630 results on '"SECURITY systems"'
Search Results
2. Endpoint Security's Quantum Shift.
- Author
-
Davis, Michael A.
- Subjects
- *
COMPUTER security , *SECURITY systems , *BUSINESS planning , *BUSINESS enterprises , *INFORMATION technology - Abstract
The article discusses ideas for business organizations on how to cope with the changing landscape on the security of their information technology (IT) and data. Overview of the top 10 security products that are important in an organization and the connection problems they often face is provided. Suggestion on the need for organizations to have the right mix of tools and processes to effectively counter threats is provided.
- Published
- 2014
3. What's New in Windows 8.1 for Windows Store Developers.
- Author
-
APPEL, RACHEL
- Subjects
COMPUTER software development ,CASCADING style sheets ,HTML (Document markup language) ,WEB-based user interfaces ,BLUETOOTH technology ,SECURITY systems - Abstract
The article focuses on the improvements in the operating system Windows 8.1 created by software company Microsoft Corp. which include Cascading Style Sheets (CSS) media queries, new Extensible Application Markup Language (XAML) project templates and security application programming interfaces (APIs). It mentions the availability of APIs in Windows 8.1 which include Human Interface Devices (HID), Point of Service (PoS) and Bluetooth.
- Published
- 2014
4. Enhance system security with better data-at-rest encryption.
- Author
-
Kleidermacher, David
- Subjects
- *
DATA protection , *COMPUTER security software , *ELECTRONIC data processing , *MEDICAL records , *DATA encryption , *SECURITY systems - Abstract
The article discusses data-at-rest protection to ensure that unauthorized persons do not gain access to sensitive information contained in lost or stolen media like medical records, bank details or government top security information. Mentioned is the most common solution of encryption. Presented are approaches including the choice from multiple layers in the data storage stack, symmetric encryption algorithms or cipher modes and the management of the long term storage encryption keys.
- Published
- 2012
5. Seventeen steps to safer C code.
- Author
-
HONOLD, THOMAS
- Subjects
- *
C++ , *PROGRAMMING languages , *COMPUTER software development , *COMPUTER network security , *COMPUTER programming , *SECURITY systems - Abstract
The article offers tips for writing safety-critical C code by using methods derived from C++ and Ada computer programming languages. It mentions that C language can be made a viable choice for safety-critical software development only by applying many good practices and self-imposed rules. It suggests using enums as error types and explains the importance of checking input values. It recommends several tools to use such as Artistic Style 2.01 code formatter and cygwin.
- Published
- 2011
6. Top 10 Pitfalls When Managing Mixed WLANS.
- Author
-
Moerschel, Grant
- Subjects
- *
WIRELESS LANs , *COMPUTER network architectures , *WIRELESS communications , *NETWORK analysis (Planning) , *SECURITY systems - Abstract
The article tackles the 10 potentially critical errors when managing mixed Wireless Local Area Networks (WLANs). It notes that the potential pitfalls include failure to understand the application load, lack of environmental planning, inappropriate channel layout and poor architectural planning. It also states that inadequate power and cabling, WLAN security and failure to regard regulatory compliance are also some of the concerns in WLAN administration.
- Published
- 2010
7. Passive Authentication for ASP.NET with WIF.
- Author
-
Bustamante, Michele Leroux
- Subjects
APPLICATION software ,WINDOWS (Graphical user interfaces) ,SECURITY systems ,COMPUTER users ,COMPUTER software - Abstract
The article discusses the use of the Windows Identity Foundation (WIF) platform tool as a passive authentication for ASP.NET applications. It says that federated security aims to provide a mechanism for establishing trust relationships among domains in order for users to authenticate to their own domain while accessing services and applications from another domain. The author adds that WIF supplies different HTTP modules including SessionAuthenticationModule (SAM). The role of an Identity Provider (IdP) in a federated security model is also discussed.
- Published
- 2010
8. Add a Security Bug Bar to Microsoft Team Foundation Server 2010.
- Author
-
Sullivan, Bryan
- Subjects
CLIENT/SERVER computing software ,COMPUTER security software ,COMPUTER software development ,ONLINE information services ,SECURITY systems - Abstract
The article discusses the benefits of the security bug bar, a security bug classification system used by internal product and online services teams of Microsoft Corp. required by the Security Development Lifecycle (SDL). It emphasizes that the bug bar helps create a secure application, reduce vulnerabilities in software, and address triaging bugs. It also relates how to incorporate such classification system into the user's own development environment using Microsoft Team Foundation Server 2010.
- Published
- 2010
9. Inside PCI Compliance.
- Author
-
Conry-Murray, Andrew
- Subjects
- *
CREDIT cards , *COMPUTERS in business security measures , *CREDIT card processing , *DATA security , *SECURITY systems - Abstract
The article discusses best practices that will help companies prepare for an evaluation of their compliance with the payment card industry (PCI) rules. The first thing to do is to know how the credit card data runs through a system, where it lives in the business and who obtains the access of it. According to Ted Keniston, managing consultant at Trustwave, changes in business management, log management and system configuration must all adhere to PCI requirements.
- Published
- 2009
10. Exploring the .NET Framework 4 Security Model.
- Author
-
Dai, Andrew
- Subjects
MICROSOFT .NET Framework ,INFORMATION storage & retrieval systems ,COMPUTER programming ,SECURITY management ,COMPUTER security ,SECURITY systems ,SANDBOXES (Computer science) - Abstract
The article offers information on the improvements made to the .NET security model of the .NET Framework 4. An overview of the scope of the .NET security model is offered, with particular focus on the policy, sandboxing, and enforcement. It notes that the framework software has made changes on Code Access Security (CAS) policy system, the Security Transparency model, and has introduced the Conditional AllowPartiallyTrustedCallers attribute (APTCA) feature for host and library developers.
- Published
- 2009
11. A Conversation About Threat Modeling.
- Author
-
Howard, Michael
- Subjects
COMPUTER software developers ,CONVERSATION ,COMPUTER software development ,COMPUTER systems ,COMPUTER security ,DATA protection ,COMPUTER viruses ,SECURITY systems ,INFORMATION technology - Abstract
The article presents a conversation between Paige, a young, bright software developer and Michael, a simple security guy at Microsoft Corp. about some of the major Security Development Lifecycle (SDL) requirements. Paige plans to build agile software development and communication and wants it to pass the Final Security Review. He wants to make sure any sensitive data is secured and keep any emergency patches to a minimum. Michael was impressed with Paige's plan and the threats he identified. Michael explains that attacks happen and there is really nothing one can do to stop them and that web applications are a big target. Paige updates the threat modeling tool and mentions he will use Kerberos since it is more scalable than NTLM.
- Published
- 2009
12. Take It From The Top.
- Author
-
Baumstein, Avi
- Subjects
- *
SECURITY systems , *COMPUTER software safety measures , *SECURITY management , *INFORMATION technology - Abstract
The article focuses on the importance of privileged account management systems to secure administrators accounts in the U.S. As stated, these system promise to control access to high-level systems and automate password safeguards. In addition, the privileged account management feature set includes generation of a unique, complex, random password and the ability to automatically log in to the client system.
- Published
- 2009
13. Building A Custom Security Token Service.
- Author
-
Leroux Bustamante, Michel
- Subjects
COMPUTER software ,COMPUTER systems ,COMPUTER security ,DATA protection ,SECURITY systems ,DATA security ,COMPUTERS ,COMPUTER programming management - Abstract
The article provides information about the Microsoft claims-based access platform strategy code named "Geneva," which includes the "Geneva" Framework, "Geneva" Server and Windows CardSPace "Geneva." The Geneva Framework provides developers with tools to build claims-based applications and services that involve tokens issued by a Security Token Service, as well as tools for building a custom Security Token Service and for building Windows CardSpace-enabled applications. Among the technologies which were discussed include Windows Communication Foundation, ASP.NET and Geneva Framework.
- Published
- 2009
14. The Web's New Traffic COP.
- Author
-
Martin, Richard
- Subjects
- *
INFORMATION filtering systems , *WORLD Wide Web , *INTERNET service providers , *INTERNET content regulation , *CONTENT filters (Computer science) , *MANAGEMENT , *SECURITY systems - Abstract
The article provides information on Web filtering as a form of protecting one's company from unsuitable Internet content. It features range of tools used by different group of companies to regulate use of company network as well as restrictions on employees' Web activities implemented by Human Resource (HR) and Information Technology (IT) departments. The impact of the Safe Act to ISPs as well as risk management services adopted by companies like Verizon Business and Sprint are also discussed.
- Published
- 2008
15. A Better Approach For Building Claims-Based WCF Services.
- Author
-
Letroux Bustamante, Michele
- Subjects
SECURITY systems ,COMPUTER networks ,COMPUTER security ,DATA protection ,COMPUTER software ,COMPUTER systems ,COMPUTER industry ,SECURITY management - Abstract
The article discusses a better approach for building claims-based Windows Communication Foundation (WCF) security services through the Geneva Framework. It states that while WCF has always had native support for claims-based security model, the Geneva Framework, formerly called "Zermatt," improves this experience by simplifying access to claims at run time. It mentions that it also offers a mechanism to support claims-based authorization in a manner that is consistent with the role-based authorization principals already available in the Microsoft.NET Framework.
- Published
- 2008
16. Understanding Windows File And Registry Permissions.
- Author
-
Michener, John R.
- Subjects
SECURITY systems ,COMPUTER security ,ACCESS control ,WEB browsers ,CONSUMER protection ,INTERNET ,COMPUTER access control ,ELECTRONIC information resources ,DATA security - Abstract
The article offers information on the usage of integrity labels that are stored in the object's systems access control list (SACL). The low-integrity label is used in labeling Low Rights processes such as LowRights Internet Explorer and pertained untrusted objects. It is stated that using a code sample for launching a low integrity process in the protected mode for Internet Explorer may result into error. In addition, the high and system levels are used in helping isolate those from low and medium processes and objects.
- Published
- 2008
17. Test Your Security IQ.
- Author
-
Howard, Michael and Sullivan, Bryan
- Subjects
COMPUTER network security ,SECURITY systems - Abstract
A quiz concerning reviewing code for security bugs is presented.
- Published
- 2008
18. Building A Secure AJAX Service Layer.
- Author
-
Esposito, Dino
- Subjects
AJAX (Web development technology) ,COMPUTER architecture ,INTERNET programming ,WEB development ,WEBSITE security ,COMPUTER security ,SYSTEMS development ,SECURITY systems ,INTERNET - Abstract
The article focuses on AJAX service layer. It mentions that AJAX and Silverlight have a two-tiered architecture with the front and back ends separated by the Internet, which may result for an unauthorized access between the two layers. Due to this, the author introduces the service layer, an additional layer of code that creates a boundary between two other layers. He declares that an extra layer of service called the AJAX service layer, which consists of ASMX Web services, Window's Communication Foundation (WCF) or representational state transfer (REST), can prevent some of the unauthorized access. Ways on how to implement security in the AJAX service layer are also discussed.
- Published
- 2008
19. PRECISION SECURITY.
- Author
-
Fratto, Mike
- Subjects
- *
COMPUTER security , *INFORMATION technology , *SECURITY systems , *DATA protection - Abstract
The article cites key findings from the 2008 InformationWeek Strategic Security Study regarding the information security risks faced by companies in the U.S. Close to 1,100 business and information technology (IT) were polled about their priorities and plans for ensuring the security of their companies' information assets.
- Published
- 2008
20. Securing VMware.
- Author
-
Hernick, Joe
- Subjects
- *
COMPUTER security , *VIRTUAL networks , *VIRTUAL machine systems , *SECURITY systems - Abstract
The article cites key findings from a 2008 survey on the state of VMware security and the initiatives by industry-leading virtualization vendors to keep users safe in the U.S. It includes an in-depth analysis of security plans specifically developed for protecting virtualized infrastructures, as well as corporate organizations' views on VMs in terms of security risk.
- Published
- 2008
21. Big Brother snapping up video silicon.
- Author
-
Yoshida, Junko
- Subjects
- *
SECURITY systems , *INTEGRATED circuits industry , *SECURITY systems industry , *DIGITAL video , *ELECTRONIC industries - Abstract
The article reports on the growth of the video surveillance market for digital video chip providers. According to a China Security Market Report issued in 2007 by the Security Industry Association, China's security and protection market is projected to increase from $6.3 billion in 2005 to $18 billion in 2010. The article reveals that many in the U.S. financial community has been investing into companies that supply, install and operate surveillance system.
- Published
- 2008
22. PCI And The Circle Of Blame.
- Author
-
Conry-Murray, Andrew
- Subjects
- *
DATA security , *PREVENTION of credit card fraud , *DATA security failures , *SECURED credit cards , *CREDIT cards , *SECURITY systems - Abstract
The article discusses about the Payment Card Industry Data Security Standard. According to the article, it was launched in 2006 by organizations in the private sector to enhance credit card information security. However, it has been realized that there are still problems on the system that it fails to come up with the expectations. It was said that the system has some shortcomings that allow retailers to show compliance without making important changes to their security practices.
- Published
- 2008
23. OFFICE SPACE.
- Author
-
Pattison, Ted
- Subjects
WINDOWS (Graphical user interfaces) ,COMPUTER security ,SECURITY systems ,DATA protection ,INFORMATION technology security ,GRAPHICAL user interfaces ,UTILITIES (Computer programs) ,COMPUTER files ,COMPUTER software - Abstract
The article highlights new security terms and concepts that are introduced with Windows SharePoint Services 3.0 (WSS). The section aims to give users a jumpstart into the world of security programming using the WSS object model. It discusses the external security principals and the SPUser object of the program, including how to add authenticated and external users, how to work with permission levels, and reports on WSS groups. The column also demonstrates how WSS provides support for WSS groups and presented a few programming techniques for elevating privileges and impersonating WSS users.
- Published
- 2008
24. Resident Evil.
- Author
-
Fratto, Mike
- Subjects
- *
NETWORK PC (Computer) , *ACCESS to information , *INFORMATION resources management , *COMPUTER security , *SECURITY systems - Abstract
The article offers information about the final stage of the network access control (NAC) Rolling Reviews which focus on host-based NAC. These reviews aim to solve problems like malware propagation and unauthorize access by adding agents to host and controlling access from the source of the problem. In addition, it is stated that centralized management is the critical factor for successful host-based network access control.
- Published
- 2008
25. Analyze Crashes To Find Security Vulnerabilities In Your Applications.
- Author
-
Abouchaev, A., Hasse, D., Lambert, S., and Wroblewski, G.
- Subjects
COMPUTERS ,COMPUTER software ,COMPUTER security ,SECURITY systems ,COMPUTER input-output equipment ,COMPUTER storage devices ,COMPUTER systems ,COMPUTERS -- Safety measures - Abstract
The article offers directions on how to analyze program crashes to discover security exposures in applications. It discusses possible causes of programs crashes and considers the possible security implications such as corruption of memory enabling arbitrary code execution or the denial of service. A list of the common software and hardware exceptions that the user might encounter when facing these types of issues are included. Some general guidelines that the user can use during the investigation such as the graphical paths of a given investigation process to assist the user in deciding whether a particular crash is exploitable are also examined. The common causes of crashes such as hardware and software exceptions are also discussed.
- Published
- 2007
26. FOUNDATIONS.
- Author
-
Lowy, Juval
- Subjects
COMPUTER network security ,INTRANETS (Computer networks) ,INTERNET ,WORLD Wide Web ,DATA protection ,SECURITY systems ,DATABASE security ,SYSTEMS design ,COMPUTER security - Abstract
The article focuses on five security scenarios that addresses the security needs of most applications. The scenarios are, Intranet Application, Internet Application, Business-to-business Application, Anonymous Application, and No security. The article describes security as the most intricate area of Windows Communication Foundation (WCF). The article provides programming techniques that demonstrate WCF extensibility. WCF offers several options for validating certificates sent by the client, if the certificate is validated, then the client is considered authenticated.
- Published
- 2007
27. A Treacherous Journey.
- Author
-
Dornan, Andy
- Subjects
- *
COMPUTER network architectures , *WEB services , *APPLICATION software , *BUSINESS enterprises , *INFORMATION resources management , *SECURITY systems - Abstract
The article provides information on the growth of service-oriented architecture on Web services network in the U.S. It presents several critical analysis in terms of information technology organization including business organization and business competitiveness. It also introduces independent security gateway vendors that includes A10 Networks, AmberPoint Inc. and Array Networks that are moving towards software and virtualization.
- Published
- 2007
28. LAPTOP LOCKDOWN.
- Author
-
Malykhina, Elena
- Subjects
- *
LAPTOP computers , *BIOMETRIC identification , *SECURITY systems , *HUMAN fingerprints - Abstract
The article reports on how companies can authenticate the use and security of their laptop computers. Though everyone is familiar with biometrics, but it is hardly used by anyone. Fingerprint readers are now included in the laptops from Dell Computer Corp., Hewlett-Packard Co. and Lenovo, either as a standard feature or an option. Another security system is the trusted platform module which is an embedded security chip.
- Published
- 2007
29. SECURITY BRIEFS.
- Author
-
Brown, Keith
- Subjects
COMPUTER security ,DATA protection ,SECURITY systems ,COMPUTER systems ,ELECTRONIC systems ,COMPUTER industry ,COMPUTER network resources ,COMPUTER networks ,ELECTRONIC information resources - Abstract
The article reports on event logging. The event log is from the Microsoft .NET Framework on Windows Server 2003. It was developed and designed for localization and efficiency. In using the event log in .NET Framework, the EventLog class gives access to the event log. An event source could be created while the code is running during installation time. The user could log events when the code is running with lower privilege. The creation of an event source is equivalent to the creation of a registry key. If in case that the user forgot to create an event source, the EventLog.WriteEntry will do it for the user.
- Published
- 2007
30. Secure Your ASP.NET Apps And WCF Services With Windows CardSpace.
- Author
-
Leroux Bustamante, Michèle
- Subjects
ONLINE identities ,COMPUTER security ,COMPUTER passwords ,ACCESS control ,SECURITY systems ,AUTOMATION ,COMPUTER software ,COMPUTER files - Abstract
The article reports on the Windows CardSpace and information cards. The Windows CardSpace is significant in the identity metasystem, which aids users to identify applications and services easily while identifying the target site to the user and reduce risks related to private information given to unauthorized sites. Windows CardSpace replaces the traditional username and password authentication through the use of a tool that manages the users digital identities. The Windows CardSpace also protects its users from various forms of identity attack.
- Published
- 2007
31. TOMORROW'S SECURITY TODAY.
- Author
-
Greenmeir, Larry
- Subjects
- *
SECURITY systems , *HIGH technology , *TECHNOLOGICAL innovations , *INFORMATION technology , *BIOMETRIC identification , *LOCKS & keys , *COMPUTER security , *SECURITY management - Abstract
The article focuses on the trend in high technology security systems. Security measures are becoming more sophisticated with the linking of physical and information technology security technologies. These include integrated door locks and surveillance cameras, biometric devices that go beyond skin deep for identifying purposes and network systems that are more adept than criminals. However, the success of these systems depend on how they respond to attacks or security threats automatically.
- Published
- 2006
32. New SQL Truncation Attacks And How To Avoid Them.
- Author
-
Neerumalla, Bala
- Subjects
SQL ,COMPUTER security ,DATA protection ,SECURITY systems ,INFORMATION storage & retrieval systems -- Code words ,CHECK safekeeping ,COMPUTER systems ,COMPUTER networks ,COMPUTER software - Abstract
The article discusses SQL truncation and modification attacks. After overviewing data exploitations using SQL first-order or second-order injection, practices for constructing string variables including delimited identifiers and SQL literal strings are discussed. New ways of SQL injection by truncation and truncation modification causing vulnerabilities are presented to help user protect their applications. When using automated tools, it is recommended that all code patterns should be fully understood in order to detect SQL injection by truncation issues.
- Published
- 2006
33. Protect Your Data Via Managed Code And The Windows Vista Smart Card APIs.
- Author
-
Griffin, Dan
- Subjects
SMART cards ,MICROSOFT .NET Framework ,DATA protection ,COMPUTER storage device industry ,EXPANSION boards (Microcomputers) ,COMPUTER interfaces ,COMPUTER security ,SECURITY systems ,COMPUTER networks - Abstract
The article discusses windows smart card programming basics. Smart cards are credit card with an embedded microchips. Due to privacy protection demands and password-replacement technologies, Bill Gates demonstrated a product that uses APIs called Microsoft Certified LifeCycle Manager on the TSA 2006 Conference. Plug-in model called Card Module API allows smart-card-aware applications to be card-type-agnostic. It addresses card incompatibility issue by providing a file-system-like interface plus additional routines to expose the crypto-related authentication requirements. Discussions on App roadmap, winSCard API wrapper, getSmartCard helper routine and card module API wrappers are presented. Factors considered in transactions management and sequences used are enumerated.
- Published
- 2006
34. Uncover Security Design Flaws Using the STRIDE Approach.
- Author
-
Hernan, Shawn, Lambert, Scott, Ostwald, Tomasz, and Shostack, Adam
- Subjects
SECURITY systems ,TECHNICAL specifications ,THREATS ,COMPUTER software ,COMPUTER security ,DATA protection ,COMPUTER crimes ,MAINTENANCE - Abstract
The article discusses the STRIDE approach in uncovering security design flaws. STRIDE is a systematic approach to threat modeling in the Security Engineering and Communications group at Microsoft which stands for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service and Elevation of Privilege. Security properties including confidentiality, integrity, availability, authentication, authorization and non-repudiation are described and the corresponding threats threat is presented. The author states that using STRIDE model, designing secure software will be simplified. Importance of executive support, implementation, testing, building and delivering, and servicing and maintenance in the system security are also emphasized.
- Published
- 2006
35. MEASURE YOUR RISK IQ.
- Author
-
Apgar, David
- Subjects
INFORMATION technology ,RISK management in business ,MANAGEMENT ,INFORMATION resources management ,COMPUTER security ,DATA protection ,SECURITY systems - Abstract
This article presents a five-step approach to help businesses prioritize information technology (IT) project portfolios before mitigating any risks. It explains that it is not enough for businesses to just assess security risks, rather they must know how good these assessments are. It is important for business to know their limitations. This is so because not all risks are equal, so chief information officers should not regard them are interchangeable and not to act as if their IT team were all good at monitoring them all. IT team should always investigate customer-privacy complaints.
- Published
- 2006
36. SECURITY'S BIG SPEND.
- Author
-
Brown, Patricia
- Subjects
COMPUTER security ,DATA protection ,SECURITY systems ,INFORMATION technology ,ACCESS control ,FINANCE companies - Abstract
This article focuses on the growth in information technology (IT) and computer security budgets of companies in the U.S. Firms in the financial services industry lead in the percentage of their IT budget that is allocated for security. Rob Webb, chief technology officer and chief information officer at Equifax, is typical of executives handling IT. Webb is spending a good portion of his IT budget for security. For many of these firms IT security investment is not being looked as purely spending but rather as opportunity for innovation.
- Published
- 2006
37. Post 9/11, technology keeps us a step ahead.
- Author
-
Johnson, R. Colin
- Subjects
- *
SECURITY systems , *SECURITY management , *SEPTEMBER 11 Terrorist Attacks, 2001 , *DETECTORS , *COUNTERTERRORISM , *TECHNOLOGICAL innovations - Abstract
The article discusses on the impact of technological innovations in the field of security devices five years after the September 11 attacks. The U.S. has spent billions on technology upgrades to detect and defuse new terrorist threats but the question remains if these technologies are deployed effectively. INSET: For security apps, no experimental sensor is too novel.
- Published
- 2006
38. Your Field Guide to Designing Security Into Networking Protocols.
- Author
-
Pustilnik, Mark and Roths, Andrew
- Subjects
SECURITY systems ,DESIGN ,COMPUTER network protocols ,DATA protection ,ALGORITHMS ,SEMANTICS ,CYBERTERRORISM ,ACCESS control ,TECHNOLOGY - Abstract
The article presents the rules or guides in security design of new communications protocols. Protocol is defined as the standard that makes connection, communication and data transfer between two computing endpoints possible and includes state machines, cryptographic algorithms, semantics and others. Likewise, the article discusses the design for communication security, prevention of the man-in-the-middle-attacks such as Address Resolution Protocol (ARP) poisoning, compromised secure transports and preparation to version the protocol.
- Published
- 2006
39. SECURITY BRIEFS.
- Author
-
Brown, Keith
- Subjects
COMPUTER security ,WINDOWS (Graphical user interfaces) ,COMPUTER software ,SECURITY systems ,ELECTRONIC surveillance ,CONFIDENTIAL communications ,DATA encryption ,SYSTEM integration ,KEYSTROKE timing authentication - Abstract
The article discusses computer security protection in Windows computer programs, particularly the Windows Communication Foundation (WCF). Basic security features are provided by the WCF in terms of confidentiality, integrity, and authentication. Confidentiality makes sure that messages are encrypted so that anyone who wishes to spy cannot read the contents of the messages. Integrity ensures that one uses the keyed hash to perform a checksum on the contents of each message so that tampered message could be tracked. And authentication comes into determine the computer user or Windows client's identities. INSET: Configuring a Service Principal Name.
- Published
- 2006
40. What You Need To Know About Using Office As A Development Platform.
- Author
-
Whitechapel, Andrew and Peltonen, John
- Subjects
MICROSOFT software ,APPLICATION software ,COMPUTER software development ,COMPUTER software ,SYSTEMS design ,SOFTWARE protection ,SECURITY systems ,COMPUTER software industry - Abstract
The article offers information about the Microsoft Office software as a development platform, which provides a framework of computer applications. As a development platform, Microsoft office considers several factors, including reliability, scalability, security, deployment, timeliness, and reusability. Reliability covers the degree of robustness of the application programs, protection from rogue customizations, and the server software standards. Meanwhile, Microsoft Corp.'s newly released 2007 Office features a more understandable, transparent, and easy to administer security systems.
- Published
- 2006
41. INVINCIBLE.
- Author
-
Greenemeier, Larry
- Subjects
- *
COMPUTER security , *SECURITY systems , *DATA protection , *COMPUTER viruses - Abstract
The article reports on the results of the periodical's ninth annual Global Security Survey showing across-the-board threats to business computing environments. 57 percent of respondents in the U.S. reported being hit by viruses in the past year. Network attacks and identity theft were experienced by nine and eight percent, respectively. Yet computer security professionals think that they have got worms, data breaches and other threats under control.
- Published
- 2006
42. Standing Guard.
- Author
-
Wayne, Rick
- Subjects
- *
COMPUTER software , *COMPUTER security , *DATA protection , *SECURITY systems - Abstract
The article reviews the vulnerability scanning software AppScan 6.0 from Watchfire.
- Published
- 2006
43. Anatomy Of A Break-In.
- Author
-
Winkler, Ira
- Subjects
- *
COMPUTER network security , *COMPUTER security , *DATA protection , *FIREWALLS (Computer security) , *SECURITY management , *SECURITY systems - Abstract
The article discusses the author's views about a large multinational company, which underwent a full security audit. The simulated espionage yielded the following recommendations: According to the author, one should always demand authorization and verification from a company employee or sponsor for a person to receive a facility access card. The company should establish security awareness programs that include both physical and technical issues. The company should also maintain audit logs for critical systems and review them regularly. INSET: Is Hiring A Crook Worth The Risk?.
- Published
- 2006
44. feedback.
- Author
-
Crego, Julie, Helvey, Thomas, Haven, Richard C., Hudson, Tom, Ruiu, Dragos, Loder, Chad, Wieder, Alex, and Knighton, Craig
- Subjects
- *
LETTERS to the editor , *OFFSHORE outsourcing , *CHIEF information officers , *CIVIL service , *SECURITY systems - Abstract
Presents letters to the editor referencing articles and topics discussed in previous issues. "Outsourcing Works," which marketed offshoring; "Spectacular Falls," which commented on chief information officers in government; "False Protection," which focused on security vulnerabilities in security products.
- Published
- 2005
45. False Protection.
- Author
-
O'Connell, Laurie
- Subjects
- *
DATA protection , *APPLICATION software , *COMPUTER security , *SECURITY systems , *COMPUTER software - Abstract
This article discusses a variety of issues concerning security software. The nature of security software makes it an inherently enticing target. Developers of security software must conduct early and frequent design review, run nightly regression tests and frequent code base reviews, analyze component authentication and perform checkpoint review with security-knowledgeable people. When selecting a software security system or vendor, demand hard evidence of best practices and a comprehensive method of detecting and repairing problems that might arise.
- Published
- 2005
46. The Security Barrier To Mobile Computing.
- Author
-
Signorini, Eugene
- Subjects
MOBILE businesses ,TELECOMMUTING ,CHIEF information officers ,COMPUTER security ,SECURITY systems - Abstract
An ever-expanding mobile workforce requires CIOs to stay aware of wireless-security technologies. Companies should develop policies to ensure network security both inside the company premises and well beyond. [ABSTRACT FROM AUTHOR]
- Published
- 2005
47. SECURITY BRIEFS.
- Author
-
Brown, Keith
- Subjects
KEYSTROKE timing authentication ,COMPUTER software ,COMPUTER security ,DATA protection ,SECURITY systems - Abstract
Writing a custom GINA, the Graphical Identification and Authentication component, is not easy. MSGINA is a very complicated piece of machinery, and replacing it is not trivial. It is the aim of this article to discuss how to customize GINA and how to implement each of the GINA entry points. The author enumerates further several functions that WinLogon will call in GINA.
- Published
- 2005
48. RFID'S SECURITY CHALLENGE.
- Author
-
Claburn, Thomas, Hulme, George V., and Sullivan, Laurie
- Subjects
- *
RADIO frequency identification systems , *SECURITY systems , *SECURITY management , *COMPUTER security , *INVENTORY control - Abstract
The article discusses the data security system in Radio Frequency Identification (RFID). Businesses and vendors alike acknowledge that security remains a question mark and that it has taken a backseat to the focus on bottom-line results and returns on investment for RFID enabling their supply chains, for now. However, with a technology as ubiquitous as radio-frequency identification will be, there's great potential for damage, warns Salil Pradhan, chief technology officer of RFID technology at HP Labs.
- Published
- 2004
49. Mind Those Passwords!
- Author
-
Brown, Keith
- Subjects
COMPUTER passwords ,INTERNET ,WEBSITES ,COMPUTER security ,SECURITY systems ,DATA protection - Abstract
Passwords are necessary evils. What you need to do is choose a unique password for each and every Internet site you visit. Ideally, this password should be as long as allowed by the site, complex, and preferably randomly generated. Of course, there are very few humans in the world who can randomly generate a complex password without the help of a tool. This article describes a tool, Password Minder that can solve this problem.
- Published
- 2004
50. THE NEW ECONOMICS OF INFORMATION SECURITY.
- Author
-
Gordon, Lawrence A. and Richardson, Robert
- Subjects
- *
COMPUTER security , *SECURITY systems , *NET present value , *RATE of return , *EXTERNALITIES , *COST effectiveness , *ECONOMICS - Abstract
Discusses the need for information security managers to examine the economics of security to protect their companies. Indirect costs and negative impact of lack of security on companies' reputations; Use of return on investment and net present value to economically justify information-security investments; Advantages of using net present value; Problem of externalities; Information sharing issues. INSET: CYBERCRIMES' TRUE PRICE: Crime may not pay, but someone has to....
- Published
- 2004
Catalog
Discovery Service for Jio Institute Digital Library
For full access to our library's resources, please sign in.