This IBM® Redpaper takes a close look at the enterprise IT network perimeter, which has been diluted from a well defined set of ingress and egress points to a mesh of undetectable flows from devices capable of accessing and penetrating corporate resources. The time of keeping the bad guys out by attempting to build a well defined wall is definitely over. Buisnesses and organizations require collaboration with internal and external business partners, customers, and employees, which further removes walls and protective barriers.
In this Redpaper, we discuss how the variety of end-points that were once considered to be inside have now become the perimeter itself. With this idea in mind, we investigate how you can build a strong security solution in order to protect your valuable assets that are accessible through the IT infrastructure.
The target audience for this IBM Redpaper are IT architects, IT specialists, and security administrators.
Download the draft Redpaper here. This IBM Redpaper I was not involved in, but looks to be a good doc. Check it out.
It was 1943, and an engineer with Bell Telephone was working on one of the U.S. government’s most sensitive and important pieces of wartime machinery, a Bell Telephone model 131-B2. It was a top secret encrypted teletype terminal used by the Army and Navy to transmit wartime communications that could defy German and Japanese cryptanalysis.
Then he noticed something odd.
Far across the lab, a freestanding oscilloscope had developed a habit of spiking every time the teletype encrypted a letter. Upon closer inspection, the spikes could actually be translated into the plain message the machine was processing. Though he likely didn’t know it at the time, the engineer had just discovered that all information processing machines send their secrets into the electromagnetic ether.
Call it a TEMPEST in a teletype.
This story of how the United States first learned about the fundamental security vulnerability called “compromising emanations” is revealed for the first time in a newly-declassified 1972 paper TEMPEST: A Signal Problem (.pdf), from the National Security Agency’s secret in-house journal Cryptologic Spectrum.
Read the full article on Wired.
Todd Davis has dared criminals for two years to try stealing his identity: Ads for his fraud-prevention company, LifeLock, even offer his Social Security number next to his smiling mug.
Now, Lifelock customers in Maryland, New Jersey and West Virginia are suing Davis, claiming his service didn’t work as promised and he knew it wouldn’t, because the service had failed even him.
Attorney David Paris said he found records of other people applying for or receiving driver’s licenses at least 20 times using Davis’ Social Security number, though some of the applications may have been rejected because data in them didn’t match what the Social Security Administration had on file.
Davis acknowledged in an interview with The Associated Press that his stunt has led to at least 87 instances in which people have tried to steal his identity, and one succeeded: a guy in Texas who duped an online payday loan operation last year into giving him $500 using Davis’ Social Security number.
Paris said the fact Davis’ records were compromised at all supports the claim that Tempe, Ariz.-based LifeLock doesn’t provide the comprehensive protection its advertisements say it does.
“It’s further evidence of the ineffectiveness of the services that LifeLock advertises,” said Paris, who is lead attorney on the three new lawsuits, the latest of which was filed this month.
Read the full article on CNN.com.
This week I am at a customer site implementing TSOM 4.1. I hope that anyone that is still using 3.1 considers upgrading. The new features and robustness is worth it.