What We're Reading, Week of 2/1
by VPNHaus | 02/05/2010 |Highlights
Chenxi Wang’s Blog…
Ok. There Is More (or Maybe Less) to the VPN Story, Google Says
Chenxi Wang recently posted on the Microsoft vulnerability that led to the Google hack. Google contacted her directly to say that they cannot confirm that the attack came through the VPN. They said that a Google employee’s machine (running Internet Explorer v6) was compromised via the IE vulnerability. The attacker used the compromised machine to somehow gain access to Google’s servers. The method of access, at some point, may have involved VPN, but Google does not agree with the characterization that “the compromised client used their corporate VPN to gain access to the servers.” If Google issued an "emergency VPN update" then perhaps other organizations should be rethinking their remote access.
Windows 7 Tips: Best Security Features
In this article, Shane O’Neill describes the new security features in Windows 7. From encryption to malware fighters, there are key Windows 7 tools that keep enterprise and home PCs safe and secure. The top six Windows 7 security features that both consumers and enterprise users should know how to use are: Bit Locker to Go, Internet Explorer 8 for safe browsing, Microsoft Security Essentials, AppLocker, more control of UAC and backing up data.
Network Security Blog…
PCI Compliance and “Public Cloud” Don’t Mix
In this post, Martin McKeay makes the argument that PCI compliance and public clouds do not mix. Martin says the primary problem with attaining PCI compliance in the cloud is an issue of visibility, meaning there’s no way to truly review and validate system configuration when your systems are temporary. Cloud service providers will need to look at ways to offer services that take advantage of all of the positive aspects of cloud computing, while allowing for all of the 200+ PCI requirements to be met. Providers will need to look at how they manage the creation and deletion of virtual servers, segregation of resources and collection, and monitoring and retention of log information. Martin concludes that you cannot be ‘PCI Compliant in the Cloud’, but you can use cloud services and be compliant.