Main topic: Security tools and systems.
Interview with Ryan Borg on application security analysis
Ryan Borg is a leading researcher of OunceLab, headquartered in Boston, USA. He led the development of a tool for source code analysis that can help identify security weaknesses. Editor-in-chief, Jaroslav Dočkal, interviewed him at the latest RSA conference in London.
10/ Legal Column – answers by experts from the law office of ROWAN LEGAL
We learn under which conditions we can use licensed software on hardware owned by another legal entity; under which conditions an employee can use his own private software on a company’s hardware, if he has a valid license and he proves that to the employer; whether it is possible to integrate shareware and freeware into a commercially developed information system; how to solve a specific difficult situation and reduce the risks to the customer or what is the author (vendor) of a firewall that is part of a protection system responsible for.
12/ Results of Last Year’s Information Security Survey
Viktor Seige, Lukáš Mikeska
The article describes the results of the Information Security Survey conducted last year in the Czech Republic. Already in its fifth year, the methodology provides an excellent basis for studying developing trends. In the conclusion, the article compares the results of this research together with the results of analogous research conducted in Slovakia in 2006.
The article describes the basic features of the Barracuda anti-spam system, which offers a strong, easy-to-use and cost-effective solution for spam and virus infections. It describes both the pros and the cons connected with the implementation and operation of the system. The results are demonstrated through statistical data from practical implementation.
20/ Unconventional anti-spam solution
The article describes the basic features of the GNU Mailfromd program used for filtering of spam at a university. It tries to describe some issues that the author faced when selecting suitable anti-spam software that can be used at the mail gateway and the experience of the author with the implementation of the system. It offers a view on an alternative solution that can form the basis for or a suitable supplement to traditional processes in the area of spam filtering on the basis of Sendmail or Postfix.
24/ Threats to secure IT operations
The article describes the basic elements of the critical network infrastructure of a data center, its monitoring system and basic operational models. It describes two basic areas of monitoring an NCPI and two models of the successful operation of a data center. The article draws attention to the careful analysis operation of the data center and the engagement of highly experienced personnel who are able to align organizational measures with practical operational questions.
28/ Back-ups on tape or not?
The article analyzes back-up activities – the selection of media, back-up design and security. It focuses on the explanation of basic differences between traditional back-ups on magnetic tape and new competing media – hard disks. These differences are analyzed from the point of view of capacity, speed, reliability and security. It further summarizes features unique to tape and gives a brief overview of types, manufacturers and basic features.
32/ How to Compress the Human Voice
Ivana Švarcová, Vít Lidinský
Ordinary text documents are being replaced by multimedia documents in some areas. They may be call-centre records, conference records, net-meeting records or overhearing records. From the point of view of the long-term storage of these documents, recordings have many specific features that have to be dealt with. The main issue is their size and the possible loss of the probative value of records after their compression. The article discusses the results of the practical testing of possible compression methods.
36/ Quo Vadis ITIL – Part VIII
The article summarizes the most important features of individual standards for the management of services (ITSM), compares them with ITIL, emphasizes their strong and weak points and suggests their possible combined use in real life.
42/ Interview with Ari Takanenen on fuzzing
Ari Takanen is a co-founder and CTO of the Finnish company, Codenomicon, which produces tools for software security testing. After having graduated from Oul University in 1998, he focused on solving security issues of communications protocols. He started his career in research as part of the PROTOS project which focused on deficiencies in the implementation of selected protocols, mainly SNMP. He is a co-author of a book published last year under the name, “Securing VoIP Network”. He talks regularly at important expert conferences and leading universities. He was interviewed on the topic of fuzzing by editor-in-chief of DSM Jaroslav Dočkal.
46/ Sidewinder under scrutiny
The article informs readers about the features of one of the best systems for network protection – the Sidewinder firewall. It gives an overview of types, properties and the essence of patented technologies. It further provides experience from its implementation and operation that are supplemented by the results of stress tests.