Security Audit Aims To Outfox Hackers

[William Knowles <wk () C4I ORG>]

http://www.techweb.com/wire/story/TWB20000602S0002

By Rutrell Yasin, InternetWeek
Jun 2, 2000 (9:12 AM)

In the wake of highly publicized security breaches and
denial-of-service attacks, the media conglomerate Fox Entertainment
Group wanted to know how vulnerable it might be, so it conducted a
vulnerability assessment. Fox (stock: FOX) is indicative of many
companies that have turned to outside consultancies to determine their
level of security risk. In its case, Fox turned to E-Certify, a
provider of managed security and integration services.

Companies such as E-Certify and Arthur Andersen's security consulting
practices are similar to "back-seat drivers," said Jeff Uslan,
director of information protection at Fox, New York.

"We use them to validate concerns or [to point out issues] we've
overlooked," Uslan said.

As it turned out, it was worth the effort. E-Certify's assessment of
Fox's voice and data network revealed that it needed to gain control
over and better manage IP addresses.

"We have a massive broadcast domain and there's a lack of policy [with
regard to managing multiclass IP addresses]," said Fritz Logan,
executive director of network operations at Fox.

However, as the media company replaces a five-year-old switching
network with Cisco (stock: CSCO) gear, IT departments will be able to
consolidate IP addresses to solve that problem, Logan said.

[...]


*-------------------------------------------------*
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
C4I Secure Solutions             http://www.c4i.org
*-------------------------------------------------*

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".