Saturday, October 28, 2006

Network Security System offers fully integrated solution.

Intelligent, out-of-the-box ESP 3000 solution consists of integrated layers of security technologies including IDS, IPS, behavioral analysis, event and global threat correlation, vulnerability scanning, vendor alerts, asset database, and security dashboard. Browser-based Master Control Unit acts as monitoring console, signature server, cluster manager, and Web server, while also containing Web portal housing all reports and graphs for appliance suite.

New SRM solution from a proven network security innovator arms organizations with more complete protection, cost savings and ability to preemptively avoid network attacks

DALLAS, TX. - September 26th, 2005 - Global DataGuard, the premier provider of Security Risk Management (SRM) solutions for midsize-to-enterprise organizations, today announced it is rolling out a fully integrated, groundbreaking suite of new SRM solutions that enable organizations to immediately and economically understand where their networks are vulnerable, who's trying to attack them and what they can do to prevent network security problems.

Global DataGuard's intelligent, out-of-the-box ESP 3000 solution consists of integrated layers of security technologies that together provide unmatched risk management: IDS, IPS, behavioral analysis, event and global threat correlation, vulnerability scanning, vendor alerts, an asset database and a security dashboard. Each layer complements and augments the others, with intelligent behavioral analysis and correlation capabilities comprising the GDG difference. The result is early warnings of threats other solutions cannot see; far fewer false positives; cost savings, more thorough compliance and the ability to manage security solutions with one console.

Saturday, October 21, 2006

Guard your systems from network parasites with the WolfPac Security Suite - Top Technology Showcase

PSINet Europe, a leading provider of corporate IP-based communication services, recently conducted a little experiment: To prove the importance of network security, it set up an anonymous "dummy server" containing no data and no public profile. Within 24 hours it was attacked 467 times. This large number reflects the fact that computer hacking is no longer just a hobby for computer geeks--it is now a full-time job. Network professionals need to be aware of this growing problem and learn to protect themselves from uninvited guests.

NetWolves' latest offering is designed to prevent system robbery. It acts as a hacker's kryptornte making your servers secure from outside intrusions. The Security Suite acts as a link between large companies and remote offices or as a single gateway for small-to-medium size businesses. It provides companies with an option for shielding their intellectual property from information thievery.

The suite comes in two platforms: the WolfPac 2020 and the WolfPac 3020. They both come equipped with three Ethernet 10/100 interface cards for WAN, LAN and DMZ connections. The security suite is offered with either a 600MHz or 900MHz processor, 20- to 100GB hard drive, and up to 1,024MB of RAM.

Thursday, October 19, 2006

Web application assessment - Network monitoring and security - Weblnspect 3.0 Enterprise Edition - Brief Article

Discover where network security needs improvement with Weblnspect 3.0 Enterprise Edition, a product designed to automate the assessment of Web services security. Users can perform security assessments on any Web-enabled application, including specific assessment capabilities for Microsoft .NET, IBM WebSphere, Lotus Domino, Oracle Application Servers and MacroMedia ColdFusion. An intuitive, wizard-driven interface, and integrated tools and utilities provide easy access to Web application vulnerabilities. In addition, an expert mode allows advanced users to manually interact with the assessment process and create custom test scripts. The configurable XML export tool enables users to export any and all information found during the scan in a standardized XML format, including comments, hidden fields, Javascript, cookies, Web forms, URLs, requests and sessions.

Friday, October 13, 2006

Scan like a hacker - Network monitoring and security

ScanDo is a Web application scanner that assesses the entire Web application to identify security loopholes through comprehensive exploration and penetration of the Web application and its operating environments. The tool reveals Web application vulnerabilities using the same techniques used by hackers, including the manipulation of IT infrastructure vulnerabilities, parameter tampering, Web services and SOAP vulnerabilities, hidden field manipulation, cookie poisoning, stealth commanding, backdoor and debug options, database sabotage, buffer overflow attacks, data encoding, and protocol piggybacking. Weaknesses are pinpointed and the risk level assessed within the applications to be managed. The solution then generates reports in graphical or textual formats for novice or experienced security personnel.

Monday, October 09, 2006

Questioning the cost of compliance: some say a new network security rule puts an unfair burden on higher ed

WITH LEGISLATION TO reauthorize the Higher Education Act (HEA) lumbering toward enactment, although its final form remains uncertain, the higher education community in Washington is paying attention to new developments in other areas.

One issue: regulations issued by the Federal Communications Commission (FCC) to broaden law enforcement's ability to monitor electronic communications involving suspected terrorists and criminals.

The new regulations extend to universities, as well as libraries, airport public wireless networks, and commercial Internet service providers, provisions of the 1994 Communications Assistance for Law Enforcement Act. That measure directed telephone companies to redesign their networks to enable law enforcement agencies to have remote access to their systems.

The rules, newly issued by the FCC, extend the remote access requirements to computer networks. Implementation requires all Internet service providers, including IHEs, to upgrade network switches and routers by June 2007 to enable remote monitoring. The cost to upgrade computer networks at IHEs is estimated at $7 billion, according to the American Council on Education (www. acenet.edu), which quickly challenged the FCC's rules in the federal appellate court for the District of Columbia.

"Potentially, this is a huge deal over a complicated set of issues," says ACE Senior Vice President Terry W. Hartle. Some people would argue there is a broader privacy issue here. "What we have argued is simply that we will comply; we are anxious to do our part in the war on terror, but what the government is asking us to do is very expensive for very little return."

Higher ed institutions have long worked with law enforcement agencies pursuing criminal investigations, adds Sheldon E. Steinbach, ACE vice president and general counsel. He says that by filing suit, ACE hopes to convince the FCC that institutions "can provide the same access through alternative approaches" without having to shell out $7 billion.

"When you evaluate efficiency versus the incredible cost of compliance, we just don't think it makes a lot of sense," Steinbach says.

SHAPING THE FUTURE

In another development, U.S. Education Secretary Margaret Spellings kicked off a national commission established to shape the future of higher ed in the U.S. and asked it to submit specific recommendations by August 1, 2006, on four areas: accessibility, affordability, accountability, and quality.

The commission, made up of 19 business, foundation, and higher ed representatives, got an immediate taste of its mission when the College Board reported that there continue to be significant long-term concerns about college access and affordability.

Although average grant aid per student is growing, it's not by enough to prevent increased reliance on borrowing, the College Board stated. Low-income students receive more grant aid, on average, than higher-income students, but new student aid policies have benefited those in the upper half of the income distribution most.

HEA UPDATE

Meanwhile, the Senate and House are still moving in their own ways to reauthorize the HEA. At the outset of the congressional budget process last February, both bodies agreed to reduce the federal deficit by $35 billion over five years by cutting entitlement programs, a process known as reconciliation. The Senate Committee on Health, Education, Labor and Pensions must contribute one-third of the total cuts in the Senate.

In October, the Senate Committee approved budget reconciliation legislation that encompasses HEA reauthorization. The measure cuts $15.1 billion over five years from the federal student loan and pension programs. The House Education and Workforce Committee cut $20.8 billion.

Higher ed lobbyists continue voicing concerns over spending cuts. But Congress is under pressure to help pay for hurricane relief and the war in Iraq. Unsure when it will complete reauthorization, Congress extended programs under HEA as they stand until December 31.

Monday, October 02, 2006

Credit union serves up secure solution; password technology system provides members with authenticated, 24/7 network access - Network Security - State

More than 73,000 members. $530 million in assets. A fast-growing dial-in network where remote users can gain 24/7 access. A potential security nightmare.

That was the challenge facing the State Employees Credit Union (SECU) in Lansing, Mich., which, since its charter in 1952, has grown to become one of the leading credit unions in Michigan and the United States. With its burgeoning network, however, Mark Davis, SECU assistant vice president of data center operations, understood the dangers of unauthorized access, and wanted to be able to identify each individual user attempting to log on to the system.

"As far as remote dial-in, we were getting to the point where our network was too exposed and anybody would be able to get in," says Davis. "I realized that greater security would be needed as we basically just had someone dialing into a router to use NT security."

SECU underwent an exhaustive search to identify a cost-effective method to provide high-level security for its dial-in network.