an Francisco, Calif.?”Ninety-nine percent of the people want to write secure code,” said panelist Ira Winkler, at the Secure Software Forum last week, “they just don’t know how.” Winkler, Global Security Strategist for CSC Consulting, was one of 12 panelists at the SPI Dynamics-hosted event, and his comment was at
art 1 of this article explained IDS and examined the most popular open source IDS solutions. Part 2 demonstrates some common, practical uses for these solutions. The first example is application-based IDS, which addresses the problems involved with securing Web sites. Web sites commonly run on the Apache Web server
owadays, basic information security at any level should include an intrusion detection system (IDS) that gathers and later analyzes intrusion data. The primary goal of IDS software is monitoring hostile operations of all types, whether human (hackers and crackers) or programmatic (viruses, Trojan horses). An IDS can function on a
icrosoft Windows allows you to define various password policy rules. Specifically, it allows you to enable the “Password must meet complexity requirements” setting using the Policy Editor. This validates user passwords against password filter(s) (system DLL(s)). Usually, people use the default filter. However, many admins say they’d prefer a Linux-style
ver the past few years, the number of Windows-based worm attacks has grown dramatically. Companies have implemented full-scale virus scanning and Windows update facilities to help stop the worm attacks. But, what do you do when you aren’t entirely certain that your virus definitions are up to date, or some
uilding ASP.NET Web applications has never been easier. Visual Studio.NET hides so many technical details behind the scenes that developers need only concentrate on the core business logic. However, hackers are on the lookout for any opportunity to hack into your application. Which means the pressure is on you to
o you really think user interface security comprises slapping a login screen in front your application the way you’d slap cheese on a turkey sandwich? For some of you it will suffice, after all, all things are relative. What one considers to be secure another may find woefully inadequate. Thus,
ecurity can be a complex and often overwhelming issue. To ensure application security, not only must you prevent hackers from entering the system, but you need code in place that safeguards security should those preventive measures fail. There is no room for error. You can anticipate and prevent hundreds of
f complexity truly breeds insecurity, your perimeter security can’t be trusted to only the traditional defenses of firewalls and intrusion detection systems (IDS) anymore. Web services, network interconnectedness, wireless connectivity, and VPNs have made the perimeter a much more complicated concept than it used to be. To sort out where