Main topic: Hacking, ICT vulnerabilities
PUBLISHED: 21.09.2007
6 / INTERVIEW WITH DENNIS HOFFMAN
The vice-president of EMC for information security gave an interview to the editor in chief of DSM Jaroslav Dočkal during his brief visit to Prague. Dennis Hoffman established Storigen Systems in the year 2000, an organization that developed successful software for distributed memory devices. After the acquisition of the company by EMC in 2003, he joined the management of this giant company in the area of systems, software and services for storage and management of data. After last year's acquisition of RSA Security, security products became a significant part of the EMC portfolio.
10 / LEGAL COLUMN
SAXINGER CHALUPSKY & PARTNER, V.O.S.
Renowned experts in the area of computer law answer questions related to licensing, the rights connected to it, compensation in case damane arises during the investigation of a computer crime at another entity and the legality of ownership of a program on an installation CD/DVD.
12 / THE HISTORY OF HACKING
JOZEF VYSKOČ
The article brings a brief overview of the history of hacking. It focuses on the gradual development of the interpretation of the terms hacker and hacking.
16 / INFORMATION THREATS FORECAST FOR 2007-2017
ROMAN RAK, RADEK KUMMER
The article introduces readers to the forecast of security threats in information and communication technologies for the next ten years. Individual threats are organized into a matrix based on their impact and the time needed for their full evolution before they become a real threat. This information can help update the security policies of institutions and secure their efficiency for the coming years.
20 / ABOUT HACKING WITH JEAN PAUL BALLERINI
Editor in chief of DSM Jaroslav Dočkal met Jean Paul Ballerini at the X-Force Security Awareness Forum that was held on 15 June 2007 in Prague. Jean Paul Ballerini is a technical specialist of IBM's X-Force research and development team.
22 / PENETRATION TESTING AND PEOPLE
KAREL CHWISTEK
One of the weakest elements in the security of a computer system is the user. Therefore, hackers sometimes use methods known as social engineering. The resilience of people against attacks of this type can be verified by the use of penetration testing with social engineering. The author describes such a test carried out according to OSSTMM methodology. In addition to this methodology there are other publicly available methodologies, for example ISSAF (Information Systems Security Assessment Framework) or IS Standards, Guidelines and Procedures for Auditing and Control Professionals. All include social engineering as part of penetration testing.
28 / INTRODUCTION TO THE MANAGEMENT OF ICT VULNERABILITIES
MAREK SKALICKÝ
Until recently, the testing of vulnerabilities and their removal was considered to be the art of hackers working for consultancy companies and the one-off bothering of administrators of the IS in the form of penetration testing. But what should we really do? How to manager vulnerabilities in a systematic and efficient way? Who should be involved? The article describes ICT vulnerabilities management process
in light of ISO standards and risk management in the organizations.
32 / ENFORCING SECURITY IN THE ACADEMIC ENVIRONMENT
ALEŠ PADRTA, RADOSLAV BODÓ
The article descries enforcing security in the WEBnet network of Západočeská Univerzita in Pilsen. It presents an open network model that is being used from security policies down to thein enforcement. The article concludes with ways in which security incidents are resolved.
38 / ARE PINS DISTRIBUTED BY BANKS IN A SECURE WAY?
JAN KRHOVJÁK, MAREK KUMPOŠT, VÁCLAV MATYÁŠ
PIN transfer security – as used by several Czech banks – is reviewed by the authors of this contribution. The authors focus on so-called PIN-mailers used for the transfer of sensitive information that should not be readable without the end-user being able to detect that the transfer envelope had been tampered with. Other security shortcomings are then discussed in the second part of the article.
44 / BIOMETRIC BORDER CONTROL
ZDENĚK ŘÍHA
The article describes one of the applications of biometrics – automated border crossing. The idea of automated border crossing is very simple. You register your biometric data once and the biometric system on borders will identify and authorize you based on these characteristics fully automatically without the intervention of a border officer.
48 / QUO VADIS ITIL? – PART VI
VLADIMÍR KUFNER
The article explains the concept of ITIL V3 publications – the concept of “lifecycle” - and describes its architecture (libraries). It gives an overview of basic and additional services. It justifies the change of the certification scheme. The new official accreditation institution commissioned by OGC is the APM Group. The artikle concludes with an overview of new certifications.
54 / PRODUCT REVIEW: VPN FIREWALL BRICK 50
ROBERT DRMOLA
The article is a review of the Alcatel-Lucent product, VPN firewall Brick 50. It analyzes the device from both the technical and system points of view and real-life application. The overall evaluation is very positive, the main advantage being modern security management that enables a wide range of different settings.
Phone: +420 737 215 220
E-mail: