Forgot password?
|
|
|
|
Home
We were unable to sign you in.
Please verify your user name and password and try again. If you do not have a TEC account, register now.
Printer Friendly
  • E-Mail Article
    • To: (e-mail address)
        

      From: (e-mail address)
        

      Subject:


      Message:
       

Contact Us
Newsletter RSS
Rate this article
     
Average Reader Rating 0.00
You may also be interested in:
Demystifying SAP Solution Manager
Ariba's 15-Year Journey into the B2B Commerce Cloud
Using ERP to Deliver E-commerce for Engineer-to-order Companies

White Papers related to this article:
Enterprise Resource Planning Solutions for Growing Businesses
Publisher-controlled Ad Networks
Looking Beyond Mobile Device Management to Mobile Application and Enterprise Mobility

Other articles written by L. Taylor:
Vendor Analysis: Kaspersky Anti-Virus Products Examined
OKENA Brews Up a StormSystem that Secures All Applications
Vendor Review: SecureWave Protects Microsoft Operating System Platforms

Featured Author
Comments: 
0
Read Comments
L. Taylor - August 9, 2000

Introduction

As businesses continue putting their web-enabled e-commerce sites containing the jewels of their infrastructure online, the importance of security and privacy becomes increasingly critical. A crucial way of addressing this need to protect the company website is to conduct a Security Vulnerability Assessment. A Security Vulnerability Assessment is a risk management process, usually conducted by expert consultants. Below TEC outlines the reasons for having a Security Vulnerability Assessment done, how a security vulnerability assessment is performed, what can be gained by enlisting the Security Vulnerability Assessment process, and what you should expect to see in a Security Vulnerability Assessment report.

Justification

There are many other reasons why obtaining a Security Vulnerability Assessment of your network, or someone else's, may be important to you. The primary reasons for doing a Security Vulnerability Assessment include:

  • Customer expectations

  • Preventing litigation

  • Protecting your revenue stream

  • Protecting your customers' revenue stream

  • Reducing site outages and performance problems

  • Creating secure and seamless information access

  • Preventing denial of service attacks

  • Taking precautions during acquisitions or mergers

  • Meeting customer contractual obligations

  • Protecting against the repercussions of stock fluctuations

  • Testing your Intrusion Detection System

  • Protecting your systems from vulnerabilities created by cavalier engineers

  • Building customer loyalty

  • Gaining competitive advantage

  • Enabling correction action

  • Qualifying for Information Protection Insurance

Your infrastructure requires seamless information access so that you can deliver the level of service that your customers have grown to expect. Dealing with security vulnerabilities on your website and your internal networks, is not an option; you have to do it. You want to deliver services without worrying if the systems you or your customers are using are vulnerable to wily hackers.

Understanding Your Risks

The most important reason for having a Security Vulnerability Assessment performed is to enable corrective action. How can you know what to secure if you don't know what is insecure?

Performing a Security Vulnerability Assessment will assist you in understanding what risks your organization is exposing its infrastructure to. If you are a publicly held company, or are planning to go public, the SEC requires that you understand all your corporate risks, and convey this information to your potential investors in your Prospectus. Having a Security Vulnerability Assessment done by an independent outside authority shows that your organization has taken due diligence and objectivity in working towards a secure infrastructure.

Understanding Denial of Service Attacks

Your systems are a global village of transactions, providing you with highly sensitive and confidential corporate and customer information. You cannot afford to allow inappropriate access to your backend systems, or to expose your customer credit card numbers, something that could lead to costly and time-consuming litigation. Security Vulnerability Assessments assist you by identifying security vulnerabilities, and making recommendations before they affect your bottom line. Site outages due to denial of service attacks are a sure way to plug your profitability. You need to keep your revenue stream alive, and if you are an ASP, or any sort of outsourcing provider, you may have contractual obligations to keep your customers' revenue stream alive.

Remember the February 9th distributed denial of service attacks that affected Yahoo!, Amazon, E*Trade, Ebay, and Buy.com? Denial of service attacks are not new. They have been around since the beginning days of the Internet, but have gained much more popularity in recent years due to the widespread information published on hacker websites, which give succinct instructions on how to perpetrate these attacks. The kinds of denial of service attacks that occurred on these well-known websites are called Synfloods. Contrary to some of the news stories that were generated as a result of these denial of service attacks, Synfloods are preventable. A denial of service attack basically floods a network, or website, with more traffic than it can handle, causing enough performance problems that legitimate users are then denied service, which is where the name comes from.

On the perimeter of most websites, a router tells Internet traffic, known as packets, which way to go. Routers are not really like stop lights, because Internet traffic never really stops. Routers are more like rotaries - the packets come in from one direction and go out in another. More often than not, routers are of the stateless type. This means that they simply pass packets, and do not try to learn from the packets. Stateful or dynamic network devices pass packets, and, try to learn from the packets. Stateful devices that can learn about the patterns of the traffic passing through them can make better decisions on what to do with the packets.

A good Security Vulnerability Assessment can tell you which denial of service attacks are able to compromise your site or network. Having this kind of information on hand can help you decide if you need to purchase a content smart stateful packet inspection device, and which devices might be best for your organization. Having this kind of information enables you to take appropriate corrective action. If Yahoo!, Amazon, E*trade, Ebay, and Buy.com had done a recent Security Vulnerability Assessment, they would have known ahead of time that their sites were vulnerable to denial of service attacks. As security vendors who have the technologies to protect against Synfloods saw their stocks rise after the February denial of service attacks, the victims saw their stocks lose market cap.

A Precaution During Mergers and Acquisitions

With the fast-paced consolidation of today's technologies and markets, part of any business to business acquisition or merger should always include the review of a current outside, and independent, network Security Vulnerability Assessment by the company who is pursuing the organization undergoing consideration for acquisition. If a current Security Vulnerability Assessment report is not available, the acquiring company can request that one be generated as part of the acquisition process. You wouldn't buy a house without having it go through an inspection process. Similarly, when evaluating a company for an acquisition in which Internet commerce is part of the game plan, you'll want to know what risks you are facing before closing the deal.

Testing Your Existing Protection

If you have an Intrusion Detection System installed on your network, how do you know if it is functioning properly? A respectable Security Vulnerability Assessment can let you know if your Intrusion Detection System is actually working, or just creating extra CPU cycles and bandwidth that is depleting your management resources. Secure systems ensure that your infrastructure is free from unwanted intrusions and disruptions, eliminating delays in your development and service provisioning cycles.

Whether you employ the use of Firewalls, Intrusion Detection Systems, proxy servers, SSL, ssh, or secure encrypted channels, a security assessment can help determine if your current configurations contain any unknown, and potentially unauthorized, network extensions left by legacy contracts, and cavalier engineers. Hardware multiplies like rabbits. There is a good chance you have IP based network devices on your network generating network traffic, and consequently security holes, that you don't even know about.

Engineers commonly throw new devices on the network without taking into consideration the security implications. Your organization needs to assure its customers that their e-business channel is secure. An independent security assessment, or audit, is a way of showing your customers that you are serious about security, and care about their transactions. The time and money you will save, and the customer loyalty that you will build by enlisting best-practice security services will give you the competitive advantage you need to maintain a leadership position in the market.

Methodology

How does a Security Vulnerability Assessment work, and what kind of information can you expect to obtain from a Security Vulnerability Assessment report? It is possible to perform a Security Vulnerability Assessment yourself, and this is something TEC encourages every organization to do if they have the time and resources. However, for objectivity purposes, you should also have an outside authority do one for you. Just as when your business creates its own annual report, it also has an outside consultancy audit the report for objectivity, due diligence, final inspection, and legal ramifications. Similarly, a Security Vulnerability Assessment process needs to be undertaken with your information infrastructure, website, and e-commerce systems. Whoever is performing the Security Vulnerability Assessment should use a reputable security-industry scanning product such as Cybercop, or Internet Security Scanner.

If an outside consultancy is performing a Security Vulnerability Assessment of your network, it is likely that they will ask your CIO, or Director of Information Technology to sign a form which entitles them to do an Ethical Hacker Penetration test, which is just another name for a Security Vulnerability Assessment, or security audit. If you desire, feel free to have this document reviewed by your legal counsel, and be sure there is a section that proclaims the audit results to be as confidential as possible. You don't want your audit report showing up as market data on a website without your prior consent.

While all companies should take the initiative of conducting a Security Vulnerability Assessment, banks and financial institutions know they will be the subject to a security audit at some point. Initiating your own audit, can proactively prepare your company in advance.

If you are an online banking institution, it is quite possible that your parent corporation, or your investor team, will first send in their auditors to interview you. As well, your regional Federal Reserve Bank may send in its team of auditors to interview you in person first. A formal in-person audit conducted by a reputable financial institution is comprehensive, in-depth, extremely challenging, and very exhausting. It is not uncommon for such an in-person audit to last an entire day or two.

If you are expecting this kind of preface to an Ethical Hacker Penetration test, it is best to prepare yourself in advance, and bring all your security processes, procedures, and network maps to the audit interview. Expect the audit interviewer to ask to keep these copies and not return them. It is appropriate for at least one senior member of the management team, and one person knowledgeable about security and network technology to attend such a session. After the in-person audit interview is complete, they will want to schedule up to a week's time to perform the penetration test on all your networks, and possibly longer depending upon the size of your network infrastructure. If they are clever, they will poke at both the TCP and UDP ports. Less clever auditors, and sometimes very well-known technology organizations, have been known to neglect the UDP ports. A knowledgeable security engineer viewing the logs on your corporate firewall can ascertain which ports are being prodded.

If you are having the audit done for a potential acquisition inspection, make sure that you find an auditor that will check UDP, as well as TCP ports. A best-of-breed Security Vulnerability Assessment usually starts out by doing some data gathering, and looking for reconnaissance information. Some of the kinds of data the auditor will look for are such things as trying to retrieve your routing table, trying to see if they can obtain ICMP netmasks, looking for IRC servers, looking for SSH configuration information, and looking for password files. Other kinds of things they will try will be checking for include an assortment of vulnerabilities associated with file transfer protocols, hardware peripherals, hacker Trojans and backdoors, SMTP and messaging problems, network file system vulnerabilities, website and CGI holes. Checking for denial of service attacks, Intrusion Detection System functionality, and UDP ports is something that sets the premiere auditors apart from the rest.

The Report

Make sure you receive a copy of the report, and make sure it lists the risks in order of their severity. It will then be possible for you to systematically correct in your network the weaknesses that expose your information technology infrastructure, and your customers', to a multitude of threats and attacks. Ask for all related diagrams and network maps, associated with your vulnerability report. The report should summarize, in ranked order, the potential threat, as well as the recommended action to take to reconcile the vulnerability. Your organizational team can then work on reconciling as many of the vulnerabilities as possible yourself, and then determine what they are unable to resolve, and decide if it makes sense for to hire an outside consultancy to resolve the final outstanding issues.

Conclusion

A Security Vulnerability Assessment demonstrates your management's due diligence to assure site availability, data integrity, and information protection for your organization and your customers. It does not, however, guarantee that your site cannot be successfully attacked or compromised. The report does give you a profile of what your security posture looks like at a given snapshot in time. This profile can be used as a guide for tracing historical unsavory network activity as well as to secure weak links in your network and system infrastructure helping you mitigate the risk of future system and network compromises.

In summary, a Security Vulnerability Assessment helps you manage customer expectations and comply with SEC requirements. It also prevents litigations, protects your revenue stream, protects your customer's revenue stream, prevents denial of service attacks, reduces site outages and performances problems, creates secure information access, mitigates risk during acquisitions or mergers, fulfills customers contractual obligations, protects against stock fluctuations, tests your Intrusion Detection System, reports problems left by legacy network extensions and cavalier engineers, builds customer loyalty, helps your business gain competitive advantage, enables correction action, and qualifies you for Information Protection Insurance.

About the Author

Laura Taylor, former Director of Research for Security at TEC is now the Chief Technology Officer at Relevant Technologies, Inc.

For more information go to www.relevanttechnologies.com.


 

Comments:

Cloud Assets: A Guide for SMBs—Part 3 | I Want My Private Cloud | Perfect Orders: Improving Customer Satisfaction and Financial Results | The Sum of All Malware Fears: Siemens on Stuxnet | Managing the Overflow of E-mails | The Basics of Quote-to-order Systems | Security Risk Assessment and Management in Web Application Security | Are You Adequately Protecting Your IT Infrastructure Components Inside the Firewall? | Maximizing Potential Benefits in Reverse Auctions | Microsoft Dynamics AX 4.0 for Manufacturing Environments | Improving and Expanding: The Road Ahead for a Drop-ship Facilitator | A Drop-ship Enablement Pioneer Leads the Way | The Challenge of Fulfillment | Retailing Trends—Shopping Anyway and Everywhere | Enterprise Resource Planning Giants Eye the Shop Floor |
A Unique Product Lifecycle Management Tool for Private Label Retail | Challenging the Competition: Mega-mergers and Supply Chain Technology | Retailers Join Forces for a "Make or Break" Attempt in Their Competitive Landscape | Consumers Shop Everywhere: Understanding Multichannel Sales | Who Else is Using Your Wireless Network? | Information Security Firewalls Market Report Part Two: Current Market Trends and User Recommendations | Information Security Firewalls Market Report Part One: Market Overview and Technology Background | JDA Portfolio: For the Retail Industry Part Six: ERP Vendors and User Recommendations | JDA Portfolio: For the Retail Industry -- Part Five: Analysis of Market Impact | JDA Portfolio: For the Retail Industry Part Four: More JDA Portfolio 2004.1 and Microsoft Alliance | JDA Portfolio: For the Retail Industry Part Three: JDA Portfolio 2004.1 Continued | JDA Portfolio: For The Retail Industry Part Two: JDA Portfolio 2004.1 Components | JDA Portfolio: For the Retail Industry Part One: Event Summary | SAP Bolsters NetWeaver's MDM Capabilities Part Four: SAP and A2i | Inovis Delves into PIM by Snatching QRS Part Five: Challenges and User Recommendations | Inovis Delves into PIM by Snatching QRS Part One: Event Notes | Mainstream Enterprise Vendors Begin to Grasp Content Management Part Three: Challenges | Differences in Complexity between B2C and B2B E-commerce | Not All Acquisitions Happen: JDA and QRS Part Two: Market Impact | Automated Enterprise: Many High-ROI Opportunities | Secure Transfers of Large Files Over the Internet Using YouSendIt | Fed Warms Up to ERP Spending, but Will Contractors and Their ERP Vendors Comply? Part Two: Challenges and User Recommendations | Feds Warms Up to ERP Spending, but Will Contractors and Their ERP Vendors Comply? Part One: Event Summary and Market Impact | Retail Market Dynamics for Software Vendors Part Two: Progress | Retail Market Dynamics for Software Vendors Part One: Software Requirements for Retail | International Trade Logistics Challenge Automated Global E-Trading | Product Review: GFI's LANguard Network Security Scanner | The Best ACT! Is Still to Come | HIPAA-Watch for Security Speeds Up Compliance Part Two: Phase III and IV, and Product and User Recommendations | HIPAA-Watch for Security Speeds Up Compliance Part One: Vendor and Product Information | Enterprise Applications--The Genesis and Future, Revisited Part Five: More on ERP Evolution | EAM Versus CMMS: What's Right for Your Company? Part One | GXS Acquires HAHT Commerce or More Synchronized Retail B2B Data Part Four: Challenges and User Recommendations. | GXS Acquires HAHT Commerce for More Synchronized Retail B2B Data Part Three: Market Impact | GXS Acquires HAHT Commerce for More Synchronized Retail B2B Data Part Two: HAHT Commerce | GXS Acquires HAHT Commerce for More Synchronized Retail B2B Data Part One: Event Summary | Data Quality: Cost or Profit? | What Does the Future Hold for PRM? | EDI versus. XML--Working in Tandem Rather Than Competing? | Using PKI to Protect Your Business Information | The CyberAngel: Laptop Recovery and File Encryption All-in-One | Emptoris "Procures" Zeborg's Spend Management Expertise Part Three: Challenges and User Recommendations | Evaluating Enterprise Software-Business Process or Feature/Function-Based Approach? All the above, Perhaps? Part Three: Knowledge Bases and User Recommendations | InsideOut Firewall Reporter Unravels the Mysteries of Your Firewall Logs | Can ERP Meet Your eBusiness Needs? Part Three: The Effect of eBusiness on Your Business | Can ERP Meet Your eBusiness Needs? Part Two: ERP is the Foundation | Can ERP Meet Your eBusiness Needs? | The Future of Secure Remote Password (SRP) Part Two: Overcoming Obstacles to Success | The Future of Secure Remote Password (SRP) | The Hidden Role of Data Quality in E-Commerce Success | Advertising Online - A Guide to Successful Market Penetration Part Three: Geo Targeting and Fraud Protection | Advertising Online - A Guide to Successful Market Penetration Part Two: Search Engine Strategies | Integrated Security: A New Network Approach Part Two: The Shift Toward Integration | Advertising Online - A Guide to Successful Market Penetration Part One: Why Internet Advertising | Integrated Security: A New Network Approach | Vendor Analysis: Kaspersky Anti-Virus Products Examined | Who's Who? Sorting Out the e-Logistics Players Part 3: New Solutions | Who's Who? Sorting Out the e-Logistics Players Part 2: Traditional Solutions | Who’s Who? Sorting Out the e-Logistics Players Part 1: The Situation | 6 Immediate Business Improvements Offered by an Online SRM System: Part 3: Other Points to Consider | Legacy Single Sign-On: Novell, Evidian, IBM, PassGo, or Computer Associates? | Fourth Shift's evolution Within SoftBrands' DemandStream | Mid-size Companies Have Full-size IT Issues | OKENA Brews Up a StormSystem that Secures All Applications | The Yin and Yang of Electronic Commerce | Incident Handling and Response Capability: An IT Security Safeguard Part 2: Establishing the Capability | Incident Handling and Response Capability: An IT Security Safeguard Part 1: Are You Ready to Support an Incident Response Capability? | CA Unloads interBiz Collection Into SSA GT's Sanctuary Part 3: Challenges and User Recommendations | CA Unloads interBiz Collection Into SSA GT's Sanctuary Part 2: Market Impact | Stalled Oracle Fumbling For A Jump-Start Kit Part 4: Challenges and User Recommendations | Stalled Oracle Fumbling For A Jump-Start Kit Part 3: Market Impact | They're Us, But We're Not Them! | Stalled Oracle Fumbling For A Jump-Start Kit Part 2: Event Summary Continued | Stalled Oracle Fumbling For A Jump-Start Kit Part 1: Recent Events | Outsourcing Security Part 3: Selecting a Managed Security Services Provider | Outsourcing Security Part 2: Measuring the Cost | Outsourcing Security Part 1: Noting the Benefits | The Benefits of Focusing on a Niche and Serving it Well: EcFood - A Dot-com Making It | Vendor Review: SecureWave Protects Microsoft Operating System Platforms | Thanks to a Smart Little Company called Lexias, CIOs Can Now Empower their Users to Assist in eBusiness Security | Ross Systems – A Bright Spot On A Difficult Enterprise Application Landscape | Feds Buckle Down on Customer Information Security | Gosh, They Kill Partnerships, Don't They? | Identix Leads Biometric Authentication | PeopleSoft Annuncio-es Continuation Of Its Shopping Spree | Bootcamp for the Pros; Why Ernst & Young Will Lead Security Auditing Standards | J.D. Edwards On The Mend; This Time Might Be For Real Part 3: User Recommendations | Vendor Analysis: Interliant's Security Vulnerability Assessment | Oracle Mends Its Ways To Bounce Back | OKENA Pioneers Next-Generation Intrusion Prevention | Enterprise Financial Application Software: How Some of the Big ERP Vendors Stack Up | Social Engineering Can Thwart the Best Laid Security Plans | Application Single-Sign On: Netegrity, Securant, or Evidian? | Lost Your Laptop? The CyberAngel® Brings It Back | InsideOut Makes Firewall Reporting Useful | 'Collaborative Commerce': ERP, CRM, e-Proc, and SCM Unite! A Series Study: Oracle | The SOAP Opera Progresses - Helping XML to Rule the World | Nortel and Clarify: Was There Ever Synergy Enough to Support this Marriage? | i2 Now Serving B2B Suppliers | How Great Is Great Plains' Manufacturing Offering (Did Somebody Say Microsoft)? | SCT Corporation Means (e)Business For Process Manufacturing | Where Is ERP Headed (Or Better, Where Should It Be Headed)? Part 3: E-Business and Mid-Market Shakeout | Where Is ERP Headed (Or Better, Where Should It Be Headed)? Part 2: Product Architecture and Web-Basing | EAI Market Consolidation Continues With Peregrine Acquisition of Extricity | Enterprise Impact Simulation - Making It Happen | IT Services E-Procurement | Enterprise Impact Simulation Alliances - At The Core Of EIS | Enterprise Impact Simulation An IT Revolution In The Making | New Dimensions in EC and SCM Part 5: E-Procurement for Process Improvement | New Dimensions in EC and SCM Part 4: Using E-Procurement to Leverage Volume | Accenture (nee Andersen Consulting) Marries New Business Model to Make its Mark | e-Procurement Is Not Electronic Purchasing | Hummingbird Smells Nectar In The Corporate Portal Market | Andersen Gives Yantra a Vote of Confidence | Talarian and NextSet Team for B2B Solutions | Ten Key Legal Concerns in E-Commerce Ventures and Contracts | MicroStrategy Manages Your Customer Relationships And Its Own | Digital Business Service Providers Series: Market Overview | Rational Emphasizes Web Site Development Content Management | Web Testing Has Changed the Testing Landscape | Manugistics Lays Groundwork For Talus Integration | Peregrine Flies In The Face Of Conventional Wisdom | We Shall Be Giant | Infrastructure Management Wunderkind Divides And Integrates | Plumtree Fuels Growth With New Corporate Portal Product | NetGenesis Predicts The Future From Mouse Trails | Let’s Be Frank: It Was A Very Good Quarter For E-Procurement | Now Andersen, Tomorrow Accenture, They’ve got a lot of Selling to do | GE GXS: Part and Parcel of B2B Exchange | Tempest Creates a Secure Teapot | E*Trade Ignores Private Security Warning, But Public Hullaballoo Gets Response | AC Ventures and SOFTBANK Venture Capital Announce GameChange | Symix Systems Front-Steps Into Greener e-Commerce Pastures | Clarus –Sprinting or Going the Distance? | Is Web Success Necessary for CEO Survival? | Informix Decides to Start Analyzing Websites | DoubleClick Merger Good News For Privacy Advocates? | They Know When You Have Gas | Walker Propelled by Winds of Change | Enterprise Intelligence Tools Tame Business Knowledge Glut | Commerce One: First SAP, then Microsoft. But What About Clarus? | Broadbase Continues to Expand | Razorfish: A Pure Play Offering Digital Strategy | Siebel: Great Plans for Great Plains | Strategy: What Digital Business Service Providers Mean When They Say It | Commerce One Holds Announcement Festival | Ariba Holds Announcement Festival | My Network Engineers are Talking about Implementing Split DNS. What Does that Mean? | Not Your Mother’s Portal | Tired Of Losing Your Oil Derricks? | Customer Relationship Analysis Firm Extends Reach | New Release For Ariba’s Software | Interelate: More on Tap Than Apps | Traffic Audits Make Strange Bedfellows: Part II - The Audit Process | Traffic Audits Make Strange Bedfellows: Part I - The Why’s and What’s of Auditing | Lipstream Speaks to Kana | The Wheres of Electronic Procurement | Human-Machine Interaction Company Ramps Up Firewall Product Line | Simplexis Says 'Watch Our (Chalk) Dust' | Security Information Market Heading for Growth | Implications and Attitudes As the Andersen's Split under the ICC Ruling: Consulting To Go for a Name Change | Alibris Charged with Intercepting Email | Remedy Welcomes You To Your New Office. Now Get To Work! | Is Something Fishy Happening To Your Website? | Cart32 in Need of Duct Tape | Sit Down and Have a Long Talk with Your E-Business Application | Peregrine Polishes the Old In-Out-and-In-between | Lawson Software Marches Over $300M Milestone | Deutsche Telekom to Acquire VoiceStream Wireless | They Can Run, But You Can’t Hide | Siebel Enters Smaller Markets in a Big Way | Study Shows: FBI Alienates Industry Security Experts | Firewall Cowboyz Set the Stage to Free Innocent Convict | Lasership.com Looks To Descartes For Same-Day Delivery Help | Symantec Swallows AXENT; Takes on Network Associates | Back to the Future: Olde JWT Comes Back and Agency.com Feels the Pinch | Novatel Wireless and Diversinet Team Up to Provide Security for Wireless Modems | When You Realized the Need for a Unified View of Your Customers, that is E.piphany | Concur Gives Up The Boast | It’s All About User Experience But, How Can We Measure User Experience? | Windows 2000 Bug Fixes Posted | Baltimore Technologies Doubles Revenues, Offers World-Class PKI Hosting | GE and Commerce One Turn on the Lights - But You Ain’t Seen Nothin’ Yet | 80 Million Ways to be Agile | e-Business Service Provider Evaluation & Selection | Jamcracker Dredges a New Channel | Yet Another Crumby Cookie Story | Earthlink Leads the Way in DSL Security | Logistics.com Solutions Target A Grand Scale | PKI and Biometrics Ready for Take-Off | AT&T Has a Thing for Media | Finding Your Way Around E-commerce | Secure Transport of EDI and XML for Trading Exchanges | The Net Market of the August Moon | Can You Trust Entrust? | Marketing and Intelligence, Together at Last | Standard & Poor's Announces Security Certification | Agilera: Making E-Business Agile | Intel Outside? | Predictive Product Keeps Debtors’ Prison Empty | Check Point Leads Firewall Market | Making Sure Your Service Provider Doesn't Fall Down on the Job | SAP Becoming a (Legal) Polygamist | Dead Heat: Corporate Buyers Gain Analysis Tools in Leading e-Procurement Products | Ross Systems, Inc.: In Process of Renaissance | Portal Plays Soothe Pain of Divorce | Fighting Cybercrime on the Internet | One Step Closer to the Global ASP | NetWare for Small Business – NetWhy? | A Sharp ASP | Let Your Hard Drives Tell You Where they Are! | Ariba Goes Direct To (And From) The Source | E&Y Spins-Off eSecurity Online and Unveils Security Vulnerability Assessment Services | Fill 'er Up, Check the Battery and Sell Me an iMac | Digital Signatures Good from Arctic to Rio Grande | CPortals Technologies Aims for the Middle | ASP Infrastructure: The Party Has Started | With Record Revenues, AXENT Puts Down a Solid Fist | NAI Will Pay Trend $12.5 Million Resulting from Law Suit | Access Commerce Spices Up North American CRM Fray | Sub7 Tells Chat Rooms All Your Stuff; F-Secure Leads the Battle | Scient Finds That Golden Eggs Can Bite | i2 To Power Best Buy | E-Cash Rollout Replaces Amex | More Infrastructure Support for CyberCarriers | Evoke Software Releases Axio Data Integration Product | GSA Schedule Partnership Gets Network-1 in the Door | Peregrine Exits Quiet Period Making Noise | Los Alamos Loses Top-Secret Information, Again! | Standard & Poor's Exposes Customers' Security | The AS/400 Takes You Securely Where You Want to Go | BroadVision and Bank of America Erect Enterprise as Portal Purveyors | Do You Know Where Your Wheelchair Is? | Trend Micro Steps into PDA/Wireless AntiVirus Information Market | Manugistics To Help Amazon.com In Global Expansion | Remedy Plots A Course To Travel And Expense Capabilities | New Plan, 13% Layoffs, Mark Concur’s Third Quarter Disappointment | CryptoSwift Takes Rainbow Revenues Up 620% | Ariba Gains Legs Courtesy of Descartes | Eppraisals.com Gives Lante High Marks | Smart Shoppers Go Abroad for Affordable Information Security Programs | Anti-Virus Advisories: Rating Them | Qwest Cyber.Solutions: “A Number 3 Please, and Make It Grande” | IBM’s Marketplace Solutions: Is Ariba Not Enough? | webMethods Gets Active (Software That Is) | Symix Systems’ Slips Into Red During Its E-Commerce Transition | They Test Web Sites, Don’t They? | Case Study: Service Provider Xcelerate Speeds CommerceScout Along New Trail | The 7 Habits of Highly Effective Security | Advertising Continues to be Growth Business | i2 Technologies Gets Reporting Help From Hyperion | Fischer’s Prio! SecureSync ~ A Solution to Enterprise Directory Chaos | Sagent Technology Teams for Telco e-Business | The Empires Strike Back - Part II: The Likes Of IBM, EDS, And CSC In E-Business | Antidisintermediation | Breakaway, MoveOver Or Stand In Line | E&Y+ASP=BSP: It’s Not Algebra, But It Adds Up To Something Big | Microsoft Windows Services For Unix – SFU = DOA? | Abandon All Insecurity, Ye Who Enter Here | Acta Gets Active | Does Someone You Never Ever Heard Of Hold The Keys To The E-Commerce Kingdom? | Commerce One: Everything but Profits | Do We Already Know Whether You’re Going To Read This Article? | Top 10 Excuses For Not Securing Your Website or Network | 100 Million Reasons To Be An ASP | New Partnerships Add to Remedy’s E-Procurement Strengths | An E-Commerce Company That Can Pay The Bills | It’s About Time “Legal” Got Involved | QAD Explores E-Business While Not Abandoning ERP | Ernst & Young Leads Big 5 in Security | 6 Days After Advisory Posted, AboveNet Gets Hit | iVita Mines Assets for Bottom Line Health | E-Procurement in What Language? | Remedy Corporation: Poised for a Comeback? | (XML + mySAP.com) – Spin = Status Quo | What is IFS Up To in the CRM Arena?! | A Firewall is Cheaper Than a Lawyer | “B” Before “e” When Marketing to “C” | EAI Vendor Extricity Teams with Moai to Automate E-Commerce Systems | USinternetworking and AT&T are Working the System | MCI WorldCom: “It’s not an age, it’s an attitude” | New Product Delivers Spark to Online Marketing | Fixing Security Backdoors:
Red Hat 1, Microsoft 0 | 3 Countries Open the Gate | WAP Forum Specifies RSA’s RC5 Encryption For Wireless | Netpliance Responds Quickly to Hardware Hack | ManagedOps.com – 13 Years and 93,000 Square Feet | SynQuest Teams With InterWorld for Internet Sales and Fulfillment | Getting Strangers to Take Your Candy | Enlightened Self-interest Launches CRM Information Source | For a Million Gallons of Glue Find a Marketplace on Steroids | Big Bird Dines Again | Security Stocks Burn Rubber | Even If We Knew Who You Are, We Probably Wouldn’t Tell | Who’s That Knocking On Your Web? | Will Max Get Mad When He Surfs Your Website? | Teloquent To e.t.: Now You Can Call Or Use The Web | DSL Provider Scoops up Netscreen Firewall Goldmine | A Visionary of Loveliness | Cyclone Untangles Digital Partnerships | ERP Demand Being Re-heated | Pop-up Purchasing Agents | The MicroStrategy/ Intelligroup ASP | Security Begins on Your Desktop | MATRAnet Converts Confusion to Cash | Network Associates Hopes to Rekindle the Flame | ASP: For The Health of It | Hacker Publication Gets Top Defense Attorney | Concur eWorkplace Projects Vision Onto Desktop | IBM is not Enough: i2 Snatches Aspect and SupplyBase | Can Brick & Mortar Leaders Be Brick & Click Leaders? | QAD Ends Its Protracted Dry Season, Not Yet On an Easy Street | Progress Offers a Test Drive | E-procurement: From Brilliant Innovation to Common Cliché | Saudi Arabian Network Security Provokes Local Considerations | Gosh, There’s a Bug in Windows 98 | Meiosis, Mitosis: Cap Gemini's Mating with Ernst & Young | ASP Traffic Analysis! What Next – ASP Odometers? | Simplexis in the Schools??? | Robust Systems are Built from the Bottom Up | PeopleSoft’s ASP Play | IBM is Not Enough; Ariba Announces Strong Partnership with Dell | IBM is Not Enough; Ariba Announces Strong Partnership with Amex | Razorfish Wants to Get its Name Out on Broadband | Commerce One and Adexa Build Castles in the Air | USinternetworking: One Suite ASP | DOJ Keeps Low Profile on Curador; Protect Your IIS Server Today! | Oh, Right. E-commerce is About Buying and Selling, Isn’t It? | i2 Adds More Verticals To Ra-b2b-it Stew | SAS Puts the “E” in “Data” | Agilera.com – A new era for the web? | SCO’s Tarantella Offers Tools for Technology | DoubleClick Takes Bath, Throws in Towel | Security Breach: Now What? | Vendors Begin to Round Out Their CRM Suites | i2 Announces e-Business Strategy | IBM and SynQuest Sign AS/400 Pact | Descartes Evolution Yields Revenue Growth But No Profits | ERP Packages For Midsize Firms in the Works | Manugistics Posts Third Quarter Loss But Sees License Growth | Analysis of Manhattan Associates' New Partnership with CommercialWare | Great Plains on a Shopping Spree | AspenTech Launches e-Business InitiativeFinally | IFS Continues to Blossom | Sybase and MicroStrategy Team on Vertical Market Portal Applications | Web Traffic Numbers Down? Don't Count On It! | Sagent Technology Reports Strong Growth | Acta Technology Helps Add Business Intelligence Capabilities to Major ERP Vendors | Ariba Successes Highlight Standards Wars | Micropayments Rise Again | A Kinder Unisys Makes Web Users Burn | Concur's Customers Can Network Now | Rentable Procurement | AT&T's Ecosystem | Hummingbird Releases Genio 4.0 With Improved Support for Oracle, Business Objects, Cognos, and NCR | systemfabrik Releases an EAI Product? | E-Commerce Lesson: Success Gets a Yawn, Failure Takes a Beating | Ariba Reaches Out To The Little Guy | Commerce One to Procure for the Antipodes and Elsewhere | Telco Charged with Trickery on Technology | Advertising Revenues Grow and Grow but Slower and Slower | New Venture Fund to Propel XML | Is There a Magic Pill for Web Performance Problems? | Procurement and Office Supply Companies Ink Deal | Lotus Positions to Save Big Business | Engage Helps Advertisers Fish for Best Prospects | XML Hits the Spot for Dell | The Rise or Fall of Internet Advertising | Building Niches | E-commerce Grass Getting Greener | Commerce One Meets GM: Web Now Has A Really Big Parts Department | Life-sciences E-commerce Supplier Grows | Home Depot Moves All Of Its Bricks And Mortar On The Web | Connect to Sport Calico Label | No Floundering About These Strategic And Tactical Acquisitions | Dynamic Ariba Trades Up | eCo Specification Bridges E-commerce Language Barrier | Charitable Giving Is How These Firms Make Their Living | AMERICAN EXPRESS Selects TRADEX To Build New Business to Business Commerce Network | Peregrine Hatches an "e-" | The Birds, the B's and the Web | The Hype About PeopleTools 8 | Advertising Makes It Up In Volume | So Does your e-Business Provider have Internationally Recognized Tools in its Digital Business Consulting Toolkit? | Real Media Goes To Market | BUY.COM Called "911" For Help | An ASP With Healthy Vitals | SAP's New Level of e-Commerce: mySAP.com | The First Step in mySAP.com | 3Com Will Route Customers to In-house Web Design Firm | Total Uptime Guarantees? It Must Be A New Millennium! | Adsmart Blazes Vertical B2B Trail | Ariba Goes Vertical: No Pain, Much Gain | Expedia Relaxes Registration Requirement | The Cobalt Group Drives a New Web Deal | Ariba Dances for Joy in Quarter Time | Commerce One Tries Harder | To Tax and Tax Not | USWEB Weaves Great Quarter, turns up the heat in the Market Place | E-Procurement Energizes Energy | Be There or Be Square? David and Goliath Team on bCentral Auction Site | Ariba to Leave Integration to Specialists | Double Trouble for Cap Gemini: Integrator's Problems Suggest A Different Approach to Contracting for Technology Services | Bank is First Mover in Canadian E-Commerce | Commerce One Goes High, Wide and PeopleSoft | Credit Accounting Firm with E-procurement Initiative | Remedy Makes CRM a Personal Matter | With New Clothes and Hairdo, Clarus Asks for Pin Money | Concur Scores A Bingo | How to Make Life Interesting after Growing 30,700% | Lawson Plays Well With Others | Commerce One: Connectivity Improved | GE Comes to Lunch. Want to Guess Who the Appetizer Will Be? | News Analysis: Dot.Coms Getting Bred By Scient: Will Scient Spawn Into a Giant or Will Andersen Have the Edge? | The Potential of Visa's XML Standard | Why Not Take Candy From Strangers? More Privacy Problems May Make Ad Agencies Nutty | Cisco Steps into E-Mail Management | Sendmail, Inc. and Disappearing, Inc. Team Up to Add Enhanced Security | Is Your Financial Transaction Secure? | Compaq, HP, IBM, Intel and Microsoft Create New PC Security Alliance | Expect Boom in Electronic Signatures | Secure Your Search Engine | President Proposes Security of Medical Records | Sendmail Takes Security to the Next Level with Version 3.0 for NT | CheckPoint & Nokia Team Up to Unleash a Rockin' Security Appliance | Trend Micro Anti-Virus Server for Microsoft Exchange ~ A Secure Choice For Enterprise Wide Anti Virus Protection. | Security Snafu at NetBank | Freeware Vendor's Web Tracking Draws Curses | The "S" in SAP Doesn't Stand for Security (that goes for PeopleSoft too) | Content Technologies releases MIMEsweeper PolicyPlus | Hackers Will Be Out in Full Force On New Year's Eve | Analysis of Virgin Net's Hacker Scare | Network Associates RePositions Itself as a Security E-Village | Lexiguard™: The Coming "Adobe Acrobat" of Encryption | CyberPeepers from Korean Sites Peek at U.S. Networks | I Know What You Did Last Week - But I'll Never Tell | Would You Hire a Hacker? What Would Your Mother Say? | @Home Scans Own Customers | CIOs Need to Be Held Accountable for Security | New Market for Security Insurance | At Least Your Boss Can't Read Your Home E-mail, Right? Wrong! | PrettyPark Virus Litters Cyberspace | Packard Bell / NEC Leads Secure Etoken Deployment | Congress Acknowledges Outdated Banking Laws | SSA: Evolving into systems integrator to survive | JBA: Will it remain "@ctive Enterprise"? | Advanced Planning and Scheduling: A Critical Part of Customer Fulfillment | Enterprise Resources Planning (ERP) Market - Dismal 1999, the New Millennium to bring Relief (for Some) | Lawson Software: Self-Evidently Thriving on Innovations | Can High Flying NetGravity Maintain Its Position? | Macromedia Shocks with Flashy E-commerce Plans | "Ads are us", boasts CMGI | Engage AudienceNet Brings Users the Ads They Want To See | Ariba Hopes to Spark Chain Reaction | Altrec Takes E-commerce to Extremes | First Look: Peregrine Offers Cradle to Grave Procurement | Concur Aims To Be Single Point Of (Purchasing) Access | WorldCom SPRINTs, Nokia/Visa Pays Bill, & Service Providers Gear for Wireless Tsunami | Getting Strategic Planning and Financial Planning in the Same Bailiwick | How to Serve an Ad | Counting Website Traffic | Legal Considerations in E-commerce | How Secure is Your E-Mail? | Trend Virus Control System - A Centralized Approach to Protection | VPNs Are Hot, but What Are They? | ATM Machines Hacked in Moscow | How To Mitigate Holiday Cybercrime | Surf's Up at Akamai |


Recent Searches
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Others
A: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
B: 1 2 3 4 5 6 7 8 9 10 11 12 13 14
C: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
D: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
E: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
F: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
G: 1 2 3 4 5
H: 1 2 3 4 5 6 7 8 9 10 11 12 13 14
I: 1 2 3 4 5 6 7 8 9 10 11
J: 1 2 3 4
K: 1 2 3
L: 1 2 3 4 5 6 7 8 9
M: 1 2 3 4 5 6 7 8 9 10 11
N: 1 2 3 4 5
O: 1 2 3 4 5 6 7 8
P: 1 2 3 4 5 6 7 8
Q: 1
R: 1 2 3 4 5 6 7
S: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
T: 1 2 3 4 5
U: 1
V: 1 2
W: 1 2 3 4 5
X: 1
Y: 1
Z: 1
Others: 1

Use this index to search for white papers related to commonly used search terms A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Others 
Home  |   Careers  |   Contact Us  |   Glossary  |   Special Offers  |   Software Features & Functions  |   Software Selection Shortcuts  |   Feedback  |   Terms of Use  |   Privacy Policy

©2012 Technology Evaluation Centers Inc. All rights reserved. Search powered by Google