November 2005

  • Educate users about security awareness

    User education is one of the hardest security layers for administrators to implement. This article by contributor Tony Bradley provides the top ten things users should know about information security.

  • Integrated security solutions

    Our security management expert examines how the continual insider threat warrants the need for integrated security solutions and explains how creating a self-defending network helps meet this need.

  • Developing an incident response plan

    In this Ask the Expert Q&A, Shon Harris provides resources you can use to devise an effective incident response plan.

  • SUS, WSUS, SMS and beyond

    This tip outlines the differences between SUS, WSUS and SMS, and offers advice on when to invest in a third-party patching tool.

  • MD5 vs. RC4

    In this Ask the Expert Q&A our application security expert compares the MD5 encryption algorithm against its competitor RC4 and examines the security features of each.

  • Patching gets faster, but threats shifting focus

    New research shows organizations are applying security fixes faster than ever, thanks in large part to patch prioritization. But it may be time to prepare for a new wave of threats.

  • Delivering daily security tips to users

    Educating users on security is a big part of overall security. This little-known Quote of the Day protocol can help dispense advice using a login script without overwhelming the user. Networking ex...

  • SOX Compliance for the Security Practitioner

    This collection of resources offers security managers in-depth information to help keep their organization compliant with the Sarbanes-Oxley (SOX) Act. Learn how security practitioners are handling...

  • Hackers installing keyloggers at a record rate

    iDefense researchers have found that keylogger infections are up 65% over the year before, putting the private data of tens of millions of users at risk.

  • What is required to deploy Web server application in MS Application Center

    In this Ask the Expert Q&A, our application security expert examines whether or not it's possible to exclude X.509 certificates and private keys if you use MS Application Center to deploy a Web ser...

  • IDS: Still head of the class in security education

    Despite its "old school" image, a technologist at the CSI Computer Security Conference says intrusion detection offers quite an education in network security.

  • Websense Enterprise 5.5

    Learn why Information Security magazine believes this product is ideal for organizations who need an robust Internet filtering solution.

  • Sony rootkit uninstaller causes bigger threat

    Princeton researchers say a security hole that appears when users try to remove Sony's copy protection software presents an even greater risk than the original rootkit.

  • The CISO's newest duty: bailiff

    At the CSI 32nd annual Computer Security Conference, CISOs say compliance is becoming more burdensome as they must often ensure executives stay out of trouble.

  • IPsec-related flaw could yield new round of attacks

    Attackers could exploit a vulnerability in a security protocol widely used in VPNs to cause a denial of service or buffer overflows, or to launch malicious code.

  • Security School

    SearchSecurity.com, the Web's top informational resource for today's enterprise IT professional, delivers free online training for the CISSP® certification. Benefit from a series of 10 training...

  • Security Bytes: FTC cracks down on alleged spyware distributors

    Patches fix serious RealPlayer flaws, IM malcode launches phishing attacks; Microsoft warns of Macromedia Flash flaw; Liberty Alliance pushes stronger authentication; FEMA data security is in quest...

  • Loss, theft still No. 1 threat to mobile data

    While hackers, worms and viruses can attack a wireless network, experts say valuable data more often becomes the victim when a device is lost or stolen.

  • Commentary: Why companies still struggle with compliance

    A security analyst with a major rental car company has some theories on why companies aren't meeting government mandates for data security.

  • Data shows spyware becoming 'global pandemic'

    The worldwide spyware threat is only growing, according to a new study, and the most serious hazards -- Trojans and keystroke loggers -- represent a grave threat to unsuspecting corporations.