Free Advertising
Apparently TheTAZZone.com will soon be offering FREE Advertising for 3 months beginning March 1st on 4 different domains. According to inside sources this offer will be open to both personal and commercial websites.
They have a forum thread at TAZForum where you can sign up for the FREE Advertising, or you can just e-mail their administration.
Professional Paranoid
My research interests cover the design and analysis of security techniques and systems, with a sideline in various obscure security-related areas such as the recovery of deleted data from magnetic media, and whatever else happens to catch my interest. To view some of the documents referenced on this page you’ll need a copy of the free Adobe Acrobat reader software (note: This link takes you to Acrobat 5.1, which avoids the very buggy and unstable Acrobat 6 or the bloated mess that is Acrobat 7 which Adobe will force on you if you get it from their main download site). Alternatively, if you’re running Windows, you can try the Foxit PDF Reader, which is what the Acrobat reader would be if it lost about 15MB of bloat and ran about 50 times faster than it does.
One of the most popular pages that I maintain is my security resource link farm, a huge (around 1/2MB) collection of links to security and encryption products, companies, papers, conferences, e-commerce and digital cash, security and intelligence agencies, smart cards, digital certificates and CA’s, standards and publications, security problems and holes, and anything else vaguely related to encryption and security. If you’re looking for anything in this area…
Best Practices For Preserving Security
The centralisation of branch office servers and storage enables enterprises to more effectively manage and secure critical business information.
By moving servers out of branch offices and consolidating IT infrastructure to fewer, purpose-built data centres, enterprises can protect vital business resources through tight physical security and well-defined access procedures.
In addition, server centralisation reduces sensitive user credential stores, helping to ensure that this information remains protected from unauthorised access.
Intrusion recovery for databases and file systems
Recovery of lost or damaged data in a post-intrusion detection scenario is difficult task since database management systems are not designed to deal with malicious committed transactions. Recovery of lost or damaged initialization vectors for data encryption is also a difficult task since this information is critical to recover for a successful decryption of data. Self-securing data turns data-store solutions into active parts of an intrusion survival strategy. Few existing methods developed for this purpose heavily rely on logs and require that the log must not be purged. This causes the log grow tremendously and, since scanning the huge log takes enormous amount of time, recovery becomes a complex and prolonged process.
In this research, we have used data dependency approach to log only selected database columns and selected fields in flat file records. During damage assessment and recovery, we rely on a secure ‘evidence-quality’ log and skip parts of the log that contain unaffected columns. This paper introduces how self-securing data enhances an administrator’s ability to detect, diagnose, and recover from intrusions. First, data-at-rest intrusion detection offers a new observation point for noticing suspect activity. Second, post-hoc intrusion diagnosis starts with a plethora of normally unavailable information. Finally, post-intrusion recovery is reduced to recover a pre-intrusion data image retained by the server. Combined, these features can improve an organization’s ability to survive successful digital intrusions of critical data items.
1. INTRODUCTION
Any computer system that is connected to a network is vulnerable to information attacks. In spite of all preventive measures, savvy intruders manage to sneak through and damage sensitive data. Initial damage later spreads to other parts of the database when a legitimate transaction updates valid data…
Security Park – Intrusion recovery for databases and file systems
-
Recent
- Free Advertising
- Vulnerability Turns MS Excel Into Open Door for Hackers
- Teenager hacks Polish tram system
- Anatomy of a hack attack
- Sears puts customers’ buying histories on the Web
- WordPress Hacked: Anyone Can View Future/Draft Posts
- Introducing Weave
- HP confirms gaping backdoor on 82 laptop models
- Are The Days of Duplicate Content Numbered
- Top US military research labs infiltrated by hackers
- Hackers Ram Through Security at Oak Ridge Lab
- New Software Detects Web Interference
-
Links
-
Archives
- January 2008 (5)
- December 2007 (6)
- November 2007 (3)
- June 2007 (1)
- February 2007 (1)
- January 2007 (2)
- December 2006 (9)
- September 2006 (1)
- August 2006 (2)
-
Categories
-
RSS
Entries RSS
Comments RSS
