 |
|
|
|
|
| 1. |
Designing an architecture for FTP file transfer |
|
| URL: |
|
| 2. |
How hackers attack undetected |
| Learn how hackers can attack a network and remain undetected. |
| URL: |
|
| 3. |
Log analyzer software |
| In this Ask the Expert Q&A, Michael Gregg explains where to find software that will help you monitor security logs for applications and systems. |
| URL: |
|
| 4. |
Port searching |
| In this Ask the Expert Q&A our network security expert dicusses whether it is possible to search for a port while it is in use. |
| URL: |
|
| 5. |
Smart shopper's guide to correlation tools |
| Learn how to define your needs, examine your current infrastructure for deficiencies, construct a product wish list and execute a purchasing plan for correlation technologies. |
| URL: http://w.on24.com/r.htm?e=17476&s=1&k=71ECA20BF85404A8A587A1787ED9ABD7 |
|
| 6. |
How to manually open network ports |
| In this network security Ask the Expert Q&A, Michael Gregg discusses how to manually re-open network ports that were closed by system administrators. |
| URL: |
|
| 7. |
Mike Chapple, CISSP |
| Mike Chapple is a frequent contributor for SearchSecurity.com and Information Security magazine and on hand to tackle your toughest network security challenges. |
| URL: |
|
| 8. |
Is it a common practice to deny/filter e-mails that contain files with macros? |
| In this Ask the Expert Q&A, resident network security expert, Mike Chapple, discusses whether it a common practice to deny/filter e-mails that contain files with macros. |
| URL: |
|
| 9. |
Can a non-administrator change the local administrator password on 50 workstations? |
| In this network security Ask the Expert Q&A our resident expert discusses if it's possible to use the login script to change the local admin password. |
| URL: |
|
| 10. |
How can I open a closed port so my application can access the Internet? |
| In this network security Ask the Expert Q&A, Mike Chapple, our resident expert, reveals what should be done if you need to re-open a closed port to allow an application to work. |
| URL: |
|
| 11. |
Is there a best practice for monitoring and detecting foreign wireless devices |
| In this Ask the Expert Q&A, Mike Chapple, SearchSecurity's resident network security expert recommends tools and tactics organizations can use to monitor and detect foreign wireless devices. |
| URL: |
|
| 12. |
Will wireless carriers adopt a device security philosophy? |
| With the proliferation of wireless devices, some security pros wonder if wireless carriers will provide device security solutions. SearchSecurity's network security expert Mike Chapples tackles this question in this Ask the Expert Q&A. |
| URL: |
|
| 13. |
Can Snort read multi-platform syslogs? |
| Most security pros are aware of Snort's network intrusion detection capabilities, but can this freeware tool read and monitor multi-platform syslogs? SearchSecurity's network security expert Mike Chapple tackles this question in this Ask the Expert Q&A. |
| URL: |
|
| 14. |
Evaluating the costs associated with securing, supporting and maintaining a VPN |
| In need of a new VPN? Learn what to consider before you sit down with management or network admins to discuss the associated costs of a VPN. |
| URL: |
|
| 15. |
Can you manage smartphones and Pocket PC phones using Windows Group Policy? |
| Learn how to manage this risk smartphones and other like mobile devices introduce into your network, in this network security Ask the Expert Q&A. |
| URL: |
|
| 16. |
How do proxy servers and proxy firewalls differ? |
| In this network security Ask the Expert Q&A, SearchSecurity's resident expert Mike Chapple examines how proxy servers and proxy firewalls differ and explains how they work together. |
| URL: |
|
| 17. |
Network security best practices |
| Learn why firewalls are necessary for any developed network security strategy in this network security Ask the Expert Q&A. |
| URL: |
|
| 18. |
How to configure and implement a DMZ |
| Learn how to design and configure a DMZ in this network security Ask the Expert Q&A. |
| URL: |
|
| 19. |
How do circuit-level gateways and application-level gateways differ? |
| Learn how circuit-level gateways and application-level gateways differ in this network security Q&A. |
| URL: |
|
| 20. |
How to recognize a Web site that uses Secure Electronic Transaction |
| Learn how Secure Electronic Transaction works in this network security Ask the Expert Q&A. |
| URL: |
|
| 21. |
How can I protect the sensitive information that resides on my laptop? |
| Learn how to safeguard data that resides in your laptop in this Network Security Ask the Expert Q&A. |
| URL: |
|
| 22. |
What does O2Server port '1894' do and how does it affect our network security? |
| In this Network Security Ask the Expert Q&A, resident expert Mike Chapple examines how network ports operate and how to monitor network port traffic to protect against potential malicious behavior. |
| URL: |
|
| 23. |
How to create shared services that two different parties can use |
| To mitigate a problem common to educational facilities, the student hacker, network security expert Mike Chapple suggests isolating student and administrative networks or creating shared services that both parties can use. Learn how to accomplish this task in this Ask the Expert Q&A. |
| URL: |
|
| 24. |
Application proxy firewall features and functionalities |
| Learn how using application proxy firewalls can enhance network security in this Network Security Ask the Expert Q&A. |
| URL: |
|
| 25. |
How do we create a restrictive ruleset to manage our TCP ports? |
| Learn how implementing stateful inspection firewalls can help network administrators keep tabs on TCP connections in this network security Ask the Expert Q&A. |
| URL: |
|
| 26. |
How should I repair a firewall that cannot process HTTPS addresses? |
| SearchSecurity.com's network security expert Michael Chapple explains how to enact HTTPS proxying and plug up the holes in your firewall. |
| URL: |
|
| 27. |
Can open ports increase LAN exposure? |
| Michael Chapple, SearchSecurity.com's network security expert, explains the risks of open ports and how to properly secure these exposed connection sites. |
| URL: |
|
| 28. |
Can laptop users' offline activities be monitored? |
| There is a direct solution for enterprises looking to enforce a "no USB devices" policy. SearchSecurity.com's network security expert Michael Chapple provides the answer and explains how an enterprise can monitor laptop users' offline activities. |
| URL: |
|
| 29. |
How do L2TP and PPTP differ from IPsec? |
| There are different protocol options when setting up a VPN tunnel. SearchSecurity.com expert Mike Chapple reviews the choices and reveals the one that is most secure. |
| URL: |
|
| 30. |
What types of Web services can compromise Web server security? |
| SearchSecurity.com expert Michael Chapple reveals how a service overload can leave your system open to attacks. |
| URL: |
|
| 31. |
What is the cause of a wireless LAN's unsecured connection? |
| In our expert Q & A, network security expert, Mike Chapple, reveals the reason behind your wireless LAN's "unsecured connection." |
| URL: |
|
| 32. |
Are honeypots safe to implement in a router? |
| Honeypots are useful ways to study malicious hackers and their methods. In our expert Q&A, network security expert, Mike Chapple, warns users to leave honeypot implementation to the pros. |
| URL: |
|
| 33. |
Can Group Policy be used to change local user permissions? |
| In this network security Ask the Expert Q&A, Mike Chapple reveals how to deploy a script and use Group Policy to change local user permissions. |
| URL: |
|
| 34. |
How do stateful inspection and packet-filtering firewalls differ? |
| Can you tell a stateful inspection firewall from a packet-filtering firewall? In our expert Q&A, network security expert, Mike Chapple, examines the important differences between the two and reveals when each should be used. |
| URL: |
|
| 35. |
What is the risk estimation model for SSL VPN implementation? |
| Risk assessment is a common way to evaluate new technologies. In our SearchSecurity.com Q&A, network security expert, Mike Chapple, explains how to determine if SSL VPN implementation is right for your organization. |
| URL: |
|
| 36. |
What enterprise tools can scan files for sensitive data? |
| Given the many recent high-profile data breaches, organizations seem keen on securing their sensitive data, including credit card and social security numbers. In this expert Q&A, SearchSecurity.com's Mike Chapple reviews tools that can scan text-based files for this critical information. |
| URL: |
|
| 37. |
Which wireless security assessment tools are commercially available? |
| Most auditors use open source tools to perform wireless assessments. There are other commerical options, though, as network security expert Mike Chapple explains in this SearchSecurity.com Q&A. |
| URL: |
|
| 38. |
Should log traffic be encrypted? |
| Should you be encrypting your security log transmissions? "It depends!" explains Mike Chapple in this SearchSecurity.com expert Q&A. |
| URL: |
|
| 39. |
How should a desktop firewall policy manage open ports? |
| Having a standard desktop firewall policy is an important security measure. In this expert Q&A, network security pro Mike Chapple reviews where to begin when enacting these restrictions. |
| URL: |
|
| 40. |
Which security practices can lower exposure to zero-day attacks? |
| It's never possible to completely prevent zero-day attacks, but in this SearchSecurity.com Q&A, network security expert Mike Chapple reveals which tools can provide significant protection from such threats. |
| URL: |
|
| 41. |
Are all data packets treated equally? |
| In this SearchSecurity.com Q&A, network security expert Mike Chapple reveals how much control you have over your Internet traffic. |
| URL: |
|
| 42. |
How well do content filtering tools limit network traffic? |
| Newer content filtering products are available, but are they worth the investment? In this SearchSecurity.com Q&A, network security expert Mike Chapple explains the technology behind content monitoring/filtering tools and whether you should wait for these products to mature. |
| URL: |
|
| 43. |
Can a TCP connection be made without an open port? |
| A company may claim it has an "application" that allows computers to communicate without opening any ports, but network security expert Mike Chapple reveals whether you should believe the hype or not. Read more in this SearchSecurity.com Q&A. |
| URL: |
|
| 44. |
Do information leak prevention products protect critical data? |
| Can one product really protect your enterprise from an information leak? In this expert Q&A, Mike Chapple examines the content protection market and warns users to keep realistic expectations. |
| URL: |
|
| 45. |
What are the benefits of a tunnelless VPN? |
| In this SearchSecurity.com Q&A, network security expert Mike Chapple reviews two common tunnelless VPNs: Secure Sockets Layer (SSL) and Group Encrypted Transport (GET). |
| URL: |
|
| 46. |
What are the risks of placing enterprise users in a DMZ? |
| A demilitarized zone protects systems from an affected server, but enterprise users themselves should have no place in the DMZ. In this expert Q&A, Mike Chapple explains where they belong. |
| URL: |
|
| 47. |
Can Skype phones threaten an enterprise network? |
| There are certainly some security concerns when it comes to Skype technology, but are the phones a serious threat to your enterprise network? In this expert Q&A, Mike Chapple explains what the risks really are. |
| URL: |
|
| 48. |
What to consider when deploying NAC products |
| There have been some network access control (NAC) success stories, but there has also been a fair share of NAC frustrations and deployment issues. In this expert Q&A, Mike Chapple has questions you should consider before implementing NAC products. |
| URL: |
|
| 49. |
Are rogue DHCP servers a serious network risk? |
| Rogue DHCP servers can cause everything from a network outage to an outright interception of network traffic. In this SearchSecurity.com Q&A, network security expert Mike Chapple explains the seriousness of the threat and reveals which tools can detect rogue servers. |
| URL: |
|
| 50. |
Is a transition from IPv4 to IPv6 worth the effort? |
| Very few organizations are currently runing IPv6. Should you follow their lead? Network security expert Mike Chapple explains whether the transition from IPv4 to IPv6 is worth the effort. |
| URL: |
|
| 51. |
How do a DMZ and VPN work together? |
| In this SearchSecurity.com Q&A, network security expert Mike Chapple explains the three distinct network zones in a typical firewall scenario and reveals how the DMZ and VPN, in particular, co-exist. |
| URL: |
|
| 52. |
How to keep packet sniffers from collecting sensitive data |
| In this SearchSecurity.com Q&A, network security expert Mike Chapple reveals two important actions that can protect users from packet sniffers and other eavesdropping attacks. |
| URL: |
|
| 53. |
What is an Nmap Maimon scan? |
| Systems are often designed to hide out on a network. In this SearchSecurity.com Q&A, network security expert Mike Chapple explains how Nmap Maimon scans can get a response out of them. |
| URL: |
|
| 54. |
Do P2P networks share the same risks as traditional ones? |
| Although P2P networks have their benefits, organizations still need to be careful with the peer-to-peer technology. In this SearchSecurity.com Q&A, network pro Mike Chapple explains how to protect a P2P network's many nodes. |
| URL: |
|
| 55. |
Can smurf attacks cause more than just a denial of service? |
| Smurf attacks are one of the oldest denial-of-service tricks in a hacker's book. In this SearchSecurity.com Q&A, expert Mike Chapple explains whether such an attacks can do more than just slow your network down. |
| URL: |
|
| 56. |
What are the alternatives to RC4 and symmetric cryptography systems? |
| In this SearchSecurity.com Q&A, network security expert Mike Chapple explains how RC4 encryption stacks up against public key cryptography. |
| URL: |
|
| 57. |
Can a Web client not supporting SSL still connect to a secure server? |
| In some cases, servers allow both secured and non-secured communications. Security expert Mike Chapple explains what that means for Web clients that support -- or don't support -- SSL. |
| URL: |
|
| 58. |
Will the PCI DSS require encryption over dedicated lines? |
| Currently, the PCI Data Security Standard mandates the encryption of any wireless transmissions, but should security professionals be ready to encrypt transmissions over dedicated lines? In this expert Q&A, expert Mike Chapple reveals which PCI changes are most likely. |
| URL: |
|
| 59. |
Is SSL no longer useful? |
| Has the time finally come for one of today's most commonly used protocols? In this SearchSecurity.com Q&A, network security expert Mike Chapple explains why SSL isn't going anywhere. |
| URL: |
|
| 60. |
Are penetration tests essential for enterprise network security? |
| Penetration testing can provide valuable information on the state of your security defenses, but it's quite expensive. In this expert Q&A, Mike Chapple explains whether an organization should make the move. |
| URL: |
|
| 61. |
What evaluation criteria should be used when buying a firewall? |
| Choosing a firewall for the enterprise isn't always easy. In this expert Q&A, Mike Chapple provides three important points to consider before deciding on a product. |
| URL: |
|
| 62. |
Do WEP weaknesses call for an upgrade to WPA2 encryption? |
| Should security professionals upgrade their wireless gear to support WPA encryption? 'It's the responsible thing to do,' says network security expert Mike Chapple. |
| URL: |
|
| 63. |
Buy vs. build: Choosing an enterprise intrusion detection system |
| When it comes to intrusion detection systems, should you buy or build? In this SearchSecurity.com Q&A, network security expert Mike Chapple explains when an enterprise should use a commercially supported product. |
| URL: |
|
| 64. |
Will securing a wireless LAN make the data link layer vulnerable? |
| Even when an organization uses a VPN to secure a wireless LAN and users' transmitted data, there are still vulnerabilities. In this expert Q&A, network pro Mike Chapple explains what security issues can arise at the data link layer. |
| URL: |
|
| 65. |
Should a network be regularly checked for rogue access points? |
| Some enterprises may have to scan their network more frequently for rogue access points. In this expert Q&A, Michael Cobb explains what tools are necessary for period AP checks. |
| URL: |
|
| 66. |
Will deploying VoIP on an 802.1x network create security problems? |
| Voice over IP telephony is beginning to replace traditional PBX in the enterprise. In this expert Q&A, Mike Chapple explains how the popular VoIP technology has its own unique security implications. |
| URL: |
|
| 67. |
Should a router be placed between the firewall and DMZ? |
| Modern firewalls have the ability to serve as a router, negating the need of another device on a network. There are exceptions to this router rule, however. Network security expert Mike Chapple explains. |
| URL: |
|
| 68. |
How is internal mail channeled through an enterprise firewall? |
| WIth public mail servers located in a DMZ, what keeps a firewall from stopping an organization's internal mail? Network security expert Mike Chapple explains how an SMTP relay server coordinates email transmissions. |
| URL: |
|
| 69. |
Do split-tunneling features make a VPN vulnerable? |
| When it comes to VPNs, the decision to use split tunneling depends upon your specific business needs. In this expert Q&A, Mike Chapple explains which types of businesses may or may not want to use the feature. |
| URL: |
|
| 70. |
Can Snort be configured with a FreeBSD router? |
| Just because you can use Snort, it doesn't necessarily mean that you always should. In this expert Q&A, Mike Chapple explains which network configuration scenarios call for the intrusion defense tool and which ones don't. |
| URL: |
|
| 71. |
What kinds of network packet data can be extracted from Snort IDS? |
| Snort IDS may be able to track information on received network packets, but network security expert MIke Chapple explains what the intrusion detection system is best used for. |
| URL: |
|
| 72. |
What is the relationship between open port range and overall risk? |
| Exposing a large number of well-known ports could be a substantial risk, depending upon their nature. In this expert Q&A, Mike Chapple explains why it may be best to narrow down a port range. |
| URL: |
|
| 73. |
How expensive are IPsec VPN setup costs? |
| Although IPsec VPN tunnels tend to be fairly low maintenance, their setup and maintenance costs can quickly mount, depending on an enterprise's equipment. In this expert Q&A, Mike Chapple reveals how much enterprises can expect to pay on a new virtual private network. |
| URL: |
|
| 74. |
Will iptables screen UDP traffic? |
| UDP is a connectionless protocol that can't be screened using strict stateful inspection. However, most modern firewalls, including iptables, treat UDP in the same manner as a connection-oriented protocol. Mike Chapple explains the process in this SearchSecurity.com Q&A. |
| URL: |
|
| 75. |
Can reputation services be applied to network security? |
| Reputation scores can be used to block spam, but can these services be applied to the security of the network? In this expert Q&A, Mike Chapple reveals which products are on the horizon. |
| URL: |
|
| 76. |
Is a 'self-defending network' possible? |
| Is there a product available that can be plugged into your network and allow you to rest easy? Mike Chapple explains what vendors may be suggesting when they tout a 'self-defending' network. |
| URL: |
|
| 77. |
Should Apple iPhones automatically connect to Wi-Fi networks? |
| Well-managed enterprises should have functions in place to prevent an unauthorized mobile device, like the iPhone, from connecting to the network. In this expert response, Mike Chapple reveals some simple network security measures that organizations can take. |
| URL: |
|
| 78. |
Server considerations for internal network application setup |
| Looking to offer private applications to users on an internal network? In this expert response, Mike Chapple explains why you shouldn't use the same server that provides public applications. |
| URL: |
|
| 79. |
Why does Skype connect to so many servers? |
| Skype is a peer-to-peer service that uses a distributed network of "supernodes" to facilitate communication throughout the world. But is it safe to have so many "volunteer" connections? Mike Chapple explains. |
| URL: |
|
| 80. |
Is it possible to identify a fake wireless access point? |
| A network's identity is easy to fake. If you're looking for proof of a valid access point, Mike Chapple reveals some secure wireless options. |
| URL: |
|
| 81. |
Will FTP ever be a secure way to transfer files? |
| A SearchSecurity.com member asks our network security expert Mike Chapple: Is the File Transfer Protocol a secure way to transfer files? As one of his many monthly responses to readers, Chapple reveals a better alternative to FTP. |
| URL: |
|
| 82. |
Should an IT staff be concerned with a network's physical security? |
| Fifty feet outside of an office building may be a manhole that contains all the fiber that connects you to the outside world. In this expert Q&A, Mike Chapple has some advice: "Don't obsess about it." |
| URL: |
|
| 83. |
Comparing proxy servers and packet-filtering firewalls |
| In the world of security, judging proxy servers and packet-filtering firewalls together is like comparing apples and oranges. But that won't stop network security expert Mike Chapple from giving such comparisons a try. |
| URL: |
|
| 84. |
What are the benefits of 'in-the-cloud' network security services? |
| Services offered 'in the cloud' range from managed firewalls to intrusion detection/prevention services (IDS/IPS) to antispam/antivirus filtering. In this expert Q&A, Mike Chapple reviews the pros and cons of these outsourced security services. |
| URL: |
|
| 85. |
A security checklist: How to build a solid DMZ |
| As part of his monthly response to readers, Mike Chapple provides a list of security add-ons that no DMZ should be without. |
| URL: |
|
| 86. |
The road from network administrator to information security professional |
| Recently, a young network administrator told Mike Chapple, "I really want to channel my efforts to become an information security professional. What steps do you recommend?" Chapple explains the type of experience needed to make the transition. |
| URL: |
|
| 87. |
What to consider before opening a port |
| Recently, a reader asked network expert Mike Chapple, "What would be the security implications of opening six ports through a firewall?" Chapple reviews what questions need to be addressed before an organization exposes any network ports. |
| URL: |
|
| 88. |
Open source vs. commercial network access control (NAC) products |
| There are now a number of free and open source network access control (NAC) products, but how do they stack up against the commercial options? Network professional Mike Chapple reviews the free alternatives, but also warns readers that a "stepping stone" approach to NAC may be a mistake for an enterprise. |
| URL: |
|
| 89. |
Can a firewall alone effectively block port-scanning activity? |
| In this expert response, Mike Chapple reveals which product is the best line of defense against port scanning threats. |
| URL: |
|
| 90. |
Can Trojans and other malware exploit split-tunnel VPNs? |
| The beauty of split tunneling is that an enterprise doesn't need to provide the general Internet access point for a VPN user. Mike Chapple, however, also explains why split-tunnel VPNs provide a false sense of security. |
| URL: |
|
| 91. |
How helpful is the centralized logging of network flow data? |
| Network security expert Mike Chapple strongly recommends network flow logging as part of a well-rounded security program. There are two common pitfalls, however, that infosec professionals need to look out for. |
| URL: |
|
| 92. |
Should an intrusion detection system (IDS) be written using Java? |
| There's no reason that you couldn't implement intrusion detection functionality in any higher-level programming language, Java included. Network security expert Mike Chapple, however, explains why Java may not be the best choice. |
| URL: |
|
| 93. |
DMVPN configuration: Should a firewall be between router and Internet? |
| Cisco's Dynamic Multipoint VPN (DMVPN) product allows the configuration of site-to-site VPNs across WAN connections. Security expert Mike Chapple explains how a firewall fits into this particular network setup. |
| URL: |
|
| 94. |
Is centralized logging worth all the effort? |
| Network log records play an extremely important role in any well-constructed security program. Expert Mike Chapple explains how to implement a centralized logging infrastructure. |
| URL: |
|
| 95. |
Should an ISP keep corrupted machines off of a network? |
| Internet service providers may not have a legal responsibility to block infected systems, but there are plenty of compelling reasons for them to take some action. Network security expert Mike Chapple explains. |
| URL: |
|
| 96. |
What are the pros and cons of shaping P2P packets? |
| Packet shaping, a technique used to control computer network traffic, really isn't a security issue; it's a policy matter, says network expert Mike Chapple. Learn why, in this SearchSecurity.com Q&A. |
| URL: |
|
| 97. |
How to secure an FTP connection |
| Network security expert Mike Chapple offers three tips that enable an FTP connection without opening up an enterprise to security risks. |
| URL: |
|
| 98. |
Should enterprises implement a mandatory iPhone VPN? |
| In this expert Q&A, Mike Chapple explains why an organization should mandate VPN usage for iPhones -- and any other computing device for that matter. |
| URL: |
|
| 99. |
Should organizations lag behind on IPv6 adoption? |
| In this expert Q&A, network security pro Mike Chapple explains why a delay on IPv6 adoption is nothing to worry about. |
| URL: |
|
| 100. |
Should iPhone email be sent without SSL encryption? |
| SSL encrypts all of the communication between your iPhone and your mail server. Network security expert Mike Chapple explains how important that feature really is. |
| URL: |
|
| 101. |
Will Cisco's plan to open access to the IOS improve network security? |
| If Cisco's initiative pans out, we're likely to see a number of new network management tools that integrate with IOS. Mike Chapple explains why that centralization will be a security improvement. |
| URL: |
|
| 102. |
Will VoIP attacks result in more than just spam? |
| Today's enterprises are seeing VoIP installations of every scale. Mike Chapple explains why that means attacks with results far more serious than unwanted messages. |
| URL: |
|
| 103. |
How to hide system information from network scanning software |
| Network scanning software is capable of obtaining sensitive system information. Mike Chappel explains how implementing various firewalls can stop intrusive software in its tracks. |
| URL: |
|
| 104. |
What are the security risks of opening all the ports on an internal router? |
| Opening all ports between an internal employee network and a lab network is generally low-risk, though there are some things to look out for, says network security expert Mike Chapple in his response. |
| URL: |
|
| 105. |
Best practices for processing financial data through remote servers |
| When connecting to remote servers through the Internet, especially when financial data is at stake, security is paramount. Network security expert Mike Chapple addresses basic precautions to take and makes his recommendation for the most secure implementation. |
| URL: |
|
| 106. |
Best practices for IDS creation and signature database maintenance |
| Mike Chapple offers an alternative to creating an intrusion detection system as well as advice on maintaining a signature database. |
| URL: |
|
| 107. |
Allowing select access to IP addresses using Windows Server 2003 |
| Switching from Zone Alarm 2000 to Windows Server 2003, a SearchSecurity.com reader asks expert Mike Chapple how to limit inbound connections. |
| URL: |
|
| 108. |
If one server in a DMZ network gets attacked from outside, will the other servers be corrupted? |
| An attack to a DMZ server is a big security risk. But does it necessarily mean that other servers are infected? Network security expert Mike Chapple weighs in. |
| URL: |
|
| 109. |
Should a domain controller be placed within the DMZ? |
| When creating an Active Directory network, is it necessary to place domain controllers in the DMZ? Network security expert Mike Chapple explains. |
| URL: |
|
| 110. |
Which is a more secure data access technology: SPAN or TAP? |
| When monitoring traffic on a network, which is the best tool to use? Network security expert Mike Chapple gives advice. |
| URL: |
|
| 111. |
What is the best possible IDS deployment for an Enterprise Resource Planning (ERP) system? |
| Deploying an IDS can be a complex process. But are there specific requirements for an IDS in an ERP system? Network security expert Mike Chapple explains. |
| URL: |
|
| 112. |
What reporting tools are available for an enterprise IDS? |
| Modern security analysts can easily become overwhelmed by the variety and quantity of audit records. In this SearchSecurity.com Q&A, network expert Mike Chapple reveals which open-source reporting tools can make life easier. |
| URL: |
|
| 113. |
Can an IDS, DMZ and honeypot together achieve better network security? |
| An IDS and DMZ can be used together to achieve better network security, but expert Mike Chapple explains which tool is too risky to add to the mix. |
| URL: |
|
| 114. |
What warning signs will indicate the presence of a P2P botnet? |
| Expert Mike Chapple explains two easy ways to detect the presence of a P2P botnet on your system. |
| URL: |
|
| 115. |
Intrusion detection vs. intrusion prevention |
| Both IPS and IDS tools are designed to monitor the network for signs of unusual activity. Network security expert Mike Chapple explain how each technology differs in its approach. |
| URL: |
|
| 116. |
How will many firewalls serving as the default gateway affect the DMZ? |
| If you attempt to have multiple firewalls connected to the same network segment, all serving as the default gateway, routing problems will ensue. Network security expert Mike Chapple explains. |
| URL: |
|
| 117. |
The top LAN security issues in a client-server network environment |
| In this SearchSecurity.com Q&A, network security expert Mike Chapple lays out four of the biggest LAN security threats. |
| URL: |
|
| 118. |
Should tunnels be connected from an ISP to an internal data center? |
| A SearchSecurity.com reader needs to pass programs and data from an internal data center to an ISP data center through a secure tunnel. Mike Chapple tells him how to best initiate connections. |
| URL: |
|
| 119. |
Do good passwords make it safer to do banking on an open connection? |
| Password strength actually has little to do with the security of your computer on a DSL network. Network expert Mike Chapple offers up the simple tips that will lock down your machines. |
| URL: |
|
| 120. |
What firewall features will best protect a LAN from Internet hack attacks and malware? |
| In the case of a small network, the necessary firewall doesn't need to be anything complicated. Network security expert Mike Chapple reviews the key features of the network device. |
| URL: |
|
| 121. |
How to become an information security expert |
| According to network security expert Mike Chapple, information security is one of the hottest career fields and shows great potential for growth. Learn why. |
| URL: |
|
| 122. |
What are 'phlashing' attacks? |
| Phlashing attacks target network devices and other hardware systems that rely upon firmware to contain their operating systems. Network security expert Mike Chapple explains why the threat is more than theoretical. |
| URL: |
|
| 123. |
How to obtain a digital certificate for a server |
| In order to use SSL-protected communications, such as exchanging Web traffic using the HTTPS protocol, an enterprise must first purchase and then install a digital certificate on its server. In this expert Q&A, Mike Chapple explains how to do just that. |
| URL: |
|
| 124. |
What defenses can prevent the hijacking of a city's fiber network? |
| How do you prevent a network administrator from hijacking and preventing access to a city's fiber network? The answer is fairly low-tech, says network security expert Mike Chapple. |
| URL: |
|
| 125. |
Should software be used to monitor networks for blogging activity? |
| Deciding network-monitoring software be used to monitor corporate networks for blogging activity is more of a policy decision than a security one, but network security expert Mike Chapple explains what the issue boils down to. |
| URL: |
|
| 126. |
What OSI Layer 4 protocol does FTP use to guarantee data delivery? |
| What OSI Layer 4 protocol does FTP use to guarantee data delivery? |
| URL: |
|
| 127. |
What firewall controls should be placed on the VPN? |
| The level of control you place on VPN traffic should be at least as strong as the level of control you place on traffic from similar users on your corporate network. Network expert Mike Chapple explains which firewall controls are necessary. |
| URL: |
|
| 128. |
Comparing FTP vs. TFTP |
| There are some differences between FTP and TFTP, but here's the catch: both are inherently insecure protocols. |
| URL: |
|
| 129. |
What is the cause of an 'intrusion attempt' message? |
| Have you ever received a message from your endpoint security product stating that an intrusion attempt has been blocked? Mike Chapple gives three possibilities for the alert's likely cause. |
| URL: |
|
| 130. |
Front-end/back-end firewalls vs. chassis-based firewalls |
| Network security expert Mike Chapple explores the different characteristics of devices using a front-end/back-end topology and chassis-based firewalls. |
| URL: |
|
| 131. |
How to configure a firewall to communicate with an upstream router |
| When incorprating a new firewall product, configuration problems can occur between the network device and the router. Mike Chapple reviews some common implementation problems. |
| URL: |
|
| 132. |
Can an attacker gain mobile device data through a peer-to-peer (P2P) network? |
| While peer-to-peer telephone services, such as Skype, Free World Dialup (FWD) and Ooma, are an interesting technology, expert Mike Chapple does not recommend their use for any private communications. |
| URL: |
|
| 133. |
How can mobile device data be lost on a peer-to-peer (P2P) network? |
| Peer-to-peer telephone services, such as Skype, Free World Dialup (FWD) and Ooma, offer users a way to save significant money on telephone services. But how well do they protect your data? |
| URL: |
|
| 134. |
When should a database application be placed in a DMZ? |
| Mike Chapple explains the best network location for an important database application. Chapple also reveals the appropriate level of access to grant remote users. |
| URL: |
|
| 135. |
What are the security risks of opening port 110 and port 25? |
| If an external manufacturer wants to remotely access its leased copiers, is it risky to open both port 110 or port 25? Mike Chapple reveals a few security repercussions. |
| URL: |
|
| 136. |
Securing services that allow end users to retrieve forgotten passwords |
| If you're running any type of service that allows end users to retrieve forgotten passwords, network security expert Mike Chapple has some tips on how to do so securely. |
| URL: |
|
| 137. |
What are the best network security books? |
| Security expert Mike Chapple reveals his favorite network security books. |
| URL: |
|
| 138. |
Should the government reduce its external Internet connections? |
| To reduce its susceptibility to attack, the federal government announced a plan to gradually reduce its number of Internet connections. Mike Chapple explains why the idea is a feasible one that all enterprises can learn from. |
| URL: |
|
| 139. |
How to estimate log generation rates |
| In this expert response, Mike Chapple explains why estimating log generation rates is so difficult. |
| URL: |
|
| 140. |
What is most misunderstood about EV SSL certificates? |
| Are there any calculators to help estimate log generation based on number of devices and best practices? |
| URL: |
|
| 141. |
What are the best practices for IPS implementation? |
| Implementing an intrusion prevention system can be a tricky proposition. Network expert Mike Chapple explains some common IPS deployment challenges. |
| URL: |
|
| 142. |
How to prevent DDoS attacks on websites |
| Expert Mike Chapple reviews actions that you can take to protect yourself against large-scale DDoS attacks. |
| URL: |
|
| 143. |
How to configure firewall ports for webmail system implementation |
| Network security expert Mike Chapple explains why he always recommends placing any server accessible from the Internet into the DMZ. |
| URL: |
|
| 144. |
How should service providers address VoIP security issues and threats? |
| Many VoIP providers do not offer encryption services due to the difficulty inherent in encrypting voice traffic. Network security expert Mike Chapple explains what you can do to secure voice over IP networks. |
| URL: |
|
| 145. |
Can S/MIME, XML and IPsec operate in one protocol layer? |
| It is possible to build security systems that reside within a single layer of the OSI model, but why limit yourself? |
| URL: |
|
| 146. |
The case against UTM: Is there a better alternative? |
| Unified threat management (UTM) promises tighter security with less required oversight, but are there security risks inherent in deploying UTM appliances? Enterprise network security expert Mike Chapple weighs in. |
| URL: |
|
| 147. |
How do I transition to a career in IT security? |
| Looking to move into a career in IT security? Network security expert Mike Chapple how to take a business or sales background and turn it into just that. |
| URL: |
|
| 148. |
How to check for attack data on network logs without SIMs |
| If you don't have a lot of time, but you also don't have a SIM, how can you regularly check for attack data in network logs? Network security expert Mike Chapple gives best practices. |
| URL: |
|
| 149. |
How to secure SSL following new man-in-the-middle SSL attacks |
| Man-in-the-middle SSL attacks at Black Hat D.C. exposed a flaw in the https structure, so how can you avoid such an attack at your enterprise? Find out in Mike Chapple's expert response. |
| URL: |
|
| 150. |
How to set up a corporate cell phone management strategy |
| Mobile devices are ubiquitous in today's enterprise environments, but how can security pros keep them from becoming malware-laden, data-leaking devices? In this expert response, Mike Chapple gives pointers on a corporate cell phone management strategy. |
| URL: |
|
| 151. |
Should enterprises be running multiple firewalls? |
| While there may be scenarios where a single firewall is an appropriate architecture for an organization, it's equally true that many environments may benefit from the use of more than one network device |
| URL: |
|
| 152. |
What are best practices for fiber optic cable security? |
| Mike Chapple compares the security of fiber optic cables to copper ones. |
| URL: |
|
| 153. |
What is the difference between a VPN and remote control? |
| Mike Chapple reviews VPNs, remote controls, and how the two security technologies can be used in tandem. |
| URL: |
|
| 154. |
What are the disadvantages of proxy-based firewalls? |
| Network security expert Mike Chapple explains why he strongly recommends the use of proxy-based firewalls. |
| URL: |
|
| 155. |
How to create a secure network through a shared Internet connection |
| When setting up a corporate network through a shared Internet connection, security is of paramount importance. Learn best practices for creating this kind of network from expert Mike Chapple. |
| URL: |
|
| 156. |
How to perform a network forensic analysis and investigation |
| Situation: A breach has occurred at your enterprise, and you need to gather relevant data, fast. What tools can you use to get the job done? In this expert response, Mike Chapple gives pointers on which network forensic analysis tools can help. |
| URL: |
|
| 157. |
How to analyze a TCP and UDP network traffic spike |
| What does it mean when TCP and UDP network traffic spikes? Network security expert Mike Chapple explains what this means for enterprise network security management. |
| URL: |
|
| 158. |
Should IDS and SIM/SEM/SIEM be used for network intrusion monitoring? |
| Is it enough just to monitor log data, or does that data need to be fed into a SIM/SEM/SIEM product in order to ease the data analysis process? Network security expert Mike Chapple weighs in. |
| URL: |
|
| 159. |
The difference between AES encryption and DES encryption |
| Choosing whether to encrypt your network data with the AES encryption algorithm or the DES encryption algorithm, is an important security matter. Learn which is the more secure option in this expert response. |
| URL: |
|
| 160. |
How to implement PCI network segmentation |
| When trying to comply with PCI DSS, network segmentation can be a tricky subject. In this expert response, Mike Chapple explains how to separate payment system's credit card processing functionality from the rest of an enterprise network. |
| URL: |
|
| 161. |
IPS and IDS deployment strategies |
| Deploying and IDS and an IPS system may seem like two different tast, but really the two are closely related. Mike Chapple weighs in on the similarities of the deployment strategies. |
| URL: |
|
| 162. |
How to set up a DMZ |
| Looking to set up a DMZ? Look no further. In this expert response, Mike Chapple explains the steps to creating a demilitarized zone. |
| URL: |
|
| 163. |
Comparing an application proxy firewall and a gateway server firewall |
| There are many types of firewalls in use in today's enterprises, so it's easy to get confused about the functions of each. In this expert response, learn the difference between a proxy server firewall and a gateway server firewall. |
| URL: |
|
| 164. |
Creating an SSL connection between servers |
| Learn the most secure way to create and SSL connection between servers with this advice from network security expert Mike Chapple. |
| URL: |
|
| 165. |
The top 5 network security practices |
| Looking to brush up your network security practices? Check out these top five recommendations from expert Mike Chapple. |
| URL: |
|
| 166. |
How to create secure Windows FTP automation |
| Securing Windows FTP automation can be easier than you think, according to network security expert Mike Chapple. Consider using Microsoft's free FTP utility. |
| URL: |
|
| 167. |
How to prevent a denial-of-service (DoS) attack |
| While it may not be possible to fully eradicate the risk of DoS attacks from an enterprise, there are steps that infosec pros can take to prevent them. In this expert response, Mike Chapple gives pointers on how to prevent DoS attacks. |
| URL: |
|
| 168. |
A short enterprise VPN deployment guide |
| When deploying a VPN in your enterprise, first check out this guide for some basic best practices, including how to define authentication requirements for the VPN and create a written user access policy. |
| URL: |
|
| 169. |
How to select a set of network security audit guidelines |
| A network security audit can be a daunting task, but there are resources that can help. Mike Chapple, network security expert, weighs in on why and how to choose a security audit standard. |
| URL: |
|
| 170. |
How to securely connect a LAN POS to a remote point-of-sale device |
| Looking to connect your LAN POS securely to your remote point-of-sale device? Mike Chapple, network security expert, explains how to use encryption and a VPN to lock down this connection. |
| URL: |
|
| 171. |
How to prevent operating system cloning with AES 256-bit encryption |
| Reading a binary image file and cloning a system can lead to serious data loss. Learn how to prevent this from happening with this advice from network security expert Mike Chapple. |
| URL: |
|
| 172. |
How to edit group policy objects to give a user local admin rights |
| Giving a user local admin rights to his or her computer alone can be a tricky prospect. In this expert answer, Mike Chapple explains what Group Policy objects can and can't do to make this happen. |
| URL: |
|
| 173. |
How to manage network bandwidth with distributed ISP bandwidth |
| As enterprises grow, demand for bandwidth can increase exponentially. In this expert answer, Mike Chapple explains different techniques for managing network bandwidth with ISP distribution. |
| URL: |
|
| 174. |
How to implement virtual firewalls in a complex network infrastructure |
| If your enterprise has a complex network infrastructure, it might be necessary to implement virtual firewalls or multiple security contexts. Network security expert Mike Chapple explains the pros and cons of doing so. |
| URL: |
|
| 175. |
How to prevent network sniffing and eavesdropping |
| Scenario: A hacker wants to glean data from two of your servers by installing network monitoring software. How can you prevent him from getting the data he wants? Learn more in this expert response. |
| URL: |
|
| 176. |
Securing the intranet with remote access VPN security |
| Connecting remote offices with the main branch can be done many ways, but for those companies looking at tightly securing their intranet, they may need to consider remote access with VPN security. Learn more in this expert response. |
| URL: |
|
| 177. |
Port scan attack prevention best practices |
| While it's impossible to prevent against all port scanning attacks, there are best practices for port scanning security (such as a port scanning firewall) that can keep your network secure. Expert Mike Chapple weighs in. |
| URL: |
|
| 178. |
What is the difference between static and dynamic network validation? |
| Network data analysis is essential to understanding the security configuration of your network. But what is the difference between static data validation and dynamic data validation? Find out in this expert response. |
| URL: |
|
| 179. |
How to set up a split-tunnel VPN in Windows Vista |
| Setting up a split-tunnel VPN in Vista can help quicken network flow in the enterprise. In this expert response, Mike Chapple explains the steps to create a split-tunnel VPN. |
| URL: |
|
