March 2007

  • What are the security risks of using an alternative browser?

    A product like Internet Explorer may be the market leader, but that doesn't mean a thing when it comes to security. In this expert Q&A, application security expert Michael Cobb examines the vulnera...

  • Combining NetFlow analysis with security information management systems

    NetFlow, Tom Bowers writes, when used in conjunction with SIMs and correlated with data from other devices and layers, can be an indispensable combination.

  • Quiz: Security information management systems

    A five-question multiple-choice quiz to test your understanding of the content presented by expert Tom Bowers in this lesson of SearchSecurity.com's Intrusion Defense School.

  • How to enforce a data destruction policy

    Because of the Sarbanes-Oxley Act, intentional document destruction is now a process that must be carefully monitored. But a "document" takes on many forms, from spreadsheets and emails to instant ...

  • Are USB storage devices a serious enterprise risk?

    USB drives are common gifts at conferences and trade shows, but how much of a danger are they to your enterprise's network security? In this expert Q&A, Michael Cobb explains the risks of these sto...

  • Will using virtualization software put an enterprise at risk?

    A virtualized IT infrastructure can simplify operations and save a company money, but is such an environment secure? In this SearchSecurity.com Q&A, application security expert Michael Cobb explain...

  • Microsoft investigates Windows Vista Mail flaw

    Attackers could exploit a flaw in Windows Vista Mail to compromise PCs by tricking the user into opening a malicious email attachment. Microsoft is investigating.

  • Flaws haunt protocol tied to national infrastructure

    Also: A weakness is found in Windows settings, Microsoft investigates a new Vista flaw, and flaws are addressed in OpenOffice.org and Firefox.

  • Measuring Vista's true security muscle will take time

    Researchers are digging through the Windows Vista code right now, and when they find flaws we'll hear about it. But it's the ones we don't hear about that should keep us up at night.

  • Symantec threat report under the microscope

    This week in Security Blog Log: Infosec professionals dissect Symantec's latest threat report and express a range of views in the blogosphere.

  • Mozilla releases Firefox fix

    One newly-discovered flaw and several glitches introduced in the last update have been fixed with Mozilla's release of Firefox 2.0.0.3 and 1.5.0.11.

  • NAC panel says technology may not add up

    A panel discussing the potential of using network access control (NAC) says the technology may not be worth the price of deploying and maintaining it.

  • IBM uses model to understand data governance

    Steven Adler, program director of Data Governance Solutions for IBM and chairman of the Data Governance Council, has been working to understand the growing need for data security, the issues surrou...

  • TJX faces suit from shareholder

    Updated: The Arkansas Carpenters Pension Fund wants access to documents outlining TJX's IT security measures and its response to the data breach.

  • The cost of data breaches: Looking at the hard numbers

    Trying to determine the cost of a data breach is no easy task. After calculating the expenses of legal fees, call centers, lost employee productivity, regulatory fines, stock plummets and customer ...

  • Anatomy of an attack

    Attackers are more resourceful, determined and prolific than ever before. This lesson will help you know your enemy and understand how to respond to and defend against increasingly complex types of...

  • Advanced malware, rootkit and Trojan defense

    In a matter of months, the threat landscape has changed dramatically. In this lesson, learn how to thwart sophisticated attacks featuring custom rootkits, Trojans and malware designed to exploit un...

  • Intrusion Defense School

    Your organization's ability to fend off spyware, computer viruses and the latest breed of information security threats...

  • Securing Windows Server 2008

    This lesson will provide an overview of the features and enhancements, including read-only domain controllers, Network Access Protection and more.

  • Practical strategies to mitigate insider threats

    In this lesson, learn about monitoring strategies for detection of insider threats and how to breakdown the myths surrounding insider threat detection.