Search Results

Search found 29222 results on 1169 pages for 'network security'.

Page 52/1169 | < Previous Page | 48 49 50 51 52 53 54 55 56 57 58 59  | Next Page >

  • Data Security Through Structure, Procedures, Policies, and Governance

    Security Structure and Procedures One of the easiest ways to implement security is through the use of structure, in particular the structure in which data is stored. The preferred method for this through the use of User Roles, these Roles allow for specific access to be granted based on what role a user plays in relation to the data that they are manipulating. Typical data access actions are defined by the CRUD Principle. CRUD Principle: Create New Data Read Existing Data Update Existing Data Delete Existing Data Based on the actions assigned to a role assigned, User can manipulate data as they need to preform daily business operations.  An example of this can be seen in a hospital where doctors have been assigned Create, Read, Update, and Delete access to their patient’s prescriptions so that a doctor can prescribe and adjust any existing prescriptions as necessary. However, a nurse will only have Read access on the patient’s prescriptions so that they will know what medicines to give to the patients. If you notice, they do not have access to prescribe new prescriptions, update or delete existing prescriptions because only the patient’s doctor has access to preform those actions. With User Roles comes responsibility, companies need to constantly monitor data access to ensure that the proper roles have the most appropriate access levels to ensure users are not exposed to inappropriate data.  In addition this also protects rouge employees from gaining access to critical business information that could be destroyed, altered or stolen. It is important that all data access is monitored because of this threat. Security Governance Current Data Governance laws regarding security Health Insurance Portability and Accountability Act (HIPAA) Sarbanes-Oxley Act Database Breach Notification Act The US Department of Health and Human Services defines HIIPAA as a Privacy Rule. This legislation protects the privacy of individually identifiable health information. Currently, HIPAA   sets the national standards for securing electronically protected health records. Additionally, its confidentiality provisions protect identifiable information being used to analyze patient safety events and improve patient safety. In 2002 after the wake of the Enron and World Com Financial scandals Senator Paul Sarbanes and Representative Michael Oxley lead the creation of the Sarbanes-Oxley Act. This act administered by the Securities and Exchange Commission (SEC) dramatically altered corporate financial practices and data governance. In addition, it also set specific deadlines for compliance. The Sarbanes-Oxley is not a set of standard business rules and does not specify how a company should retain its records; In fact, this act outlines which pieces of data are to be stored as well as the storage duration. The Database Breach Notification Act requires companies, in the event of a data breach containing personally identifiable information, to notify all California residents whose information was stored on the compromised system at the time of the event, according to Gregory Manter. He further explains that this act is only California legislation. However, it does affect “any person or business that conducts business in California, and that owns or licenses computerized data that includes personal information,” regardless of where the compromised data is located.  This will force any business that maintains at least limited interactions with California residents will find themselves subject to the Act’s provisions. Security Policies All companies must work in accordance with the appropriate city, county, state, and federal laws. One way to ensure that a company is legally compliant is to enforce security policies that adhere to the appropriate legislation in their area or areas that they service. These types of polices need to be mandated by a company’s Security Officer. For smaller companies, these policies need to come from executives, Directors, and Owners.

    Read the article

  • How do I get wireless to work on a Dell Mini 1018 with Realtek RTL 8188CE Network Adapter?

    - by Laurence Nagel
    My Dell Mini 1018 used to work fine with Ubuntu 12.04 with no problems connecting with the wireless card. Then I made the big mistake of attempting to disable WiFi by right-clicking on the wireless applet and un-checking "Enable Wireless." Since then, I cannot get wireless working again. The wireless applet reports that "wireless is disabled by hardware switch" but there is no hardware switch on this computer. Issuing a rfkill list yields the following: 0: dell-wifi: Wireless LAN Soft blocked: yes Hard block: yes 1: phy0: Wireless LAN Soft blocked: no Hard blocked: yes I'm in way over my head, and my computer is now useless. Help!!!

    Read the article

  • What Can We Learn About Software Security by Going to the Gym

    - by Nick Harrison
    There was a recent rash of car break-ins at the gym. Not an epidemic by any stretch, probably 4 or 5, but still... My gym used to allow you to hang your keys from a peg board at the front desk. This way you could come to the gym dressed to work out, lock your valuables in your car, and not have anything to worry about. Ignorance is bliss. The problem was that anyone who wanted to could go pick up your car keys, click the unlock button and find your car. Once there, they could rummage through your stuff and then walk back in and finish their workout as if nothing had happened. The people doing this were a little smatter then the average thief and would swipe some but not all of your cash leaving everything else in place. Most thieves would steal the whole car and be busted more quickly. The victims were unaware that anything had happened for several days. Fortunately, once the victims realized what had happened, the gym was still able to pull security tapes and find out who was misbehaving. All of the bad guys were busted, and everyone can now breathe a sigh of relieve. It is once again safe to go to the gym. Except there was still a fundamental problem. Putting your keys on a peg board by the front door is just asking for bad things to happen. One person got busted exploiting this security flaw. Others can still be exploiting it. In fact, others may well have been exploiting it and simply never got caught. How long would it take you to realize that $10 was missing from your wallet, if everything else was there? How would you even know when it went missing? Would you go to the front desk and even bother to ask them to review security tapes if you were only missing a small amount. Once highlighted, it is easy to see how commonly such vulnerability may have been exploited. So the gym did the very reasonable precaution of removing the peg board. To me the most shocking part of this story is the resulting uproar from gym members losing the convenient key peg. How dare they remove the trusted peg board? How can I work out now, I have to carry my keys from machine to machine? How can I enjoy my workout with this added inconvenience? This all happened a couple of weeks ago, and some people are still complaining. In light of the recent high profile hacking, there are a couple of parallels that can be drawn. Many web sites are riddled with vulnerabilities are crazy and easily exploitable as leaving your car keys by the front door while you work out. No one ever considered thanking the people who were swiping these keys for pointing out the vulnerability. Without a hesitation, they had their gym memberships revoked and are awaiting prosecution. The gym did recognize the vulnerability for what it is, and closed up that attack vector. What can we learn from this? Monitoring and logging will not prevent a crime but they will allow us to identify that a crime took place and may help track down who did it. Once we find a security weakness, we need to eliminate it. We may never identify and eliminate all security weaknesses, but we cannot allow well known vulnerabilities to persist in our system. In our case, we are not likely to meet resistance from end users. We are more likely to meet resistance from stake holders, product owners, keeper of schedules and budgets. We may meet resistance from integration partners, co workers, and third party vendors. Regardless of the source, we will see resistance, but the weakness needs to be dealt with. There is no need to glorify a cracker for bringing to light a security weakness. Regardless of their claimed motives, they are not heroes. There is also no point in wasting time defending weaknesses once they are identified. Deal with the weakness and move on. In may be embarrassing to find security weaknesses in our systems, but it is even more embarrassing to continue ignoring them. Even if it is unpopular, we need to seek out security weaknesses and eliminate them when we find them. http://www.sans.org has put together the Common Weakness Enumeration http://cwe.mitre.org/ which lists out common weaknesses. The site navigation takes a little getting used to, but there is a treasure trove here. Here is the detail page for SQL Injection. It clearly states how this can be exploited, in case anyone doubts that the weakness should be taken seriously, and more importantly how to mitigate the risk.

    Read the article

  • How migrate my keyring (containing ssh passprases, nautilus remote filesystem, pgp passwords) and network manager connections?

    - by con-f-use
    I changed the disk on my laptop and installed Ubuntu on the new disk. Old disk had 12.04 upgraded to 12.10 on it. Now I want to copy my old keyring with WiFi passwords, ftp passwords for nautilus and ssh key passphrases. I have the whole data from the old disk available (is now a USB disk and I did not delete the old data yet or do anything with it - I could still put it in the laptop and boot from it like nothing happened). On the new disc that is now in my laptop, I have installed 12.10 with the same password, user-id and username as on the old disk. Then I copied a few important config files from the old disk (e.g. ~/.firefox/, ~/.mozilla, ~/.skype and so on, which all worked fine... except for the key ring: The old methods of just copying ~/.gconf/... and ~/.gnome2/keyrings won't work. Did I miss something? 1. Edit: I figure one needs to copy files not located in the users home directory as well. I copied the whole old /home/confus (which is my home directory) to the fresh install to no effect. That whole copy is now reverted to the fresh install's home directory, so my /home/confus is as it was the after fresh install. 2. Edit: The folder /etc/NetworkManager/system-connections seems to be the place for WiFi passwords. Could be that /usr/share/keyrings is important as well for ssh keys - that's the only sensible thing that a search came up with: find /usr/ -name "*keyring* 3. Edit: Still no ssh and ftp passwords from the keyring. What I did: Convert old hard drive to usb drive Put new drive in the laptop and installed fresh version of 12.10 there (same uid, username and passwort) Booted from old hdd via USB and copied its /etc/NetwrokManager/system-connections, ~/.gconf/ and ~/.gnome2/keyrings, ~/.ssh over to the new disk. Confirmed that all keys on the old install work Booted from new disk Result: No passphrase for ssh keys, no ftp passwords in keyring. At least the WiFi passwords are migrated. 4. Edit: Boutny! Ending soon... 5. Edit: Keyring's now in ./local/share/keyrings/. Also interesting .gnupg

    Read the article

  • Is there a point to using theft tracking software like Prey on my laptop, if you have login security?

    - by Reckage
    Hey, so I have a Thinkpad that I use in a variety of places (coffee shops, work, etc.). I don't generally abandon it, but I figure there's a chance I might get careless and it gets stolen at some point. I was thinking of installing something like Prey (http://preyproject.com/), but my OS installs are password secured, and on top of that, I have a fingerprint reader that you need just to get through the BIOS. So: is there actually any benefit to setting up software that tracks the laptop's whereabouts? I imagine that either: The laptop won't boot or login, if the thief doesn't get past the security. If the thief goes around said security somehow, presumably they've split the laptop for parts or bypassed BIOS security, gotten stuck on Windows security and formatted it. Given that it's highly unlikely that the thief would go to the trouble, what's the utility in installing laptop tracking software like Prey?

    Read the article

  • Form Validation, Dependant Drop Downs, Data Level Security in OWS for DotNetNuke - 5 Videos

    In this tutorial we demonstrate some very advanced techniques for building a car parts application in Open Web Studio. Throughout the tutorial we cover form input, validation, how to use dependant drop down lists, populating checkbox lists and introduce a new concept of data level security. Data level security allows you to control which data a user can access within a module. The videos contain: Video 1 - How to Setup Form Validation Video 2 - Car Parts Application, Assigning Security Roles into a Global Session Variable Video 3 - How to Build the Categories Module with Data Level Security Video 4 - How to Build the SubCategories Module and Use SubQuery Video 5 - How to Build the Car Parts List Module Total Time Length: 44min 19secsDid you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • Vermont IT Jobs: Sr. Security Analyst in Montpelier

    Senior Security Analyst Summary This position is responsible for advancing the Information Systems program within the company by assisting the Chief Information Security Officer (CISO) to plan, develop, and monitor administrative, physical, and technical safeguards for the companys Information Assets. Key Responsibilities Under Direction of CISO, establish  and maintain company-wide information security policies, standards and procedures Manage the Information Security Program Office...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • Network connection fails when downloading data

    - by Guus
    In the past few weeks, I've noticed my network connection becoming unstable while downloading files. I'm not sure how to diagnose this issue. I've found that my network connections appear to be temporarily unresponsive (for periods up to a minute or so) while I'm downloading a file (that's large enough to not be downloaded instantly). The problem occurs when downloading data through a webbrowser, but also when using SCP to download data from a remote location. During the period in which network connections are unresponsive, every resource that I try to access over the network is unavailable. This includes: The download itself (SCP reports a 'stalled' download) Web pages (won't load - browsers report 'resource unavailable') SSH sessions (CLI freezes) VPN connections (connections terminate) IM client connections (client starts reconnection attempts) ... (everything is pretty much dead) I've noticed that during such a period, I cannot even access the (web-based) administrative console of the router on my LAN at home (although it remains reachable for other devices). The problem occurs when connected to my home network, but also when I'm in the office. Other devices than my laptop are not affected. Given the above two characteristics I assume the problem cause lies within my laptop, not the network infrastructure. I'm running Ubuntu 11.10. Apart from applying automatic updates from Ubuntu, I can't think of a change that I applied to the OS that could have started the problems. I'm absolutely positive that this issue did not occur up to a few weeks ago (as it's very noticeable, and only started to annoy me in the last few days). When the problem occurs, applications that make use of a network connection fail visibly (I get popups telling me that a VPN connection is broken, for instance). The network manager does not report any issues related to my wifi-connection though. Help?

    Read the article

  • Ubuntu 13.10 Security Key

    - by Toby J
    I was attempting to install Ubuntu 13.10 today and it came up with a screen asking for me to setup a security key. In the first place, I'm not sure what a security key is, but It said I would have to enter it everytime I booted Ubuntu so I assume it's the same thing as a logon password in Windows 8. Is there anyway I can bypass this step without setting up a security key or logon password? I hate these things and have always avoided them in Windows. I don't need them as there is never anyone but myself and my wife on our computers. We are retired, no children or nieces, nephews, friends, etc. who ever use our computer and we don't have any security information such as SS #, etc. on it. Also, I quit the installation at this point but I was not seeing any of the screen prompts as listed in the setup instructions on the Ubuntu website. Has the setup for Ubuntu 13.10 changed since these instructions were written? Thanks

    Read the article

  • OpenWorld - Database Security Demonstrations in Moscone South Left

    - by Troy Kitch
    All this week, Oracle security experts will be giving live product demos of Oracle Database Security solutions in Moscone South Left, in the Oracle DEMOgrounds for "database." Demonstrations include Oracle Database Defense-in-Depth Security, Database Application Data Redaction, Transparent Data Encryption, Oracle Audit Vault and Database Firewall, Data Masking and Data Subsetting. Don't miss it!

    Read the article

  • Security Alert for CVE-2012-4681 Released

    - by Eric P. Maurice
    Hi, this is Eric Maurice again! Oracle has just released Security Alert CVE-2012-4681 to address 3 distinct but related vulnerabilities and one security-in-depth issue affecting Java running in desktop browsers.  These vulnerabilities are: CVE-2012-4681, CVE-2012-1682, CVE-2012-3136, and CVE-2012-0547.  These vulnerabilities are not applicable to standalone Java desktop applications or Java running on servers, i.e. these vulnerabilities do not affect any Oracle server based software. Vulnerabilities CVE-2012-4681, CVE-2012-1682, and CVE-2012-3136 have each received a CVSS Base Score of 10.0.  This score assumes that the affected users have administrative privileges, as is typical in Windows XP.  Vulnerability CVE-20120-0547 has received a CVSS Base Score of 0.0 because this vulnerability is not directly exploitable in typical user deployments, but Oracle has issued a security-in-depth fix for this issue as it can be used in conjunction with other vulnerabilities to significantly increase the overall impact of a successful exploit. If successfully exploited, these vulnerabilities can provide a malicious attacker the ability to plant discretionary binaries onto the compromised system, e.g. the vulnerabilities can be exploited to install malware, including Trojans, onto the targeted system.  Note that this malware may in some instances be detected by current antivirus signatures upon its installation.  Due to the high severity of these vulnerabilities, Oracle recommends that customers apply this Security Alert as soon as possible.  Furthermore, note that the technical details of these vulnerabilities are widely available on the Internet and Oracle has received external reports that these vulnerabilities are being actively exploited in the wild.    Developers should download the latest release at http://www.oracle.com/technetwork/java/javase/downloads/index.html   Java users should download the latest release of JRE at http://java.com, and of course   Windows users can take advantage of the Java Automatic Update to get the latest release. For more information: The Advisory for Security Alert CVE-2012-4681 is located at http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html  Users can verify that they’re running the most recent version of Java by visiting: http://java.com/en/download/installed.jsp    Instructions on removing older (and less secure) versions of Java can be found at http://java.com/en/download/faq/remove_olderversions.xml   

    Read the article

  • Mal kurz nachgefragt: Oracle Datenbank Security-Optionen

    - by Anne Manke
    Am 13.11.2012 fand der erste Oracle Healthcare Security Workshop in Düsseldorf statt. Um Sie mit nützlichen Informationen zu den Oracle Security-Optionen vor und nach unserem Workshop zu versorgen, werden wir ab heute, jede Woche eine Security-Option vorstellen. Um schnell einen Überblick zu bekommen, gibt es die Kategorien "WER" - hier wollen wir die Zielgruppe für die Funktion vorstellen, also, wer diese spezifische Option nutzen kann und sollte. Unter der Kategorie "WAS" werden wir die Funktionsweise erläutern, und unter "WIE" finden Sie Beispiele für den Einsatz der Security-Option. Die Kategorie "Und sonst so?" behandelt allgemeine oder oft gestellte Fragen zu unseren Optionen.  Viel Spaß beim Lesen und sollte es Fragen geben, können Sie uns jederzeit anrufen! Ihr Oracle Healthcare Team

    Read the article

  • Get the Latest Security Inside Out Newsletter, October Edition

    - by Troy Kitch
    The latest October edition of the Security Inside Out newsletter is now available and covers the following important security news: Securing Oracle Database 12c: A Technical Primer The new multitenant architecture of Oracle Database 12c calls for adopting an updated approach to database security. In response, Oracle security experts have written a new book that is expected to become a key resource for database administrators. Find out how to get a complimentary copy.  Read More HIPAA Omnibus Rule Is in Effect: Are You Ready? On September 23, 2013, the HIPAA Omnibus Rule went into full effect. To help Oracle’s healthcare customers ready their organizations for the new requirements, law firm Ballard Spahr LLP and the Oracle Security team hosted a webcast titled “Addressing the Final HIPAA Omnibus Rule and Securing Protected Health Information.” Find out three key changes affecting Oracle customers.  Read More The Internet of Things: A New Identity Management Paradigm By 2020, it’s predicted there will be 50 billion devices wirelessly connected to the internet, from consumer products to highly complex industrial and manufacturing equipment and processes. Find out the key challenges of protecting identity and data for the new paradigm called the Internet of Things.  Read More

    Read the article

  • Security Advice for Managers

    - by TATWORTH
    Please go to the following for list of free downloads of security advice for managers.http://www.bis.gov.uk/policies/business-sectors/cyber-security/downloadsThere are case studies to explain to managers the effect of failure to maintain good security.At http://www.cpni.gov.uk/advice/cyber/Critical-controls/ there is a list of critical controls developed by GCHQ in conjunction with the SANS insitute.

    Read the article

  • Free E-Book from APress - Building the Infrastructure for Cloud Security

    - by TATWORTH
    Originally posted on: http://geekswithblogs.net/TATWORTH/archive/2014/05/29/free-e-book-from-apress---building-the-infrastructure-for-cloud.aspxAt http://www.apress.com/9781430261452, APress are offering a free E-Book on Building the Infrastructure for Cloud Security. “This book provides a comprehensive look at the various facets of cloud security – infrastructure, network, services, Compliance and users.  It will provide real world case studies to articulate the real and perceived risks and challenges in deploying and managing services in a cloud infrastructure from a security perspective. ”

    Read the article

  • NetworkManager detects no networks with a RTL8188CE

    - by Cormac O'Brien
    I'm on a 2011 Lenovo Thinkpad T420i with a Realtek RTL8188CE WiFi adapter. Here's the scenario: I pop in the Ubuntu LiveCD to install. Laptop detects all networks in range, I connect to my home network, internet working great. Once Ubuntu finishes installing, the home network I am connected to is the only one which appears in the applet list. Upon restarting or waking from suspend, NetworkManager does not detect any networks – it simply displays "Disconnected" under the Wireless Network section of the menu. I am able to connect to my home network by using the "Connect to Hidden Wireless Network" option and it works immediately. I have yet to test if this works with other SSIDs. I have tried reinstalling the entire OS as well as NetworkManager and my wireless drivers. For hardware info, I ran: cormac@cormac-T420:~$ sudo lshw -c network Here is the output for my wireless card: *-network description: Wireless interface product: RTL8188CE 802.11b/g/n WiFi Adapter vendor: Realtek Semiconductor Co., Ltd. physical id: 0 bus info: pci@0000:03:00.0 logical name: wlan0 version: 01 serial: d0:df:9a:08:73:50 width: 64 bits clock: 33MHz capabilities: pm msi pciexpress bus_master cap_list ethernet physical wireless configuration: broadcast=yes driver=rtl8192ce driverversion=3.2.0-26-generic firmware=N/A ip=192.168.1.138 latency=0 link=yes multicast=yes wireless=IEEE 802.11bgn resources: irq:17 ioport:5000(size=256) memory:f2500000-f2503fff I can provide more information if required. This was not a problem in Natty or Oneiric. I hope this can be fixed, I don't want to have to ask for an SSID wherever I need to connect.

    Read the article

< Previous Page | 48 49 50 51 52 53 54 55 56 57 58 59  | Next Page >