Security Management Strategies for the CIO
Email Alerts
-
Securing VoIP Networks: Threats, Vulnerabilities and Countermeasures
In an excerpt from the book Securing VoIP Networks: Threats, Vulnerabilities and Countermeasures, authors Peter Thermos and Ari Takanen discuss the strengths and weaknesses of SRTP. Book Chapter
-
Secure user authentication: Regulations, implementation and methods
When deploying any authentication option -- whether to comply with the FFIEC's two-factor authentication mandate or simply strengthen access controls -- businesses need to weigh several factors to decide which option best suits their needs. In this l... Identity and Access Manag
-
XML Web services tutorial: How to improve security in Web services
Securing XML is an essential element in keeping Web services secure. This SearchSecurity.com Learning Guide is a compilation of resources that review different types of XML security standards and approaches for keeping your XML Web services secure. Learning Guide
-
Spy vs. Spy
Excerpt from Chapter 6 of Spies Among Us: How to Stop the Spies, Terrorists, Hackers, and Criminals You Don't Even Know You Encounter Every Day. Book Chapter
-
Best practices in Internet security: The Access Certificates for Electronic Services Program
The Access Certificates for Electronic Services Program (ACES) brings multiple PKI service providers together into an interoperable public key infrastructure (PKI) for use by government entitites and the private sector. Feature
-
SAP Security Learning Guide
This guide pulls SAP security information from both SearchSecurity.com and its sister site, SearchSAP.com, to provide the most comprehensive resource around for all aspects of making your SAP system bulletproof. Learning Guide
-
Crypto basics: VPNs
In this excerpt of Chapter 3 from "Cryptography for Dummies," author Chey Cobb explains how virtual private networks (VPNs) use encryption to secure data in transit. Book Chapter
-
Lesson/Domain 2 -- Security School: Training for CISSP Certification
SearchSecurity.com Security School webcasts are focused on CISSP training. Each lesson corresponds to a specific domain in the CISSP exam's "Common Body of Knowledge." School
-
Lesson/Domain 3 -- Security School: Training for CISSP Certification
SearchSecurity.com Security School webcasts are focused on CISSP training. This lesson corresponds to the cryptography domain in the CISSP exam's "Common Body of Knowledge." School
-
Infosec Know IT All Trivia: Authentication
Test your knowledge of authentication methods with our Infosec Know IT All Trivia. Quiz
-
Will TurkTrust incident raise certificate use to Chrome standard?
Enterprises can disrupt cybercriminals and deter future attacks, explained Dmitri Alperovitch, CTO of CrowdStrike Inc. The approach has its critics. News | 08 Jan 2013
-
RSA 2012: SSL certificate authority security takes a beating
Researcher Moxie Marlinspike came down on certificate authority security at RSA Conference 2012, calling for trusted notary servers as an alternative. News | 29 Feb 2012
-
New malware signed with government digital certificate
New malware that is signed with a valid digital certificate once belonging to the Malaysian government has been discovered by researchers at F-Secure. News | 16 Nov 2011
-
DigiNotar files bankruptcy protection in wake of certificate breach
Certificate authority, DigiNotar filed for bankruptcy protection following a breach of its digital certificate systems and the issuance of fraudulent SSL certificates. News | 21 Sep 2011
-
GlobalSign temporarily halts issuing certificates to investigate breach claim
Hacker, claiming responsibility for the DigiNotar attack, named GlobalSign as one of four CAs that have been successfully breached. News | 07 Sep 2011
-
DigiNotar CA breach widens, Microsoft, Dutch government take action
A report prepared by the IT security firm conducting an audit of the DigiNotar network, found serious lapses in security and more than two dozen compromised CA servers. News | 06 Sep 2011
-
DoD urges less network anonymity, more PKI use
U.S. Department of Defense CISO Robert Lentz went down a laundry list of security technologies needed to protect both private and government networks from cybercriminals. The age of anonymity on networks needs to come to a close to improve national c... Article | 30 Jul 2009
-
Researchers to demonstrate new EV SSL man-in-the-middle hacks
Security researchers Alexander Sotirov and Mike Zusman will demonstrate new offline man-in-the-middle hacks against extended validation SSL certificates at the Black Hat Briefings. Article | 07 Jul 2009
-
Portable security storage device could replace OTP devices
A new USB-like device, hardened with security features, could overtake one-time password devices and give end users flash memory to carry around encrypted data. Article | 16 Mar 2009
-
VeriSign addresses MD5 flaw
VeriSign is moving completely to the new SHA-1 hash function to avoid a vulnerability affecting SSL certificates. Microsoft and Mozilla also weighed in on the problem. Article | 05 Jan 2009
- See more News on PKI and Digital Certificates
-
Adobe attack analysis: Addressing Adobe security certificate issues
After a recent attack on Adobe, what mitigations should be put in place to avoid security issues with Adobe certificates? Expert Nick Lewis advises. Tip
-
Options for mitigating digital security certificate problems
Is your enterprise struggling with digital security certificate problems? Expert Nick Lewis discusses mitigations for digital certificate attacks. Tip
-
PKI and digital certificates: Security, authentication and implementation
Get more information about PKI and digital certificates, such as how to implement PKI, how to ensure security and available implementation. Also learn about digital certificates, signatures and achieving authentication through a certificate authority... Tip
-
Email authentication showdown: IP-based vs. signature-based
Email has long been a favorite method for malicious hackers looking to launch attacks, and one of the first steps in defending against vicious email threats lies in developing a strong email authentication strategy. In this tip, contributor Noah Schi... Tip
-
2006 Products of the Year: Authentication
Information Security and SearchSecurity surveyed readers to identify the best authentication products of 2006. The winners are . . . Tip
-
2006 Products of the Year: Identity and access management
Information Security magazine and SearchSecurity.com asked readers to select the best identity and access management products of 2006. Readers selected from Web SSO, provisioning, directories and password management tools. Find out which products mad... Tip
-
Cheat sheet: Access management solutions and their pros and cons
A cheat sheet of the most common access solutions with a brief description, and their risks and pros and cons to help you choose the solution that is right for your organization. Tip
-
Secure data transmission methods
The main purpose of this tip is to explore secure data transmission options that are available to help meet regulatory and legal requirements. Tip
-
Layered access control: 6 top defenses that work
Security guru Joel Snyder introduces six strategies for building layered security in networks in this presentation from Information Security Decisions. Tip
-
Checklist for meeting the PCI Data Security Standard
Contributor Diana Kelley summarizes the best ways to meet the PCI Data Security Standard. Tip
- See more Tips on PKI and Digital Certificates
-
HTTP vs. HTTPS: Is digital SSL certificate cost hurting Web security?
Learn why a digital SSL certificate could be the reason preventing many users from utilizing HTTPS. Ask the Expert
-
Enrolling in an Active Directory and Windows certificate authority
Learn more about the process of enrolling an enterprise in a certificate authority using Windows Server 2003 and Active Directory, as well as whether or not there is a universally accepted root CA. Ask the Expert
-
Using a digital signature, electronic signature and digital certificate
While they may seem similar, a digital signature, electronic signature and digital certificate all have unique functions. In this IAM expert response from Randall Gamby, learn the differences and how each is used. Ask the Expert
-
The difference between a digital signature and digital certificate
A digital signature and a digital certificate, while both security measures, are different in the ways they are implemented and what they are implemented for. In this expert response, Randall Gamby explains the difference. Ask the Expert
-
Digital signature implementation: How to verify email addresses
When implementing digital signatures in Outlook, learn what pitfalls to avoid and how to verify the email addresses and digital signatures of the senders. Ask the Expert
-
Is it possible to crack the public key encryption algorithm?
Is it possible to create a PKI encryption key that is unbreakable? IAM expert Randall Gamby weighs in. Ask the Expert
-
PKI vulnerabilities: How to update PKI with secure hash functions
Learn how to prevent PKI vulnerabilities recently announced by Dan Kaminsky from being exploited at your enterprise with advice from IAM expert Randall Gamby. Ask the Expert
-
How to encrypt passwords using network security certificates
Learn the most secure way to transfer passwords to applications using network security, identity management, and application security certificates. Ask the Expert
-
What is most misunderstood about EV SSL certificates?
Are there any calculators to help estimate log generation based on number of devices and best practices? Ask the Expert
-
Can any firm or organization get a digital signature certificate?
Learn how a firm can obtain a digital signature certificate. Also, learn about several certificate authorities (CA) that manage them. Ask the Expert
- See more Expert Advice on PKI and Digital Certificates
-
nonrepudiation
Nonrepudiation is the assurance that someone cannot deny something, such as the receipt of a message or the authenticity of a statement or contract... (Continued) Definition
-
authentication server
An authentication server is an application that facilitates authentication of an entity that attempts to access a network...(Continued) Definition
-
man in the middle attack (fire brigade attack)
A bucket brigade attack is one in which the attacker intercepts messages in a public key exchange and then retransmits them, substituting their own public key for the requested one, so that the two original parties still appear to be communicating wi... Definition
-
hijacking
Hijacking is a type of network security attack in which the attacker takes control of a communication - just as an airplane hijacker takes control of a flight - between two entities and masquerades as one of them. Definition
-
private key (secret key)
In cryptography, a private or secret key is an encryption/decryption key known only to the party or parties that exchange secret messages. Definition
-
public key certificate
A public key certificate is a digitally signed document that serves to validate the sender's authorization and name. Definition
-
HDCP (High-bandwidth Digital Content Protection)
HDCP (High-bandwidth Digital Content Protection) is a specified method from Intel for protecting copyrighted digital entertainment content that uses the Digital Video Interface (DVI) by encrypting its transmission between the video source and the dig... Definition
-
certificate authority (CA)
(CA also stands for conditional access, a term used in DTV.) A certificate authority (CA) is an authority in a network that issues and manages security credentials and public keys for message encryption. Definition
-
Certificate Revocation List (CRL)
Certificate Revocation List (CRL) is one of two common methods when using a public key infrastructurefor maintaining access to servers in a network. Definition
-
digital signature (electronic signature)
A digital signature (not to be confused with a digital certificate) is an electronic rather than a written signature that can be used by someone to authenticate the identity of the sender of a message or of the signer of a document. Definition
- See more Definitions on PKI and Digital Certificates
-
Adobe attack analysis: Addressing Adobe security certificate issues
After a recent attack on Adobe, what mitigations should be put in place to avoid security issues with Adobe certificates? Expert Nick Lewis advises. Tip
-
Will TurkTrust incident raise certificate use to Chrome standard?
Enterprises can disrupt cybercriminals and deter future attacks, explained Dmitri Alperovitch, CTO of CrowdStrike Inc. The approach has its critics. News
-
Options for mitigating digital security certificate problems
Is your enterprise struggling with digital security certificate problems? Expert Nick Lewis discusses mitigations for digital certificate attacks. Tip
-
RSA 2012: SSL certificate authority security takes a beating
Researcher Moxie Marlinspike came down on certificate authority security at RSA Conference 2012, calling for trusted notary servers as an alternative. News
-
New malware signed with government digital certificate
New malware that is signed with a valid digital certificate once belonging to the Malaysian government has been discovered by researchers at F-Secure. News
-
DigiNotar files bankruptcy protection in wake of certificate breach
Certificate authority, DigiNotar filed for bankruptcy protection following a breach of its digital certificate systems and the issuance of fraudulent SSL certificates. News
-
GlobalSign temporarily halts issuing certificates to investigate breach claim
Hacker, claiming responsibility for the DigiNotar attack, named GlobalSign as one of four CAs that have been successfully breached. News
-
DigiNotar CA breach widens, Microsoft, Dutch government take action
A report prepared by the IT security firm conducting an audit of the DigiNotar network, found serious lapses in security and more than two dozen compromised CA servers. News
-
HTTP vs. HTTPS: Is digital SSL certificate cost hurting Web security?
Learn why a digital SSL certificate could be the reason preventing many users from utilizing HTTPS. Ask the Expert
-
Enrolling in an Active Directory and Windows certificate authority
Learn more about the process of enrolling an enterprise in a certificate authority using Windows Server 2003 and Active Directory, as well as whether or not there is a universally accepted root CA. Ask the Expert
- See more All on PKI and Digital Certificates
About PKI and Digital Certificates
Using a public key infrastructure (PKI), certificate authority (CA) and digital certificates is a key way to develop a secure network infrastructure for user access, keep data secure and eliminate hacker threats. Get expert advice and tools to implement PKI in your organization.