ARTICLES
Protect
Your Organization’s Sites With a Leak-Proof Security Policy –
How to Get Started 
by Elizabeth M. Ferrarini
Every organization requires some type of a network site security
policy that will protect the organization’s valuable assets –
everything from systems to data. The policy guidelines presented
here will help you to establish an enterprise-wide program of how both
internal and external users interact with a company's computer network,
how the corporate computer architecture topology will be implemented,
and where computer assets will be located.
Web
Services: Security Considerations for Service Grids (PDF)
by John Seely Brown and Martin Martini
This "working paper" is a thoughtful response to concerns
raised by Paul Strassman in Harvard Business Review.
Not
Just for HIPAA - Best Practices for Security and Privacy Make Good Business
Sense
by John J. Halamka, M.D.,Chief Information Officer, CareGroup Health
Dr. John Halamka serves as Chief Information Officer of the CareGroup’s
three major Boston-area hospitals – Beth Israel Deaconess Hospital,
Mount Auburn Hospital, and New England Baptist Hospital -- and three community
hospitals. He's also Chief Information Officer of Harvard Medical School
where he spearheads all of the technology programs. In this article he
explores the issues raised by HIPAA
giving us insights based on personal experience.
Secure
Mobile Computing: Guidelines to Help You Restrict Access to Mission-Critical
Data on Laptops and PDAs
by Stewart Miller
Just how secure is that data on your PDA? Here's how to start thinking
about mobile security issues- before they cause your business serious
damage.
Applying
Secure Network Design Concepts to Storage
by Lisa Steele
The security aspects of a Storage Area Network, unfortunately, emerged
as an afterthought. Here's how to think about SAN security.
Looking
for More Options in Data Recovery
by Jon William Toigo
Disaster recovery expert Toigo asks if there are any options between
the all-tape or all-disk solution sets touted for data recovery.
-------
LINKS
The Dissolution
of the Security Perimeter (Gartner)
Enterprise security can no longer stop at the enterprise wall. Mobility,
wireless access and the virtual enterprise are eroding information security.
A
Conversation with Richard Clarke
America’s cyberspace security leader talk's strategy.
Get
Off the Top 20 List Now
The worst vulnerabilities are often the most common vulnerabilities. You
can fix them, but so can industry.
IT
Security and crime prevention methods
This report from Interpol sets out the various threats and risks posed
by criminal activity in IT environments. The prevention methods outlined
can be used to prevent digital crime.
-------
TOPIC:
AUTHENTICATION
This month we
look at authentication- the process by which systems and applications
verify that you are who you say you are. Here's a list of cool links:
Dos and Don'ts of Client Authentication on the Web
"Websites continue to use extremely weak authentication.... Of the
27 sites we investigated, we weakened client authentication on two, gained
unauthorized access on eight and extracted the secret key used to mint
authenticators from one."
eCompany Now: E-Sign on the Dotted Line
"Despite a sweeping new law, electronic signatures are a few years
away from becoming standard business practice."
EFF: Privacy, Crypto, Digital Signature, ID, & Authentication
An archive of ID & Authentication, privacy, and digital signature
resources.
Mosaic User Authentication Tutorial
Surveys the current methods in NCSA Mosaic and NCSA HTTPd for restricting
access to documents.
National Fraud Center: Identity Theft: Authentication as a Solution Revisited
"We no longer have the luxury to deal with identity theft...with
the velvet gloves of privacy sensitivities.... Authentication...can be
successfully applied to this new global threat." PDF; Acrobat Reader
required. (10/2/01)
O'Reilly Network: Identity
"The air of late is thick with talk of identity. The holy grail is
a unified, decentralized, simple yet extensible user-centric identity,
membership, and preferences fabric for the Internet...." Annotated
links to related articles. (7/18/01)
Pointers to Authentication Information
Covers Kerberos, AFS, telnet security, cryptography and PAM. Offers links
to related information.
searchSecurity.com: Authentication
"Authentication is the process of determining whether someone or
something is, in fact, who or what it is declared to be." Definition
and related links.
A White Paper on Authentication and Access Management Issues in Cross-organizational
Use of Networked Information Resources
An early attempt to define best-practices from the Coalition for Networked
Information.
-------
NEWS
Business
Week :
Toward
a More Secure 2003
Dec 31, 2002
Newsday: Pentagon Health Contractor Suffers Theft Dec 31, 2002
Geek.com:
Most
hacks go unexploited, say experts
Dec 31, 2002
Eastday.com:
New
weapon in war on spam Dec 31, 2002
Omaha.com: Military-records
case investigated as identity theft Dec
31, 2002
Wired
News : So
Many Holes, So Few Hacks
Dec
31,
2002
REPORTS
Business Week: Security's New Face
Financial Times: Corporate Security
Economist:
Digital Security Survey
Computerworld: Security Special Report
INTERESTING SITES
O'Reilly
Security Center
CERIAS
AntiSearch Computer Security
ISSA - International Systems Security Association
InfoWar.Com
Canada's
export controls
The Encyclopedia of Computer Security
CERIAS Hotlist
Wilders.org
InfoWar.Com
Canada's
export controls
US Dept of Defense Information
Security Product Evaluation Programs
Nomad Mobile Research Centre
Complete list of Computer Security
Resources
The Shmoo Group
C4I.org
SecurityWatch.com
Underground Security Systems Research
(USSR)
Security.tao.ca
Security Forum
Information Systems Security
Resource
IT Baseline Protection
Manual
OpenService, Inc.
2600 Computer Security
IT Security Cookbook
RCMP Technical Security Branch
InfoSysSec
Kruse Security Advisement
e-TimeStamp
Computer Security Intelligence
Briefings
Security Web Sites, Inc.
LockDown - Home Computer Security
Centre
Security Forums
Denis Trcek
General
Computer Security forum at Tek-Tips
Aisle to the Computer Security Info
Security Information Directory
and Hacking Portal
comp.security
Newsgroup FAQs
Novell Security Services
Computer Security Book List
Forensic-computing.co.uk
Information
Security
Terra Networks
Security Bugware
Bomb The Box
Computer Security 2000
and Beyond Conference
4ComputerSecurity
InfraGard
- Cooperative Effort
SecuritySearch
Attrition.org
CERT Coordination Center
Computer Security Information
Computerworld: Security Resource Center
ExtremeTech/Syscheck
ICSA.net
Infowar.com
InfoWorld: InDepth: Security
ITtoolbox Security
Microsoft Security
Mitre Corporation: Common Vulnerabilities
& Exposures
PC Magazine:
Security Watch
SANS Institute: Reading Room
searchSecurity.com
SecurityFocus
W3C: World Wide Web Security
FAQ
ZDNet
Tech Update: Security
NEWS-GROUPS
- alt.2600
- alt.bio.hackers
- alt.crackers
- alt.disasters.planning
- alt.hacker
- alt.hackers
- alt.hackers.groups
- alt.hack
- alt.hacking
- alt.hackintosh
- alt.phreak.nl
- alt.phreaking
- alt.privacy
- alt.security
- alt.computer.security
- alt.spam
- comp.os.linux.security
- comp.os.ms-windows.nt.admin.security
- comp.os.netware.security
- comp.risk
- comp.lang.java.security
- comp.security
- relcom.comp.virus
- mail.firewalls
Sponsors
