http://webevents.broadcast.com/wsp/index.asp?nEventId=2430
On-Line Chat: Troubleshooting IPsec VPNs
searchSecurity, October 8, 2002 at 01:00 PM EDT

If you're planning to deploy IPsec encryption and authentication for site-to-site or remote access VPN tunnels, you'll want to attend this searchSecurity on-line event. Lisa Phifer will explain how to troubleshoot typical VPN problems and use common diagnostic tools to debug IKE and IPsec gotchas.

ENTERPRISE NETWORK SECURITY

http://www.corecom.com/external/livesecurity/xscript.htm
Anatomy of a Cross-Site Scripting Attack
WatchGuard LiveSecurity Editorial, July 11, 2002

Cross-site scripting is the Web corollary of the Hydra, and like the mythological creature, the Web Hydra has many heads. Cross-site scripting attacks are perpetrated through Web browsers facilitated by poorly written Web applications. In this column, Dave Piscitello suggests remedies and emerging best practices to avoid being exploited by cross-site scripting attacks.

http://www.pestpatrol.com/Whitepapers/RemoteProtection0902.asp
http://www.pestpatrol.com/Whitepapers/PDFs/REPS.pdf
Cost-Effective Remote End Point Protection
PestPatrol White Paper, September 1, 2002

This white paper, developed by Lisa Phifer for PestPatrol, illustrates the security threats posed by remote workers that use VPNs to access corporate networks and the business risk of leaving these "remote end points" inadequately protected. She explores measures to combat these threats, the characteristics of cost-effective security, and shows how PestPatrol can be deployed in tandem with the Check Point VPN-1 SecureClient to defend workers against remote access trojans, hacker tools, spyware, and other harmful pests.

http://www.bcr.com/bcrmag/2002/09/p26.asp
http://www.corecom.com/html/bcrmag.html#sep02
Understanding Wireless LAN Vulnerabilities
Business Communications Review, September 2002

War driving. Air tapping. Drive-by Wi-Fi. Call it what you will, but exploiting the broadcast nature of 802.11 "Wi-Fi" to find and use unprotected networks is fast becoming a national pastime. Alternately overhyped and underestimated, war driving is the proverbial canary in the coal mine. In this article, Lisa Phifer presents some of the myths and realities of WLAN security, helping companies to better understand vulnerabilities and take appropriate steps to counteract them.

WIRELESS LANS

http://searchsecurity.com/originalContent/0,289142,sid14_gci853311,00.html
Cyberspace Policy Creates Wireless Waiting Game
SearchSecurity.com, September 26, 2002

September's draft "National Strategy to Secure Cyberspace" failed to mandate stronger security for networks in general or wireless LANs in particular, relying instead on education and market forces to spur much-needed change. In this commentary, Lisa summarizes NIST security recommendations for federal agency WLANs and argues that new regulations will be needed to protect private sector WLANs.

http://searchnetworking.com/ateAnswers/0,289620,sid7_tax292553,00.html
searchNetworking Wireless LAN Q&A
August 21-September 24, 2002

As a searchNetworking expert on wireless LANs, Lisa Phifer answers questions posed each week by readers. Questions tackled this month

• Anyone using Wi-Fi to support field/process automation?
  
• Is there EAP-TTLS or PEAP software for Wi-Fi enabled PDAs?
  
• Does WLAN client location tracking technology exist?
  
• What is propagation?
  

Visit this Q&A page to read answers or pose your own question to any searchNetworking site expert.

-----------------------------------------------------------------

Cornerstone is an electronic publication of Core Competence, Inc. If you do not wish to receive future issues, please reply to this message or send email to cornerstone@corecom.com with the word "remove" in the subject line or message body.

For additional information about Core Competence, visit our web site http://www.corecom.com
For past issues, visit our CornerStone page http://www.corecom.com/html/cornerstone.html
Send us a subscribe message to receive future issues of CornerStone.