network access control

Data breach costs rising

Thu, 18 Oct 2007 06:59:59 -0400

It might be time to open your company's wallet a little wider. A new study by Gartner says that data breaches are set to cost businesses 20 percent more each year through 2009. Are you ready for increasing phishing and other hack attacks that may take your system down? It's definitely a headache for any CIO. Gartner VP John Pescatore said that more attackers are using the credentials of legitimate users to sneak into secure systems. So what's a CIO supposed to do? Gartner estimates that the average business is already spending more than 5 percent of its IT budget on security, and another 7 percent on disaster recovery. The study also said that 90 percent of targeted attacks could be avoided without an increase in firms' security budgets, and said that the investments that enterprises had made in intrusion prevention, vulnerability management and network access control had largely paid off. Gartner warned that just spending more money was not the right answer. It advised CIOs to make sure that security was a top requirement for every new application, process and product. It also recommended establishing security metrics to measure spending efficiency.

To read about data breaches:
- see Washington Post article

NAC and the mobile worker

Thu, 16 Aug 2007 06:59:58 -0400

Vendors, of course, would like to close the gap between NAC interest and acquisition. To that end, Aruba Networks, a wireless switch manufacturer is talking up enhancements it has made to its NAC offerings, by specifically focusing on the security risks posed by mobile devices. The key to securing NAC acceptance with enterprises that field large numbers of mobile workers is taking an open approach to NAC. Aruba says that interoperability with third-party network access control solutions can reduce risks and address vulnerabilities, and hopefully stimulate NAC sales. Aruba has established interoperability with the three leading NAC solutions, including Microsoft's Network Access Protection (NAP), Juniper's Unified Access Control (UAC), and Cisco's Network Admission Control (NAC).

For more on NAC and the mobile worker:
- see the article in TechWorld

CIOs seek out NAC on the net

Thu, 16 Aug 2007 06:59:58 -0400

One of the more interesting high-wire acts in the enterprise IT space is how CIOs manage the tension between opening their networks to mobile workers, customers, partners and suppliers, and securing the integrity of their information resources. Network access control, or NAC, is emerging as an interesting topic of discussion in IT, because of its promise of introducing some measure of order in the chaos that is the extended enterprise. NAC is the process whereby devices are checked for security risks prior to admission onto a network. A survey conducted by ComputerWorld shows that there is still a gap between discussion and implementation of this technology. Only about 14 percent of respondents said that they apply endpoint checks for application and operating system patching; the presence of firewalls or anti-virus or anti-spyware tools; USB-attached devices; and password strength. Cost and complexity account for most of the gap between the level of checking desired and the level of checking actually implemented.

For more on the NAC report:
- read the article in Computerworld

Black Hat event cites IBM vulnerabilities

Mon, 07 Aug 2006 20:01:36 -0400

The Black Hat conference spawned another security risk alert before it ended last week, and this time it is IBM's database vulnerabilities that came under fire. As FierceCIO reported last week, the annual conference began with Microsoft and network access control vendors under scrutiny for poor security and discovered product flaws. Now there are apparently over 20 security flaws with IBM's Informix database family, according to Next Generation Security Software Ltd. The vulnerabilities could let attacks launch a denial-of-service attack, grab data or simply compromise the database system.

For more on the database issues:
- check out Computerworld's news item

ALSO NOTED: Black Hat attendees hack a MacBook using wireless drivers; Network access control efficacy under scrutiny; and much

Wed, 02 Aug 2006 20:01:33 -0400

> Black Hat attendees hack a MacBook using wireless drivers. Article

> Network access control efficacy under scrutiny. Article

> Wireless connectivity hits the rail out west. Article

> IBM's product strategy to push Unix ahead. Article

> Attacks on SMB networks is growing. Article

And Finally... Why smartphones are beating out PDAs, laptops. Article

It's a show of vulnerabilities at Black Hat conference

Mon, 31 Jul 2006 20:01:37 -0400

There's no way that network access control vendors nor Microsoft was happy with the agenda at the recent Black Hat conference in Las Vegas. Security researchers were readying presentations on the insecurities within Vista, including a new rootkit that takes advantage of Vista's design and which could prove nasty if released in public for malware writers. In fact, the security researcher says the upcoming Vista is as vulnerable to to kernel malware risks as previous Microsoft operating systems.

Get more info on the Black Hat conference focus:
- see this Network World article

Network access tools aren't as good as you think

Thu, 06 Jul 2006 20:01:37 -0400

Network Access Control (NAC) technologies have long been considered a good security approach, but as hackers will prove at an upcoming industry conference, NAC is easy to breach--each and every type of NAC can be broken into. As security software vendor Insightix explains it, the NAC tools on the market weren't designed very well since any hacker with a user name and password can get into the network systems a company puts in place. It makes shoring up against internal network threats all the more important, say experts.

For more on NAC vulnerabilities:
- see this article at InformationWeek