** About Us > Briefing Papers These briefing papers are all written by IDsec staff based on their own experience. They address various technical and management issues in the field of network security. * Can Security Audits Be Automated? Automated scanning over the Internet is no substitute for manual penetration tests but it can be of use to hard-pressed managers. Stephen Bishop looks at some of the issues. * Security in Windows Vista The next generation of Windows is coming, but what will it mean for network security? By Raj Lotey. * Compliance and Security: Are They Compatible? Are regulatory demands and the operational requirements of network security compatible? Will the money spent on compliance help with your security objectives? And who should be concerned by new regulations and legislation? Our experience shows that these are closely related and that carefully constructed solutions can achieve both goals. By Simon Smith and Stephen Bishop. * At the Parting of the Ways IT security gets added prominence when a member of staff moves to pastures new, especially if it is a system or network administrator that is leaving. In some cases, this can lead to a significant damage limitation exercise - in effect an ad hoc security audit carried out in short order. But, as in many other areas, preparation is everything and there are practical steps that companies can take to avoid this kind of trouble. By Stephen Bishop. * What Should a Penetration Test Deliver? What should you expect from the report that comes out of a penetration test or security audit? Will it actually help you improve network security? This paper stresses the importance of a clear report structure and considers the role of evidence in reporting security vulnerabilities. By Stephen Bishop. * Gathering IDS Sensor Information The configuration of intrusion detection sensors requires the understanding of many aspects of the environment in which the sensors are placed. This paper presents a "strategy document" that is created for each sensor, combining the understanding of the monitored platform owners, the intrusion detection system designers and the event response function, as to the correct and proper security objectives for each sensor. The document then becomes the basis of the sensor policy and the approach used for tuning. By Kevin Graham. * The Placement of IDS Sensors This paper provides some basic guidelines for the situation of sensors used by intrusion detection systems. This advice follows the understanding that security monitoring requires an appreciation of the assumptions made in the underlying operational security model. Further points are made with regard to the purpose of intrusion detection and the value that is obtained from its existence. The guidelines are enumerated at the end of this paper. By Kevin Graham. * About Us IDsec is an independent company specialising in network security, and has provided penetration tests and intrusion detection systems since 1997. We can assess the security of your enterprise and advise on long-term protection: as we have for a range of blue-chip clients in the banking, telecoms, manufacturing and utility sectors. IDsec Limited 31-33 College Road, Harrow, Middlesex HA1 1EJ, United Kingdom T: +44 20 8861 2001 F: +44 20 8861 3433 W: www.idsec.co.uk All prices exclude VAT and are subject to confirmation. Copyright (C) 2012 IDsec Limited about/briefings/briefings.txt 20120510 (5.11)