http://www.realtime-websecurity.com/ The Realtime Messaging and Web Security podcasts cover topics on the technology and management of email, instant messaging, content filtering, Internet phone and related services. Some of the podcasts are designed for the in-the-trenches systems administrators who have to mitigate the latest threat or respond to a new found vulnerability in a mission critical application. Other times the podcasts will look at messaging security from a management perspective with discussions on best practices, compliance, and planning the rollout of new services. In addition to covering the latest IT security news, these podcasts also focus on how to get messaging security right for the long haul. en Copyright 2009 Fri, 22 May 2009 12:19:55 -0500 http://www.sixapart.com/movabletype/ http://blogs.law.harvard.edu/tech/rss Malware isn't just viruses any more and Mac users should not be lulled into a false sense of security. While viruses are not a day to day concern for Mac users, that does not spare them the other forms of attacks that target browsers and other applications that run on the Mac OS. This podcast argues that it is time for Mac users to adopt anti-malware. http://www.realtime-websecurity.com/podcast/2009/01/mac_malware_its_time_for_mac_a.html http://www.realtime-websecurity.com/podcast/2009/01/mac_malware_its_time_for_mac_a.html Podcast malware Trojans worms viruses defense in depth anti-virus anti-malware Mac OS X iPhone iTouch Tue, 13 Jan 2009 01:19:43 -0500 Spyware can slow your computer and clutter your machine. Here are several tips for finding, eliminating and avoiding spyware. Topics include anti-spyware programs, browser components, safe browsing techniques, and free services to help filter suspicious or malicious sites. http://www.realtime-websecurity.com/podcast/2009/01/clean_that_machine_finding_eli.html http://www.realtime-websecurity.com/podcast/2009/01/clean_that_machine_finding_eli.html Podcast spyware SpyBot Ad-Aware Mcafee Site Safe OpenDNS Sun, 11 Jan 2009 10:09:03 -0500 Protect your desktop, laptop and other mobile devices with 5 sound and easy to implement security practices. http://www.realtime-websecurity.com/podcast/2008/12/5_essential_steps_for_endpoint.html http://www.realtime-websecurity.com/podcast/2008/12/5_essential_steps_for_endpoint.html Podcast anti-spyare anti-virus firewalls patching social engineering vunlernability scanning Tue, 23 Dec 2008 14:43:58 -0500 Data classification is a critical process in risk assessment. In this podcast we discuss the purpose and structure of data classification schemes and describe a 3-step method for getting your data classification efforts started. http://www.realtime-websecurity.com/podcast/2008/12/getting_started_with_data_clas.html http://www.realtime-websecurity.com/podcast/2008/12/getting_started_with_data_clas.html Podcast access controls data classification data loss prevention Wed, 17 Dec 2008 08:24:20 -0500 Workflow analysis can help identify points where the confidentiality and integrity of data can be compromised. This podcasts discusses hwo identifying key workflows, classifying data, and assessing the movement of data through different trust zones can help identify potentially vulnerable data management operations. http://www.realtime-websecurity.com/podcast/2008/12/improving_security_with_workfl.html http://www.realtime-websecurity.com/podcast/2008/12/improving_security_with_workfl.html Podcast data classification security workflow Thu, 11 Dec 2008 20:45:19 -0500 Rolling out a new application is no time to forget about security. In this podcast we look into several topics to consider when deploying a new application, including the last steps in application testing, establishing access controls, configuring and patching servers, optimizing with virtualization, and establishing backup and recovery plans. Special issues with deploying to cloud services, such as Amazons Elastic Cloud Computing (EC2) service are also discussed. http://www.realtime-websecurity.com/podcast/2008/11/security_review_for_applicatio.html http://www.realtime-websecurity.com/podcast/2008/11/security_review_for_applicatio.html Podcast access controls application security application testing backup and recovery cloud computing key management patching virtualizaiton vulnerability scanning Wed, 26 Nov 2008 19:28:40 -0500 Threat modeling is a design practice that helps us understand they types of attacks and vulnerabilities that can adversely affect our applications. In this podcast, we examine the basic steps in threat modeling and describe a tool for supporting threat modeling. The podcast covers identifying business objectives, creating an application overview, decomposing an application, identifying threats, and assessing vulnerabilities. It also provides a managing framework for improving the security of applications. http://www.realtime-websecurity.com/podcast/2008/11/basics_of_threat_modeling.html http://www.realtime-websecurity.com/podcast/2008/11/basics_of_threat_modeling.html Podcast application security attacks Microsoft Threat Analysis and Modeling Tool threat modeling threats vulnerability Web application security Sun, 16 Nov 2008 09:59:21 -0500 Improving Oracle security doesn't have to be difficult. Some relatively simple steps can reduce risks. At the same time advanced features like virtual private databases and data encryption can are sometimes required. This podcast examines 10 steps, ranging from the simple to the complex, for improving Oracle database security. http://www.realtime-websecurity.com/podcast/2008/11/10_steps_to_imporving_oracle_s.html http://www.realtime-websecurity.com/podcast/2008/11/10_steps_to_imporving_oracle_s.html Podcast database auditing database monitoring database security encryption Oracle virtual private database VPD Wed, 05 Nov 2008 18:59:01 -0500 Server virtualization faces the same threats as non-virtualized servers plus others. In this podcast we discuss those threats and a number of ways to mitigate these threats, including system configuration and asset management practices. Advances in hardware design are also discussed. http://www.realtime-websecurity.com/podcast/2008/10/virtualization_threats_and_res.html http://www.realtime-websecurity.com/podcast/2008/10/virtualization_threats_and_res.html Podcast asset management configuration management security management server security virtualization VMWare Xen Tue, 28 Oct 2008 18:55:50 -0500 You can't secure what you don't know you have. In this podcast we look at how the practice of configuration management can improve preventive maintenance, patch management and long term planning - all with a focus on security. The podcast describes configuration management systems and their key components along with the role they play in improving security. http://www.realtime-websecurity.com/podcast/2008/10/impoving_security_with_configu.html http://www.realtime-websecurity.com/podcast/2008/10/impoving_security_with_configu.html Podcast CMDB configuration management patch management security management vulnerability management Mon, 06 Oct 2008 21:09:41 -0500 Mobile device security often brings to mind issues like encryption, authentication, and data loss prevention. It should also raise concerns about how mobile devices can be compromised and used as means of accesses corporate networks. This podcasts examines how network access control (NAC) systems can be used to protect networks as well as some challenges with using NAC systems with mobile devices. http://www.realtime-websecurity.com/podcast/2008/09/network_access_control_and_mob.html http://www.realtime-websecurity.com/podcast/2008/09/network_access_control_and_mob.html Podcast Blacksberry iPhone laptop security mobile device security NAC network access control PDA security smartphones Fri, 26 Sep 2008 18:33:05 -0500 Digital vault, or folder based encryption, is a convenient, low cost method for protecting confidential and private information. It's not right for everyone but this podcast can help you understand if it is right for you. http://www.realtime-websecurity.com/podcast/2008/09/protecting_digital_assets_in_d.html http://www.realtime-websecurity.com/podcast/2008/09/protecting_digital_assets_in_d.html Podcast Bitlocker encryption file encryption full disk encryption laptop theft Mon, 15 Sep 2008 19:16:37 -0500 The information we share with friends on social networking sites may be used in unintended ways, such as providing details for a spear phishing attack. In this podcast we look at the benefits as well as the risks in social networking, like information spill over, vulnerabilities in social networking services, and the use of multiple technologies and data sources to conducted target fraud. http://www.realtime-websecurity.com/podcast/2008/09/the_benefits_and_risks_of_soci.html http://www.realtime-websecurity.com/podcast/2008/09/the_benefits_and_risks_of_soci.html Podcast Facebook LinkedIn MySpace phishing social engineering social networking vulnerabilities Mon, 08 Sep 2008 08:28:37 -0500 Ruby on Rails is a powerful framework for developing Web database applications. In this podcast we look at security tips related to user input, model/controller separation, core Ruby functions, and basic database security measures. http://www.realtime-websecurity.com/podcast/2008/08/security_tips_for_ruby_on_rail.html http://www.realtime-websecurity.com/podcast/2008/08/security_tips_for_ruby_on_rail.html Podcast applicaiton security database security Ruby Ruby on Rails security Mon, 25 Aug 2008 20:23:13 -0500 Web browsing is not as safe as it used to be. There is more malware distributed through Web sites and phishing sites continue to lure unsuspecting victims. In this podcast we examine tools for reducing the chance of becoming a victim of an online scam, including tools for the browser, DNS services and improved site authentication. http://www.realtime-websecurity.com/podcast/2008/08/tips_for_safe_browsing.html http://www.realtime-websecurity.com/podcast/2008/08/tips_for_safe_browsing.html Podcast browser extensions browser security Firefox plugin Google Toolbar Internet Explorer McAfee Site Advisor OpenDNS Tue, 19 Aug 2008 20:28:13 -0500 Governance, compliance and risk management (GCR) is a broad, demanding and sometimes intimidating topic but there are strategies for getting GCR under control. This podcast describes a seven step process for getting a GCR program started with an emphasis on pragmatic considerations. It also includes a brief introduction on the importance of GCR and why security is no longer a matter just for the inner recesses of the data center but a concern for executive management as well. http://www.realtime-websecurity.com/podcast/2008/08/getting_started_with_governanc.html http://www.realtime-websecurity.com/podcast/2008/08/getting_started_with_governanc.html Podcast application security compliance data leaks data loss prevention database security DLP Governance network security PCI Data Standards privacy risk management security management Wed, 06 Aug 2008 09:34:14 -0500 Full disk encryption can be a significant part of a data loss prevention program but it comes with management challenges. This podcast discusses some of the advantages and management issues faced when deploying and maintaining full disk encryption for mobile devices. http://www.realtime-websecurity.com/podcast/2008/07/management_issues_in_full_disk.html http://www.realtime-websecurity.com/podcast/2008/07/management_issues_in_full_disk.html Podcast compliance data loss prevention full disk encryption laptop security laptop theft mobile device security PDA security management smartphones Tue, 29 Jul 2008 18:00:05 -0500 Mobile devices functionality is growing more comparable to non-mobile devices. This podcast examines topics to consider when formulating a mobile device security policy, including: authentication, encryption, firewalls, anti-virus and other configuration issues. The role of network access control in enforcing these policies is also discussed. http://www.realtime-websecurity.com/podcast/2008/07/mobile_device_security_policy.html http://www.realtime-websecurity.com/podcast/2008/07/mobile_device_security_policy.html Podcast anti-virus Asus Eee authentication Dell encryption HP iPhone iPod iTouch Mac OS mobile device security Palm OS security management Symbain Mon, 21 Jul 2008 21:43:25 -0500 Outsourcing security services has a number of advantages, including gaining access to expertise not available in house, more efficiently dealing with mundane operational tasks, and expanding the breadth of your security measures. This podcast discusses the advantages, the kinds of services you can expect to find in a security as a service offering, and finally some issues you should consider, such as defining roles and responsibilities, coordinating multiple vendors, and third party access to private and confidential data. http://www.realtime-websecurity.com/podcast/2008/07/security_as_a_service_is_it_ri.html http://www.realtime-websecurity.com/podcast/2008/07/security_as_a_service_is_it_ri.html Podcast application security network security patching policy enforcement security as a service security management vulnerability scanning Sat, 05 Jul 2008 05:24:19 -0500 Business intelligence systems, like data warehouses and data marts, have security requirements distinct from transaction processing systems. In this podcasts, we provide a brief overview of BI system characteristics and discuss security requirements for the extraction, transformation and load process as well as access control issues with BI databases and reporting systems. http://www.realtime-websecurity.com/podcast/2008/06/business_intelligence_security.html http://www.realtime-websecurity.com/podcast/2008/06/business_intelligence_security.html Podcast access control business intelligence data breach data leaks data loss prevention data mart data warehouse encryption olap Oracle security virtual private database VPD Wed, 25 Jun 2008 20:22:23 -0500 Event correlation tools help extract actionable information from logs and other data sources of point systems. This podcast describes why event correlation is needed, what the key elements of event correlation are, and how event correlation can be used in the enterprise. http://www.realtime-websecurity.com/podcast/2008/06/basics_of_event_correlation.html http://www.realtime-websecurity.com/podcast/2008/06/basics_of_event_correlation.html Podcast event correlation forensics log analysis security management threat analysis vulnerability management Mon, 16 Jun 2008 19:09:10 -0500 High performance, dynamic Website depend on content management systems (CMS) layered on relational databases. This is great for performance and bad for security if your CMS is vulnerable to SQL Injection attacks. Unfortunately, we are learning just how many sites are vulnerable. Over the past year the amount of Web-based malware has jumped over 200% and password stealers are grew at a rate over 800%. To get a handle on this problem we need to understand how these SQL Injection attacks work and how to stop them and that's what you'll hear in this podcast. http://www.realtime-websecurity.com/podcast/2008/06/sql_injection_attacks_websites.html http://www.realtime-websecurity.com/podcast/2008/06/sql_injection_attacks_websites.html Podcast application security cms content management system database security database vulnerability PHP security relational database SQL injection Fri, 06 Jun 2008 11:25:21 -0500 Mobile devices, and mobile phones, in particular are becoming standard in the extended enterprise. This podcast discusses some key security issues related to mobile phone, particularly malware, access controls, encryption and users' perspectives on mobile device security. http://www.realtime-websecurity.com/podcast/2008/05/mobile_device_security.html http://www.realtime-websecurity.com/podcast/2008/05/mobile_device_security.html Podcast iPhone malware mobile banking mobile phone Palm SMS Symbian Treo Trojan wormm SIS Tue, 27 May 2008 20:12:14 -0500 Methods for countering botnets will increasingly exploit techniques used by botnets themselves. One approach is to disrupt command and control communications between bots; this can be effective but can require tampering with already compromised devices. Other methods improve the resiliency of communications in the presence of denial of service attacks but require a more complex communications infrastructure. Both approaches are described and discussed in this podcast. http://www.realtime-websecurity.com/podcast/2008/05/combating_botnets.html http://www.realtime-websecurity.com/podcast/2008/05/combating_botnets.html Podcast botnets command and control malware P2P Phalanx Thu, 15 May 2008 19:04:49 -0500 Malware like Storm is highly adaptive and resilient. Combating and controlling the latest forms of malware will take new techniques. This podcast examines the characteristics of super strength threats, looks at the Storm botnet as an example, and discusses new types of techniques for disrupting and limiting the detrimental effects of malware. http://www.realtime-websecurity.com/podcast/2008/05/super_strength_threats_reslian.html http://www.realtime-websecurity.com/podcast/2008/05/super_strength_threats_reslian.html Podcast blended threats bonet ddos denial of service malware spam Storm Mon, 05 May 2008 18:39:03 -0500