Cornerstone Issue 62: November 9, 2004
Welcome to Issue 62 of Cornerstone, a subscription-only electronic
newsletter issued periodically by Core Competence.
Cornerstone reports on a wide range of networking topics and
activities involving Core Competence. A brief abstract explains
what you will find if you choose to visit each URL.
http://www.airmagnet.com/products/wp-index.htm
With rogue wireless devices posing a threat to corporate networks,
it's become essential for owners to detect, disable, and manage them
automatically. This new AirMagnet white paper, written by CoreCom's
Lisa Phifer, defines rogue APs and stations, explains why they
present a business risk, and details how to effectively identify,
locate, and eliminate them using industry best practices.
http://www.citrix.com/passwordmanagervideo
CoreCom's Lisa Phifer participates in this Citrix video news report
that offers a general public primer on password vulnerabilities and
ways to reduce risk by eliminating what is all too often the weakest
link in network and system defenses.
http://www.desktoppipeline.com/showArticle.jhtml?articleID=50900081
Do a search on Google for "security freeware," and you'll get 2M
hits. Security freeware is pretty popular. The price is right and
everyone needs more security. What's the catch? Security. In this
column, Dave Piscitello suggests 5 questions you should ask yourself
before installing any security freeware.
http://loop.interop.com/comments.php?id=213_0_1_0_C
In this LOOP column, Dave Piscitello interprets recent statistics
about virus prevalence and speculates about the state of virus
containment today.
http://loop.interop.com/comments.php?id=215_0_1_0_C
You visit a web site. You complete a form, providing name, address,
phone number, job title, and more. Do you know what the site operator
does with your personal data? In this LOOP posting, Dave ponders
the inexact science of Platform for Privacy Preferences.
http://loop.interop.com/comments.php?id=221_0_1_0_C
Here, Dave argues that, wherever network admission and endpoint
control become prevalent, software offering integrated malicious
code control must follow.
http://www.corecom.com/external/bcrmag/bcrmag.html#sep04
Companies that are just now getting their feet wet with wireless
have not yet felt the pain of cross-network roaming -- but they
will eventually. Mobile VPNs facilitate roaming across diverse
networks and managing differences in performance and cost
associated with public networks. Lisa Phifer considers this
topic in her latest BCR article.
http://searchmobilecomputing.com/tip/1,289483,sid40_gci1017771,00.html
WPA-Enterprise combines stronger encryption with 802.1X user
authentication and dynamic per-session keys. Some carriers believe
this combination holds great promise for hot spot security. Lisa
Phifer takes a look at one example, T-Mobile's Enhanced WPA Network.
http://searchmobilecomputing.com/tip/0,289483,sid40_gci1006663,00.html
Wireless LAN security has long focused on protecting traffic over the
air, but far less attention has been paid to securing wireless devices
themselves. In this WLAN Advisor column, Lisa Phifer ponders the
impact of Spyware on wireless devices and how to reduce this risk.
http://www.corecom.com/external/livesecurity/pocketpc.htm
Don't underestimate the security risks posed by employee-owned PDAs.
Pocket PCs may be smaller than laptops and desktops, but the logins,
passwords, e-mail, and files they use still require business-grade
protection. Start mitigating those risks by following the links in
Lisa Phifer's latest LiveSecurity column to learn how to secure your
Pocket PC.
http://www.watchguard.com/infocenter/editorial/15744.asp
Many users vaguely understand the security risks, privacy invasions,
and performance costs associated with having spyware secretly and
maliciously installed on their computers. But, beyond a general sense
that spyware is uninvited, malicious software, most know very little
about it. In the first of two articles, Dave Piscitello explains why
spyware represents greater risk than you might have realized.
http://www.watchguard.com/infocenter/editorial/15860.asp
SMBs are ripe targets for spyware, but they don't have to remain so.
SMBs can implement an effective anti-spyware program without making
a large-enterprise-sized investment. Follow the steps outlined in
Dave Piscitello's part two article to break spyware's stranglehold
on your network.
http://hhi.corecom.com/weblogindex.htm
Dave has been busy blogging a slew of new resource pages on his
personal website. Among those new pages:
AntiVirus,
VOIP Security, and
Other Security Resources.
If you enjoy Dave's Blog, you can subscribe to it by sending
mailto:dave@corecom.com?subject=senddigest or, if you are an RSS
user, add http://hhi.corecom.com/feed.xml to your news feeds.
-----------------------------------------------------------------
Cornerstone is an electronic publication of Core Competence, Inc.
If you do not wish to receive future issues, please reply to this
message or send email to
cornerstone@corecom.com
with the word "remove" in the subject line or message body.
For additional information about Core Competence, visit our web site http://www.corecom.com
Network/Security Administration
Best Practices For Rogue Detection and Annihilation
AirMagnet White Paper, October 2004 [registration required]
The Weak Link in Computer Security: Passwords
Citrix Video News Report, October 2004
Watch Out For Security Freeware Gotchas
Security Pipeline, October 19, 2004
MediaLive LOOP Columns
What Virus Prevalence Statistics Reveal
Comdex LOOP, September 1, 2004
You're invading my privacy! A little bird told me.
Comdex LOOP, September 8, 2004
Antivirus and antispyware must be the same ware
Comdex LOOP, September 27, 2004
Mobile/Wireless Security
Roaming Far and Wide with Mobile VPNs
Business Communications, September 2004
Locking down wireless hot spots with 802.1X
searchMobileComputing, October 20, 2004 [registration required]
Is someone watching you?
searchMobileComputing, September 16, 2004 [registration required]
WatchGuard LiveSecurity Columns
Protecting Pocket PCs
WatchGuard LiveSecurity, August 27, 2004
Spyware Risk: It's Time to Get Smart
WatchGuard LiveSecurity Basics, Fall 2004
Spyware Remediation: It's Not Mission Impossible
WatchGuard LiveSecurity Basics, Fall 2004
On-Line Publications by CoreCom
Dave Piscitello's Weblog
September-October 2004
For past issues, visit our CornerStone page http://www.corecom.com/html/cornerstone.html
Send us a subscribe message to receive future issues of CornerStone.