Keystone Computer Security Whitepapers

"Keystone is IT!"

SECURITY WHITE PAPERS

· Beyond the Firewall. “Experts discover new security vulnerabilities almost every day. These newly discovered vulnerabilities may be due to flaws in software or they may be the result of software configuration errors. Hackers or other malicious individuals can exploit these vulnerabilities to gain access to network assets. Administrators must spend a lot of time and energy just staying informed about and dealing with new vulnerabilities…” Source: SurfControl

· Enterprise Security 1. “The 2001 survey conducted by the Computer Security Institute and the FBI queried 538 computer security managers. Fully 85% suffered security breaches and most of these suffered financial loss; the average reported loss was around $2 million.” Source: aimpublications LLC

· Enterprise Security 2. “To protect critical resources and maintain mission-critical services, it is important that organizations develop and implement policies establishing how to handle compromising events like attacks or disasters as well as policies directing which users are allowed to access which information resources.” Source: aimpublications LLC

· Protect Your Knowledge Base: How to Put Together A Workable Security Plan. “By early 2002, the street value of an executive’s laptop computer — a grab bag of information about a given firm — was placed at $35,000.” Source: Rainbow Technologies

· Wireless 802.11 LAN Security: Understanding the Key Issues. “But, the (Wireless LAN) pundits are wrong on one essential point. They look at the deficiencies of (Wireless LAN) technology and think that organizations shouldn’t be deploying it yet. The pundits miss the plain fact that organizations are deploying it anyway. Further, wireless LANs are a stealth technology. Most IT departments in large organizations are significantly underestimating how much wireless has already been installed by enterprising departments as well as individuals.” Source: SystemExperts Corp.

· Closing the Window of Exposure. “…there is always a way for a determined hacker to break into your corporate network. As an example, look at eWeek magazine's "Openhack" project, where they built a test network and offered prizes for successful attacks. … [The] Openhack.com e-business site was built from the ground up with security in mind, and was co-designed and co-maintained by security company Guardent Inc. Yet Openhack was cracked--by two different people in less than one month." Source: Counterpane Internet Security, Inc.

· A Preliminary Structural Approach to Insider Computer Misuse Incidents. “An intelligent insider acting covertly may not be identified by standard security measures. Systematical data collection and constant evaluation over a long period of time may be necessary to uncover an inside agent.” Source: EICAR 2000 Best Paper Proceedings