active subscribers – to download this issue click on the cover of the magazine on the main website or scroll down this page and click the Download button
single issue buyers – after paying for this issue click “PenTest StarterKit 1/2012″ (which will show just above that text)to download your copy of the magazine
iPhone’s security: beware of your best friend!
by Axelle Apvrille
Mobile malware remains for the most part an unknown phenomenon to the general public. Many people are just unaware that it exists (“No, you’re kidding, my iPhone can’t get infected!”), and those who are aware mostly consider it as a minor issue: “there are only very few viruses on mobile phones”, a sentence which is equivalent to say “there are no risks”. While this is true that there are currently only a handful of different malware families for iPhones, the real question is not about their number, but how far they can spread and what damage they can do. On this matter, experience on other mobile platforms has taught us that a single sample in the wild may equal to thousands of infections. For example, on the Symbian platform, the CommWarrior and Yxes worms have propagated to hundreds of thousands of mobile devices: not that trivial!
IT Security & Risk to data – the ever changing landscape
by Carl Nightingale
The world of corporate governance has brought added pressure and cost to organisations safeguarding themselves against external (and not forgetting the internal) threats. Sarbanes Oxley, PCI, Solvency, MiFID, (to name but a few) has forced organisations to take a closer look at how they apply control over their operations. Given the cost in the early days of organisations having to comply with the likes of Sarbanes Oxley (running into tens of millions for some larger FTSE based examples), organisations are turning to various frameworks (COBiT, COSO etc) and standards as a way of applying control over their IT landscape. The problem comes when there is a misunderstanding between what the world of compliance and governance state you must comply with, and interpreting this as an appropriate baseline set of controls for your organisation.
Application Security- An Executive Perspective of the Risk Reality
by John B. Sapp Jr.
Practitioners of software security are part of an even more select group, representing not only the
perspective of the general software developer, but typically possessing an even stronger mathematical focus, as well as an added sense of mission around the assurance of availability, confidentiality and integrity that are at the core of information system security.The business mind focuses on the practicality of profit making and generally has not always been comfortable with the community of software security assurance. Thus, even as the alliance between business and IT has
flourished, and especially in recent years as enterprises have grown and differentiated themselves into multiple lines of business with numerous layers of managerial hierarchy, responsibility for software development and software security has tended to be pushed deep into individual lines of business – far from the province of executive business decision makers.
Delivering Security – Awareness Training In Large Organization
by Kiran Muthy
Nevertheless, it’s a necessity which is often difficult to respond and address, due to lack of expertise and resources. This Article will show the needs for information security awareness
and express the proto-type implementation of all study material and an Employee Security Handbook which will enable individuals to continue and purse with self-placed security awareness training. This training is endowed with an environment which will permit the entire user to
simulate the security in number of case study scenarios. This will enable the staff’s to become proverbial and familiar with all the types of available countermeasures, any kind of boundaries that an employee may inflict and impose in which they are appropriate Organization
systems and processes are geared to aggressively provide a vast multitude of services to customers. The size and complexity of any Organization infrastructure should be couple with a highly visible corporate image, makes security a paramount consideration. Security requirements flowing from these business issues include controlling access at network and application levels, preventing threats and monitoring for security breaches.
By Sameh Sabry
The print spooler service was developed to make printing less of an aggravation and more of an automatic task by serving as a print order coordinator. As print orders are fed from applications to a printer in Windows, they actually go through the print spooler service first. The print spooler service manages the orders chronologically and tells the printer to prepare for work.The print spooler service recognizes the pages in a document that the user has chosen to print and how many copies of those pages to print. It then sends that order to the printer, usually starting from the last page so as to pile the pages in order.The service’s strength lies in the queue-operated cache hat uses the computer’s memory to store the information of print orders so that the printer can continue to print even if the application in which the order was executed closes. It tells the printer to finish all the pages of one order before it feeds it with another order.Due to this dedicated print service, Windows users can execute print orders without ever having to worry about overloading the printer or disturbing current prints.
Enterprise – UTM vs. Next-Generation Firewalls – Cutting Through the Noise
by Mariusz Rzepka
There’s currently a lot of chatter in security circles surrounding the term “next-generation firewall (NGFW).” The noise around this term is creating some slight market confusion and leaving CISOs wondering how this technology differs from market adoption of unified threat management (UTM). If you buy into the NGFW buzz, you may believe that an entirely new, innovative technology has emerged when in reality a NGFW is a subset of the existing UTM market, or even the evolution of the old firewall market. Nonetheless, customers are being bombarded with this new terminology, thereby creating confusion in the marketplace. Network security leaders do recognize the benefits of security integration, but do they need a NGFW? Do they need a UTM solution? Or, is there even any difference between the two?
Unfolding of Cybercrime – 2012 and beyond
by Asad Syed
Cybercrime comes in many forms and the common person’s association with this syndrome is referred to as Identity theft. Identity theft today is more than a digital threat that is capable of harming companies that have digital presence and home computer users. We very often refer to them as consumers. The problem today has grown beyond boundaries and reached epidemic levels to an extent even if someone who may not have a computer may still get engulfed
in the aftereffects of Cybercrime. It is estimated that around 10 million Americans (3.39% of Population) and approximately 100,000 people in the UK (around 17% of Population) are victims of Cybercrime in the form of identity theft each year. This could statistically be translated as, 1 in 4 adults have either been victims or known someone who has been a victim of identity theft. To add to this as per the published crime statistics, Identity theft is the fastest-growing white-collar crime across the world today.
Penetration Testing – Evolution is Must
by Rishi Narang
Pentesting has always been divided in three types – Blackbox Testing, Whitebox Testing and Greybox. The fundamental difference between these types is the visibility to the code and the infrastructure configurations. Blackbox has no visibility; the whitebox testers have full visibility to the code of the application, and the underlying technology. It is kind of related to code reviews and testing. Wherein, the Greybox Testing has variations between the Blackbox and the Whitebox
testing. Everyone has their take and opinion on the success and virtues of these different types, but my question is – Isn’t the pentesting model and approach, as it stands currently, is profoundly weak?
There has been a global change on how the pentesting is perceived by both sides of the table – the clients, as well as the consultants. In many facets, pentesting is no more in sync with an act of a hacker, or cracker.
by Ken Xie
I’ve always believed that security follows the evolution of the Internet. New internet applications give way to new threats. For example, technologies supporting cloudcomputing, Web 2.0 and mobile computing are bringing new security challenges to IT departments as they bring new vulnerabilities to the enterprise. I see UTM as the most appropriate solution capable of managing the risks resulting from the perimeter extension of the corporate
network, as it can provide both network and content-based protection, but also offer granular access/profile policies based on users, enabling consistent security to the extended network perimeter.So, while UTM started ten years ago, I still see UTM as the new generation of network protection as no other network security solution can deliver better levels of
security, efficiency and performance.
Comments are closed.