Stories by Steve Hultquist

  • Sophos NAC is a good start

    The wide variety of so-called NAC (network access control) products on the market shows a broad range of thinking about policy-based security controls and the management of the network in general, including the end-point devices that connect to the network. Some vendors enforce policies using a client agent, some enforce them in the network, and some even use peers for enforcement. Network-based enforcement itself can take many forms, including dedicated gateway, DHCP manipulation, 802.1x authentication, and port- and VLAN-based enforcement on switches.

  • Rootkits: The next big enterprise threat?

    Late at night, a system administrator performed a routine check of a crashed server, one of 48 systems comprising a major online infrastructure that generated about US$4 million per month in revenue. He was a bit surprised that the system had gone down, as it had been humming for months without any indication of being prone to crashing. The check uncovered three encrypted files. The administrator called on MANDIANT to analyse them.