The Control Policy Group

Data security the way you run your business

Archive for the 'Network security' Category

Remote Monitoring – who is monitoring whom?

Large installations such as casinos and airports are attractive targets for well-financed, highly motivated attackers. Thanks to a standard, vendor-neutral protocol, terrorists and criminal attackers no longer need drills, car bombs and Stinger missiles to attack the asset,

How did that happen?

Remote Monitoring is an essential part of the physical, perimeter and insider security used by airports, casinos and high-security installations such as nuclear power plants.

Unlike 10-15 years ago – remote monitoring is now performed using the standard TCP/IP networking protocol. A central Network Control Center (NCC) is sited on the corporate network, with IP connectivity to multiple remote devices (such as IP cameras), systems and networks, for surveillance, monitoring and control purposes.

By replacing an IP camera with a laptop computer -  an attacker can use  the IP surveillance  device end point as a back-door that enables  entry and exploitation of the entire corporate network.

The potential damage of such a back-door attack on a remote monitoring system is enormous.

Read more

Comments are off for this post

Data loss prevention technologies

Abstract

Data loss prevention is a rapidly emerging network security technology area that has matured from simple regex-based Web / email content filtering products into products such as Fidelis Security Systems XPS that perform deep inspection of documents such as Microsoft Word and Adobe PDF with high levels of precision and recall.

Read more

Comments are off for this post

Network security warfare – offensive security

Attack the attackers

I believe many people involved with IT security have a feeling of frustration that stems from continuously reacting to external forces: spam attacks, spyware attacks, insider threats, analyst reports and new product announcements. What should you do?

Consider the three basic tenets of IT Security

Read more

Comments are off for this post