System iNetwork

Security

July 9, 2009

IBM's Haifa Lab Working on Platform-Agnostic Data-Masking Technology

I'm always interested in anything that sounds like it will make IT security easier. A recent announcement from IBM details a technology that has great potential for simplifying data security. It's called MAGEN (Masking Gateway for Enterprises), and it uses optical character recognition and screen scraping to identify and cover up confidential data—essentially "catching" the information before it hits the screen, analyzing the content, and then masking details that must be hidden from the person logged in.

You can read full details about MAGEN on IBM's Haifa Research Lab website. Unfortunately, the links to the MAGEN presentation and demo on that page don't work, but the page does contain other interesting information. Maybe if enough of us notify IBM of the link problem, it will get fixed so that we can all see the demo. It sounds intriguing.

—Linda Harty, executive editor & availability/security/networking/connectivity editor

Posted by lharty on July 9, 2009 at 3:05 PM | Comments (0)

February 11, 2009

Encrypt or Die! Or Just Go Broke...

As if veterans weren't already getting the short end of the stick when it comes to funding, the US Veterans Affairs Department (VAD) just lost a whopping $20 million over sloppy data procedures.

Credant Technologies, a military grade encryption company, says that the $20 million settlement by VAD over the loss of one laptop and one external drive containing personal data "should serve as a wake-up call to IT managers not using and not enforcing encryption technology on their portable devices."

"The settlement with the Department's members and families over their alleged invasion of privacy should be a severe warning to any organization that isn't using encryption on its laptops and other portable devices capable of data storage," says Michael Callahan, Credant's vice president.

He adds that this whole fiasco could have been avoided with simple encryption on both the laptop and portable device.

"This isn't rocket science. It's similar to operating your business without liability insurance. The consequences of failing to encrypt are simple--your company could go under or become uninsurable as a result, which is pretty much the same thing," he says.

Ouch! Do you need another reason to get smart with your security and start encrypting your devices? If you're stumped about where to start, check out the Backup Encryption Product Roundup from 2006.

-Erin Bradford, systems management and availability editor

Posted by ebradford on February 11, 2009 at 9:11 AM | Comments (0)

November 18, 2008

Keeping Your IFS Secure

When it comes to the IFS, the i system's native security simply doesn't cover it. The reason you need to be on the alert when it comes to the IFS is because, as Mel Beckman says in "Virus Protection for the IFS," the system's "robust object security doesn't extend to portions of the IFS--specifically, the portions in the root directories accessible remotely to virus-laden Windows desktops and servers. When a remote system accesses the IFS, it can potentially infect IFS files with virus code. Uninfected systems that later read the infected files can themselves become infected. A virus can spread in this way throughout an enterprise network in just minutes, resulting in incalculable damage."

This quoted little gem indicates that not only do you need virus protection for your IFS, but you also need to know how to securely map IFS file permissions and how to protect various IFS file transfer protocols. Our own Mel Beckman is offering a webcast about this very topic on November 20, and it's free. Sign up soon to make sure you get a seat.

In the meantime, you might want to learn more about the IFS and how you can use it, and System iNetwork is rife with IFS articles. Here is a particularly practical series of articles, written by Scott Klement, about using the IFS from RPG. Each article also offers downloadable code to illustrate the techniques explained. (Note that these articles require ProVIP membership.)

Introduction to Stream Files, November 2004, article ID 19312

A Text File Primer, December 2004, article ID 19473

Text Files in the World, January 2005, article ID 19626

Binary Stream Files, February 2005, article ID 19751

Getting Information About Your Files, May 2005, article ID 20050

Working with Links, June 2005, article ID 20141

Working with Directories September 2005, article ID 20235

--Linda Harty, security & networking/connectivity editor

Posted by lharty on November 18, 2008 at 1:22 PM | Comments (0)

July 14, 2008

IT Managers: Patch Your DNS Servers Now!

A recently discovered DNS cache-poisoning flaw has been called one of "the most dangerous to have been discovered in the DNS protocol," and it affects every DNS server--that's right: every single one. So you need to act now to ensure that your organization's servers are patched. The Computerworld article "Patch domain name servers now, says DNS inventor" describes the problem in adequately dire terms that should motivate you to act immediately. A US-CERT advisory has all the details and lists more than 80 vendors whose products are at risk of being exploited. Some vendors have already released patches, so check the US-CERT site or contact your vendor(s).

--Linda Harty, security & networking/connectivity editor

Posted by lharty on July 14, 2008 at 3:55 PM | Comments (0)