As a follow-up to previous discussions on network security, data management, and regulatory compliance (HIPAA, SOX, PCI), I'd like to share a few security tools with those who may be interested in learning more about securing and monitoring of these areas.
The Nessus active vulnerability scanner is an open source tool that runs on multiple platforms and is provided free of charge by Tenable Security. It is widely used by security professionals, endorsed by the SANS Institute and discussed in many of their security training classes. It features "...high-speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis..." of data and network security. It can scan a local LAN, DMZ, and remote networks across a WAN link. Nessus also provides a variety of plug-ins for customizing each scan. For more information or to download the tool and plug-ins: http://www.tenablesecurity.com/products/nessus.shtml
Tenable also provides a passive network scanner (open-source, free). Unlike an active scanner, a passive tool has a negligible impact on network performance but still provides many of the same discovery features as Nessus. For more information or to download this tool: http://www.tenablesecurity.com/products/pvs.shtml
To help your company comply with HIPAA, SOX, and PCI regulations, consider a tool developed by the researchers at Cornell University. Spider is an open-source forensics tool that runs on multiple platforms and is used to scan networks for sensitive and unprotected information such as credit card or social security numbers. They provide an excellent step-by-step tutorial for installing and using the tool. For more information: http://www.cit.cornell.edu/security/tools/spider-cap.html
Download from: http://www.cit.cornell.edu/security/tools/
CYA and get written permission before using these tools.
Tuesday, July 10, 2007
Sunday, July 1, 2007
What is Web 2.0?
Andy Gutmans, the co-founder and VP of Zend, discusses the meaning of Web 2.0 and the supporting technologies such as Flash, AJAX, RIA, SOA, and web services.
Subscribe to:
Posts (Atom)