Cornerstone Issue 85: March 25, 2008
Welcome to Issue 85 of Cornerstone, a subscription-only electronic
newsletter issued periodically by Core Competence.
Cornerstone reports on a wide range of networking topics and
activities involving Core Competence. A brief abstract explains
what you will find if you choose to visit each URL.
http://www.wi-fiplanet.com/reviews/article.php/3735921
Lisa Phifer reviews AirMagnet's popular Wi-Fi analyzer and survey tools
as they go "ultra mobile" in this symbiotic OQO UMPC package.
http://www.wi-fiplanet.com/news/article.php/3733071
In this news coverage, Lisa writes about how a recent Wi-Fi survey
uncovered a surprising number of high-risk business APs and "viral"
ad hoc nodes in airport terminals across the US.
http://www.securityskeptic.com/arc20080101.htm#BlogID666
In this blog post, Dave Piscitello explains how he stumbled across an
interesting, simple - but not foolproof - way to check an emerchant
transaction or payment page to determine if it is legitimate or bogus.
Not rocket science, but Dave's casual testing was promising.
http://www.securityskeptic.com/arc20080101.htm#BlogID669
Fast flux hosting is an evasion technique used by phishers, identity
thieves and other e-criminals to frustrate incident response team and
law enforcement agency efforts to take down illegal web sites. On behalf
of SSAC, Dave wrote an Advisory, Fast Flux Hosting and DNS, describing
variations of fast flux hosting and measures to detect and combat it.
To download, visit http://www.icann.org/committees/security/sac025.pdf
http://www.securityskeptic.com/arc20080201.htm#BlogID670
Dave's SSAC committee has published its analysis of Domain Name Front
Running (DNFR). After reviewing 120 claims submitted by Internet users,
the committee found no smoking gun. While the results are important,
they neither prove nor disprove the existence of front running. To
download, visit http://www.icann.org/committees/security/sac024.pdf
http://www.securityskeptic.com/arc20080201.htm#BlogID674
Mix one part SSAC report on Domain Name Front Running (DNFR) with one part
Network Solutions' highly controversial Customer Protection Service and one
part Nominet position paper on DNFR, put them in front of an ICANN audience
and you attract the attention of the press. WebProNews reporter Jason Lee
Miller does an admirable job of characterizing the debate over the existence
or non-existence of DNFR in his article, Domain Frontrunning: A Ghost In The
Machine. Dave explains why he thinks highly of this article and the report.
http://www.watchguard.ch/education/radiofreesecurity.asp
In this Radio Free Security podcast, WatchGuard's Scott Pinzon chats with
Lisa Phifer and Diana Kelley about phony look-alike wireless access points
(aka Evil Twins), why they're real a threat, and how to avoid them. The
podcast can be downloaded through iTunes or directly from this link:
http://www.watchguard.com/archive/files/rfs/RFS0308.zip
http://searchnetworking.bitpipe.com/detail/RES/1204134261_16.html
In this webcast, Lisa Phifer details the issues you must address and the
tools you must use to build and deploy a next-gen high-performance WLAN.
Learn how to take best advantage of new 802.11n gear while avoiding some
common pitfalls of WLAN deployment.
http://searchnetworking.bitpipe.com/data/document.do?res_id=1201724702_7
Today's SSL VPN gateways provide a slew of endpoint security assessment
and containment features. In this webcast, Lisa Phifer explores why and
how these NAC-like functions are used to strengthen SSL VPNs, and their
relationship to industry Network Access Control initiatives.
http://searchmobilecomputing.bitpipe.com/data/document.do?res_id=1204044437_549
Managers and architects responsible for planning mobile deployment must
understand the nuts and bolts of delivering access when device types and
connectivity options are many. In this e-Guide, Lisa Phifer discusses
the methods and tools required to authenticate, control, and secure
enterprise access by mobile endpoints, from laptops to smart phones.
http://searchmobilecomputing.techtarget.com/tip/0,289483,sid40_gci1301623,00.html
Controlling which mobile devices connect to your network is crucial
to ensuring the privacy and integrity of corporate assets and data. In
this three-part series, Lisa explores readily available methods for
mobile device discovery, starting with wireless transmission monitoring.
http://searchmobilecomputing.techtarget.com/tip/0,289483,sid40_gci1306395,00.html
Short-range RF monitoring cannot detect mobile devices that access
enterprise servers and data from afar. At the March Gartner Mobile
Wireless Summit, Lisa explored this topic with vendors and analysts.
http://searchnetworkingchannel.com/generic/0,295582,sid100_gci1299040,00.html
http://searchnetworkingchannel.com/generic/0,295582,sid100_gci1300929,00.html
In this pair of tips, searchNetworkingChannel features writer Yuval
Shavit interviews Lisa Phifer and Farpoint Group's Craig Mathias about
wireless LAN planning and installation.
http://opac.ieeecomputersociety.org/opac?year=2008&volume=42&issue=2&acronym=computer
In this article for IEEE Computer Magazine, Neal Leavitt presents
insights from CoreCom's Lisa Phifer and many others regarding the
resistance that continues to slow wide-spread use of 802.1X Port
Access Control.
-----------------------------------------------------------------
Cornerstone is an electronic publication of Core Competence, Inc.
If you do not wish to receive future issues, please reply to this
message or send email to
cornerstone@corecom.com
with the word "remove" in the subject line or message body.
For additional information about Core Competence, visit our web site http://www.corecom.com
Wi-Fi Planet
Review: AirMagnet's OQO Analyzer/Survey Bundle
Wi-Fi Planet, March 21, 2008
Travelers Beware: Survey Exposes Airport Wi-Fi Vulnerabilities
Wi-Fi Planet, March 10, 2008
Security Skeptic
A simple test to detect a phishing or scam site
Security Skeptic, January, 2008
Fast flux hosting and DNS
Security Skeptic, January, 2008
Domain Name Front Running Report
Security Skeptic, February, 2008
The truth is out there...
Security Skeptic, January, 2008
Webcasts and Podcasts
Attack of the Wireless Evil Twins
Radio Free Security, March 2008
Building High Performance Wireless LANs
SearchNetworking Webcast, March 2008
Secure Remote Access with SSL VPN and NAC
SearchNetworking Webcast, February 2008
SearchMobileComputing
Mobile Security: Effectively Protecting Your Mobile Devices
SearchMobileComputing e-Guide, February 2008
Mobile device security: Auditing the airwaves
SearchMobileComputing Mobile Innovator, February 21, 2008
Mobile device security: Guarding the gate
SearchMobileComputing Mobile Innovator, March 20, 2008
In The News
Setting up WLANs: Good for clients, good for business
SearchNetworkingChannel.com, February 11, 2008
How to install a wireless LAN for businesses
SearchNetworkingChannel.com, February 15, 2008
Will IEEE 802.1X Finally Take Off in 2008?
IEEE Computer Magazine, March 2008
For past issues, visit our CornerStone page http://www.corecom.com/html/cornerstone.html
Send us a subscribe message to receive future issues of CornerStone.