Security, Firewalls, Intrusion Prevention, SSL: News, Experts & Tips

  • Security Schools

  • All-in-One Guides

  • Black Hat 2011: Special conference coverage

    Most recent news coverage:

    Sophos software design, implementation critically flawed, says researcher
    LAS VEGAS – Critical components of endpoint security vendor Sophos LLC’s antivirus engine recently underwent an intense review from a security researcher, and the results – revealed today at Black Hat 2011 – were not kind to the product.

    Vulnerability hunter Tavis Ormandy, who by day is an information security engineer at Google Inc., was expected to release his findings in a paper following his presentation at Black Hat, along with a spate of tools used in his dissection of the Sophos engine. Ormandy said his analysis found that Sophos software uses weak or outdated cryptography in the way it builds and matches virus signatures, relies on obfuscation for security too often, and fails to comprehend certain exploitation techniques, among other problems.

    Read the rest of the story here.

  • Readers' Choice Awards 2011

    For the sixth consecutive year, Information Security readers voted to determine the best security products. More than 1,500 voters participated this year, rating products in 14 different categories.

    Methodology
    Respondents were asked to rate only the products in use in their organization, and rate each product based on criteria specific to each category. For each criteria, respondents scored the product on a scale of one (poor) to five (excellent). In addition, each criteria was given a weighted percentage to reflect its importance in that category.

    Winners were based on the cumulative weighted responses for each product category criteria. Editors arrived at a product's overall score by calculating the average score it received for each criteria, applying the weighted percentage and adding the adjusted scores.

  • 2011 Security 7 Award winners

    Information Security magazine announces the winners of the seventh annual Security 7 Awards. The Security 7 Awards recognize the efforts, achievements and contributions of practitioners in the financial services/banking, telecommunications, manufacturing, retail, government/public sector/non-profit, education and health care/pharmaceutical industries. This year’s winners span the range of security professionals, from the founders of a series of unique security events, to an influential legislator fostering improved information sharing between the public and private sectors, to a CISO who has had great success with tabletop exercises.

    Each of the seven winners was asked to write a first-person essay on a subject matter they are passionate about. The winners represent the best the information security profession has to offer, and their perspectives serve as important benchmarks for the industry today.

  • Eye On IT Security

    SearchSecurity.com's Eye On series takes an in-depth look each month at a security topic of key concern to enterprise information security professionals. The series explores an information security topic by bringing together new expert tips, news stories of interest, video interviews and podcasts from SearchSecurity.com and its sister sites. The series aims to dig deeper, identifying trends, emerging technologies and other ways enterprises are bolstering their defenses to address the rapidly changing threat landscape.

  • Wireless Lunchtime Learning Security School

    There are many different types of enterprise wireless local area networks (WLANs). Some grow organically as business demands dictate, others are built from a rigid network design plan, and a few exist despite a strict policy against WLANs. But with any type of network, Wi-Fi poses risks to your network.

    SearchSecurity.com's Wireless Lunchtime Learning Security School allows information security professionals to develop an in-depth understanding of those risks and their countermeasures in a format that's convenient for you.

    Each lesson's featured video runs approximately 25-30 minutes, the perfect length to slip into a lunch break. And each video is supported by a series of short technical tips that help you to apply the principles of the video to your own network infrastructure. All of these resources are available on demand, so you can learn on your own schedule.

    How much do you know about enterprise wireless LAN security? Test your knowledge of how to secure a wireless LAN before jumping into the Wireless Security School Lessons.

  • RSA Conference 2012: Special Conference Coverage

     

    TOP STORIES:
    RSA Conference 2012 keynote prescribes intelligence-driven security

    RSA’s Arthur Coviello urged security pros to break down silos and intelligence-driven security programs, or face a tough year.

    Dan Kaminsky offers unconventional wisdom on security innovation

    Luminary Dan Kaminsky, known for his DNS research, pushed RSA Conference 2012 attendees toward security innovation by upending conventional wisdom.

    Research into cryptographic system limitations crucial, RSA panel says

    Researchers testing some of the most relied upon cryptographic algorithms are making progress in breaking them, according to experts on the 2012 RSA Conference Cryptographer’s Panel.

    Follow our coverage on Twitter: @searchsecurity, @mike_mimoso, @rwestervelt, @marciasavage

  • Introduction to IDS IPS: Network intrusion detection system basics

    An enterprise has a lot to consider when making the decision to incorporate a network intrusion detection system (IDS) into its network architecture, as well as its security strategy.

    This one-page guide, which is a part of the SearchSecurity.com IDS/IPS Security Guide, acts as an introduction to both IDS and network intrusion prevention system (IPS) technology. Here, security professionals will gain some insight on how to determine which IDS/IPS technology is right for their enterprise, and will learn more about the differences between the two technologies.

  • Intrusion detection: How to use IDS IPS tools to secure the enterprise

    Conceptually, intrusion detection and intrusion prevention are essential in order to keep the enterprise secure, and, thankfully, there are several intrusion detection system (IDS) and intrusion prevention system (IPS) commercial and open source tools on the market that can alleviate some of the headaches associated with deploying and managing these technologies.

    In this mini learning guide, which is a part of the SearchSecurity.com IDS/IPS Security Guide, security managers and professionals will learn about the features and capabilities of some of the most popular IDS/IPS tools available today, and well has how to use them.

  • IPS IDS best practices: Implementation and deployment

    Proper implementation of intrusion detection and prevention systems (IDS/IPS) in the enterprise requires some research and skill. Security managers must ensure the type of system they want to deploy has all of the features they need and is compatible with their environment, and be aware of implementation best practices.

    In this mini learning guide, which is a part of the SearchSecurity.com IDS/IPS Security Guide, security pros will learn more about IPS/IDS best practices for deployment and implementation in the enterprise.

  • Wireless intrusion detection systems: WLAN security and protection guide

    Wireless networks are a favorite target of malicious hackers, making wireless intrusion prevention systems (WIPS) an essential element of every enterprise’s network security strategy.

    In this mini learning guide, which is a part of the SearchSecurity.com IDS/IPS Security Guide, security managers and staff will learn more about wireless intrusion detection systems and WLAN security, including how to use a WIPS to monitor wireless traffic to prevent attacks and detect malicious access, as well as best practices on setting up and managing a WIPS.