Network Security Premium Article Archive

This Premium Article Archive offers the last 12 months of articles from Network Security. Each summary takes you through to our Science Direct Pay Per View service which will allow you to buy 24 hour access to the article for just $30.

NB. Subscibers to this publication can view these articles for free through the subscriber zone.

Like to subscribe? Click here for details

Spyware: more than a costly annoyance - January 2006 - FREE!

Dig yourself out of the data crater – database security isn't new, so why can't we get it right? - October 2005 - FREE!

Network Security
Volume 2006, March 2006

Securing online business with SSL
Steve Waite, Director

While it has become more convenient to do business online, it has also become more difficult to ensure reliable and secure data exchange and communications. Continually evolving security threats and changing regulatory standards can make maintaining a trusted online environment a challenge for any size enterprise. In this article, we'll prioritise our recommended security practices for building online trust both inside and outside your enterprise.

Network Security
Volume 2006, March 2006

Web Injection Attacks
David Morgan

This article will be the first in a series that will review web application security issues and provide suggestions on how to avoid the classic pitfalls. This particular article will discuss code injection and specifically cross site scripting. Injection into application elements other than the web server and the client (i.e. SQL injection) will be discussed in later articles.

Network Security
Volume 2006, February 2006

The hacker's top five routes into the network (and how to block them)
Peter Wood , Chief of Operations

Stealing corporate data has never been easier. So says a penetration tester writing in this issue: and he should know – he's clocked up 10 years of hacking experience, from both inside and outside organizations.

Network Security
Volume 2006, March 2006

New threat of Apple Mac OS X
Bruce Potter

Attention has swung back to Apple with the news that it is now worth more than Dell – in terms of market capitalisation. Yet in the security world Apple equipment is not getting the attention it requires – with remarkable complacency in particular over Mac OS X.

Network Security
Volume 2006, February 2006

Identity theft - dodging the own-goals
Andrew Philpott, Vice President

A chronic reduction in system performance caused by spyware translates alone into harmful effects for the organisation. But for those relying on a distributed network, a spyware epidemic can also pose serious risks of information loss.

Network Security
Volume 2006, February 2006

Replacing passwords: in search of the secret remedy
Steven Furnell and Leith Zekri

Let's face it, the password hasn't become the most common technique for authentication because of its successful track record. Ever since April 2004, when a test conducted for InfoSecurity Europe showed that more than 70% of London commuters were willing to disclose their password in return for a bar of chocolate, things have never looked quite the same.

Network Security
Volume 2006, January 2006

Spyware: more than a costly annoyance
Dario Forte

A chronic reduction in system performance caused by spyware translates alone into harmful effects for the organisation. But for those relying on a distributed network, a spyware epidemic can also pose serious risks of information loss.

Network Security
Volume 2006, January 2006

Email security best
Mark Sunner

The convergence between spam and viruses has given rise to a far more insidious problem than we've previously experienced. Until recently spam and viruses have been talked about in isolation, viewed as something entirely separate, both with their own unique set of issues and accompanying detection techniques. If only…

Network Security
Volume 2005, Decmber 2005

Return on security investment – proving it's worth it
Adrian Davies

The pressure is mounting on security professionals to justify what they spend. But up to now proving return on investment has proved very tricky – and frustrating.

Network Security
Volume 2005, Decmber 2005

Biometrics for enterprise security
Mark Crosbie

‘You can't leave your finger behind,’ as biometrics fans never tire of telling us. In fact biometrics have been promoted as a ‘foolproof’ way to authenticate an individual's identity. But how much should we trust those claims?

Network Security
Volume 2005, October 2005

The end of zero days?
Bruce Potter

For attackers intent on stealing information, it is unlikely that what they are after is lying around in flat files stored on Internet facing servers. More likely it is located in a database, tucked away on the corporate network.

Network Security
Volume 2005, October 2005

Dig yourself out of the data crater – database security isn't new, so why can't we get it right?
Kev Dunn

For attackers intent on stealing information, it is unlikely that what they are after is lying around in flat files stored on Internet facing servers. More likely it is located in a database, tucked away on the corporate network.

Network Security
Volume 2005, March 2005

Authenticating ourselves: will we ever escape the password?
Steven Furnell

Computer systems face continually evolving threats but one bugbear that just won't go away is the vulnerabilities that arise through using passwords for authentication.

Passwords have haunted infosecurity professionals since before 1979 and yet they still appear without fail in the SANs list of critical vulnerabilities year after year. In fact Bill Gates is so aghast at passwords that he relegated them to history in his speech at the RSA conference in February. But despite Gate's wishes passwords are unlikely to disappear in the foreseeable future. In many cases a risk assessment may genuinely suggest that the adverse impacts of moving to alternative methods would outweigh those likely to result from password misuse. But it is also fair to say that the continued reliance on passwords could be due to the inertia of some organizations to introduce other methods.

Passwords have long been a source of discontent as a means of identification. But they are still being used and the problems associated with them still continue unresolved.

Network Security
Volume 2004, June 2004

When vulnerability reports can work against us
Steven Furnell

Researchers documented 2,636 new vulnerabilities during 2003, seven per day, of which 70% were easily exploitable.[1] Clearly vulnerabilities in software products remain a big problem despite increased attention from security vendors and initiatives such as Microsoft's Trustworthy Computing strategy.

Network Security
Volume 2004, June 2004

Hack Chaining: Attacks that become possible when a server is compromised
Chris Paget

All compromises of a network start with a single server. The class of server dictates what attacks come next, and they might not be what you expect.

This article explains different attacks that become possible when a single server has been compromised, and provides evidence that an attacker can turn any compromise into a network-wide compromise with a little patience, time, and knowledge.

Network Security
Volume 2004, June 2004

A short course in anti-virus testing: seven simple rules for evaluating tests

Not all anti-virus software tests are equal. Sarah Gordon of Symantec takes us through seven easy ways to see if the results that you like so much are really telling the whole story about the software.

Network Security
Volume 2004, April 2004

Migrating to the .NET platform: an introduction
John Heasman

This article is intended as an introduction to Microsoft .NET; it discusses the components that make up .NET and the main security features that they provide. It is aimed at readers with an average technical understanding who are looking to migrate from other platforms.

Network Security
Volume 2004, April 2004

Security in network attached storage (NAS) for workgroups
Eve Edelson

Network-attached storage (NAS) is a relatively simple and inexpensive way to serve files over a network in a cross-platform environment. NAS devices face the same security challenges as other network components. This article discusses how NAS fits into the world of IP storage, some security features present in (and missing from) NAS devices, and some security considerations in choosing a NAS.

Network Security
Volume 2004, February 2004

Assessing administrators' use of security analysis tools
Steven Furnell and Stamatis Bolakis

This article examines how security administrators are using security analysis tools today and their attitude to such tools. The investigation involved research to explore the views and approaches of administrators themselves.

Network Security
Volume 2003, September 2003

Threats and Solutions to Web Services Security
Stuart King, CISSP

It is difficult to sum up what a Web Service is in a few words. My own effort begins "A Web Service encapsulates a business practice and places it directly onto the Internet." This brief sentence does no justice whatsoever to the power and flexibility of Web services, but does indicate the essential importance of the technology; i.e. the promise of fast-to-market solutions for businesses wanting to expand both their Internet product suite and their own internal network-based processes.

Network Security
Volume 2003, March 2003

The MS-SQL Slammer Worm
E. Eugene Schultz, Jim Mellander and Daniel R. Peterson

The MS-SQL Slammer worm (also called the "Sapphire worm" and "SQL-Hell worm") is the latest in the series of Internet worms that have spread widely during the last few years. This article describes the mechanisms and effects of this worm, critiques the source code, and presents "lessons learned" from first-hand experience in dealing with this worm.

Network Security
Volume 2002, December

Guidelines for Securing Apache Web Servers
By Dr Eugene Schultz

The Apache Web server is currently the most frequently deployed Web server. After hearing about all the problems with Microsoft's Internet Information Server (IIS), you may assume that Apache must be considerably easier to secure. This assumption is to some degree true -- although Apache is by no means perfect from a security perspective, you will not have to do as many things to secure your Apache server(s). In fact, ensuring that scripts that run on your Web server are secure is likely to be your greatest challenge -- creating secure scripts is a challenge, anyway, no matter what Web server you use. Still, you'll have to do some work to make Apache able to resist most attacks. These guidelines present the measures needed to achieve baseline security in Apache Web servers.

Network Security
Volume 2002, October

When to Review Security -- Timing is Everything...
By Piers Wilson

Many people are now aware that at some point in the lifecycle of a project or system it is prudent to conduct a security review. In some cases, for internal audit requirements or connection to outside networks, the process of undertaking a formal security review prior to `go live' is rigidly enforced. I hope to explain in this article where the security review process can sit in the project or system lifecycle and outline some of the benefits that may be derived from tackling this earlier, rather than later, in the development process.

Network Security
Volume 2002, September

Firewalls, Intrusion Detection Systems and Vulnerability Assessment: A Superior Conjunction?
By Piers Wilson

In an environment where the threats are constantly evolving there have been rapid developments in both the technology of security tools and the way that they are packaged commercially. Amongst these tools are firewalls, vulnerability assessment (VA) and intrusion detection systems (IDS). This article considers how these three key technologies interact and attempts to answer the question: "Is this simply a case of more technology and cost, or does a combination of these systems provide real advantages?" In order to assist that assessment, a review of these three technologies is provided, with a comparative summary