InfoSec Philippines

Information Security, Technology News and Opinions

Posts Tagged ‘web application’

Recent Whitepapers on the Net

Posted by Jaime Raphael Licauco, CISSP, GSEC on November 6, 2008

Secure Mobile Computing Using Two-Factor Authentication with VPNs and Disk Encryption – sponsored by Alladin

ABSTRACT:
This paper highlights the risks that organizations run in allowing mobile users full access to the enterprise network, data, and applications through VPN. It takes a detailed look at how making sensitive corporate data available in this manner, creates security gaps with passwords and encryption keys stored on the hard drive. Aladdin focuses on successfully addressing these issues with strong two-factor authentication, reviewing the broad range of easy to deploy, easy to use, and low cost two-factor authentication devices available that meet the needs of organizations today.


Web Application Security: Too Costly to Ignore sponsored by HP

Posted: 24 Sep 2008
Published: 24 Sep 2008
Format: PDF
Length: 8 Page(s)

ABSTRACT:
Web application security is crucial to mitigating the risks of attack and attaining regulatory compliance. The number of web attacks is on the rise and is exponentially more cost effective to remedy those flaws early in the development process. There is an enormous chasm between where application security should be and the sad shape of application security today. Download this free whitepaper from HP Software to learn about the gaps in most application security programs and how to incorporate application security across the lifecycle.


Oracle Advanced Security TDE (Encryption)

Posted: 15 Jul 2008
Published: 01 Jun 2007
Format: PDF
Length: 19 Page(s)

ABSTRACT:
Encryption is a key component of the defense-in-depth principle and Oracle continues to develop innovative solutions to help customers address increasingly stringent security requirements around the safeguarding of PII data. Retailers can use Oracle Advanced Security TDE to address PCI-DSS requirements while university and healthcare organizations can use TDE to safeguard social security numbers and other sensitive information. Encryption plays an especially important role in safeguarding data in transit. Oracle Advanced Security network encryption protects data in transit on the intranet from network sniffing and modification. Oracle Advanced Security TDE protects sensitive data on disk drives and backup media from unauthorized access, helping reduce the impact of lost or stolen media.


Data Center TCO – A Comparison of High-density and Low-density Spaces sponsored by Intel

Posted: 24 Jul 2008
Published: 01 Jan 2007
Format: PDF
Length: 12 Page(s)

ABSTRACT:
One of the most common misconceptions in this period of growth is that the total cost of ownership (TCO) of a new data center is lower with a low-density design. In fact, the most efficient new data centers are those with high-density designs, which leverage virtualization to reduce TCO by millions.

This white paper explains why and offers suggestions for successful operations in the high-density data center. Key considerations include:

* Airflow distribution challenges
* Server uniformity
* Airflow velocities
* Hot aisle temperature

Posted in Whitepapers | Tagged: , , , , | Leave a Comment »

Using Nmap to detect rogue Wireless Access Points

Posted by Jaime Raphael Licauco, CISSP, GSEC on November 6, 2008

Pauldotcom interviewed Gordon “Fyodor” Lyon (the Nmap dude) back in Sept 24. Check out the transcript of the interview here.

Direct audio download of the show can be found here.

If you use Nmap, Paul Asadoorian, GCIA, GCIH (who started the website), also released a script for the new version of Nmap (4.76) here.

Other wireless tools you can use can be found in the Top 5 Wireless Tools page of the insecure.org site. The likes of Kismet, NetStumbler, Aircrack-ng, Airsnort and KisMac are all there.

I am both amazed and appalled by the current state of wireless security in the Manila area. Although its probably better than when Van Hauser checked it out back in 2004, users still aren’t aware of how dangerous it is to pass off confidential or private information using wireless access points. Back in June 2008, Inquirer posted this on the FBI warning wi-fi users.

Recent articles regarding cracking of Wireless Access Points using Nvidia cards can be found in SCmagazineUK and Heise Security.

A dated (May 2007) blog on WPA cracking might be interesting to you, an even older video (2005) with a really annoying soundtrack can also be found online. You may also want to check this out.

On the lighter side, I found two articles on hacking for smartbro. Here and here. One of which should be reserved for April fools, the other for more adventurous people.


Speaking on wireless security and its problems, here’s a 36 minute video from the IT Briefing Center on
The Evolution of the Wireless Enterprise: Networking in a World Without Wires sponsored by Motorola. It talks about the cost savings of going wireless, additional benefits of going wireless and there’s a case study they cite on using wireless for the healthcare industry.


On a totally different topic, and since I can’t get enough of web app security (aside from security metrics), here’s a 25 minute podcast by Gartner, sponsored by IBM entitled, “Stay Ahead of the Hackers: Strategies to Protect your Web Applications – and Your Organization“.


Gartner also has a 27 minute video on “Using Secure Remote Management to Drive the Convergence of IT Operations and Security Compliance” also from the IT Briefing Center.

Posted in Philippines, Wireless | Tagged: , , , , , , , , , , , , | 2 Comments »