What We're Reading, Week of 2/15
by VPNHaus | 02/19/2010 |Highlights
Network Security Blog…
Responsible Disclosure Panel at RSA 2010
Martin McKeay will be participating in a panel at this year’s RSA Conference, taking place in San Francisco, CA. The panel of industry experts will discuss exactly what responsible disclosure means to them and what responsibilities they owe each other. For a preview of what’s in store for the panel, check out this podcast where the experts they lay out the basis for their stance on responsible disclosure. If you are planning to attend RSA this year, make sure to stop by NCPs panel session on today’s remote access challenges and network technologies on Wednesday, March 3 at 10:40 a.m. PT in Green Room 130.
Hosting a NAC and Endpoint Security Session at RSA 2010
Also at RSA this year, Jennifer Jabbusch will be hosting a peer-to-peer session on Network Access Control (NAC) and endpoint security. The discussion will focus on world case studies, an exploration of technical roadblocks and a dive into vendor-specific solutions.
NY Times Personal Tech…
Safe Travels for You and Your Data
In this article, Riva Richmond offers some tips for keeping your data protected while you are on the road. Before using a computer in a cybercafé or hotel, ask what security measures are in use and if they reset their computers after each user so unauthorized programs are removed. She suggesting backing up your data, especially personal and business documents since laptop theft at airports is so common. There are also risks when using public Wi-Fi so Riva stresses the importance of using a firewall as well as a secure VPN.
How to Implement Secure, PCI-Compliant Access Controls
Dave Olander, President and CEO at Xceedium, discusses the six attributes that next-generation access control systems need in order to meet both the letter and the spirit of the PCI DSS. They are: right-size permissions based on a zero trust model, implement fine-grained enforcement, integrate audit capabilities to validate controls, automate all the requirements from access to audit, deploy an identity-aware infrastructure, and create backward and forward compatibility.