Subscribe by Email

Your email:

Most Popular

Browse By Date

Browse By tag

Security as a Strategy (SaaS)

Current Articles | RSS Feed RSS Feed

How well do you know IT Security? Take the Quiz.

Posted on Mon, Jun 28, 2010 @ 10:24 AM
Share on Twitter Twitter | Share on Facebook Facebook | Submit to Digg digg it |  Add to delicious  delicious |  Submit to StumbleUpon StumbleUpon |  Share on LinkedIn LinkedIn | Submit to Reddit reddit 
Network World published this quiz to test your knowledge of IT security. Take the test to see how much of a security expert you really are. We'll publish the answers in the next blog.

1. In IPSec, what kind of tunnel is first set up to initiate the VPN-creation process?

  • a. IKE
  • b. ISAKMP
  • c. Lincoln Tunnel
  • d. SSL

2. How can ports 80 and 443 be defended against Web-based threats?

  • a. Web application firewalls
  • b. Content filtering
  • c. White lists
  • d. Black lists
  • e. All of the above

3. Two-factor authentication can include something you have, something you know and...

  • a. Something you are
  • b. Something you make up
  • c. Something encrypted
  • d. Something unique

4. What do corporate security executives regard as the biggest threat to security?

  • a. Removable media such as thumb drives
  • b. Malicious insiders
  • c. Web 2.0 applications
  • d. Unpatched operating systems

5. The goal of network access control (NAC) is:

  • a. Remediating security shortcomings of machines before they connect to networks
  • b. Making sure devices adhere to access policies once admitted to networks
  • c. Linking machines with user identities to impose appropriate polices on them
  • d. All of the above

6. What means did attackers in China use to infiltrate Google's network?

  • a. Social engineering using Facebook
  • b. Introducing malware via cross-site scripting of Web sites
  • c. Exploiting a flaw in Internet Explorer
  • d. Brute-force attack of Google executive's passwords

7. Which botnet advance has made eradicating them more difficult?

  • a. Embedding command and control capabilities in zombie machines
  • b. Reinfection via social media sites
  • c. Sheer number overwhelms defensive measures
  • d. Use of rootkits to make bot software more difficult to dislodge

8. Which of the following is not an example of an application vulnerability?

  • a. Lack of sufficient logging
  • b. Fail-open error handling
  • c. Failure to properly close database connections
  • d. Running with least privilege

9. What is one downside of public key encryption?

  • a. It is less secure than using secret keys
  • b. It requires trusting party to verify public keys
  • c. It cannot ensure confidentiality
  • d. It cannot ensure authenticity

10. Which is not a Wi-Fi security option?

  • a. WEP
  • b. WPA
  • c. ICMP
  • 802.11i
0 Comments Click here to read/write comments
Tags: , , , ,

Protection Against Zero-Day Exploits

Posted on Mon, Jan 05, 2009 @ 06:00 PM
Share on Twitter Twitter | Share on Facebook Facebook | Submit to Digg digg it |  Add to delicious  delicious |  Submit to StumbleUpon StumbleUpon |  Share on LinkedIn LinkedIn | Submit to Reddit reddit 

The recent news about the latest zero-day exploit against Internet Explorer 7 re-inforces the need for protection against such exploits.

If your end users were only protected by a corporate firewall and anti-virus software, and were to go to a site that had malicious code, they more than likely would be infected. Most IPS, or web security gateway vendors, would have been able to protect your end users without the need to do any of the "work arounds" by Microsoft and anti-virus vendors. If you don't have protection against zero-day exploits, how are you handling this scenario in your environment?

0 Comments Click here to read/write comments
Tags: , , , , , , ,
All Posts