EDUCAUSE | Contributed by Organizations or Campuses; Articles, Papers, and Reports; and Network Security and Applications

9 Reasons Why Campus Police and IT Should Start Talking

ckeller — Tue, 22 Jul 2008 12:00:26 -0500

When discussing video surveillance with campus police and IT departments at various schools and universities, I frequently hear an undercurrent of distrust between the two groups.

2008 Data Breach Investigations Report

ckeller — Wed, 16 Jul 2008 11:01:52 -0500

The 2008 Data Breach Investigations Report draws from over 500 forensic engagements handled by the Verizon Business Investigative Response team over a four-year period. Tens of thousands of data points weave together the stories and statistics from compromise victims around the world. This report seeks to answer the following questions;

Who is behind data breaches?
How do breaches occur?
What commonalities exist?
Where should mitigation efforts be focused?

Software Assurance: An Overview of Current Industry Best Practices

ckeller — Thu, 03 Jul 2008 14:24:07 -0500

This report outlines the secure development methods and integrity controls currently used by SAFECode members to deliver high-assurance systems to government and commercial customers.

Why 'Anonymous' Data Sometimes Isn't

ckeller — Mon, 17 Dec 2007 15:50:13 -0600

"Last year, Netflix published 10 million movie rankings by 500,000 customers, as part of a challenge for people to come up with better recommendation systems than the one the company was using. The data was anonymized by removing personal details and replacing names with random numbers, to protect the privacy of the recommenders. "

Large Scale Collection and Sanitization of Network Security Data: Risks and Challenges

ckeller — Thu, 13 Dec 2007 15:11:16 -0600

"Over the last several years, there has been an emerging interest in the development of wide-area data collection and analysis centers to help identify, track, and formulate responses to the ever-growing number of coordinated attacks and malware infections that plague computer networks worldwide. As large-scale network threats continue to evolve in sophistication and extend to widely deployed applications, we expect that interest in collaborative security monitoring infrastructures will continue to grow, because such attacks may not be easily diagnosed from a single point in the network. The intent of this position paper is not to argue the necessity of Internet-scale security data sharing infrastructures, as there is ample research [13, 48, 51, 54, 41, 47, 42] and operational examples [43, 17, 32, 53] that already make this case. Instead, we observe that these well-intended activities raise a unique set of risks and challenges.
We outline some of the most salient issues faced by global network security centers, survey proposed defense mechanisms, and pose several research challenges to the computer security community. We hope that this position paper will serve as a stimulus to spur groundbreaking new research in protection and analysis technologies that can facilitate the collaborative sharing of network security data while keeping data contributors safe and secure."

The University's Role in Advancing Data Encryption, Part 1

ckeller — Fri, 02 Nov 2007 16:59:53 -0500

"Much like Moore's Law, PGP has seen huge advances in encryption technologies over the years -- specifically the ability for encryption to work faster and easier in a network while still being transparent to the end user," said Phillip Dunkelberger, President and CEO, PGP Corporation. Excellent encryption research is being carried out at a number of major universities, though it's still at a nascent stage.

iPhone Turned into Pocket-Sized Hacking Platform

ckeller — Wed, 03 Oct 2007 16:14:18 -0500

"Be warned: One researcher says the iPhone could become the "perfect spying device," thanks to multiple security flaws."

Why File Sharing Networks Are Dangerous

ckeller — Mon, 10 Sep 2007 14:55:36 -0500

In this paper the authors analyze P2P security issues, establishing vulnerabilities that software
clients represent. The authors go on to present experimental evidence of the risk through honeypot
experiments that expose both business and personal financial information and they track the resulting consequences. Their analysis and experimental results show the security risk of P2P file sharing networks.

Schneier Questions Need for Security Industry

drupal — Thu, 26 Apr 2007 14:59:33 -0500

"Outspoken author and security guru Bruce Schneier has questioned the very existence of the security industry, suggesting it merely indicates the willingness of other technology companies to ship insecure software and hardware."

Open vs. Closed

drupal — Thu, 12 Apr 2007 10:11:27 -0500

Which source is more secure? The debate rages on, but what are the real pros and cons of open or closed operating systems?