Cornerstone Issue 74: November 20, 2006
Welcome to Issue 74 of Cornerstone, a subscription-only electronic
newsletter issued periodically by Core Competence.
Cornerstone reports on a wide range of networking topics and
activities involving Core Competence. A brief abstract explains
what you will find if you choose to visit each URL.
http://searchnetworking.com/searchNetworking/downloads/Testing_Hotspot_Security.pdf
When Lisa Phifer and Craig Mathias tested public access networks
at hotels in three major cities, they found that provider security
measures and resulting user risks varied widely. In this white
paper, we describe real-world security threats that face business
travelers who use wired and wireless hotel broadband services,
and steps users can take to protect their systems and data.
http://lists.avolio.com/pipermail/informant/2006-October/000029.html
In his recent newsletter, colleague David Strom writes about his own
experiences with hotel hotspot security, quoting "choice tidbits"
from the CoreCom/Farpoint study.
http://searchmobilecomputing.com/tip/0,289483,sid40_gci1230233,00.html
Mobile connectivity has never been easier, but which wireless options
should you look for in your next PDA or smartphone? The right choice
can be the difference between purchasing an indispensable sidekick or
a stylish, expensive paperweight. Lisa Phifer compares Bluetooth,
Wi-Fi, and 3G alternatives in Part 1 of this Mobile Trends column.
http://searchmobilecomputing.com/tip/0,289483,sid40_gci1230238,00.html
Once you've chosen the kind(s) of wireless that you want on your mobile
device, you'll need to acquire that connectivity. In Part 2 of this
Mobile Trends column, Lisa explores the tradeoff between embedded and
add-on PDA/smartphone wireless adapters, and hardware alternatives
to consider when adding wireless to a handheld device.
http://www.corecom.com/external/livesecurity/dnsamplification.htm
Earlier this year, a series of DDoS attacks victimized DNS root and
Top Level Domain name server operators. In this LiveSecurity article,
Dave Piscitello describes how these attacks worked and steps that
network administrators can take to reduce associated risk.
http://searchnetworking.techtarget.com/tip/0,289483,sid7_gci1225207,00.html
NOC staff, already overwhelmed by security perimeter alerts, just
can't afford to battle internal threats the same old way. In this
month's security spotlight, Lisa Phifer questions whether it might
be time to consider a new approach: Network Behavior Analysis (NBA).
http://searchnetworking.com/generic/0,295582,sid7_gci1228704,00.html
To fill the gap between consumer interest and investment in
Cisco NAC, Microsoft NAP, and TCG's TNC architectures, several
vendors now offer "NAC-in-a-box" -- appliances that deliver many
of NAC's promised benefits, with far less fuss. Lisa Phifer
explains what this new set of security appliances have to offer.
http://searchsecurity.bitpipe.com/detail/RES/1161972065_787.html
For workers on-the-go, mobile devices are a lifeline to enterprise
applications and data. In this InfoSec webcast, Lisa Phifer details
five essential best practices to secure your company's mobile devices.
http://searchsecurity.bitpipe.com/detail/RES/1161973021_992.html
This 10-minute Podcast features a Q&A-style back-and-forth interview
between Lisa Phifer and Eric Parizo about security issues affecting
various mobile device platforms, including BlackBerry and Symbian.
http://searchsecurity.com/tip/0,289483,sid14_gci1223151,00.html
Like many other wireless technologies, Bluetooth has been plagued by
security threats. In this tip, Lisa Phifer explains how to assess
Bluetooth product security and adopt configuration and usage policies
that protect business assets and data from Bluetooth dangers.
http://hhi.corecom.com/arc20061001.htm#BlogID558
In this blog entry, Dave Piscitello uses how a community responds to a
tragic automobile accident as an analogy for how organizations often
react to a security incident.
http://hhi.corecom.com/arc20061001.htm#BlogID559
On behalf of ICANN's Security and Stability Advisory Committee, Dave
recently completed a study of approx. 5000 randomly selected domain
name registration records to approximate the extent to which personal
contact information can be extracted from registration information. In
this blog entry, Dave provides an overview and pointer to his ICANN
presentation about this study.
http://hhi.corecom.com/arc20061001.htm#BlogID562
In this post, Dave considers alternatives to admission and exit controls,
and the danger of over-dependence on automated security that makes users
less committed to understanding security and appreciating their role in
maintaining an effective security profile.
http://hhi.corecom.com/arc20061001.htm#BlogID563
Many Cornerstone readers may be surprised and saddened by the news that
colleague Kaj Tesink died on October 25th following a noble battle with
pancreatic cancer. In this entry, Dave celebrates the accomplishments
and life of our dear friend Kaj so that others might celebrate as well.
-----------------------------------------------------------------
Cornerstone is an electronic publication of Core Competence, Inc.
If you do not wish to receive future issues, please reply to this
message or send email to
cornerstone@corecom.com
with the word "remove" in the subject line or message body.
For additional information about Core Competence, visit our web site http://www.corecom.com
Wireless Security
Putting hotspot security to the test
CoreCom/Farpoint Technical Note, August 2006
Leaky Hotel LANs
Web Informant, October 23, 2006
Wireless options for PDAs and smartphones
searchMobileComputing, November 15, 2006
Wireless adapters for PDAs and smartphones
searchMobileComputing, November 15, 2006
WatchGuard LiveSecurity
Anatomy of a DNS DDoS Amplification Attack
Watchguard LiveSecurity, August 14, 2006
Security Appliances
Security Spotlight: Network Behavior Analysis goes long and wide
SearchNetworking, October 23, 2006
NAC appliances: Shortcut to admission control
SearchNetworking, November 7, 2006
Messaging Security
Webcast: Top 5 Ways to Lock Down Your Mobile Devices
InfoSec Magazine, October 2006
Podcast: Platform Protection: Security Issues for Mobile Devices
InfoSec Magazine, October 27, 2006
Taking the bite out of Bluetooth
SearchSecurity, October 31, 2006
Dave Piscitello's Blog
Safety versus convenience, security versus performance
Dave's Blog, October 3, 2006
Information Gathering Using Domain Name Registration Records
Dave's Blog, October 18, 2006
Admission and Exit Controls versus User Self-Accountability
Dave's Blog, October 27, 2006
A Celebration of Kaj Tesink
Dave's Blog,October 28, 2006
For past issues, visit our CornerStone page http://www.corecom.com/html/cornerstone.html
Send us a subscribe message to receive future issues of CornerStone.