Pushing firewall performance
How fast is your firewall's performance? While many network administrators don't think of their firewalls in terms of speed, it's becoming a more and more important issue in an era of high bandwidth-consumption. Network World Fusion held a bake-off of leading firewalls, singling out Cisco, CyberGuard and NetScreen for top honors in the end.
Source: Network World Fusion Building a firewall rulebase
Spending money on a top-tier firewall is only the beginning of getting your money's worth -- the real work is in configuring it. This 8wire article covers the basics, examining rules and rule order and citing examples with 8wire's typical clarity.
Source: 8wire A look at Microsoft's Internet Security and Acceleration Server
8wire explores Microsoft's ISA Server, which is designed to act as a combination firewall/cache server. Varying aspects of the product are examined in detail, including installation, features, security, and the general theory of distributed caching in terms of the product's implementation.
Source: 8wire Users warming to outsourced intrusion detection
Network World Fusion examines the latest outsourced niche: intrusion detection. Provided: several case studies of companies which did and did not take the outsourced road (and their rationales in each case), a look at the underlying technology, and a list of relevant providers, both of the source services (such as Counterpane) and their partners (such as Exodus Communications).
Source: Network World Fusion A sharp eye for security
If you really want to cover the security territory -- and money isn't a problem -- you might consider hiring a security auditing firm to evaluate your network. eWeek did just that in an attempt to demonstrate the pros and cons of security consulting, and in this feature-length article, turns a spotlight on three such auditors: Guardent Inc., PricewaterhouseCoopers and System Experts Corp.
Source: ZDNet NFR appliance nips, analyzes attacks
Review of Version 5.0 of NFR Security's Network Intrusion Detection software running on the company's Network Flight Recorder Intrusion Detection Appliance. While the product performs admirably, and caught virtually every simulated intrusion/hack the reviewers threw at it, it's limited by the range of attack signatures it recognizes. NFR's response: daily online updates.
Source: ZDNet Heading off hack attacks
Intriguing ZDNet article concerning an innovative approach taken by two security software vendors, WatchGuard Technologies Inc. and Entercept Security Technologies. Their joint mission statement: Hackers will inevitably be able to get root access in your network, and the thing to do is minimize or eliminate the damage they can do with it.
Source: ZDNet How to fill Wi-Fi's security holes
ZDNet opinion piece on Wi-Fi (802.11b) wireless LAN technology and its security shortcomings. Among other remedies suggested: polling vendors on specific security issues and integrating key general-purpose security technologies such as a firewall and PGP (Pretty Good Privacy) software in conjunction with your wireless LAN.
Source: ZDNet WEP: No weapon against hackers
If you want to secure your wireless LAN against the possibility of hacker intrusion, it's all about Wireless Encryption Protocol (WEP), right? Not necessarily, says Bob Currier. In addition to interoperability problems, WEP has recently been demonstrated to be a weak protocol, cryptographically speaking. One possible solution for smaller nets: monitoring MAC addresses to limit access only to specific 802.11b cards.
Source: ZDNet Know your enemy: A forensic analysis of a network break-in
This fascinating article from 8wire acts as a deliberately manufactured case study of a hacker's attempted network intrusion. After setting up a largely defenseless network accessible from the public Internet to act as a lure -- or "honeypot" -- 8wire techs allowed a hacker to invade it and create her own accounts for subsequent use. The complete breakdown of what she tried to do, and how 8wire went about monitoring and analysing her activity, follows in the article. Command-line text depicts it all in comprehensive detail.
Source: 8wire Vulnerability assessment scanners
Designed to detect common, known security holes in today's most frequently deployed network technology, vulnerability scanners follow through by alerting network administrators to those holes when they find them. At least that's the theory. In this article, Network Computing attempted to find a clear winner from a pack of eight leading solutions and, dismayed that none of them found the pre-created problems they'd implemented for testing purposes, awarded none of them the coveted Editor's Choice.
Source: Network Computing SECURITY TIPS
Limiting network browsing Data integrity and PKI Windows NT security tools Securing remote access service Pretty Good Privacy Procedures in preventing threats to information security EXECUTIVE SECURITY BRIEFING
Individual rights vs. corporate controls for PCs E-mail security -- Defending the server