As is sometimes the case, the idea for this article originated with a student question I received during one of the Securing Networks with ASA Fundamentals classes I have taught this summer. The course material mentions a simple scenario whereby IP Telephony traffic is given priority out of an interface to satisfy the Quality of […]

An organization’s network infrastructure, and the security that supports it, is a complex ecosystem that is always changing. What and whom the business needs to protect varies as well. Each new event  —  whether a merger or acquisition, hiring or downsizing, or a new product launch  —  has an impact on what the enterprise needs to protect. However, there […]

Currently, most enterprises mold their mobile security strategies around compliance measures  —  such as US  requirements like the Health Insurance Portability and Accountability Act (HIPAA)  —  relating to how personal information, both stored and in motion, is protected by businesses. Government regulations, the lawsuits, fines, and reputational damage that can result from noncompliance, and security breaches are all significant […]

A recent study by the Ponemon Institute determined that the average security breach costs $203 per compromised record. So, if a company loses a hard drive that contains sensitive data on one million customers, they’re out $203,000,000. That’s a lot of items off the dollar menu at your local fast food joint. To compare  —  five years ago, […]

A significant percentage of the students I teach manage multiple Cisco security devices: IOS routers/switches, ASA or PIX firewalls, IPS sensors and, yes, even the occasional VPN concentrator. While most of the official training courses offered provide at least one chapter which discusses “best practices” in managing each of these devices, they omit the comparison of […]

We heard a lot about cybersecurity from the White House this past year. So, looking back, how well did the government handle it? James Lewis from the Center for Strategic and International Studies would give him a grade of a B or B+. The government’s Commission on Cybersecurity did have some notable achievements, including the creation […]

ChannelWeb has released it’s predictions for what will happen in the IT security industry this year.  Included in the list is cybercrime using cloud-based tools;  an increase in attacks on Apple computers, smartphones and phones using the Android OS; and the evolution of security issues with social networks.< Check out the slideshow here to view […]

Minor vulnerabilities, poor user behavior, and outdated security software  —  they all add up to a big headache for IT and security professionals. Small errors on the part of computer users or their IT departments may not wreak havoc on their own, but in combination, they dramatically increase security challenges. Here’s a recipe for the “nightmare formula” […]

Learn about CompTIA’s new Security Trustmark program, which identifies solution providers that follow security best practices. From the program Web page: The CompTIA Security Trustmark was developed in 2008 in response to member requests for the development of industry security best practices and a designation for businesses that follow them. Read the VAR Guy’s full article on […]

Windows Server 2008 supports Fine-Grained Password Policies in Active Directory, which is a huge step forward from the per-domain-only password policies of Windows Server 2003 and Windows 2000 Server Active Directory. Yet with the suggested built-in management interface for creating fine-grained policies being ADSIedit, LDIFDE, and similar utilities, and with the requirement that the Active […]