them found the pre-created problems they'd implemented for testing purposes, awarded none of them the coveted Editor's Choice.
Source: Network Computing


Limiting network browsing

Data integrity and PKI

Windows NT security tools

Securing remote access service

Pretty Good Privacy

Procedures in preventing threats to information security


Individual rights vs. corporate controls for PCs

E-mail security -- Defending the server

This was last published in March 2001

Dig Deeper on Network Security Best Practices and Products

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.