- 10 ways the Chinese Internet is different
- Hacker writes rootkit for Cisco's routers
- Verizon snares $678 million federal network deal
- Cisco loses $2 million order to Nortel
- HP buys EDS for $13.9 billion
Hacker writes Cisco rootkit; Microsoft launches online telescope. Listen now!
Wireless dangers at airports. Listen now!
Migrating to a new messaging system is a tedious, complex and risky process. And since this isn’t something you do everyday, you need to know "best practices" to ensure a successful migration.
Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.
There are many compelling reasons for virtualizing Windows and Linux applications. Virtualization improves server utilization by allowing you to run multiple workloads on a single physical server. It reduces the number of physical servers you have to maintain, while allowing you to use less physical space and power while still improving scalability. All of these capabilities translate directly into lower costs, less complexity, and greater flexibility in your mixed IT environment. Register below to learn more and be entered to win an Archos 605 Portable Media Player.
The 3G Punch? There have been good 3G phones out for months and months and years.- Anonymous
My company is revamping its network security plan. What tools should I use to develop up-to-date policies, and are there any tools that make this easier?
Security is an ever moving target that must be continually managed and refined to ensure appropriate confidentiality, integrity, and availability of the services and systems that are critical to your business, as well as the valuable information that is often at the heart of the organizations we defend.
The stream of news stories highlighting loss of customer information and proprietary data (among other drivers) are prompting many of us to take a step back and re-evaluate the infrastructure at large, and our security tools within that infrastructure.
In your case, you're wondering how network tools can help in creating up-to-date security policies.
A flippant, and I suspect prevalent, answer to your question would be that tools aren't for developing policy, they're for helping to enforce your policy. Such a view falls short in my opinion, because while policy enforcement may be a tool's greatest contribution to your security program, our tools often log activity that we can channel into a feedback loop that informs changes to policy. In other words, knowing what the tools are uncovering positions us to use this information to evolve (or update, if you prefer) our security policies.
Your question asks for specifics though, and I'll offer what advice I can.
There are well known, bread and butter tools that often aren't though of as policy tools. However, many of them can have a role in shaping your policy if you use them that way.
Vulnerability scanners - these scanners can help you determine patching policy. Once you know what vulnerabilities are exposed, you can make decisions about what can and can't be tolerated in the environment, timeframes and patching SLAs, and firewall rules.
Application security scanners - can inform your decisions about secure coding standards, and whether you make any investment in code scanning technology to help automate both implementation and enforcement of any standards you put in place
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com The Industry Standard IDG List Services |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
