- 10G Ethernet powers glitzy Vegas resort
- Top 50 tech visionaries
- Six free security tools
- Feds encrypt 800,000 laptops
- New open source DNS server released
Rss FeedRss Feed
Single sign-on in a Web 2.0 world. Listen now!
BitTorrent blocking; SQL injection attack. Listen now!
Before now, midsize customers settled for either an expensive and complex array or low cost solution that lacked functionality. Now experience virtual storage with enterprise class functionality at an affordable price.
Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.
IT professionals like the idea of consolidating hundreds of servers into only a few, but it takes a lot more to cost effectively consolidate and virtualize servers. Watch this six-chapter webcast, "Reduce Complexity and Cost - Windows Server Consolidation with Virtualization" to learn how to effectively consolidate your Windows environment. One of the themes explored includes the characteristics of an orchestrated data center, which includes: Resource management, dynamic provisioning, job management, policy management, accounting and auditing and real-time availability. Learn more about orchestration and much more today. Register below to learn more and be entered to win an Archos 605 Portable Media Player.
Frank's response is exactly what you would expect from the old guard. The old guard said the same thing...- mclynd
Eugene Spafford, one of the nation's leading experts on information security, is director of the Center for Education and Research in Information Assurance and Security at Purdue University. Network World Senior Editor Carolyn Duffy Marsan recently sat down with Spafford at his West Lafayette, Ind., office to talk about the latest security threats and what network executives can do to mitigate them. Here are excerpts from their conversation:
Click to see: Eugene Spafford, information security expert
What do you see as the top three information security threats that are most likely to hit U.S.-based multinationals?
One of the biggest threats we have right now is deployment of resources intended either to save on cost or enhance features without thinking through the consequences. VoIP and wireless fall in this category. They have failure modes that are very different than what they are replacing and are not well understood. Perceived cost advantages are driving these technologies, but that is overcoming the caution that should be in place. That's a threat not in the sense of a particular attack, but it is a systemic problem that leads to weakness in security posture and therefore may lead to attacks.
A second threat is a softening, if not disappearing, of the network perimeter. For a long time, we were able to get some semblance of securing the enterprise by establishing firewalls and [demilitarized zones] and maintaining the somewhat guarded perimeter. Now with BlackBerries, PDAs, wireless, executives traveling and using the Internet in hotel rooms, and people with VPN access from home systems, the perimeter is an illusion. But security policies and technologies have not kept up with that change. A big vulnerability in many environments is that you still have policies and people viewing the enterprise as protected with a firewall, and that's simply not the case.
A third threat is an overreliance on a small set of suppliers. We have too many enterprises that have everything running on the same hardware, the same operating system, the same database, the same network routers. Even their security systems are from one vendor. I don't mean to pick on a particular segment of the market or a particular vendor, but we see this homogeneity up and down the stack. The difficulty this brings is that the whole organization can fall with a weakness or failure of one platform type. That's very bad from an operational security point of view. This trend is driven by cost and convenience, but people simply aren't thinking about the potential cost of dealing with a disaster. Not having diversity in place applies to everything from viruses to break-ins to denial of service to potentially even bad bugs and vendor failure.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com The Industry Standard IDG List Services |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
