Next Page >>
best practices
----------------------------------------------------------------------
Top 5-ish Threats to Watch for in 2009
1. This continuing trend to invest in the constant reminders of
assumed security best practices screamed at all levels and types of
workers across the work site will continue to eat away budgets,
prevent security professionals from actually enhancing security and
distract employees from working. This includes policy tidbits and
factoids for employees to see everywhere from posters in the bathroom
to mouse pad messages on their desks to screensaver quizzes they need
** Hosted products are VMware Workstation, Player, ACE, Server, Fusion.
Note: This vulnerability can be exploited remotely only if the
attacker has access to the Service Console network.
Security best practices provided by VMware recommend that the
Service Console be isolated from the VM network. Please see
http://www.vmware.com/resources/techresources/726 for more
information on VMware security best practices.
release.
Note: This vulnerability can be exploited remotely only if the
attacker has access to the service console network.
Security best practices provided by VMware recommend that the
service console be isolated from the VM network. Please see
http://www.vmware.com/resources/techresources/726 for more
information on VMware security best practices.
release.
Note: This vulnerability can be exploited remotely only if the
attacker has access to the service console network.
Security best practices provided by VMware recommend that the
service console be isolated from the VM network. Please see
http://www.vmware.com/resources/techresources/726 for more
information on VMware security best practices.
Themen der Konferenz
=> PHP Core
=> PHP & Web Security
=> Web Architecture
=> Best Practices
=> Scaling & Performance
=> Agile Development
=> Continuous Integration
=> Tools & Frameworks
=> Frontend Development
* vMA JRE is updated to version JRE 1.5.0_21
Notes: These vulnerabilities can be exploited remotely only if the
attacker has access to the Service Console network.
Security best practices provided by VMware recommend that the
Service Console be isolated from the VM network. Please see
http://www.vmware.com/resources/techresources/726 for more
information on VMware security best practices.
The currently installed version of JRE depends on your patch
EUSecWest CALL FOR PAPERS
LONDON, U.K. -- The third annual EUSecWest applied
technical security conference - where the eminent figures
in the international security industry will get together
share best practices and technology - will be held in
downtown London at the Sound Club in Leicester Square
on May 27/28, 2009. The most significant new discoveries
about computer network hack attacks and defenses,
commercial security solutions, and pragmatic real world
security experience will be presented in a series of
CanSecWest 2008 CALL FOR PAPERS
VANCOUVER, Canada -- The ninth annual CanSecWest applied technical
security conference - where the eminent figures in the
international security industry will get together share best
practices and technology - will be held in downtown Vancouver at
the the Mariott Renaissance Harbourside on March 26-28, 2008. The
most significant new discoveries about computer network hack
attacks and defenses, commercial security solutions, and pragmatic
real world security experience will be presented in a series of
informative tutorials.
CALL FOR PAPERS - Deadline June 15 2012
AMSTERDAM, Nederland -- The seventh annual EUSecWest
applied technical security conference - where the eminent
figures in the international security industry get
together share best practices and technology - will be
held in downtown Amsterdam near Leidseplein Square on
September 19/20, 2012. The most significant new
discoveries about computer network hack attacks and
defenses, commercial security solutions, and pragmatic
real world security experience will be presented in a
Although it is often difficult to block traffic that transits a
network, it is possible to identify traffic that should never be
allowed to target infrastructure devices and block that traffic at
the border of networks. Infrastructure Access Control Lists (iACLs)
are a network security best practice and should be considered as a
long-term addition to good network security as well as a workaround
for these specific vulnerabilities. The iACL example below should be
included as part of the deployed infrastructure access-list which
will protect all devices with IP addresses in the infrastructure IP
address range:
EUSecWest CALL FOR PAPERS
LONDON, U.K. -- The second annual EUSecWest applied technical
security conference - where the eminent figures in the
international security industry will get together share best
practices and technology - will be held in downtown London at
the Sound club in Leicester Square on May 21/22 2008. The most
significant new discoveries about computer network hack attacks
and defenses, commercial security solutions, and pragmatic real
world security experience will be presented in a series of
informative tutorials.
EUSecWest CALL FOR PAPERS
AMSTERDAM, Nederland -- The sixth annual EUSecWest applied technical
security conference - where the eminent figures in the international
security industry will get together share best practices and technology
- will be held in downtown Amsterdam at the the Melkweg Multimedia
Center near Leidseplein on June 16/17, 2010. The most significant new
discoveries about computer network hack attacks and defenses,
commercial security solutions, and pragmatic real world security
experience will be presented in a series of informative tutorials.
PacSec CALL FOR PAPERS
TOKYO, Japan -- To address the increasing importance of information
security in Japan, the best known figures in the international
security industry will get together with leading Japanese researchers
to share best practices and technology. The most significant new
discoveries about computer network hack attacks will be presented at
the eighth annual PacSec conference to be discussed.
The PacSec meeting provides an opportunity for foreign specialists to
be exposed to Japanese innovation and markets and collaborate on
EUSecWest CALL FOR PAPERS
LONDON, U.K. -- The second annual EUSecWest applied technical
security conference - where the eminent figures in the
international security industry will get together share best
practices and technology - will be held in downtown London at
the Sound club in Leicester Square on May 21/22 2008. The most
significant new discoveries about computer network hack attacks
and defenses, commercial security solutions, and pragmatic real
world security experience will be presented in a series of
informative tutorials.
PacSec CALL FOR PAPERS
TOKYO, Japan -- To address the increasing importance of information security
in Japan, the best known figures in the international security industry will
get together with leading Japanese researchers to share best practices and
technology. The most significant new discoveries about computer network
attacks will be presented at the ninth annual PacSec conference to be
discussed.
The PacSec meeting provides an opportunity for foreign specialists to be
World Security Pros To Converge on Japan
TOKYO, Japan -- To address the increasing importance of information
security in Japan, the best known figures in the international
security industry will get together with leading Japanese
researchers to share best practices and technology. The most
significant new discoveries about computer network hack attacks
and defenses will be presented at the sixth annual PacSec conference.
The PacSec meeting provides an opportunity for foreign specialists
to be exposed to Japanese innovation and markets and collaborate
CanSecWest CALL FOR PAPERS
VANCOUVER, Canada -- The twelfth annual CanSecWest applied technical
security conference - where the eminent figures in the international
security industry will get together share best practices and
technology - will be held in downtown Vancouver at the the Sheraton
Wall Centre on March 9-11, 2011. The most significant new discoveries
about computer network hack attacks and defenses, commercial security
solutions, and pragmatic real world security experience will be
presented in a series of informative tutorials.
World Security Pros To Converge on Japan
TOKYO, Japan -- To address the increasing importance of information
security in Japan, the best known figures in the international
security industry will get together with leading Japanese researchers
to share best practices and technology. The most significant new
discoveries about computer network hack attacks will be presented at
the seventh annual PacSec conference to be discussed.
The PacSec meeting provides an opportunity for foreign specialists to
be exposed to Japanese innovation and markets and collaborate on
CanSecWest 2010 CALL FOR PAPERS
VANCOUVER, Canada -- The eleventh annual CanSecWest applied
technical security conference - where the eminent figures in
the international security industry will get together share
best practices and technology - will be held in downtown
Vancouver at the the Sheraton Wall Centre on March 22-26,
2010. The most significant new discoveries about computer
network hack attacks and defenses, commercial security
solutions, and pragmatic real world security experience will
be presented in a series of informative tutorials.
BA-Con 2008 CALL FOR PAPERS
BUENOS AIRES, Argentina -- The first annual BA-Con applied
technical security conference - where the eminent figures in the
international and South American security industry will get together
and share best practices and technology - will be held in Buenos
Aires on September 30 and October 1st. 2008. The most
significant new discoveries about computer network hack attacks
and defenses, commercial security solutions, and pragmatic real
world security experience will be presented in a series of
informative tutorials.
CanSecWest CALL FOR PAPERS
VANCOUVER, Canada -- The tenth annual CanSecWest applied
technical security conference - where the eminent figures
in the international security industry will get together
share best practices and technology - will be held in
downtown Vancouver at the the Sheraton Wall Centre on
March 18-20, 2009. The most significant new discoveries
about computer network hack attacks and defenses,
commercial security solutions, and pragmatic real world
security experience will be presented in a series of
CanSecWest 2008 CALL FOR PAPERS
VANCOUVER, Canada -- The ninth annual CanSecWest applied technical
security conference - where the eminent figures in the
international security industry will get together share best
practices and technology - will be held in downtown Vancouver at
the the Mariott Renaissance Harbourside on March 26-28, 2008. The
most significant new discoveries about computer network hack
attacks and defenses, commercial security solutions, and pragmatic
real world security experience will be presented in a series of
informative tutorials.
Patch 18.
Notes: These vulnerabilities can be exploited remotely only if the
attacker has access to the Service Console network.
Security best practices provided by VMware recommend that the
Service Console be isolated from the VM network. Please see
http://www.vmware.com/resources/techresources/726 for more
information on VMware security best practices.
The currently installed version of JRE depends on your patch
that match the potential exploit packets with the "permit" action
result in these packets being discarded by the policy-map "drop"
function, while packets that match the "deny" action (not shown)
are not affected by the policy-map drop function. Additional
information on the configuration and use of the CoPP feature can
be found at "Control Plane Policing Implementation Best Practices"
(http://www.cisco.com/web/about/security/intelligence/coppwp_gs.html)
and "Control Plane Policing"
(http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtrtlimt.html).
Configuring iACLs
Successful exploitation can lead to theft of user credentials. These
vulnerabilities can be exploited remotely only if the attacker has
access to the Service Console network.
Security best practices provided by VMware recommend that the
Service Console be isolated from the VM network. Please see
http://www.vmware.com/resources/techresources/726 for more
information on VMware security best practices.
Client-side protection measures included with current browsers are not
The patch listed above for affected products is available from the following location:
Build 6235: http://support.veritas.com/docs/294241
Build 7170: http://support.veritas.com/docs/294237
Best Practices
As part of normal best practices, Symantec recommends:
* Restrict access to administration or management systems to authorized privileged users
* Block remote access to all ports not essential for efficient operation
* Restrict remote access, if required, to trusted/authorized systems only
* Remove/disable unnecessary accounts or restrict access according to security policy as required
More information is available from McAfee at:
McAfee Security Bulletin SB10005
Intrushield NSM update fixes Session Hijacking flaw
https://kc.mcafee.com/corporate/index?page=content&id=SB10005
Follow best practices of placing the security management console on a segregated management network. Apply restrictive, default-deny firewall policies to protect these assets from access by unauthorized users.
Do not perform administrative access of security management consoles from computers exposed to the Internet through web browsing, email, and other applications. Lock down and heavily monitor systems used to perform administrative tasks such as accessing security management consoles.
Details
ESX 2.5.5 ESX not affected
Notes: This vulnerability can be exploited remotely only if the
attacker has access to the Service Console network.
Security best practices provided by VMware recommend that the
Service Console be isolated from the VM network. Please see
http://www.vmware.com/resources/techresources/726 for more
information on VMware security best practices.
The currently installed version of Tomcat depends on your patch
This issue covers following articles:-
0x00 Tech Gyan - Looking Into the Eye of the Bits
0x01 Tool Gyan - Ravan – JavaScript Distributed Computing System
0x02 Mom's Guide - Best Practices of Web Application Security
0x03 Legal Gyan - Law relating to Cyberterrorism
0x04 Matriux Vibhag - OWASP Mantra’s MoC Crawler
0x05 Poster - Ravan
Check http://chmag.in/ for articles.
More information is available from McAfee at:
McAfee Security Bulletin SB10004
Intrushield NSM update fixes XSS flaw
https://kc.mcafee.com/corporate/index?page=content&id=SB10004
Follow best practices of placing the security management console on a segregated management network. Apply restrictive, default-deny firewall policies to protect these assets from access by unauthorized users.
Do not perform administrative access of security management consoles from computers exposed to the Internet through web browsing, email, and other applications. Lock down and heavily monitor systems used to perform administrative tasks such as accessing security management consoles.
Details
Next Page>>
|
