The Internet plays a key role in helping net admins obtain the most up-to-date information about viruses and various other security threats. Corporate and government Web sites have become important sources of information and tools relating to network—and especially Internet—security. Among the many security-focused Web sites, one you should be sure to check out is @stake. The site posts news about events relating to network security, shares advisories about newly discovered vulnerabilities and threats, and offers downloads of tools you can use to test network security. Even if you don’t plan to take advantage of the enterprise security services that @stake sells, its Web site can still be a useful source of information and tools to help you better secure your network.
@stake is headquartered in Cambridge, MA, and also has offices in New York City, Raleigh, San Francisco, Seattle, Denver, Hamburg, and London. @stake is somewhat unusual in its strategy for improving security services, which includes hiring well-known hackers who were previously experts on the other side of the security equation.
@stake pulled the experts from the popular L0pht Heavy Industries hacker site under its umbrella, and the information and tools that were once available at the L0pht site are now a part of @stake. In fact, @stake’s password auditing and recovery utility, LC4, is actually the latest iteration of L0phtCrack, a popular password-cracking tool.
@stake caused a bit of a stir as a startup when it revealed it was hiring hackers as security consultants. At the time, the idea of hiring hackers as security auditors raised some eyebrows, but companies increasingly favor the concept that those best able to test a network’s security are those who don't necessarily follow conventional security wisdom.
Today, @stake’s list of clients includes such companies as ATG, Bertelsmann mediaSystems, Blackstone Technology Group, Exodus Communications, and Predictive Networks. @stake’s success is a testament to its philosophy toward network security.
The @stake home page offers links to company information and services, including its SmartRisk enterprise services, @stake Academy security training courses, and Secure Business Quarterly (SBQ), which is an informative online magazine devoted to security issues. One article, for example, examines the December 2000 attack on Egghead.com’s network, which resulted in the theft of customer credit card numbers. The article follows Egghead’s forensic investigation into the incident.
The front page of the @stake site has a link to the Latest SNN1 Security News. The page provides advisories and media coverage of incidents, threats, and vulnerabilities. Summaries of various news stories include links to the original sources. It's a good resource for staying on top of international incidents and a variety of issues relating to security. The front page also contains links to seminars and other events in which @stake has participated, such as a July 1, 2002, security seminar held in London.
The Events & News section, accessed via a navigation bar link in the upper-right corner of the front page, takes you to a list of press releases. Clicking Events brings up a list of upcoming security events. Brief summaries of the events include links to sites with additional information and sign-up forms. This page also provides access to an archived Webcast of presentations delivered at an RSA Security-sponsored Web security seminar series. The Webcast is free, and if you offer feedback on it, you can also download the slides from the seminar in PDF format. You might find useful information in the presentations to relay to your staff or to include as part of staff training materials.
The Research section of @stake’s Web site houses the content that used to occupy the L0pht Web site. The section offers advisories, downloads of security tools (including LC4), and detailed reports on security risks. The tools are divided into several categories, including information gathering, forensics, network utilities, and vulnerability scanning. The downloads are free, so this is a great source for security auditing utilities.
The reports cover a variety of issues. For example, the latest report covers security risks associated with General Packet Radio Service (GPRS) devices and wireless networks. The reports and the SBQ articles are available in PDF format, which is handy because you can print them for future reference.
The Research section also offers a page that presents a detailed explanation of @stake’s policy regarding the reporting of vulnerabilities and the steps to correct them.
Although @stake is a corporate site and thus aimed at selling services, it also offers a number of resources useful to anyone who is interested in Internet security issues. You may find something you need in any of the following resources available at @stake:
- Vulnerability advisories
- Security utility downloads
- Security articles
- Seminar Webcasts
Even if you’re not interested in the services @stake provides, you should find useful security insights and utilities.
Rate @stake’s Web site