Category Archives: Articles

Targeted cyber attacks

Cyber attack is the name given by (usually sensationalist) articles and documents describing crimes that occur in a virtual world as opposed to tangible attacks such as war. A targeted cyber attack is when the attacker specifically targets someone or a company. A successful attack will typically allow the attacker to gain access to the… Read More »

Writing an RFP for a Network Access Control Solution

When considering network security solutions, many organizations choose network access control (NAC) technology as an integral part of their security fabric. Many industry experts believe that NAC is vital to complete network security. NAC helps to ensure that devices entering the network will not introduce viruses or other potentially debilitating malware. Once devices have been… Read More »

Yapbrowser: Directing you to Illegal Content

Web-browsers. They’re all around you, on every PC across the length and breadth of the planet, yet you probably don’t stop to think about them too much. Why would you? They’re just there, and that’s all that matters, like the mouse or the keyboard – a tool you just plug in to do something else,… Read More »

Implementing SSO: Myths, Errors and Best Practices

In the past decade or so since SSO software came into being, the merchants of doom have been predicting their imminent disappearance in the face of the integration of Kerberos within Windows, the increased Web-enabling of applications, and the development of ADFS and Liberty Alliance.

Pen Testing vs. Vulnerability Analysis Tools, Which is Best?

Over the past several years I have heard people asking the question “should I use vulnerability analysis tools to assess my web based applications or should I look to penetration testing?” I think we, as an industry, may be asking the wrong question. First, let’s look at how the web application industry has grown over… Read More »

e-Filing for Beginners

Email is the new paper. It is now used for over 80% of written business communication. Given the exponential rise in email-based business communication over recent years, there is a definite need for the e-filing cabinet, in order to store, manage and utilise email based information effectively.

Malware creates new challenges for anti virus vendors

Over the past few years those monitoring trends on malicious Internet activities have noticed a significant change. We are seeing a sizeable decrease in the media grabbing pandemic outbreaks of malicious software. Yet with less headlines on high risk infectors we are still seeing an increasing overall number of malware infections, it is this new… Read More »

Preventing a Brute Force or Dictionary Attack

To understand and then combat a brute force attack, also known as a dictionary attack, we must start by understanding why it might be an appealing tool for a hacker. To a hacker, anything that must be kept under lock and key is probably worth stealing. If your Web site (or a portion of it)… Read More »

Preventing a Brute Force or Dictionary Attack

Administrative accounts are not the only problem: many Web applications and Web application frameworks create default users during installation. If the site administrator does not remove these default users or at least change their passwords, these accounts will be easy targets for a dictionary attack. Finally, when users are allowed to choose their own usernames,… Read More »

The Consumerization of IT Demands Policy enforcement

Throughout 2007 IT will need to prepare itself for an onslaught of unmanaged IP enabled devices as millions of users plug in new computers, USB drives, music/video players, handheld mobile devices, and even the stray game console into enterprise networks. In addition to new shiny objects, many users install applications like iTunes, VoIP, multi-player games,… Read More »