eWEEK EDITORS

CERTs tips for recovering from a system compromise SANS step-by-step tips for handling Unix Trojans Bugtraq archive A searchable dictionary of known vulnerabilities Microsoft security information LaBrea anti-worm program Paper on legal liabilities of distributed-denial-of-service attacks

Response Systems that have been infected by a worm or attacked by an intruder should be disconnected from the network immediately. Find out how the attack happened. Although some worms trumpet their existence, others, as well as cracker intrusions, will require some detective work. Remove worm files and Trojans from infected systems using updated anti-virus […]

The SANS Institute intrusion detection articles Find out whats been defaced, what exploits are popular and pick up Nmap, a decent Linux-based port scanner at www.insecure.org Security news Open-source IDS at its finest Searchable database of attacks for a variety of IDS platforms Linux security alerts Log analysis resources News about and tools to find […]

Detection Every day, come to the office assuming that a new vulnerability has surfaced Perform routine checks of log files from firewalls, Web and application servers, IDS boxes, and performance monitors Be curious, ask questions and pursue answers Prioritize assets based on their value, and focus detection efforts accordingly Make a list of all the […]

Tape storage and host bus adapters are the newest technology components to become part of the Storage Networking Industry Associations Supported Solutions Forum, and interoperability between network-attached storage and storage over IP is on the horizon. The forum, or SSF, which debuted its first offerings six months ago from storage vendors Compaq Computer Corp., EMC […]

VULNERABILITY UPDATES CERT The SANS Institute Bugtraq ASSESSMENT GUIDELINES Information Security Assessment Checklist: A Benchmarking Tool for Managers MIT Information Systems Computer Security Self-Assessment Central Queensland University IT Threat Risk Assessment University of Virginia Department of Computer Security Self-Assessment Laptop Computer Security ASSESSMENT TOOLS HFNetChk, scans for vulnerabilities in Microsoft systems Linux automated update tool […]

Assessment Anti-terrorism rules may create new requirements for allowing government access to private data resources. Design systems now to meet possible legal demands without compromising competitive intelligence. Web services will streamline deployment of enterprise database clients to wireless handhelds. Act now to define data access privileges and anticipate wireless security vulnerabilities. Emerging digital rights management […]

Vulnerability assessment Identify the assets and processes at risk Focus on business risk, not technology Look beyond IT turf: Consider security impact of facility and human resources policies Use available automated tools for technical vulnerability scans Anticipate legal obligations to ward off intruders and prevent involvement in distributed attacks Consider nonelectronic information: Shred sensitive input […]

In the growing area of niche database vendors, Lazy Software Ltd., of Britains High Wycombe region, stands out for its enterprise roots–and enterprise future, if its founders have their way. The 42-employee company will officially launch Version 2.0 of its flagship Sentences product in the United States Tuesday. Because of their “associative data” approach, Sentences […]

Enterprise storage titan Hitachi Data Systems announced Shinjiro Iwata as its new CEO and president yesterday, along with its goal of overtaking main rival EMC Corp. by 2004. Iwata replaces Jun Naruse, who will return to Japan as executive officer of Hitachi Ltd.s Information Systems & Telecommunications Group. ”I am very pleased to return to […]