What We’re Reading, Week of 12/7

Posted: December 10, 2009 in Highlights

RSA Blog…
VPN Man-in-the-Middle Attacks: Fact or Fiction?
In this post, Mischel Kwon speaks about the US-CERT warning issued in November about a not yet exploited vulnerability in SSL VPNs by using a man-in-the-middle attack.  While it was beneficial for people to be made aware of this attack, there are no reports of it being successful. He suggests implementing the US-CERT recommended mitigations: limit URL rewriting to trusted domains, limit VPN server network connectivity to trusted domains and disable URL hiding features. He also encourages people to contact their VPN vendors for more strategies.

The Tech Herald…
Protecting the Company as Employees Travel During the Holidays
This article by Steve Ragan discusses how businesses will want to protect their employees and their assets while they take their work home with them during the holidays. As more employees work remotely during their time off, holiday travel can present threats to companies due to unintentional data loss, leakage, and privacy problems. We recommend connecting to your company’s network through a VPN to help prevent potential threats.

Jupdi Blog…
DirectAccess Takes Place of VPN for Windows 7
This post by Gregg Housh discusses Microsoft’s DirectAccess feature for Windows 7, enabling employees to connect to their office network remotely.  There is a greater need for employees to be able to work from remote locations and typically, VPN solutions are used for that purpose. Gregg suggests that DirectAccess is easier to use than a VPN; however, it is only available if your company has upgraded its’ sever to 2008 R2. You can use NCP’s Secure Entry Client with your current equipment without having to upgrade.

Gartner Blog…
A Sneak Peek at the Top 10 2010 Security Technology Priorities
Every year Gartner surveys hundreds of enterprise security end users for its IT Key Metrics benchmarking database and publishes a high-level view of its findings. In this post, Adam Hills gives us a sneak peek at the “Top 10 Security Priorities, Worldwide” from this year’s survey.  Here’s what made the list: Intrusion Detection and Prevention, Patch Management, Data Loss Prevention, Antivirus, User Provisioning or Identity Management, Vulnerability Assessment, Firewalls, Security Information and Event Management, Network Access Control and Remote-Access or Site-to-Site VPN.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s