Call for papers
SecurityFocus ( www.securityfocus.com ) is currently accepting submissions for new Infocus articles. We would like to extend an invitation to security researchers, authors and academics for submissions on topics of interest to the security community. Submissions should include a short summary along with the author's name, email address and contact information. All submissions should be in MS Word format and should be sent to: email@example.com
Securing Privacy Part 1: Hardware Issues
This article is the first of a series of three articles that will examine privacy concerns as they relate to security. This article will examine hardware-based privacy issues, specifically: hardware solutions for small networks and wireless devices, hardware-based spyware, and some attempts by hardware vendors to infringe upon users' privacy.
Always On, Always Vulnerable: Security Broadband Connections
Broadband connections - cable and DSL - are becoming increasingly common. However, the benefits of high-speed Internet access bring new challenges, particularly in the realm of security. This article will look at some of the risks posed by high-speed broadband connections, along with some ways that users can protect themselves and their systems.
Sniffers: What They Are and How to Protect Yourself
A sniffer is a tool that allows the user to view network traffic. This nifty utility can be found in the arsenal of every network guru, where it's used for a variety of tasks. This article will offer a brief overview of sniffers, including what they do, how they work, why users need to be aware of them, and what users can do to protect themselves against the illegitimate use of sniffers.
The Enemy Inside the Gates: Preventing and Detecting Insider Attacks
Insider attacks are particularly insidious and difficult to protect against. Not only do the attackers have immediate access to the network, but they require such access in order to serve their function. Furthermore, they likely have access to company data and they probably know which data is of particular value to the organization. This article will offer a brief overview of some strategies to prevent inside attacks and to detect such attacks when they occur.
Castles Built on Sand: Why Software is Insecure
Software developers spend endless hours developing sophisticated programs that will make users' lives easier and more productive. Unfortunately, the outcome is not always what the developers had in mind. Many software programs are plagued by programming flaws that may lead to security vulnerabilities. This article will offer a brief overview of some of the factors that may contribute to insecure software.
The Simplest Security: A Guide To Better Password Practices
While we may find them annoying, and even take them for granted, it is important to remember why passwords are important: passwords are the foundation of authentication, which is often the first line of security. This article will provide a brief overview of how to create and maintain strong, effective passwords.
Social Engineering Fundamentals, Part II: Combat Strategies
This is the second part of a two-part series devoted to social engineering. In Part One, we defined social engineering as a hackers clever manipulation of the natural human tendency to trust, with the goal of obtaining information that will allow him/her to gain unauthorized access to a valued system and the information that resides on that system. This article will examine some ways that individuals and organizations can protect themselves against potentially costly social engineering ...
Social Engineering Fundamentals, Part I: Hacker Tactics
Social engineering is the technique of circumventing technological security measures by manipulating people to disclose crucial authentication information. In this article, SecurityFocus writer Sarah Granger begins a two-part look at social engineering, including a look at motives, different techniques, and some accounts of successful attacks.
An Introduction to IDS
Intrusion detection systems, or IDSs, have become an important component in the Security Officer's toolbox. However, many security experts are still in the dark about IDS, unsure about what IDS tools do, how to use them, or why they must. This article will offer a brief overview of intrusion detection systems, including: a description of what IDSs are, the functions they serve, the two primary types of IDS, and the different methods of intrusion detection that they may employ.
Authentication as the Foundation for eBusiness
This article outlines the reasons why authentication is critical for a successful business, along with a discussion of the two main security methods it can be applied to. Additionally, this article will discuss authentication methods that are currently available, along with some factors that businesses must take into account to ensure they choose an authentication system that makes the most sense for them.