Cornerstone Issue 58: April 13, 2004
Welcome to Issue 58 of Cornerstone, a subscription-only electronic
newsletter issued periodically by Core Competence.
Cornerstone reports on a wide range of networking topics and
activities involving Core Competence. A brief abstract explains
what you will find if you choose to visit each URL.
http://www.searchMobileComputing.com/tip/1,289483,sid40_gci953497,00.html
Although new 802.11g products often support Wi-Fi Protected Access,
firmware upgrades for many older 802.11b products are missing in action.
If you're stuck with a non-upgradeable embedded laptop chip or desktop
PCI/USB adapter, Lisa Phifer explains why this USB stick is one cheap,
easy way to start using WPA security on your WinXP PC.
http://searchmobilecomputing.com/tip/1,289483,sid40_gci957257,00.html
Lisa Phifer reviews Segue, a Win32 wireless connection manager that
includes a hotspot location directory, AP finder, WPA/VPN-enabled
profile manager, and status monitor, distributed by T-Mobile, AT&T
Wireless, and other Wi-Fi hotspot providers.
http://loop.interop-comdex.com/comments/96_0_1_8_C/
Is Token Authentication the Holy Grail? Microsoft, Verisign's OATH
crew, and others may have stumbled on the right authentication method,
but all miss the forest among the trees. Read Dave Piscitello's
analysis at LOOP.
http://loop.interop-comdex.com/comments/88_0_1_16_C/
Many of you will receive dozens if not hundreds of well-intentioned
email notifications warning the latest, most nefarious worm ever is
now "in the wild". Read Dave Piscitello's LOOP commentary on how
notifications have become a second-order worm propagation effect.
http://loop.interop-comdex.com/comments/71_0_1_32_C/
Dave Piscitello reacts to the RIAA's aggressive "anti-piracy"
campaign to eliminate music sharing, swapping, downloading, and
copying. Is RIAA's biggest problem not illegal copies of music,
but its unwillingness to take ownership of the problem?
http://loop.interop-comdex.com/comments/67_0_1_32_C/
In this LOOP post, Dave Piscitello uses a power outage "incident" at
his office to discuss service availability (a security metric), mean
time to restore, and how small businesses should interpret them.
http://searchSecurity.com/r/0,,26719,00.htm?track=NL-100&ad=478781&Cisco
In this webcast, Lisa Phifer presents the status of IPsec and SSL VPN
technologies, discusses how trends like managed service outsourcing and
wireless are changing the VPN landscape, and identifies factors to
consider when choosing VPN technologies to meet your business needs.
[Note: This webcast cannot be viewed if you block pop-ups.]
http://searchsecurity.com/tip/0,289483,sid14_gci955473,00.html
In this pre-webcast tip for searchSecurity, Lisa Phifer cautions that
using a browser-based VPN to go "clientless" still requires client-side
vulnerability analysis and mitigation, and illustrates some of the
measures available today in SSL VPN products.
http://www.corecom.com/external/livesecurity/xpaudit.htm
Ironically, the same companies that insist on "strongly authenticated
tunnels" often make little effort to assure that PCs configured with
VPNs have equally strong user account and auditing policies. In this
LiveSecurity column, Dave Piscitello explains how to audit systems
running Windows XP Pro by using the Local Security Policy editor.
http://www.corecom.com/external/livesecurity/xplocal.htm
In this companion column, Dave Piscitello explores ways to exercise
control over what local computer and network resources users may access
by using Windows XP's Group Policy Object Editor.
http://infosecuritymag.com/ss/0,295796,sid6_iss346_art681,00.html
Many enterprises are adding third-party auditing to prove compliance
with Sarbanes-Oxley, HIPAA and GLBA. That's where Pedestal Software's
SecurityExpressions really comes into play for automating system
security policy auditing and enforcement. Read Lisa Phifer's review.
http://www.bcr.com/bcrmag/2004/02/p16.asp
After a year of rapid-fire worms and trojans, increasingly buggy
software, overwhelming spam and widespread power failures, what are
the prospects for network availability and security in 2004? And more
important, what steps are necessary for things to improve? Industry
experts ponder this question in Lisa's latest article for BCR.
http://www.webtorials.com/main/eduweb/wireless/index.shtml
Webtorials recently published Lisa Phifer's article from BCR. To quote
Steven Taylor of Webtorials, "This paper addresses two of the primary
concerns of most enterprises today wireless access and how to make
this access secure. I’m sure that you’ll find it to be most useful."
http://www.thinplanet.com/opinion/racosts.asp
In this opinion piece, published by Thin Planet and ASPNews, Lisa Phifer
explores why browser-based managed services may help your company
deliver more convenient and cost-effective remote access to diverse
user communities.
http://hhi.corecom.com/weblogindex.htm
Interested in running Windows XP from a CD? Are Counterattacks against
DOS attackers and hackers a good thing? Are miniature breeds a good
thing? Do you know what PESO is? These are some of the topics Dave
has blogged since Groundhog's Day. If you enjoy Dave's Blog, you can
subscribe to it by sending mailto:dave@corecom.com?subject=send_digest
http://www.enterpriseitplanet.com/security/features/article.php/3330651
In this coverage of Wi-Fi Planet Toronto, Lyne Bourque offers an
overwhelmingly positive and detailed overview of the WLAN Security
workshop taught there by CoreCom's Lisa Phifer and CA's Diana Kelley.
Thank you Lyne!
-----------------------------------------------------------------
Cornerstone is an electronic publication of Core Competence, Inc.
If you do not wish to receive future issues, please reply to this
message or send email to
cornerstone@corecom.com
with the word "remove" in the subject line or message body.
For additional information about Core Competence, visit our web site http://www.corecom.com
SearchMobileComputing Wireless-To-Go Columns
D-Link Ships WPA In USB Format
searchMobileComputing, March 4, 2003
Segue: Integrated roaming from home to office to hot spot
searchMobileComputing, 29 Mar 2004
COMDEX Loop Columns
Ubiquitous Token Authentication: What will it take?
Comdex LOOP, March 10, 2004
Virus alerts: 1st and 2nd order propagation effects
Comdex LOOP, March 2, 2004
RIAA must re-think strategy... and image
Comdex LOOP, January 13, 2004
Power Supplies... and Mean Times
Comdex LOOP, December 31, 2003
searchSecurity Webcasts
Webcast: New Directions in VPNs
searchSecurity, Tuesday, March 30, 2004
Client-side security considerations for SSL VPNs
searchSecurity, March 23, 2004
LiveSecurity Columns
Securing XP Desktops: Account and Auditing Policies
WatchGuard LiveSecurity, December 11, 2003
Securing XP Desktops: Controlling Local Use and Network Access
WatchGuard LiveSecurity, December 18, 2003
Security Administration
Product Review: SecurityExpressions 3.1
InfoSec Magazine, March 2004
Rethinking Network Security
Business Communications Review, February 2004
Securing Remote/Wireless Access
Securing Wireless Access To Mobile Applications
Wireless Webtorials, March 2004
http://www.aspnews.com/analysis/analyst_cols/article.php/3330181
Can Remote Access Costs Be Cut While Increasing Productivity?
Thin Planet & ASPNews, March 2004
CoreCom News
Dave Piscitello's Weblog
March 2004
Wi-Fi Planet Toronto: Security Taking Hold
EnterpriseITPlanet, March 23, 2004
For past issues, visit our CornerStone page http://www.corecom.com/html/cornerstone.html
Send us a subscribe message to receive future issues of CornerStone.