| 1/29/2004 | Also known as baloney | Spire Commentary |
 |
| | We must be the laughing stock of the professional world, what with each virus having multiple ridiculous names. Heck, we have porn queens, soda pop, dogs (where we can't even get the spelling right), and a hodgepodge of everything else.
Why can't we develop a system like any other group that deals with recurring phenomena? The scientific community already has its Kingdom, Phylum, Class, Order, whatever system. Meteorologists use predetermined people's names for hurricanes. chemists have naming systems. Everyone has a naming system except security folks. And everyone abides by them.
So here is my top ten list of systems to use in order to name these viruses:
1. Reading primer three-letter words. Nobody would write viruses any more if they knew theirs was going to be called 'cat.'
2. The discoverer's middle name plus the street name where he or she grew up. For those folks that thought 'Melissa' was pretty cool.
3. Real viruses. Duh.
4. The date of discovery in hexadecimal form. For the geek in you.
5. The same system most people use for their passwords. At least they would be easy to remember (or guess).
6. The source IP for the first known instance. Hey, even if it is spoofed, it would be interesting.
7. Ben & Jerry's flavor names.
8. Street names in Seattle. All roads lead to... oh, forget it.
9. The Fortune 500. Maybe a lawsuit or two would shake things up for real.
10. Give me one of yours...
At the very least, we should have limits, like they have to be palindromes, or they have to write a sentence that has the name as a mnemonic. Maybe we should have charity auctions where people can pay to name the virus. Money opportunity: we could sell viruses the way they sell stars.
Well, all I know is that this current free-for-all is pretty ridiculous.
|
|
|
|
| 11/5/2003 | Security Bounty Hunters | Spire Research |
|
| | On November 5th, Microsoft and federal law enforcement agencies announced the creation of a $5 million dollar fund to reward the bearers of information leading to the arrest of virus and worm writers. The first use of this fund will be a bounty of $250,000 each to identify and catch the writers of MS Blaster and Sobig (the worms of summer), for a total of $500,000.
This announcement promises to change the playing field of Internet hacking, strengthening the position of law enforcement and weeding out script kiddies and others who balk at the increased risk involved with writing viruses and worms, an activity that has no individual payback anyway.
|
|
|
|
| 11/1/2003 | All Together Now | Information Security Magazine |
|
| | This is my take on the whole "monoculture" issue. Basically, it is impractical and unrealistic to somehow change, therefore we should get over it and secure what we have. |
|
|
|
| 10/20/2003 | Understanding Intrusion Prevention | Spire Research |
|
| | Intrusion Prevention is the new buzzword in security, but it is often used in a variety of ways. Two basic stratifications of solutions in the intrusion prevention class are by platform (network or host) and by attack timeline (known or unknown). This report discusses the resulting four categories of intrusion prevention solutions. It provides detailed information about the nature of data being evaluated and techniques used during this evaluation.
Each of the four categories has corresponding strengths and weaknesses. This paper identifies these characteristics and then provides an approach to deploying both network- and host-based intrusion prevention solutions to gain full security coverage.
Network Associates has brought together two intrusion prevention solutions, one host- based and one network-based, to combine with its antivirus solution (which provides a level of intrusion prevention in its own right) into the only offering in the intrusion prevention space that can provide full protection in depth.
|
|
|
|
| 7/1/2003 | Watch Your Step | Information Security Magazine |
|
| | A cover story I wrote on Security Resource Planning, a way to actively manage risk in the enterprise. |
|
|
|
| 4/7/2003 | The Evolution of Single Sign-on | Spire White Paper |
|
| | Identity management can be a confusing subject, with a variety of solutions to various problems under its domain. Product categories in the identity management space include user provisioning, consolidated user administration, strong authentication, web access control, directory management, password management, and single sign-on (SSO). Each of these categories has a slightly different value proposition. This paper describes these differences and focuses on SSO for the enterprise.
SSO enables a user to remember and provide just one set of credentials to access the full portfolio of applications, data, and services for which hes authorized. Todays IT decision-maker is faced with a myriad of choices -- a mix of SSO approaches and some options that sound like SSO, but are actually identity-related services. IT evaluators should carefully consider the merits and drawbacks of each choice.
SSO provides an opportunity to address one of todays largest pain points for users while retaining the appropriate level of security for the enterprise. User productivity can be increased concurrently with a significant reduction in helpdesk and support costs. SSO has evolved from its roots to offer new value propositions that are more compelling to companies seeking to streamline their security environments. |
|
|
|
| 4/5/2003 | Best Practices in Web Conferencing Security | Spire White Paper |
|
| | Web conferencing is becoming a mainstay for business collaboration. As with any new technology, security risks arise amidst new usage scenarios and architectures. The real-time sharing capabilities that make web conferencing a powerful enterprise application also create a level of risk that must be addressed to ensure the enterprise is protected.
The best way to successfully deploy new applications and platforms in an enterprise is to evaluate all aspects of the initial implementation and follow-on usage for security requirements. This white paper discusses some of the specific risks encountered with web conferencing solutions and best practices for adding appropriate security controls. |
|
|
|
| 3/25/2003 | A Plethora of Packets: Dealing with Security Information Overload | Spire White Paper |
|
| | There is no denying that the Internet has given dramatic rise to global commerce. However, with global connectivity comes global thievery; enhanced communications bring with it more viruses and worms; and ubiquitous computing makes a threat out of every PC with a network connection.
It is the goal of the security professional to navigate the ins and outs of computing environments, identifying and protecting against malicious behavior in order to ensure that users can stay productive and gain the anticipated value from the applications in use.
Network Security Event Management is a key practice that provides the means for identifying network threats and protecting the computing environment. Threats are identified by collecting, analyzing and correlating network and security event log data across the enterprise network.
Historically, the sheer volume of network traffic has forced administrators to tune down, and eventually out, the never-ending security event messages that provide indicators of malicious activity. The purpose of this white paper is to discuss how security administrators can pump up the volume, evaluate 100% of network events, and still drill down to the relatively small number of significant events that require review.
|
|
|
|
| 3/13/2003 | What's Your Vector, Victor? | Spire Research |
|
| | It is worthwhile to understand the various vectors traveled by worms and the controls that can be deployed along those vectors. This brief viewpoint discusses the three primary vectors of a worm. |
|
|
|
| 3/4/2003 | Log Management: The Foundation of Network Security | Spire White Paper |
|
| | It all seems so mundane nowadays -- communicating with people halfway around the world in an instant, searching thousands of sources for detailed research and opinions, buying and selling items ranging from toothpicks to trampolines, and any of a thousand other activities, all made possible by the Internet. But dont be fooled -- the easy-to-use end-user Internet masks a highly complex infrastructure of millions of components, each needing to work together to provide these benefits. All of these components must be controlled. Activity logs provide the intimate details required to ensure their proper functioning and protect users from perpetrators that roam the Internet. As mundane as logs sound, they provide the foundation for threat management the ability to analyze and deduce inappropriate activity within the enterprise to protect the computing environment.
This paper describes the growing need for audit logs and how they can be useful to an organization. It highlights the challenges of building a log infrastructure, and then describes how the Addamark solution can help.
|
|
|
|
| 2/1/2003 | Press Alert: *Adjective* Computer Worm *verb* Internet | Spire Research |
|
| | In my neverending quest to make life easier on the press, I have put together this template for use when the next computer worm hits. It is also very useful as a Mad Lib. Give it a try and enjoy! |
|
|
|
| 2/1/2003 | Intrusion Prevention Taxonomy | Spire Research |
|
| | Adapted from my article in Information Security Magazine and recently updated, this taxonomy can provide some insight into the concept of "Intrusion Prevention." |
|
|
|
| 1/22/2003 | Best Security Books | Spire Tip |
|
| | A few good books on security:
feel free to send me your best book recommendations. Next up: best book on
XML/Web Services Security, with a number of contenders. |
|
|
|
| 12/5/2002 | Return on Investment in Web Security | Spire White Paper |
|
| | The World Wide Web has become fertile ground for hackers as it becomes ingrained in our society and economy as a primary vehicle for communications and conducting business. Attackers can leverage all of the same strengths that give the Web its popularity, by attacking the standard components in a Web application, automating attacks against sites, and performing these attacks from anywhere on the planet.
There is a four step basic process to secure the Web environment. First, limit access to the application; second, fortify the data paths that are followed as users and components interact; third, monitor the environment for malicious activity; and fourth, block intrusion attempts. The Web Security Gateway has arisen by combining a number of the features offered by point solutions that provide protection for one of these four steps.
The goal of any security product is to reduce risk, but justification on that alone is often challenging. A better way to justify the use of security products is through Return on Investment (ROI). The Web Security Gateway can provide ROI by reducing capital expenses and increasing productivity of personnel and users. This white paper describes how this can be accomplished. |
|
|
|
| 9/26/2002 | Meeting the HIPAA Security and Privacy Imperative | Hurwitz Research |
|
| | |
|
|
|
| 9/20/2002 | Looking for a ThreePeat* | Hurwitz Research |
|
| | |
|
|
|
| 9/18/2002 | A Pragmatic Approach to Meeting HIPAA Requirements | Hurwitz Research |
|
| | |
|
|
|
| 8/15/2002 | TruSecure's Lifecycle Risk Management | Hurwitz Research |
|
| | |
|
|
|
| 8/9/2002 | Securing the Endpoint | Hurwitz Research |
|
| | |
|
|
|
| 8/2/2002 | H4CK3RZ ROOL! | Hurwitz Research |
|
| | |
|
|
|
| 7/22/2002 | Symantecs Hat Trick | Hurwitz Research |
|
| | |
|
|
|
| 7/19/2002 | Skeletons in the Closet | Hurwitz Research |
|
| | |
|
|
|
| 6/28/2002 | The More Things Change, the More They Stagnate | Hurwitz Research |
|
| | |
|
|
|
| 6/24/2002 | Who Is Liable for Security Bugs? | Hurwitz Research |
|
| | |
|
|
|
| 6/21/2002 | Swing Your Partner | Hurwitz Research |
|
| | |
|
|
|
| 6/14/2002 | Allowable Deniability | Hurwitz Research |
|
| | |
|
|
|
| 6/12/2002 | Enabling Security in Software Development - Cenzic, Inc. | Hurwitz Research |
|
| | |
|
|
|
| 6/7/2002 | Call Me Jack | Hurwitz Research |
|
| | |
|
|
|
| 6/7/2002 | A Paradigm Shift in Web Application Security | Hurwitz Research |
|
| | |
|
|
|
| 5/17/2002 | Security Philosophy 101 | Hurwitz Research |
|
| | |
|
|
|
| 5/15/2002 | NFR Securitys Intrusion Management Vision | Hurwitz Research |
|
| | |
|
|
|
| 5/4/2002 | The "Calm" in the Coming XML-Web Services Security Storm - Forum Systems | Hurwitz Research |
|
| | |
|
|
|
| 5/3/2002 | Desperately Seeking Clarity | Hurwitz Research |
|
| | |
|
|
|
| 5/1/2002 | PoliVec's Security Policy Automation | Hurwitz Research |
|
| | |
|
|
|
| 4/30/2002 | Secure Relationship Management in Healthcare | Hurwitz Research |
|
| | |
|
|
|
| 4/26/2002 | The Glue that Binds | Hurwitz Research |
|
| | |
|
|
|
| 4/15/2002 | Doing Business with Confidence: D&B's Identity Services | Hurwitz Research |
|
| | |
|
|
|
| 4/5/2002 | Five Things Security Pros Do to Make Their Jobs More Difficult | Hurwitz Research |
|
| | |
|
|
|
| 3/29/2002 | The Unahacker Strikes Again | Hurwitz Research |
|
| | |
|
|
|
| 3/22/2002 | Where's McGruff When We Need Him? | Hurwitz Research |
|
| | |
|
|
|
| 3/15/2002 | Outsourcing Your First Line of Defense Vs. Growing Virus Threat: HG Case Study Analysis - MessageLabs, Ltd. | Hurwitz Research |
|
| | |
|
|
|
| 3/15/2002 | Outsourcing Your First Line of Defense Vs. Growing Virus Threat: HG Case Study Analysis - MessageLabs, Inc. | Hurwitz Research |
|
| | |
|
|
|
| 3/8/2002 | Less Wired | Hurwitz Research |
|
| | |
|
|
|
| 3/1/2002 | Haven't We (Un)Met? | Hurwitz Research |
|
| | |
|
|
|
| 2/27/2002 | The Threat Protection Revolution | Hurwitz Research |
|
| | |
|
|
|
| 2/26/2002 | The Need for Endpoint Security | Hurwitz Research |
|
| | |
|
|
|
| 2/22/2002 | Shop 'Til You Drop | Hurwitz Research |
|
| | |
|
|
|
| 2/20/2002 | OneSecure, Inc. | Hurwitz Research |
|
| | |
|
|
|
| 2/15/2002 | Protecting the Perimeter - Symantec | Hurwitz Research |
|
| | |
|
|
|
| 2/11/2002 | Quadrasis | Hurwitz Research |
|
| | |
|
|
|
| 2/8/2002 | Astaro Corporation | Hurwitz Research |
|
| | |
|
|
|
| 2/8/2002 | A Primer on Preventing Attacks at the Host | Hurwitz Research |
|
| | |
|
|
|
| 1/25/2002 | We think security is important and follow secure development and quality assurance procedures to limit the number of vulnerabilities found in our products. | Hurwitz Research |
|
| | |
|
|
|
| 1/11/2002 | Email - the "Other" Internet App | Hurwitz Research |
|
| | |
|
|
|
| 1/7/2002 | Scooby Doo and Security - "Ruh, Roh" | Hurwitz Research |
|
| | |
|
|
|
| 1/4/2002 | PestPatrol | Hurwitz Research |
|
| | |
|
|
|
| 12/26/2001 | Real-Time Threat Management with e-Security | Hurwitz Research |
|
| | |
|
|
|
| 12/21/2001 | It's the Application, Stupid. | Hurwitz Research |
|
| | |
|
|
|
| 12/14/2001 | Can You Top This? Yep. | Hurwitz Research |
|
| | |
|
|
|
| 12/7/2001 | Who Needs Columbus? | Hurwitz Research |
|
| | |
|
|
|
| 12/7/2001 | A Star Is Born, Security Suffers | Hurwitz Research |
|
| | |
|
|
|
| 11/5/2001 | Recource Technologies, Inc. | Hurwitz Research |
|
| | |
|
|
|
| 10/12/2001 | The Human Impact of ROI | Hurwitz Research |
|
| | |
|
|
|
| 10/5/2001 | Security: The Great Enabler? | Hurwitz Research |
|
| | |
|
|
|
| 9/21/2001 | Privacy Paradox | Hurwitz Research |
|
| | |
|
|
|
| 9/15/2001 | Proactive Enterprise Risk Management | Hurwitz Research |
|
| | |
|
|
|
| 9/13/2001 | Threat Management: Next Generation Intrusion Detection | Hurwitz Research |
|
| | |
|
|
|
| 9/6/2001 | What's New with Smart Cards | Hurwitz Research |
|
| | |
|
|
|
| 8/30/2001 | Are We in the Security Doldrums? | Hurwitz Research |
|
| | |
|
|
|
| 8/23/2001 | Single Sign-On Lives! | Hurwitz Research |
|
| | |
|
|
|
| 8/16/2001 | Who Buys and Why | Hurwitz Research |
|
| | |
|
|
|
| 8/15/2001 | Security Needs for Today's Online Businesses | Hurwitz Research |
|
| | |
|
|
|
| 8/13/2001 | Measuring Security Effectiveness | Hurwitz Research |
|
| | |
|
|
|
| 8/2/2001 | Code Red More Bark Than Bite | Hurwitz Research |
|
| | |
|
|
|
| 7/27/2001 | Sanctum, Inc. | Hurwitz Research |
|
| | |
|
|
|
| 7/12/2001 | Four Disciplines of Security Management | Hurwitz Research |
|
| | |
|
|
|
| 6/29/2001 | Road Trip: Securing The Internet "Round Trip" | Hurwitz Research |
|
| | |
|
|
|
| 5/31/2001 | Double Your Pleasure, Double Your Fun | Hurwitz Research |
|
| | |
|
|
|
| 5/25/2001 | User Provisioning: Web of Trust or Confusion? | Hurwitz Research |
|
| | |
|
|
|
| 5/17/2001 | Truth and Fiction About Access Management Performance | Hurwitz Research |
|
| | |
|
|
|
| 5/15/2001 | A Practical Approach to a Comprehensive Security Program | Hurwitz Research |
|
| | |
|
|
|
| 5/15/2001 | Common Vulnerabilities in Database Security | Hurwitz Research |
|
| | |
|
|
|
| 5/4/2001 | ISS on ICE - That's Nice | Hurwitz Research |
|
| | |
|
|
|
| 4/20/2001 | RSA Conference Musings | Hurwitz Research |
|
| | |
|
|
|
| 3/30/2001 | Who Are You? Who Who, Who Who | Hurwitz Research |
|
| | |
|
|
|
| 3/16/2001 | Return to Vendor, Justification Unknown | Hurwitz Research |
|
| | |
|
|
|
| 3/7/2001 | Visa USA's Cardholder Information Security Program | Hurwitz Research |
|
| | |
|
|
|
| 2/16/2001 | Two-Faced Enterprise Security Management | Hurwitz Research |
|
| | |
|
|
|
| 2/15/2001 | Active Policy Management: The Cornerstone of Security - Pentasafe Security Technologies, Inc. | Hurwitz Research |
|
| | |
|
|
|
| 2/8/2001 | IT Management As Security | Hurwitz Research |
|
| | |
|
|
|
| 2/1/2001 | Foregone Conclusions of Penetration Testing | Hurwitz Research |
|
| | |
|
|
|
| 1/19/2001 | The Buffer Overfloweth | Hurwitz Research |
|
| | |
|
|
|
| 1/15/2001 | Accelerating Growth in the New Economy: A Guide to Managing e-Business Transactions - CyberSafe Corporation | Hurwitz Research |
|
| | |
|
|
|
| 1/15/2001 | Portals: The Evolution of Extranet Access Management - Entrust Technologies, Inc. | Hurwitz Research |
|
| | |
|
|
|
| 12/7/2000 | PentaSafe Security Technologies | Hurwitz Research |
|
| | |
|
|
|
| 11/15/2000 | Management Controls: Security Impact of IT Administration - BindView | Hurwitz Research |
|
| | |
|
|
|
| 10/3/2000 | Biometrics Update: Ready for Primetime? | Hurwitz Research |
|
| | |
|
|
|
| 9/20/2000 | Hurwitz Group Security Architecture Model | Hurwitz Research |
|
| | |
|
|
|
| 9/15/2000 | Axent Technologies' NetProwler and Intruder Alert | Hurwitz Research |
|
| | |
|
|
|
| 9/11/2000 | Intrusion.com | Hurwitz Research |
|
| | |
|
|
|
