IT Answers » Security Channel

Need opinions on severity of security risk from vulnerability scan

Security Channel ATE — Tue, 12 Aug 2008 14:20:53 +0000

We used eEye’s Retina Scanner to run a vulnerability scan on a server. A risk was identified which was classed “Low” but the PCI Severity Level was classed as 5 or urgent. The vulnerability was Microsoft Windows optional Subsystems are permitted to operate on the system and the fix was to change a registry setting.

Two things

(1) I can’t seem to find much more information on this vulnerability, could someone enlighten me?

(2) If we don’t have to be PCI compliant at this point, nor does the server hold PCI type data, is this something we should even be addressing?

How will the planned changes in PCI-DSS affect the channel?

Donnellymp — Fri, 16 May 2008 12:52:50 +0000

Changes are in the offing for PCI-DSS. Are these changes for the better? How will it impact your channel business?

Is antivirus software dead?

Donnellymp — Wed, 23 Apr 2008 14:45:29 +0000

New Discussion Post by

What accounts for the trend toward SMB security?

Donnellymp — Thu, 17 Apr 2008 13:36:27 +0000

Our expert on SearchSecurityChannel.com says the natural consolidation of both technology and solution providers means that competition for named accounts and big-ticket items is fierce. As a result, the SMB security market is becoming more popular than ever. Has that been your experience?

Do you use security metrics with your clients?

Donnellymp — Wed, 09 Apr 2008 18:40:29 +0000

Some experts say that security VARs and consultants aren’t doing enough to help their clients formulate meaningful security metrics. The argument is that the typical security metrics aren’t business-focused enough (e.g., cost reduction), so most companies end up viewing security as just an overhead grudge purchase.

Do you think more can be done to make a positive business case for IT security? What advice would you give to help VARs and consultants make that case?

Are network access control products finally living up to their billing?

Donnellymp — Wed, 09 Apr 2008 16:08:51 +0000

Network access control (NAC) products sound like a good idea. And they seem to work well to protect against inadvertent pollution by authorized users. But some experts think we should be skeptical that NAC products can fend off hostile attacks.

Do you think NAC products are being oversold as the last word on network security? How do you use them at your client sites?

How would you rate the Certified Ethical Hacker designation vs. CISSP?

Security Channel ATE — Fri, 04 Apr 2008 19:37:01 +0000

How would you rate the Certified Ethical Hacker designation vs. CISSP? What are the differences? What are the advantages of one over the other? Thanks for any opinion you can offer.