Codewarp Home
Login | Site Map
Support

Dedicated Knowledge Base


Article 205
Title Security tool definitions
Content
ACTIVE CONTENT MONITORING/FILTERING
Once connected to the Internet an individual undertakes a degree of risk from computer viruses, malicious Java or ActiveX, and more. Tools that perform active content monitoring examine material entering a computer/network for potentially damaging content, cross-referencing what they scan with continuously updated definition libraries. The impact of allowing malicious content to enter a networked unchallenged can vary form suffering mild annoyances to extended network downtime and loss of stored material.
AUTHORIZATION
Authentication asks the question of "Who are you?" whereas Authorization addresses the question of "Are you allowed to do that?" Policy-based authorization servers allow applications, usually web servers, an ability to centralize authentication and authorization tasks. A Security Manager defines authentication methods (e.g. passwords) users and access controls. Each time a user wishes to access a resource the application queries the authorization server which refers to the policies and the rules to answer the query.
FIREWALLS
A firewall is a system or group of systems that enforces an access control policy between two networks.
INTRUSION DETECTION HOST BASED
A host-based intrusion detection system is software that monitors a system or applications log files. It responds with an alarm or a countermeasure when a user attempts to gain access to unauthorized data, files or services.
RISK ASSESSMENT
Risk is a combination of the likelihood that an incident will occur and the damage that will result. Risk Assessment provides an understanding and analysis of these two factors using processes and tools. Organizations usually face an insurmountable number of potential vulnerabilities. Risk Management determines which risks should be accepted, assigned or avoided (mitigated).
SECURITY APPLIANCES
These hardware/software combinations offer firewall and sometimes other services such as network load management in a single purpose offering. Because they have very limited operating system function, they are generally easier to manage, cheaper, and less subject to common hacker attacks than firewalls installed on general purpose UNIX or Windows NT computers.
SECURITY SERVICES: PENETRATION TESTING
Consulting organizations simulate real-word hacking and social engineering attacks on an enterprises' network and systems to determine where weaknesses lie, and offer advice on how those weaknesses may be addressed in order to beef-up security.
NETWORK AUTHENTICATION
These tools take several approaches to improving the ability of your systems to differentiate between people who should and should not have access.
INTRUSION DETECTION NETWORK BASED
A network-based intrusion detection system monitors network traffic and responds with an alarm when it identifies a traffic pattern that it deems to be either a scanning attempt or a denial of service or other attack. It is quite useful in demonstrating that "bad guys" are actually trying to get into your computers.
AUTHENTICATION
Authentication is the process of determining whether something or someone is who or what it is declared to be. The most common form of authentication is the use of logon passwords, the weakness of which is the passwords can often be forgotten, stolen or accidentally revealed. The tokens in this category offer more stringent forms of authentication so that users need to have both something (the token) and know something (the PIN or password) to gain access.
DATABASE SECURITY
Software that identifies security attributes within relational databases including logins/accounts, passwords, roles, and privileges. Requisite functionality includes vulnerability assessment, security administration, and enhanced auditing. These products may optionally provide real-time detection and alerting capabilities for unauthorized access or changes to the underlying data base on pre-defined rules.
CERTIFICATE AUTHORITY
A CA (Certificate Authority) is an organization that issues and manages security credentials and public keys for message encryption and decryption. This is an essential part of a public key infrastructure (PKI) because it manages the process of issuing and verifying the certificates used to grant people and systems access to other systems. These certificates include keys that help to strengthen authentication, privacy and non-repudiation.
FILE & SESSION ENCRYPTION
Encryption is a process through which data is transferred into a form whereby it cannot easily be intercepted and understood by unauthorized persons. Sophisticated computer algorithms are used to encrypt the files, then decrypt them when they are needed.
VPNs & CRYPTOGRAPHIC COMMUNICATIONS
A VPN or Virtual Private Network allows secure communications over the public internet. It saves money in organizations with large mobile workforces or many satellite offices reducing the need to use expensive private telephone networks.
SECURE WEB SERVERS
These tools offer web services in environments that have been engineered to minimize the number of security holes.
ENTERPRISE SECURITY POLICY IMPLEMENTATION
ESPI enables security managers to automate each step of security policy management from a central console including creating, editing, approving, publishing, distribution, education, compliance, reporting and maintenance. These tools enforce awareness, assess employee understanding, track incidents and measure compliance, which helps organizations improve management of IT risks without overburdening limited staff.
SINGLE SIGN-ON
These software packages allow users to get access to multiple computer and applications without learning many different passwords. Single sign-on tools generally do not change the underlying applications, but hide their differences through a layer of software.
WEB APPLICATION SECURITY
Web application security is the protection of your web application and its resources from threats coming from the Internet, such as stealing company assets, falsifying buy/sell transactions, getting private customer data and defacing the site. This is done by detecting and/or preventing the hacking techniques applicable to this domain, i.e. those which can be performed in the presence of firewalls and encryption.
ENTERPRISE SECURITY ADMINISTRATION
Tools providing enterprise-wide security administration apply a given security policy across an entire organization, ensuring all users of that enterprise's network will be subjected to the same rights and restrictions. These systems are especially valuable in granting new users access to all appropriate systems and, more importantly, removing users from all systems if they are terminated.
VULNERABILITY SCANNERS NETWORK BASED
Software that simulates the behavior of attackers to learn which of as many as 600 possible weaknesses are present on the system being attacked.
MANAGED SECURITY SERVICES
Vendors providing managed security services assume a percentage of the security administration tasks for an enterprise's network, allowing administrators to concentrate on other job responsibilities.
TRUSTED OPERATING SYSTEMS
Because all other security mechanisms rely on the operating system, they can be disabled or circumvented by a successful attack on the o/s. Trusted o/s technology provides the only mechanism to protect the o/s itself from successful attack.
VULNERABILITY SCANNERS HOST BASED
These tools check the settings on our systems to determine whether they are consistent with corporate security policies. They are often used by auditors.
SECURITY SERVICES: POLICY DEVELOPMENT
Consulting organizations that have worked with many organizations have templates with which they can quickly establish for all aspects of computer security from acceptable use to email to extranets to PKI.
ANTI D.D.o.S. TOOLS
Anti D.D.o.S. (Distributed Denial of Service) Tools identify baseline network usage and monitor for anomalies indicative of D.D.o.S. attacks. Once an anomaly is reported, the tool attempts to determine if the upsurge in usage is legitimate or the result of an attack and recommends preventative measures.
REAL-TIME SECURITY AWARENESS/INCIDENT RESPONSE
RTSA allows the security manager to see what is happening across the enterprise among multiple vendor security products and sources in near real-time from a central console. RTSA helps reduce the number of personnel whose time must be devoted to monitoring multiple security products and sources.

For White Papers about products in these categories, check the SANS Site at:
www.w2knews.com/rd/rd.cfm?id=021104RN-SANS_Tools

For all the Sunbelt Security tools together in one place, click:
www.w2knews.com/rd/rd.cfm?id=021104RN-Security_Tools

Modified Date 9/16/2006

    Your feedback is important to us. Please send us comments:

    Contact Us Contact Us