Effectively Securing Virtualised Data Centers

For security directors at large organizations, securing virtualized data centers is a major concern. Server virtualization offers several benefits including better total cost of ownership, increased operational efficiencies and more flexible management capabilities. But server virtualization may also increase security risks. Virtual machines (VMs) themselves are no less secure than their physical counterparts, but organizations often apply different procedures to their deployment and management. <more>

Without securing your FTP resources you jeopardise Corporate Security for the Enterprise

FTP offers little or no security for the enterprise; it is a protocol that sends passwords and data in the clear and can be accessed from anywhere and as many times as you like. The use of FTP inside the network perimeter represents a material weakness for this very reason, an insecure protocol designed without security in mind is being used as a business critical application without regard for corporate data security. We must understand these risks in order to ensure that network security policy describes your plan to minimise or eliminate these risks. <more>

Brave New World: Data Center Consolidation and Virtualisation Make Physical Forms of Network Segmentation Obsolete

Although Consolidation and Virtualisation have provided much needed flexibility in Data Center environments, they have also created certain security concerns. Virtualisation creates a situation where multiple vmware images or operating system images can reside on a single host, creating networks where hosts have virtual connections rather than ‘physical’ connections. In traditional physical networks network segments were easier to visualise. <more>

Encryption and Segmentation Compensating Controls for PCI DSS Compliance

A survey of 231 large merchants by Visa USA indicates that 83% have still not achieved compliance, even though the date to become PCI compliant has now passed. The reason so few large organizations have been able to achieve PCI compliance is because the scope of the regulation is so encompassing.

This whitepaper identifies ways of using new technologies as compensating controls for PCI DSS compliance in order to limit audit scope, encrypt user names and passwords in transmission without the need to modify or re-write applications, and protect stored data without encryption. <more>