firewalls - News, Features, and Slideshows

News

• Security vendors push intrusion-detection, professional services

  Established vendors and startups last week announced products and services for network intrusion-detection and outsourced security management.

• Security rundown for week ending Aug. 19

  Some older assumptions about <a href="http://www.networkworld.com/topics/security.html">security</a> -- such as firewalls are needed for perimeter defense, and we'll all make do with reusable passwords and browser-based SSL connections provide great security -- were once again ripped apart as we heard this week from several individuals who say they simply don't agree.

• Defcon: The lesson of Anonymous? Corporate security sucks

  LAS VEGAS -- Anonymous has run up quite a score against corporations, governments and law enforcement agencies, but for all these warnings corporate executives are turning their heads from the real problem -- their network security is terrible, a panel of experts concluded at Defcon.

• Taliban website, phones reportedly hacked

  In the current wave of hacking incidents, the Taliban in Afghanistan is not immune, Wednesday saying its website and cellphones were hacked. Several reports say the hack resulted in what the Taliban says is false information being sent out that its leader, Mullah Mohammed Omar, is dead due to heart problems.

• Second DOE lab is likely victim of spear-phishing attack

  The Department of Energy's Pacific Northwest National Laboratory (PNNL) is working on restoring Internet connectivity and email services after being hit by a "sophisticated cyberattack" five days ago.

• Federal agency issues new security rules for financial institutions

  The federal agency that regulates banks today issued new rules for online <a href="http://www.networkworld.com/topics/security.html">security</a> for financial institutions, instructing them to use minimal types of "layered security" and fraud monitoring to better protect against <a href="http://www.networkworld.com/columnists/2011/062311-andreas.html">cybercrime</a>.

• World IPv6 Day draws attention to security issues with new protocol

  The marking of World IPv6 Day yesterday has drawn fresh attention to the next generation Internet addressing protocol, as well as to the security considerations that enterprises will need to deal with as they migrate to it.

• Sony Pictures falls victim to major data breach

  LulzSec, a hacking group that recently made news for hacking into PBS, claimed today that it has broken into several Sony Pictures websites and accessed unencrypted personal information on over 1 million people.

• RSA tokens may be behind major network security problems at Lockheed Martin

  Lockheed Martin’s has “major internal computer network problems,” that one security blogger is linking to compromised RSA tokens, according to published reports.

• Vendors patch firewalls after controversial NSS Labs test

  Four out of the five vendors shown last month by testing company NSS Labs to suffer a security flaw in their high-end firewalls have since patched their products, including two companies that disputed the issue at the time.

• Cisco going to NSS Labs to sort out alleged firewall issues

  Cisco today is expected to confront more directly last week’s allegations from NSS Labs that Cisco firewalls are vulnerable to a hacker exploit known as the “TCP Split Handshake,” an attack that would fool the firewall into thinking the IP connection is a trusted one inside the network.

• Independent lab tests find firewalls fall down on the job

  During the first quarter of this year, independent IT security testing company, NSS Labs <a href="http://www.csoonline.com/article/593150/firewall-audit-tools-features-and-functions">evaluated six network firewalls</a>: Check Point Power-1 11065, Cisco ASA 5585, Fortinet Fortigate 3950, Juniper SRX 5800, Palo Alto Networks PA-4020, and the Sonicwall E8500.

• Firm points finger at Iran for SSL certificate theft

  Iran may have been involved in an attack that resulted in hackers' acquiring bogus digital certificates for some of the Web's biggest sites, including Google and Gmail, Microsoft, Skype and Yahoo, a certificate issuing firm said today.

• Looking for vulnerable Web sites? Try schools

  Educational institutions and <a href="http://www.networkworld.com/community/blog/facebook-blames-zuckerberg-embarrassment-api-">social networks</a> are the worst when it comes to leaving their Web sites exposed to known vulnerabilities, with health care and banks doing the best, according to a study by <a href="http://www.networkworld.com/news/2010/072310-researcher-finds-safari-reveals-personal.html">WhiteHat</a> <a href="http://www.networkworld.com/topics/security.html">Security</a>.

• iPhone security, IP route hijack prevention on tap at RSA Conference

  As RSA Conference 2011 gets underway, a wave of enterprise security products and services will roll in: