SecurityRatty: tag: configuration

Configuration Assessment: Choosing the Right Solution

2008-07-10 13:00:00 by Editor in Computerworld Security News

...configurations is a critical challenge that IT must meet head-on. While attempting to meet this challenge, IT must contend with a multitude of issues that range from hard to wrangle virtual environments to the impact of improper configuration change. Configuration assessment solutions help IT address these issues and provide features and...

Tags: configuration assessment, configuration, configuration assessment solution, change, improper configuration change, control, configuration control, configuration assessment solutions, industry standards

Opinion: Reduce threats with net configuration management

2008-02-27 14:00:00 by Editor in Computerworld Security News

Automated network configuration management tools help security and network groups work together to investigate, diagnose, remediate and document problems

Tags: network, document, security, diagnose

Crimeware in the Middle - Zeus

2008-04-24 04:37:46 by HASH0x8ae4648 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

...configuration file that allows itself to protect against loss in cases of inaccessibility botneta main server. Plus additional (reserve) configuration files, to which the bot will ap ply, will not be available when the main configuration file. This system ensures the survival of your botneta in 90% of cases Ability to work with any browsers /...

Tags: zeus, file, remote file, zeus trojan, binary file, file system32 drivers, kit, metaphisher kit, configuration file

Q&A with Sergey Katsev of Coyote Point Systems

2008-08-05 16:34:35 by Louis DiMeglio in ScienceLogic

...configuration where the two peers are in different racks, or even on different floors. Thats one of the things that I really like about InteropNet it definitely brings new ideas to mind, which end up becoming special configuration white papers after the show ScienceLogic: Has InteropNet taught you anything that caused you to actually change...

Tags: katsev, sergey katsev, interopnet, coyote, systems, sciencelogic, sciencelogic em7 appliances, network, client traffic

Who should do your security audits? Or, how do you organize the security department?

2008-02-07 22:25:32 by Steve Riley in Steve Riley on Security

...configurations. Others in the security department are uneasy with this, and prefer that someone else do the auditing. I've encountered similar tension before, and it always makes me wonder why information security folk and auditors frequently have trouble working together. As I thought more about this, I began to wonder if maybe there's a...

Tags: information, information assets, information security, alignment folk, security alignment folk, information security department, alignment, security department, security

Simulating Email in .NET

2008-08-01 13:59:01 by keith-brown in Security Briefs

...configuration > system.net > mailSettings > smtp deliveryMethod ="Network" > network host ="mail.fabrikam.com" port ="25" userName ="WebsiteMailAccount" password ="whatever" /> smtp > mailSettings > system.net > configuration csharpcode, .csharpcode pre { font-size: small; color: black; font-family: consolas, "Courier New", courier,...

Tags: csharpcode pre, pre, csharpcode, color, email, email addresses mailaddress, mailaddress, mail server, mail

Common Criteria and answering the question 'Is it Safe'

2007-12-20 16:57:00 by sdl in The Security Development Lifecycle

...configurations Lets talk about each of these in the context of Common Criteria For classes of products where protection profiles (PP) have been defined, CC arguably does a reasonable job is addressing design vulnerabilities . A protection profile outlines customers interests and needs in terms of security features/functionality. Smart cards...

Tags: criteria, fails, common criteria fails, common criteria, common criteria arguably, common, arguably, arguably deficient, security

Software Security Metrics and Commentary - Part 2

2007-10-23 20:31:00 by Security Retentive in Security Retentive

...configuration guidance such as the CIS guide for individual web servers and/or app servers. The CIS benchmark for example requires a compliant configuration to handle standard web errors (4xx and 5xx) through rewrites and/or custom handlers. There are cases (SOAP comes to mind) where we need to throw a 5xx error back to a client, but this is...

Tags: security metrics, software security metrics, metrics, software, metrics framework, metric, upstream sdl metrics, concrete metric, paper steve bellovin

Software Security Metrics and Commentary on "Metrics Framework" Paper

2007-09-17 20:41:00 by Security Retentive in Security Retentive

...Configuration Management Service Accounts with Weak Passwords Runtime Manual review I think unfortunately that this set of metrics misses the mark a little bit. I question whether pen testing for buffer overflows or XSS is really the right way to develop a sustainable metric. A necessary assurance component to be sure, but not necessarily...

Tags: metrics, software security metrics, metrics framework, metrics miss, design-time metric, design, upstream sdl metrics, application, web application security

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo