Cornerstone Issue 78: May 25, 2007
Welcome to Issue 78 of Cornerstone, a subscription-only electronic
newsletter issued periodically by Core Competence.
Cornerstone reports on a wide range of networking topics and
activities involving Core Competence. A brief abstract explains
what you will find if you choose to visit each URL.
http://www.ruckuswireless.com/technology/whitepapers/smb/
This paper, written by Lisa Phifer for Ruckus Wireless, examines the
opportunities and challenges associated with operating an SMB WLAN or
public hot spot. It describes what these organizations need to deliver
Wi-Fi more reliably, to increasingly diverse devices and applications,
covering larger areas and higher user densities, while minimizing total
cost of ownership, and introduces the Ruckus ZoneFlex platform.
http://www.tmcnet.com/webinar/xirrus/xirrus-webinar-wi-fi-encryption-theory-uses-tips-and-tricks.htm
Implementing and maintaining Wi-Fi networks requires an increased
awareness and understanding of the techniques available to ensure the
confidentiality of data traveling over wireless networks is equivalent
to or better than wired networks. In this webinar -- one of a series
of educational events produced by Xirrus -- Lisa Phifer joined Bruce
Miller to discuss Wi-Fi encryption threats, standards, certifications,
and practices. This live event is now available for on-demand viewing.
http://searchnetworking.com/tip/0,289483,sid7_gci1252536,00.html
Wi-Fi has become the dominant wireless Internet access method, embedded
in nearly every laptop sold today. Older cellular services were just too
slow for widespread Internet access, but 3G services like EV-DO and HSDPA
have dissolved that barrier. In this tip, Lisa discusses how to choose a
wireless Internet access method that meets your needs, style and budget.
http://searchnetworking.bitpipe.com/data/document.do?res_id=1178728306_836
In this on-demand webcast, Dave Piscitello discusses what constitutes a
secure branch office, the security delivered by "branch in a box" versus
best of breed solutions, support for remote management and monitoring,
and how to keep pace with user growth and application needs.
http://searchnetworking.com/tip/0,289483,sid7_gci1253373_tax306873,00.html
Many organizations host business-critical applications in branch offices,
but doing so exposes them to many new threats. Here Dave Piscitello looks
at potential threats to branch offices and 10 ways to reduce them.
http://searchnetworking.bitpipe.com/data/document.do?res_id=1178729421_214
Security is historically described as having three critical attributes:
authentication, authorization, and accounting. In this podcast, Dave
Piscitello recommends how to improve your branch office security by
tackling these challenges sequentially.
http://www.airtightnetworks.net/knowledgecenter/airtight_whitepaper.html
To safely reap the business benefits of Wi-Fi, we must move beyond
weak first-generation deterrents like WEP and passive Wireless IDS.
Surviving airborne threats requires a proactive, effective defense that
incorporates both WPA and an automated, accurate Wireless WIPS. In this
paper developed for AirTight, Lisa Phifer examines the key differences
between WIDS and WIPS and criteria to consider when choosing a WIPS.
http://searchnetworking.com/tip/0,289483,sid7_gci1255957,00.html
As network and link defenses improve, however, attackers have started
to target lower-hanging fruit: specifically, unsecured Wi-Fi-capable
laptops, PDAs and handsets. In this tip, Lisa Phifer examines how
host-resident wireless IPS agents can help safeguard client devices.
http://www.corecom.com/html/bcrmag.html#apr07
Companies that fail to assert IT control over mobile devices may be
in for a nasty surprise. When it comes to gaining back-door access to
corporate networks, unprotected PDAs and smart phones are ripe for
the picking. In her latest BCR article, Lisa Phifer discusses mobile
threats, corporate network exposure, and ways to manage business risk.
http://searchmobilecomputing.com/tip/0,289483,sid40_gci1252081,00.html
In this tip, Lisa examines new mobile devices designed for truly
mobile workers -- employees who spend little or no time chained to a
desk. For this crowd, device size, weight, battery life, wireless
connectivity, ease of use, and appropriateness to environment and
task are key criteria.
Dave's web log has a new domain name: SecuritySkeptic! If you haven't
already subscribed to Dave's blog, check out these recent posts...
http://www.securityskeptic.com/arc20070501.htm#BlogID613
A recent thread on the pen-test@securityfocus.com mail list asked whether
firewall rules should drop or reject traffic that doesn't conform to the
security policy. Dave considers the arguments, pro and con, for operating
a firewall in stealth versus reject mode.
http://www.securityskeptic.com/arc20070401.htm#BlogID609
In an article entitled Security Hats: Black and White, No Grayscale
(http://www.securityskeptic.com/blackorwhitehat.htm), Dave explains
why organizations should avoid hiring crackers (convicted or admitted).
Some readers feel Dave's attitude is unforgiving. In this rant, Dave
explains why "being forgiving" is not the (only) issue here.
http://www.securityskeptic.com/arc20070401.htm#BlogID604
The netstat program is available on every OS Dave owns. Several options
are unique to operating systems. A post to a recent thread on the
firewall-wizards mailing list reminded Dave of several options that can
be useful in isolating spyware components.
-----------------------------------------------------------------
Cornerstone is an electronic publication of Core Competence, Inc.
If you do not wish to receive future issues, please reply to this
message or send email to
cornerstone@corecom.com
with the word "remove" in the subject line or message body.
For additional information about Core Competence, visit our web site http://www.corecom.com
Wireless LANs
Making WLANs Work Reliably and Cost-Effectively in a Multimedia World
Ruckus Wireless White Paper, May 2007
Wi-Fi Encryption: Theory, Uses, Tips, and Tricks
Xirrus Webinar, May 16, 2007
Wireless Internet access -- 3G vs. Wi-Fi
searchNetworking, April 26, 2007
Branch Office Security
Does security integration equal a more secure branch office?
searchNetworking Webcast, May 2007
Reduce branch office threats in 10 steps
searchNetworking Tip, May 1, 2007
Improve your branch office security, one "A" at a time
searchNetworking Podcast, May 9, 2007
Wireless Security
Surviving Airborne Threats with Wireless Intrusion Prevention
AirTight Networks White Paper, April 2007
Defending Wi-Fi clients
searchNetworking, May 24, 2007
Mobile Computing
Defeating Malicious Mobiles
BCR Magazine, April, 2007
Choosing your next mobile device
searchMobileComputing, April 19, 2007
Dave Piscitello's Blog
Reject or Drop?
SecuritySkeptic, May 10, 2007
Unforgiving?
SecuritySkeptic, April 18, 2007
Lesser known DOS netstat options
SecuritySkeptic, April 3, 2007
For past issues, visit our CornerStone page http://www.corecom.com/html/cornerstone.html
Send us a subscribe message to receive future issues of CornerStone.