In Depth

In Depth

• Fujitsu exec says SAS may take years to hit your array

  Fujitsu's product development VP talks about the development of SAS, why Fujitsu won't be competing with Hitachi's 1 TB drive and the Star-Trek-like future of disks.  Continue Reading

• VoIP security monitoring gets proactive

  VoIP security and traffic monitoring have become imperatives, but it can still be tricky on a converged VoIP and data network.  Continue Reading

• Quiz: Defending mobile devices from viruses, spyware and malware

  A five-question multiple-choice quiz to test your understanding of the content presented in Defending mobile devices from viruses and malware lesson of SearchSecurity.com's Messaging Security School.  Continue Reading

• Vendors: Cut the hype, truth is what sells

  Storage virtualisation technologies have been purchased and implemented successfully for years. The rest of the IT infrastructure must try to catch up and, ultimately, the only thing not virtualised within the datacentre will be the last guy ...  Continue Reading

• TJX gets little sympathy from blogosphere

  TJX is taken to task by security bloggers for waiting until after a massive data breach to take steps to bolster its security.  Continue Reading

• TJX breach: There's no excuse to skip data encryption

  Companies complain that database encryption products are too expensive and difficult to manage, but customer loss and breach notification costs outweigh encryption expenses.  Continue Reading

• EqualLogic CEO says IPO on the way

  EqualLogic's CEO talks about the company's plans to go public, its intent to add 10 GigE to its products and why he thinks not all iSCSI products are created equal.  Continue Reading

• PatchLink offers solid flaw management

  PatchLink Update 6.3 is a solid solution to the enterprise patch management problem and demonstrates its true power in a Windows environment.  Continue Reading

• WiMax clearing path to mainstream

  A number of industry moves have made WiMax almost ready for the mainstream. But there's good news and bad news to consider before making the move.  Continue Reading

• Federal government pushes full-disk encryption

  Businesses need to follow the federal government's lead in reducing data breaches by holding employees responsible and examining full-disk encryption (FDE) products.  Continue Reading

• Inside MSRC: Microsoft updates WSUSSCAN issue

  Christopher Budd of the Microsoft Security Response Center is urging customers to deploy the latest versions of the Systems Management Server Inventory Tool for Microsoft Updates or Microsoft Baseline Security Analyzer to receive all the current ...  Continue Reading

• Why don't we have clustered FC block storage?

  Is it odd that the industry has made such serious strides toward incorporating clustering concepts in both file-based storage and IP -based storage, but not Fibre Channel storage?  Continue Reading

• Adobe Reader flaws spook security experts

  Security experts sound the alarm over Adobe Reader flaws that could be exploited for cross-site scripting attacks and other mayhem.  Continue Reading

• Top Web security tips of 2006

  Check out the top five Web security tips of 2006 to get advice on securing Internet Explorer, ISA Server and Radius and a set of tools designed to secure the Web browsing experience.  Continue Reading

• Storage Outlook '07: In search of better data management

  Brian Peterson, storage architect for a Midwest-based Fortune 100 company, says better data management and business processes will be the main goal in 2007.  Continue Reading

• Security pros glean insight from '06

  Corporate acquisitions, an abundance of spam, and the White House's take on cybersecurity mark 2006.  Continue Reading

• Storage Outlook '07: Seeking better backups and archives

  Tom Becchetti, senior infrastructure engineer for a major national financial services company, says compliance, backup and archiving will be top priorities in 2007.  Continue Reading

• Top 10 mobile tips of 2006

  Review of the popular mobile technical tips of 2006 from our stable of mobile experts; Lisa Phifer, Craig Mathias, Daniel Taylor, Kevin Beaver and Robbie Harrell.  Continue Reading

• Top Windows server hardening tips of 2006

  Check out the top Windows server hardening tips of 2006 for helpful advice on domain controller penetration testing, security tips for the Windows Server 2003 OS and more.  Continue Reading

• Top client security tips of 2006

  A network user without the proper know-how is a ticking time bomb when it comes to security. Check out our top five client hardening tips of 2006 to get a head start on protecting yourself from potentially dangerous users.  Continue Reading

• Cleversafe envisions a new world of storage

  An organisation led by the inventor of the wireless thin client aims to combine storage and the Internet, and change how we think of both storage and computing.  Continue Reading

• Top network security tips of 2006

  The top Windows networking security tips of 2006 cover a range of topics, including network isolation, open source Windows security tools, VPN security and more.  Continue Reading

• Enterprises are open to Asterisk

  Organisations have become so comfortable with VoIP and standards that open-source technologies like Asterisk are being given serious consideration over big iron PBX platforms. Learn all about Asterisk here.  Continue Reading

• Top storage tips 2006

  What's on the minds of storage techies. What's hot, what's not, what works, what doesn't work. These expert tips cover the storage issues that take top honours when it comes to disaster recovery, NAS, SAN, backup and storage management.  Continue Reading

• Review: Prevx1 not ready for prime time

  Prevx1 will require significant improvement in management and detection capabilities before it can be considered a serious contender for enterprise deployments.  Continue Reading

• Review: Reconnex's iGuard needs improvements

  Reconnex's iGuard is maturing, though it still needs some usability improvements such as wizards, customisable reports and the ability to drill down on the graphs.  Continue Reading

• Review: Deep Security is a solid IPS

  Third Brigade's Deep Security is a well-designed, effective product with strong configuration and policy control capabilities.  Continue Reading

• Review: Lancope StealthWatch 5.5 offers more than IDS

  Hot Pick: StealthWatch goes far beyond traditional intrusion detection, with powerful network-monitoring features. The optional IDentity-1000 is an essential addition.  Continue Reading

• Hot technologies for 2007

  "Storage" magazine's editors reviewed technology developments, product introductions and storage standards to come up with this short list of must-have technologies for 2007.  Continue Reading

• Microsoft Vista could improve Internet security

  Two new Microsoft Vista features -- Kernel Patch Protection and User Account Control -- could prove especially useful in preventing serious malware infections.  Continue Reading

• Storage Decisions Session Downloads: Smart Shopper Track (LV 2006)

  Very few storage managers have carte blanche when it comes to storage spending. Sessions in our "Smart Shopper track" help managers get the most bang for their storage buck.  Continue Reading

• Storage Decisions Session Downloads: Architecture Track (LV 2006)

  More than 70% of the attendees of Storage Decisions say they are setting up or evaluating a tiered storage architecture. Featured in this track are Tiered Storage School sessions along with other sessions that can help any manager set up or ...  Continue Reading

• Storage IPOs, brilliant or brainless

  Just when we thought the fast and loose spending of the dot-com bubble was well behind us, a few recent storage company IPOs remind us that we really haven't gotten a lot smarter.  Continue Reading

• Inside MSRC: Visual Studio flaw, tool extensions explained

  Christopher Budd of the Microsoft Security Response Center sheds detail about a flaw in Visual Studio 2005 and explains that support for Software Update Services 1.0 will be extended.  Continue Reading

• Infrastructure security: Remote access DMZ

  An excerpt from Chapter 7: Infrastructure security from "How to Cheat at Managing Information Security," by Mark Osborne.  Continue Reading

• Storage Decisions Session Downloads: Engineering Track (LV 2006)

  Managers need to engineer the most flexible and complete storage network. This track looks at SAN and NAS issues, distance demands, remote offices and how to build out systems.  Continue Reading

• Storage Decisions Session Downloads (NYC 2006)

  Take a look at the sessions that floored at the Storage Decisions conference in New York City, September 27-29, 2006.  Continue Reading

• Zero-day tracker a hit, but IT shops need better strategy

  This week in Security Blog Log: Reaction to eEye's new zero-day tracker is positive, but some experts say it won't help unless IT shops have a layered defense to start with.  Continue Reading

• MySpace, YouTube successes open door to Web 2.0 dangers

  Web 2.0, and Ajax in particular, are introducing new threats to life on the Web. Many people are rushing to add interactive features to their Web applications using Ajax, but as columnist Mike Cobb explains, security has often been overlooked.  Continue Reading

• Active Directory security school: Set up and configuration

  An Active Directory security lesson.  Continue Reading

• Active Directory security school: Maintenance and testing

  This is lesson three of our Active Directory security school.  Continue Reading

• Active Directory security school: Management

  Lesson two of the Active Directory security school.  Continue Reading

• Active Directory Security School

  An improperly configured Active Directory can render the rest of your security measures useless. So how can you protect yourself from a hacker with their eyes on your AD? How can you recover from such an attack? Find the answers to all of your AD ...  Continue Reading

• Recordless email: magical or menacing?

  A new startup promises recordless email. Is this a stroke of genius that will reward the company with billions of Internet bucks, or is it the end of the world as we know it?  Continue Reading

• Managed and hosted VoIP: muddling through

  For companies looking for an alternative to a premise-based phone system, there are plenty available, and they come in all shapes and sizes. Get a clearer understanding of exactly what's available so you can ask the right questions to get the ...  Continue Reading

• Is the SANS Top 20 still useful?

  This week in Security Blog Log: Some experts ponder whether the SANS Institute's Top 20 vulnerability list is as valuable than it once was. Others weigh in on the VoIP threat.  Continue Reading

• Security Blog Log: Sailing a sea of spam

  This week, bloggers struggle to purge their bloated inboxes. Their experiences lend weight to recent studies showing a breathtaking spike in spam.  Continue Reading

• Security Blog Log: Dissecting Firefox 2.0

  This week, bloggers examine the security features of Firefox 2.0 and come away with mixed reviews. Does it fare better than Internet Explorer 7?  Continue Reading

• Review: Arbor Networks' Peakflow X 3.6

  Hot Pick: Peakflow isn't cheap and requires an intimate understanding of data flows, applications and network infrastructure. But the investment will pay dividends.  Continue Reading

• Review: Network Intelligence's enVision

  enVision offers excellent value and is highly configurable, though typically that means you have to put a lot into it to get the most out of it.  Continue Reading

• Download Advanced Storage Guide Chapter 2: Backup/Data protection (PDF)

  A printable version of our Advanced Storage All-In-One Guide. Download Chapter 2: Backup/Data protection in .pdf format now.  Continue Reading

• VoIP convergence: Managing staffing issues

  Companies making the transition to IP telephony must find a way to converge their voice and data networks -- and the employees who work on them.  Continue Reading

• Production databases find a home on IP SANs

  Dow Chemical will be cutting costs with a NetApp system; AirClic goes with EqualLogic's newest SAS array after evaluating both NetApp and EMC.  Continue Reading

• Download Advanced Storage Guide Chapter 1: Storage components (PDF)

  A printable version of our Advanced Storage All-In-One Guide. Download Chapter 1: Storage components in .pdf format now.  Continue Reading

• What storage managers are buying and why, page 4

  What storage managers are buying and why  Continue Reading

• What storage managers are buying and why, page 5

  What storage managers are buying and why  Continue Reading

• Nokia E62 thin mobile productivity device

  In this product review, John Shepler weighs in on Nokia's new E62 mobile device for Cingular Wireless.  Continue Reading

• Strategy clinic: Deciding which activities to measure to provide meaningful insights

  I have always believed in 'doing' rather than self-monitoring, but reluctantly agree that the IT department needs to provide meaningful metrics on its activities. We have no shortage of things to measure, but how do we decide which are the most ...  Continue Reading

• Nmap Technical Manual

  By now, most infosec pros have heard of Nmap, and most would agree that even though the popular freeware tool is invaluable, installing, configuring and running it in the enterprise is no easy task. With that in mind, SearchSecurity.com, in ...  Continue Reading

• Security Blog Log: Taking Google Code Search for a spin

  This week, the blogosphere is buzzing about Google Code Search. Despite concerns that the tool will aid attackers, some see it as a boost for security.  Continue Reading

• Inside MSRC: Public vulnerability disclosures on the rise

  Even though irresponsible publicly disclosed vulnerabilities seem to be on the rise, Microsoft's Christopher Budd discusses how the software giant was able to quickly release a fix for the recent VML flaw, plus offers best practices on how to make ...  Continue Reading

• School district expels outsourced backup, enrolls CDP

  Revere School District dumps tape and outsourced backup, and deploys SonicWall's continuous data protection product.  Continue Reading

• Test your IQ: Business continuity -- ANSWER

  This type of plan specifies a means of maintaining essential services at the crisis location.  Continue Reading

• DPM's Diary: 3 October 2006

  Monday  Continue Reading

• Alliance and Leicester to overhaul core systems

  Alliance & Leicester has announced plans replace many of its core banking systems with Accenture’s Alnova Financial Solutions banking platform under a three-year IT-led business transformation programme.  Continue Reading

• ZERT rekindles third-party patching debate

  This week in Security Blog Log: IT security pros express more reservations about third-party patching, including the CEO of a company that released one a few months ago.  Continue Reading

• PING with Suzanne Hall

  In this exclusive interview with Information Security magazine, Suzanne Hall, AARP director of IT operations and security, examines how security professionals can enable telecommuters and mobile workers while keeping their data secure.  Continue Reading

• More from SearchSecurity September 2006

  This month's round up weighs the pros and cons of security information management systems (SIMs) plus four case studies illustrating the different roadblocks security managers can encounter  Continue Reading

• On privacy laws, every state is one of confusion

  It's getting increasingly difficult for US firms to comply with regulations . David A. Meunier feels that it's time to develop safeguards and processes for this ever-changing regulatory environment.  Continue Reading

• Top 5 free Windows security downloads

  The place where you can find free tools that help you crack passwords, remove troublesome spyware and enhance network security. Check out our five most popular tools and find out what you've been missing.  Continue Reading

• Symantec Dark Vision app monitors underground IRC servers

  New research project keeps tabs on the hacker underground, providing new insight on activities like credit card theft and spamming.  Continue Reading

• NetApp operations chief talks growth

  Tom Georgens, executive vice president and general manager at NetApp -- also rumoured to be in the running as next CEO -- discusses what's driving its growth.  Continue Reading

• Storage upstarts are tipping the vendor scales

  The big storage vendors are always trying to steal a piece of each other's pie. But some small tech upstarts might play big parts in determining who comes out on top.  Continue Reading

• Security Blog Log: Word doc scam evades spam filters

  Also this week: A researcher gets a harsh reward after flagging a University of Southern California Web site flaw, and more blogs are keeping an eye on the latest security breaches.  Continue Reading

• Protecting wireless networks: Step 3

  Security testing expert Kevin Beaver covers the tools and techniques needed to find and exploit insecure wireless networks.  Continue Reading

• Protecting wireless networks: Step 2

  Security testing expert Kevin Beaver covers the tools and techniques you'll need to find and exploit insecure wireless networks.  Continue Reading

• Wireless network security testing

  Attack your own wireless networks to find vulnerabilities before malicious hackers do.  Continue Reading

• Identity and Access Management Security School

  This Security School explores critical topics related to helping security practitioners establish and maintain an effective identity and access management plan.  Continue Reading

• Risk management: Data organization and impact analysis

  This first article of the Insider Risk Management Guide explains how to data organization is the first step in implementing insider threat controls.  Continue Reading

• Risk management: Baseline management and control

  Identifying baseline controls is the second step to implementing insider threat controls as described in this article from SearchSecurity's Insider Risk Management Guide.  Continue Reading

• Risk management: Implementation of baseline controls

  This fourth article in the Insider Risk Management Guide examines the implementation of baseline controls.  Continue Reading

• Risk management references

  References for our Insider Risk Management Guide.  Continue Reading

• Risk management audit

  This article explores the audit function in the insider risk management process.  Continue Reading

• Look through the over-hyped storage terms; find the value

  Storage expert Marc Staimer discusses the storage vendor trend of using over-hyped terms to sell their products, and how you can find the true value in what they're selling.  Continue Reading

• Security blog log: Fear and loathing in MS06-040's wake

  This week, security bloggers wonder if some of the MS06-040 warnings have gone too far. Meanwhile, Symantec uses its blog to warn about the timed release of exploits.  Continue Reading

• IT bosses preparing for Byte Night

  About 250 senior IT professionals will take part in the annual Byte Night charity sleep-out on London’s Embankment on 22 September in an effort to raise £300,000 to combat child homelessness.  Continue Reading

• Inside MSRC: Time to rethink security workarounds

  Christopher Budd of the Microsoft Security Response Center recommends implementing one of several security workarounds to ensure a secure infrastructure until this month's most important Windows update can be installed.  Continue Reading

• Thwarting IM management challenges

  Product review: Information Security magazine's Sandra Kay Miller says Symantec's IM Manager 8.0 has limited public network features, but offers excellent reporting  Continue Reading

• Akonix A-Series offers complex, best-of-breed IM security

  Product review: Information Security magazine's Sandra Kay Miller says The Akonix A-Series instant messaging security appliances works well but needs better documentation.  Continue Reading

• Countering attackers with NAC, IPS

  Product review: Information Security magazine's Wayne Rash says ForeScout Technologies' flexible CounterACT appliance combines NAC with IPS and is worth the investment.  Continue Reading

• Security event management, no strings attached

  Product review: Information Security magazine's Joel Snyder says Check Point's vendor-agnostic Eventia Analyzer 2.0/Eventia Reporter is worth consideration despite limited BI options.  Continue Reading

• Are smaller companies storage-stupid?

  Storage guru Jon Toigo questions the buying process of storage in SMBs .  Continue Reading

• Endpoint security quiz answers

  The answers to the Endpoint quiz  Continue Reading

• Web services represent security's next battlefront

  The evolution and mainstream use of Web services has placed the nascent technology in the crosshairs of attackers, and one firm in particular says it can mitigate the threats.  Continue Reading

• PING with Heidi Kujawa

  Heidi Kujawa, director of enterprise architecture services for Sony Pictures Entertainment, explains how combatting piracy takes more than just keeping bootleggers out of the theatres  Continue Reading

• Beyond HIPAA and GLBA

  Most firms are familiar with HIPAA, Gramm-Leach-Bliley and Sarbanes-Oxley, but newer regulations are pushing certain industry sectors to adopt strong authentication  Continue Reading

• Automated provisioning quiz answers

  the key questions answered  Continue Reading

• Authenticating Windows

  Three options for Windows authentication with eSSO clients.  Continue Reading

• Endpoint security quiz

  Take this five-question quiz to see how much you've learned about endpoint security.  Continue Reading

• Inside MSRC: Debunking Excel exploits

  Microsoft's Christopher Budd puts the magnifying glass to Microsoft's July bulletinsand says one alleged Excel exploit isn't what it seems.  Continue Reading