spider993993

Info Needed

7 posts in this topic

I'm writing a paper for business on Information Security, Protection, Legal Requirements and so forth...

I need some information on the latest security issues for one section of my report, and who better to ask than you guys ;)

o What are the latest IT vulnerabilities for companies

o What are the latest "weapons" to ensure system security

Any external links, or information is very much appreciated.

If wanted, I can note you as a reference if the information provided is used.

Thanks in advance.

0

Share this post


Link to post
Share on other sites
o What are the latest IT vulnerabilities for companies

There is no such thing. A vulnerability is a potential of a piece of code to be exploited, that is, used in other (most often malicious) way than its original purpose. If that's what you're looking for, try checking out:

http://www.securityfocus.com/vulnerabilities

http://www.packetstormsecurity.org/

http://www.milw0rm.com/

o What are the latest "weapons" to ensure system security

Aside from Intrusion Detection Systems, there aren't many new pieces of software to ensure security. (new, as in, new capabilities. Most security products have yearly releases and daily updates) As always, the easiest way to ensure security isn't the fanciest software, it's user education and sane security policies. Proper network design can't hurt you either.

0

Share this post


Link to post
Share on other sites
o What are the latest IT vulnerabilities for companies

There is no such thing. A vulnerability is a potential of a piece of code to be exploited, that is, used in other (most often malicious) way than its original purpose. If that's what you're looking for, try checking out:

http://www.securityfocus.com/vulnerabilities

http://www.packetstormsecurity.org/

http://www.milw0rm.com/

o What are the latest "weapons" to ensure system security

Aside from Intrusion Detection Systems, there aren't many new pieces of software to ensure security. (new, as in, new capabilities. Most security products have yearly releases and daily updates) As always, the easiest way to ensure security isn't the fanciest software, it's user education and sane security policies. Proper network design can't hurt you either.

Thanks a bunch, looks like I've got a little reading ahead of me. My teacher isn't really tech savvy so even if the relations between terms aren't exactly correct he won't know the difference.

Thanks again.

0

Share this post


Link to post
Share on other sites

Ouh's Noe's! He usin's them tricksies mind contrwol's to gets them infu's outta us! He must be one of them F, B and I's

Well all the links I was going to suggest were already linked, and I need to provide some sort of real information to this thread or I'll be deleted and laughed at...

http://securitytube.net/ might have some defcon videos with some interesting general subjects on security although I think most are on specific subjects.

0

Share this post


Link to post
Share on other sites
o What are the latest IT vulnerabilities for companies

There is no such thing. A vulnerability is a potential of a piece of code to be exploited, that is, used in other (most often malicious) way than its original purpose. If that's what you're looking for, try checking out:

http://www.securityfocus.com/vulnerabilities

http://www.packetstormsecurity.org/

http://www.milw0rm.com/

o What are the latest "weapons" to ensure system security

Aside from Intrusion Detection Systems, there aren't many new pieces of software to ensure security. (new, as in, new capabilities. Most security products have yearly releases and daily updates) As always, the easiest way to ensure security isn't the fanciest software, it's user education and sane security policies. Proper network design can't hurt you either.

Thanks a bunch, looks like I've got a little reading ahead of me. My teacher isn't really tech savvy so even if the relations between terms aren't exactly correct he won't know the difference.

Thanks again.

While there are few new technologies, there are new applications of old ones. While good policies, configuration and processes are very important, building your stuff on a secure foundation is too. I'm a big proponent of pure microkernels, capability systems and the new MILS separation kernel profile. These systems all have in common the use of POLA from kernel up. The MILS kernels, particularly, are basically hypervisors, but extremely small, fast, mathematically verifiable and very secure. All components/apps, even drivers, are totally isolated, deprivileged, and the kernel controls all information flow. Look up Integrity Padded Cell, LynxSecure, TCX or OKL4 Hypercell (Microkernel and MILS hybrid) for good examples. If you want a good paper, do one on MILS architecture. You will then learn something useful from the boring paper. Hell it's even in many cell phones now, but usually for reliability and IP protection rather than security. Here's one reference to get you started: http://www.rtcmagazine.com/home/article.ph...100319&pg=1. Google for others, as there are fortunately plenty.

0

Share this post


Link to post
Share on other sites

Thanks a bunch guys, this is really helping me with my paper, I'll be using MILS as an example.

Thanks a lot, saved me lots of time, which i don't have to spare at the end of the term.

0

Share this post


Link to post
Share on other sites
o What are the latest "weapons" to ensure system security

what i think is that generally the attack is detected after it has happened !!

and if the hacker is smart, that they are... they will not leave a trace....

still IDS is used at a large scale.... :P

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now