Alternatives to Desktop Lockdown

This is another post based on notes from the Gartner Information Security Summit. Neil MacDonald gave a talk titled Five Alternatives to Desktop Lockdown: Balancing Control and Creativity. Desktop Lockdown has failed. But so has complete freedom. So what do you do? From an operational perspective, desktop lockdown was performed to reduce the number of …

Continue reading ‘Alternatives to Desktop Lockdown’ »

Debra Wheatman on How to Sell Yourself to Management

The second talk I attended on Sunday at the Gartner Information Security Summit was Debra Wheatman on How to Sell Yourself to Management. Debra is the Chief Career Strategist with ResumesDoneWrite. At work one of our stated goals is “to grow and live the $company brand.” In this talk Debra reminds us “You’re always selling …

Continue reading ‘Debra Wheatman on How to Sell Yourself to Management’ »

MessageLabs Adds Public IM Security Service

This is interesting. After I wondered yesterday about the applicability of IM security products that ignore social networks, MessageLabs announced the launch of a new public IM security service. The solution does not address any of the problems I mentioned. The press release mentions AOL’s AIM, Yahoo! Mail and Microsoft MSN, but does not mention …

Continue reading ‘MessageLabs Adds Public IM Security Service’ »

Instant Messaging Security

As I upgraded my Symantec IM Security server last week, I thought about the state of Instant Messaging security. These thoughts are based on my experience with Symantec’s products. I only briefly looked at the websites of Akonix and Facetime to see what they could do. I’m not up on their current releases. When we …

Continue reading ‘Instant Messaging Security’ »

ISA 2006 and Forms Based Authentication

I’ve been working on upgrading ISA 2004 to ISA 2006 (on new hardware as well). We use SecurID authentication at ISA, and then Forms Based Authentication on the Front End OWA server. While this had worked fine with ISA 2004, it didn’t work at all under 2006. A quick Google found one post on a …

Continue reading ‘ISA 2006 and Forms Based Authentication’ »

Google’s Continued Denial of Service Attacks

Its bad enough when Google can’t keep their G-Mail servers up. Its worse when they screw up causing all search results to have a security warning. Its worse again when they force you to fill out a captcha to perform a search because some algorithm has decided that you’ve searched to much, or searched for …

Continue reading ‘Google’s Continued Denial of Service Attacks’ »

Link: So you think you want a job in computer security

I saw this linked from Lenny Zeltser’s Twitter. Securology’s So you think you want a job in computer security. The security operations all too true. Here’s part: The worst part about SecOps is that you’ll either realize you’ve hit your Peter Principle with that job, in which case it’s time to spend all of your …

Continue reading ‘Link: So you think you want a job in computer security’ »