by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : December 2012
[the index] optional art here, if available Inside 9 ANALYSIS Agencies target of increasing complex data-theft attacks. 10 EXPLAINER Why Metasploit is becoming the go-to platform for penetration testing. 12 ANALYSIS Growth of mobile device use in government outstrips ability to include basic security. 13 ANALYSIS NASA orders new security steps after theft of only password-protected laptop. 14 EXPLAINER How Splunk brings real-time intelligence to big data storage. Commentary 15 CYBEREYE Mobile apps are not being properly vetted for security. 16 INTERNAUT In 2012, agencies must make tough PC choices. 34 EMERGING TECH Fake tech: What can agencies do to protect themselves. Features 18 ANALYSIS How to design a network that fights for itself Despite many hurdles, the field of automated security systems is right for action. 22 CASE STUDY NOAA breaks the ice on climate science How NOAA is using robotics to explore the Arctic Ocean. 28 CASE STUDY Reinventing the call center TVA turns lowly call center into 21st century network operations center. 31 CASE STUDY First steps to the cloud: email applications EPA sets up its 25,000 employees for cloud-based collaboration. Departments 6 ANALYSIS Measurement tools gain prominence as agencies shutter data centers. 5 caveats for taking on email encrytion Work e-mail is the most significant channel for data leakage in an agency, according to a recent survey of govern- ment security and IT managers by MeriTalk and underwritten by Axway. But accepted best practices for secur- ing e-mail can make it more di cult to plug those leaks. The trade-o s of encrypting e-mail are not new. The National Institute of Standards and Technology noted them in its Guidelines on Electronic Mail Security. Caveats for encrypting e-mail cited in the publication include: 1. Scanning for malware and filtering e-mail content at the firewall and mail server is significantly more complicat- ed. If the firewall or mail server does not have a method for decrypting the e-mail, it cannot read and act upon the contents. Not all e-mail scanners can decrypt e-mail, and decryption schemes can be complex and hard to enforce. 2. Encryption and decryption require processor time. Organizations might need to upgrade or replace equipment to support the load of encryption and decryption. 3. Organizationwide use of encryption can require significant administrative overhead for key management. 4. E-mail encryption can complicate the review of e-mail messages for investigative purposes. 5. Mail applications should notify users when receiving a weakly encrypted message or when they are attempting to send a message to a recipient that only supports weak encryption. GCN DECEMBER 2012 • GCN.COM 3 18 DECEMBER 2012