Cornerstone Issue 55: November 18, 2003
Welcome to Issue 55 of Cornerstone, an electronic newsletter
issued periodically by Core Competence.
Cornerstone reports on a wide range of networking topics and
activities involving Core Competence. A brief abstract explains
what you will find if you choose to visit each URL.
http://www.jupiterevents.com/80211/fall03/agenda.html#ctrack
CoreCom's Lisa Phifer joins Diana Kelley in delivering a hands-on
WLAN Security Workshop at the Wi-Fi Planet Conference in San Jose.
In this workshop, we demonstrate WLAN vulnerabilities using popular
discovery, analysis and intrusion detection tools. We review best
practices and guide students through hands-on exercises, where they
learn to configure and use measures like WPA, 802.1X with EAP-TLS
or PEAP, VPN tunneling and SSL portals.
http://www.jupiterevents.com/80211/fall03/agenda3.html#d1130
Lisa Phifer will also be moderating these WLAN security panels at
December's Wi-Fi Planet conference:
http://searchmobilecomputing.com/tip/1,289483,sid40_gci935149,00.html
In this Wireless-To-Go column, Lisa Phifer reviews Bluefire Mobile
Firewall Plus, a centrally-managed security suite for Pocket PCs and
Smartphones aimed at large enterprises and carriers.
http://searchmobilecomputing.com/tip/1,289483,sid40_gci937435,00.html
Lisa reviews the AppGate Mobile Client on a SonyEricsson P800. This
rather unique VPN solution for PDAs and PCs is based on Secure Shell,
protecting many Intranet applications with minimal client-side fuss.
http://isp-planet.com/fixed_wireless/technology/2003/wids_overview1.html
Wireless intrusion detection is a logical extension of the security
measures most companies already have in place. In this three part series,
Lisa examines the offerings of three different solution providers: IBM,
Vigilar, and VigilantMinds.
http://www.issa-sc.org/wireless-checklist.html
Dave Piscitello and Lisa Phifer prepared these "crib notes" for Dave's
recent presentations to the ISSA's South Carolina Chapter and a
Colloquium held at the University of South Carolina in October.
http://hhi.corecom.com/catWindow$.htm#BlogID155
Dave relates his experience with the CIS (Center for Internet Security)
Windows Security Assessment and Scoring Tool.
http://hhi.corecom.com/catRant.htm#BlogID154
Now that the RIAA has started suing MP3 sharers, it's only natural that
SANS would raise P2P's status. But Dave wonders: Why did it take so long
for P2P to rise to the Top 20?
http://hhi.corecom.com/catWeb_Security.htm#BlogID151
By default,Microsoft IIS (4.0 and 5.0) will insert the server's IP
address in the HTTP Content-location header of a 200 OK message.
Dave discusses why and when this is undesirable.
If you enjoy Dave's Blog, subscribe to his Blog digest by sending
mailto:dave@corecom.com?subject=send_digest
http://www.bcr.com/bcrmag/2003/10/p28.asp
Most IT departments try to beef up teleworker security with VPN and
AV software. But as teleworker nodes morph into teleworker networks,
should your security strategy change? In this article, Lisa Phifer
look at how to adapt teleworker defenses to address new threats
posed by both wired and wireless residential LANs.
http://hhi.corecom.com/liotineforeword.htm
Maintaining business and network continuity is as much about
maintaining good performance when confronted with incidental events
and temporary outages as it is about handling catastrophic ones.
As Dave Piscitello describes in this Foreword, Matthew Liotine's new
book presents strategies, best practices, processes, and techniques
to prepare networks that are survivable and have stable behavior.
-----------------------------------------------------------------
Cornerstone is an electronic publication of Core Competence, Inc.
If you do not wish to receive future issues, please reply to this
message or send email to
cornerstone@corecom.com
with the word "remove" in the subject line or message body.
For additional information about Core Competence, visit our web site http://www.corecom.com
Conferences
Hands-On WLAN Security Workshop
Wi-Fi Planet Conference, December 2nd, San Jose
http://www.jupiterevents.com/80211/fall03/agenda4.html#a130
WLAN Security Panel Sessions
Wi-Fi Planet Conference, December 4-5th, San Jose
Securing Wireless with VPN: Challenges and Solutions
WLAN Security Monitoring & Maintenance
SearchMobileComputing Wireless-To-Go Columns
Bluefire brings Pocket PCs under IT control
searchMobileComputing, November 3 2003
AppGate secures intranet access from PDAs, laptops
searchMobileComputing, November 17 2003
Wireless LANs
http://isp-planet.com/fixed_wireless/technology/2003/wids_overview2.html
http://isp-planet.com/fixed_wireless/technology/2003/wids_overview3.html
WIDS Overview: Helping Customers Spot Wireless Intruders
ISP-Planet, October 14,21,28, 2003
http://www.issa-sc.org/8021x-handout.html
802.1x Primer, WLAN Security Checklist for SMBs
ISSA SC Chapter, October 2003
Dave Piscitello's Weblog
Satisfying CIS Windows Security Benchmarks
Dave's Blog, October 30, 2003
P2P Makes SANS Top 20 - Why Now?
Dave's Blog, October 29, 2003
Don't Leak Your Web Server's Private IP Address
Dave's Blog, October 22, 2003
Enterprise Network Administration
http://www.corecom.com/external/bcrmag/bcrmag-worker-oct03.pdf
Securing Teleworker Networks
Business Communications Review, October 2003
Foreword to "Mission-Critical Network Planning"
Artech House, October 2003
For past issues, visit our CornerStone page http://www.corecom.com/html/cornerstone.html
Send us a subscribe message to receive future issues of CornerStone.