Cornerstone Issue 79: July 6, 2007
Welcome to Issue 79 of Cornerstone, a subscription-only electronic
newsletter issued periodically by Core Competence.
Cornerstone reports on a wide range of networking topics and
activities involving Core Competence. A brief abstract explains
what you will find if you choose to visit each URL.
http://www.corecom.com/html/bcrmag.html#apr07
Companies that fail to assert IT control over mobile devices that
connect to corporate networks may be in for a nasty surprise. In
this BCR article, Lisa Phifer examines how to reduce the network
risks posed by lost, stolen, or compromised PDAs and smart phones.
http://www.corecom.com/html/bcrmag.html#jun07
In the February 2003 issue of BCR, we painted a bleak picture of
the state of Internet security. Now, four years later, BCR invited
Core Competence to once again comment on this topic. Amid signs of
both threat escalation and industry progress, we believe that much
work remains to address the tougher multi-faceted issues.
http://www.isp-planet.com/technology/2007/nac_1.html
Firewalls may guard their front door, but many networks remain
vulnerable to threats originating inside the perimeter. In part 1
of this series, Lisa Phifer describes how Network Access Control
(NAC) can batten down those hatches by stopping malware-infested
laptops and restricting LAN resource use.
http://www.isp-planet.com/technology/2007/nac_2.html
Decide what you hope to accomplish with NAC, then define a phased
plan to realize those objectives through incremental deployment.
In part 2 of ISP-Planet's NAC series, Lisa considers potential
use cases, from auditing employee endpoint device security to
delivering safer guest Internet access.
http://www.isp-planet.com/technology/2007/nac_3.html
Network Access Control (NAC) promises to improve security, but
competing approaches have muddied the waters. In this tutorial, Lisa
introduces ISP-Planet readers to today's major NAC architectures:
Cisco NAC, Microsoft NAP, TCG TNC, and IETF NEA.
http://www.isp-planet.com/technology/2007/nac_4.html
In part 4 of our NAC series, Lisa describes how she used Juniper's
Unified Access Control (UAC) to quarantine non-compliant laptops and
restrict customer/guest access in a diverse multi-vendor LAN. We found
these NAC basics were relatively easy to accomplish, but learned that
third-party client interoperability is still a work-in-progress.
http://searchsecurity.com/magazinePrintFriendly/0,296905,sid14_gci1262488,00.html
According to the Ponemon Institute, 45% data breaches result from
missing laptops. So why doesn't every company encrypt laptop data?
Companies that have already done so share their hard-won insights
with Lisa Phifer in this InfoSec feature article.
http://searchmobilecomputing.com/tip/0,289483,sid40_gci1261719,00.html
Today, many companies are affected by data security regulations.
Compliance is hard enough when data and users stay put, but mobile
devices exacerbate the challenge by carrying regulated data into
unknown, uncontrolled territory. In this tip, Lisa Phifer summarizes
the impact of mobile devices on regulatory compliance.
Many networking and security practitioners are familiar with the
triple A - authentication, authorization, and accounting. Last month,
Dave delivered a podcast where he considered how the popular three-
legged stool of security keeps growing. The transcript of that podcast
is now available for those who prefer written delivery over oral.
http://www.securityskeptic.com/arc20070601.htm#BlogID621
Dave's blog pages no longer include mailto: HTML statements. Instead,
he's begun using CAPTCHA (Completely Automated Public Turing Test to
Tell Computers and Humans Apart). Learn why, and how you can join
others to combat spambots and defeat attempts to harvest email addresses
from web pages.
http://www.securityskeptic.com/arc20070601.htm#BlogID624
Before domain name monetization, a small web site admin could periodically
run a hyperlink checking software to correct or cull broken links, i.e.,
those pages that returned HTTP/404 errors. But here Dave ponders: how does
a web admin detect cases where a domain name changes hands from a registrant
with complementary content to a landing page (or worse, a page with
objectionable or embarrassing content)?
-----------------------------------------------------------------
Cornerstone is an electronic publication of Core Competence, Inc.
If you do not wish to receive future issues, please reply to this
message or send email to
cornerstone@corecom.com
with the word "remove" in the subject line or message body.
For additional information about Core Competence, visit our web site http://www.corecom.com
Network Security
Defeating Malicious Mobiles
BCR Magazine, April 2007
The Sad And Increasingly Deplorable State Of Internet Security
BCR Magazine, June 2007
Network Access Control
Bolting the Back Door with NAC - Part 1: Introduction
ISP-Planet, June 20, 2007
Bolting the Back Door with NAC - Part 2: Examining your needs
ISP-Planet, June 21, 2007
Bolting the Back Door with NAC - Part 3: Comparing the alternatives
ISP-Planet, June 22, 2007
Bolting the Back Door with NAC - Part 4: Juniper UAC 2.0
ISP-Planet, June 25, 2007
Mobile Security
Emerging Technologies: Mobile Data Encryption
InfoSec Magazine, July 2007
Regulatory compliance: The impact of mobile devices on the enterprise
searchMobileComputing, June 21, 2007
Dave Piscitello's Blog: SecuritySkeptic
http://www.securityskeptic.com/arc20070501.htm#BlogID620
Transcript: Improve your branch office security, one "A" at a time
SecuritySkeptic, May 28, 2007
Add CAPTCHA to your web site
SecuritySkeptic, June 4, 2007
Dealing with parking pages when you anticipate HTTP/404
SecuritySkeptic, June 28, 2007
For past issues, visit our CornerStone page http://www.corecom.com/html/cornerstone.html
Send us a subscribe message to receive future issues of CornerStone.