Cornerstone Issue 69: November 23, 2005
Welcome to Issue 69 of Cornerstone, a subscription-only electronic
newsletter issued periodically by Core Competence.
Cornerstone reports on a wide range of networking topics and
activities involving Core Competence. A brief abstract explains
what you will find if you choose to visit each URL.
http://www.airmagnet.com/products/wp-index.htm
Many measures are available to safeguard WLANs, but which should your
company deploy, and how can you tell whether your network has been
sufficiently hardened? This white paper, written by Lisa Phifer for
AirMagnet, describes an iterative process for vulnerability assessment,
risk analysis, and remediation.
http://searchmobilecomputing.com/tip/1,289483,sid40_gci1145590,00.html
While Wi-Fi security has been grabbing headlines, Bluetooth has been
creeping quietly into corporate networks, under IT's security radar.
Given increasing deployment and broader usage, Bluetooth really
deserves more attention. In this WLAN Advisor column, Lisa Phifer
describes Bluetooth attacks and monitoring tools.
http://searchmobilecomputing.com/tip/1,289483,sid40_gci1135534,00.htm
If your company hasn't yet jumped on the Wi-Fi band-wagon, or seems
to be stuck at the pilot stage, projecting ROI may help you turn the
crank on broader wireless deployment. Doing so may also highlight
financial differences between WLAN design alternatives. In this
Wireless Advisor column, Lisa Phifer explains why it's important to
examine the 'soft' benefits as well as the 'hard' ROI of WLANs.
http://www.corecom.com/external/mobloop/Loop-112105.htm
In this MobilityLoop column, Lisa Phifer discusses how phishers have
been capitalizing on Skype's popularity to plant IRCbot trojans that
pose as Skype software, and why P2P programs like Skype are so often
targeted by phishing email.
http://www.corecom.com/external/mobloop/Loop-103105.htm
You've probably hear this old chestnut: disable SSID broadcasts to
hide your WLAN from war drivers. But disabling SSID broadcasts will
not accomplish that feat -- doing so will make your WLAN harder for
legitimate users to access, and increase overhead. Lisa Phifer
discusses why in this MobilityLoop column.
http://www.corecom.com/external/mobloop/Loop-101905.htm
While hotspot locations and roaming agreements are expanding, the
cold hard truth is that Wi-Fi does not (yet) offer anywhere-anytime
mobile access. Carriers ask us to believe that 3G wireless services
are a better answer, but is this only a vision or reality? In this
column, Lisa Phifer ponders the gap between Wi-Fi and 3G wireless.
http://www.networkworld.com/columnists/2005/101705edit.html
You can't police and enforce a security policy that doesn't exist,
and more often than not companies are missing this key resource.
That was one of the core messages delivered by CoreCom's Dave
Piscitello on the recently completed Network World Security
Technology Tour, wrote John Dix in this NWW editorial.
http://searchnetworking.com/originalContent/0,289142,sid7_gci1137815,00.html
Once considered a playground for hackers and malicious attacks, are
wireless networks becoming more secure than their wired counterparts?
TechTarget's news writer Andrew Hickey ponders this question by
chatting with WLAN security experts, including CoreCom's Lisa Phifer.
http://www.voiploop.com/index.php?option=com_content&task=view&id=685&Itemid=34
Voice over IP (VOIP) and wireless LAN (WLAN) technologies go together
like a wink and a smile, wrote Eric Krapf. In this VoIP Loop article,
Eric offers a peek at BCR Magazine's November issue, including Lisa
Phifer's "VoWiFi Vanguards" case study.
http://hhi.corecom.com/arc20051001.htm#BlogID474
In this post, Dave observes that phishers don't need to bother
purchasing a server certificate from a trusted authority to create
a sufficiently convincing lure to extract customer account info
from their victims.
http://hhi.corecom.com/arc20051001.htm#BlogID473
And has your bank made it impossible for you to do so? Dave ponders
how customers can trust that they have really visited their bank's
home page and not that of a phisher, without confirming the site's
server certificate.
http://hhi.corecom.com/arc20051001.htm#BlogID471
In this post, Dave answers another question from the NWW Security
Tour 2005: Our college has a limited budget for security. With threats
at so many levels, would it be prudent to focus on one specific vector
(i.e., email, apps, web, firewall/IDS/IPS)?
http://hhi.corecom.com/arc20051001.htm#BlogID467
Spyware was another hot topic at the NWW Security Tour 2005. In this
post, Dave offers up his opinion on running multiple spyware solutions
on the desktop, a common recommendation from anti-spyware specialists.
http://hhi.corecom.com/arc20051001.htm#BlogID464
Blocking Instant Messaging remains a formidable task. Back in 2003,
Dave suggested admins combine firewall, routing, and name server
measures with monitoring tools. Here, he discusses combining these
techniques with strong desktop management policies.
-----------------------------------------------------------------
Cornerstone is an electronic publication of Core Competence, Inc.
If you do not wish to receive future issues, please reply to this
message or send email to
cornerstone@corecom.com
with the word "remove" in the subject line or message body.
For additional information about Core Competence, visit our web site http://www.corecom.com
New White Papers
Managing WLAN Risks With Vulnerability Assessment
AirMagnet, October 2005
Wireless Advisor Columns
Chasing away your wireless blues
searchMobileComputing, November 17, 2005
Show me the money: WLAN ROI
searchMobileComputing, September 20, 2005
Mobility Articles
Beware phone phishers bearing false gifts
MobilityLoop, November 21, 2005
SSID Broadcasts and Other Security Legends
MobilityLoop, October 31, 2005
Here, There, but still not Everywhere
MobilityLoop, October 18, 2005
CoreCom in the News
Lessons from the NWW security tour
Network World, October 17, 2005
Wireless LANs, the new 'secure' network
searchNetworking.com, October 27, 2005
Are WLANs Ready For Voice?
VoIP Loop, November 2, 2005
Dave Piscitello's Blog
Phishers using SSL certificates
Dave's Blog, 28 Oct 2005
Do you trust your online banking home page?
Dave's Blog, 26 Oct 2005
University security on a limited budget
Dave's Blog, 19 Oct 2005
Multiple antispyware solutions on the desktop
Dave's Blog, 13 Oct 2005
How to block IMs in the enterprise, redux
Dave's Blog, 06 Oct 2005
For past issues, visit our CornerStone page http://www.corecom.com/html/cornerstone.html
Send us a subscribe message to receive future issues of CornerStone.