Archive - November 2000
Defending Against DDOS (Distributed Denial-of-Service)
The site is down! These are haunting words for most businesses, and today’s topic: the DDoS (Distributed Denial-of-Service) attack. This particularly nasty type of attack attempts to disrupt the availability of systems by overwhelming servers, saturating bandwidth or through other techniques. Your business is most likely heavily reliant upon specific systems and this article provides an overview of the DDoS attack that could potentially take these key systems down and techniques for combating the DDoS.
Security and Compliance Synergies with DLP and SIEM
Data Loss Prevention (DLP) can greatly help organizations understand and control the data that is used, stored and transmitted and it is seeing increasing use in PCI-DSS compliance. Another technology, Security Information and Event Management (SIEM), collects and analyzes data in real time from multiple sources including server logs, network devices, firewalls and intrusion detection systems. In this article, we will enumerate how the combination of SIEM and DLP can improve the security and compliance of a corporation. Taken together SIEM and DLP can work so that data flow within a corporation is transparent, therefore, affording more control to the corporation and less ability to misuse that information.
Leveraging Vulnerability Scoring in Prioritizing Remediation
Eric Vanderburg
The average organization has numerous types of equipment from different vendors. Along with the equipment, businesses also utilize multiple software applications from various developers throughout the organization. This diversity provides many helpful opportunities, but also creates a higher probability for vulnerability. Risk managers are able stay aware of new vulnerabilities through vendor systems or services such as SANS @RISK, the National Vulnerability Database (NVD), the Open Source Vulnerability Database (OSVDB), or Bugtraq, but how do they prioritize the vulnerabilities. Certainly risk managers need to know which vulnerabilities with the highest risk can be resolved before lesser vulnerabilities? Understanding these vulnerabilities and their impact relevant to other vulnerabilities is quite a challenge.
To overcome this challenge, several scoring systems have been developed. These include the US-CERT (United States Computer Emergency Readiness Team) Vulnerability Notes Database and the Common Vulnerability Scoring System (CVSS). This article provides an overview of both systems and how risk managers can use them to prioritize remediation.
Fail Secure – The Correct Way to Crash
Eric Vanderburg
Anyone who has taken a martial art class could speak to the importance of learning how to fall. In the course of training, a person will fall many times and it is important to know how to fall properly so that injury does not occur. Similarly, software needs to be able to crash in such a way that injury in the form of an information security vulnerability does not occur.
Systems and software will crash and attackers will try to make it crash to reveal potential vulnerabilities in its startup routine. The job of security professionals and security minded developers is to architect a solution that fails securely by determining what should happen if a component in a system were to fail. This concept, called “Fail Secure”, is defined by Wikipedia as “a device or features which, in the event of failure, responds in a way that will cause no harm, or at least a minimum of harm, to other devices or danger to personnel.”
