InfoWorld - Even though it happened late in the year, 2004 will probably be remembered as the year that Microsoft Corp.'s Internet Explorer slipped.
Mozilla's Firefox browser finally reached release status in early November, and by early December had made a noticeable dent in Internet Explorer's market share. The main driver for Firefox's success is not necessarily its innovative features, but rather the lack of easily exploitable security holes. It seems that the serious flaws in Microsoft's browser finally led many users to decide it's time for a change.
In addition to more critical security issues in Internet Explorer last year, Microsoft also brought us Windows XP SP2 (Service Pack 2). Hailed by the company as a security blanket for XP, it was soon clear that it was also an application killer, rendering hundreds of applications unusable following installation. Microsoft subsequently removed SP2 from its automatic update service, but continues to remind users to install SP2 whenever they visit the Windows Update site. All this trouble and fuss for a service pack that many administrators believe merely treated some symptoms but didn't address the real problems.
On the Linux front, the release of the v2.6 kernel brought some significant changes in core-level security. The official inclusion of the SELinux (Security Enhanced Linux) code base into the v2.6 kernel introduced much-needed granularity to controlling privilege elevation on Linux systems.
A few layers below these events, Cisco Systems Inc. and Microsoft were not so quietly planning a joint effort to combat viruses, worms and intruders, announcing that they were working to bring together Cisco's NAC (Network Admission Control) and Microsoft's NAP (Network Access Protection) technologies to provide for simplified system patching, policy adherence and problem resolution before potentially destructive systems are permitted normal network access. Although nothing is likely to be released for at least a year, it's a step in the right direction -- if you're a Microsoft and Cisco shop.
Across all the layers, a shift was definitely felt in the intrusion-detection market. In 2004, IPS products found their footing, and IDS vendors saw the writing on the wall and began incorporating in-line blocking capabilities in their products. It's always been nice to know when abnormal events have occurred on your network, but the capability to prevent them from doing any harm is the ultimate goal.
Network managers received plenty of encouragement to block threats in 2004, a year in which several security breaches affected millions of innocent people. The October break-in at the University of California, Berkeley, netted a cracker roughly 1.4 million names and Social Security
- PCI 3.0 Compliance In this white paper, learn how PCI-DSS 3.0 effects how you deploy and maintain PCI compliant networks using CradlePoint devices.
- Mitigating Security Risks at the Networks Edge This white paper provides strategies and best practices for distributed enterprises to protect their networks against vulnerabilities, threats, and malicious attacks.
- 5 Strategies for Modern Data Protection Read the five strategies for modern data protection that will not only help solve your current data management challenges but also ensure that...
- Defense throughout the Vulnerability Life Cycle with Alert Logic Threat and Log Manager New security threats are emerging all the time, from new forms of malware and web application exploits that target code vulnerabilities to attacks...
- Business-driven data protection Setting up data protection infrastructures with your organizations' core mission or business in mind is key. In this webinar, the ARCserve team will...
- On-Demand Webinar: Mind the Gap! Watch the webinar featuring Bob Janssen, CTO and Co-Founder of RES Software, to start building a solid foundation for business and IT to... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!