Security Management Strategies for the CIOEmail Alerts
-
IPSec vs. SSL VPNs: Which cures your remote access ills?
Figuring out how to choose a VPN used to be simple. No more. In this issue, we examine the state of the enterprise VPN product market, specifically IPSec vs. SSL, and how one health care organization made its choice. Also this month: the "submarine w... E-Zine
-
Quiz: Why SSL certificate security matters
In this five-question quiz, evaluate your knowledge of our Security School lesson on why SSL certificate security is important. Quiz
-
NAC security guide: How to achieve secure network access in the enterprise
This multi-part network access control (NAC) security guide covers a variety of NAC-related topics, offering tips and expert advice on how to thoroughly secure network access to the enterprise. Learning Guide
-
The Shortcut Guide to Extended Validation SSL Certificates
In an excerpt from Dan Sullivan's book, "A Shortcut Guide to Extended Validation SSL Certificates," the author explains some of the limitations of SSL. Book Chapter
-
Snyder On Security: An insider's guide to the essentials
Joel Snyder, senior partner with consultancy Opus One, provides an in-depth look at information security trends and technologies. Session Downloads
-
VPNs and remote access: Secure deployment, setup and strategies
Virtual private networks can reduce the cost of business communication while extending secure remote access to teleworkers, travelers and mobile professionals. But deploying and managing a secure VPN can be challenging. In this lesson, guest instruct... Identity and Access Manag
-
Quiz: Web application threats and vulnerabilities
This quiz will help you determine how knowledgeable you are about securing your Web apps and whether you need to hone your Web security skills. Security Quiz
-
Quiz: IPsec vs. SSL VPNs
Test your knowledge of IPsec and SSL VPNs with this quiz, and click through to our additional resources to help you determine which technology best suits your organization's needs. Security Quiz
-
Crypto basics: VPNs
In this excerpt of Chapter 3 from "Cryptography for Dummies," author Chey Cobb explains how virtual private networks (VPNs) use encryption to secure data in transit. Book Chapter
-
Remote access as an attack vector
In this excerpt of Chapter 7 from "The Black Book on Corporate Security," authors Howard Schmidt and Tony Alagna analyze how "unmanaged" remote access can serve as an attack vector. Book Chapter
-
'Black Book' offers tidbits, but not worth keeping
Information Security magazine reviews "The Black Book on Corporate Security," published by Larstan Publishing. Books
- See more Essential Knowledge on SSL and TLS VPN Security
-
RSA 2012: SSL certificate authority security takes a beating
Researcher Moxie Marlinspike came down on certificate authority security at RSA Conference 2012, calling for trusted notary servers as an alternative. News | 29 Feb 2012
-
Comodo warns of serious SSL certificate breach
A breach at a registration authority caused Comodo to issue nine fraudulent certificates, enabling an attacker to impersonate some major websites and servers. Article | 23 Mar 2011
-
Federal telework: Mitigating the security risk
Federal IT managers will likely see greater demands to facilitate and improve telework infrastructures at their agencies. News | 11 Aug 2010
-
Black Hat 2010: Complacency over VPN security and management unacceptable
New research from NCP Engineering points out that companies are complacent about VPN security configurations, and poorly managed VPNs are often at the heart of large data breaches. Article | 26 Jul 2010
-
US CERT warns of clientless SSL VPN vulnerability
VPN software from Cisco Systems, Juniper and others make users susceptible to Web-based attacks, according to an advisory from the U.S. Computer Emergency Readiness Team. Article | 01 Dec 2009
-
Expert calls SSL protocol vulnerability a non issue
The researchers who discovered the SSL vulnerability warn that it could have far reaching affects and are working with a consortium of vendors to coordinate an industry-wide fix. Article | 05 Nov 2009
-
SSLstrip hacking tool bypasses SSL to trick users, steal passwords
Moxie Marlinspike explains how his hacking technique fools Web users into thinking they are on an SSL-protected site, leaving them feeling quite safe, but pwned all the same. Article | 18 Feb 2009
-
IBM USB banking device stops keyloggers, malware
A new USB stick, developed by IBM researchers, sets up a secure banking connection bypassing computer software and drivers. News | 29 Oct 2008
-
Google Chrome unlikely to attract security-minded users
Chrome is crammed with security and privacy elements but it won't likely grab market share from IE or Firefox anytime soon. Column | 02 Sep 2008
-
Plug-in opens door for self-signed SSL certs in Firefox 3
Perspectives, a system developed by researchers at Carnegie Mellon University authenticates self-signed certificates and bypasses confusing security pop-ups displayed in Firefox 3. Article | 22 Aug 2008
- See more News on SSL and TLS VPN Security
-
IPSec VPN vs. SSL VPN: Comparing respective VPN security risks
When it comes to VPNs, which of the two most-used options -- IPSec or SSL -- presents the greater security threat? Expert Anand Sastry describes the pros and cons of each, as well as how to test your VPN implementations for security. Tip
-
SSL vulnerabilities: Trusted SSL certificate generation for enterprises
Presentations at both Black Hat and Defcon 2010 demonstrated serious vulnerabilities in the SSL protocol, which, considering how widely used SSL is, could mean security problems for many enterprises. In this tip, Nick Lewis examines the researchers' ... Tip
-
Clientless SSL VPN vulnerability and Web browser protection
In a recent US-CERT advisory, clientless SSL VPN vulnerabilities were listed as posing serious threats to Web browser security. In this tip, learn possible actions to take for Web browser protection. Tip
-
How SSL-encrypted Web connections are intercepted
Enterprises and attackers alike have found ways to sniff private Web traffic, even when it's encrypted. Sherri Davidoff reviews how encrypted Web connections can be sniffed, and ways that users can reduce their risk. Tip
-
Debian: A niche OS with a not-so-niche security flaw
A recently discovered flaw in the Debian version of Linux meant that any OpenSSL keys generated during the past 20 months could be guessed in a matter of hours. But does the vulnerability suggest broader security issues for Linux? Michael Cobb explor... Tip
-
Secure file copying with WinSCP
In his latest Downloads column, Scott Sidel examines WinSCP, an open source SFTP and FTP client for Windows. Sidel explains how the tool's optional interfaces, multiple secure authentication mechanisms and strong security features make it a must-have... Tip
-
Secure remote access: Closing the Windows Mobile Smartphone loophole
After years of waiting, smartphones are finally being used to access corporate networks. But security programs for Windows laptops won't run as-is on Windows Mobile devices, leading users to engage in risky behavior. In this tip, Core Competence's Li... Tip
-
Bringing the network perimeter back from the 'dead'
In the past year, a number of security professionals from consulting firms have expressed the importance of endpoint security, going so far as to say the perimeter is dead. Not so fast, offers network security expert Mike Chapple. In this spirited ti... Tip
-
How Juniper and F5 SSL VPNs can handle endpoint security
It's not easy setting up an endpoint security system, especially when using an existing SSL VPN architecture. In this tip, expert David Strom uses words and pictures to illustrate the steps needed to enable endpoint security using the SSL VPNs from J... Tip
-
VPN or RPC/HTTPS? Both have their place
Some security practitioners may debate which access method is best for ensuring secure, remote access to Exchange, but as Lee Benjamin explains, both VPNs and RPC over HTTPS can be effective strategies, depending on an organization's needs. Tip
- See more Tips on SSL and TLS VPN Security
-
The pros and cons of SSL decryption for enterprise network monitoring
Expert Brad Casey discusses the pros and cons of SSL decryption to determine its viability as an enterprise network monitoring method. Answer
-
Secure remote access best practices: Guidelines for the enterprise
Remote access threats are on the rise. Use expert Randall Gamby's secure remote access best practices to help users make good security decisions. Answer
-
Does BEAST SSL tool represent an SSL threat?
Expert Nick Lewis analyzes the potential SSL threat that the BEAST SSL tool poses and discusses whether enterprises should be concerned. Answer
-
Threat of SSL malware highlights SSL security issues
Expert Nick Lewis highlights SSL security issues and the threat of SSL malware being transmitted via HTTPS. Is this a serious blow to SSL security? Answer
-
Wireless vs. wired security: Wireless network security best practices
Expert Mike Chapple examines wireless vs. wired security and offers his enterprise wireless network security best practices. Answer
-
How secure is a VPN? Exploring the most secure remote access methods
Virtual private networks are a common means of providing remote access, but expert Mike Chapple addresses whether it is the most secure option available. Answer
-
How MAC and HMAC use hash function encryption for authentication
Hash function encryption is the key for MAC and HMAC message authentication. See how this differs from other message authentication tools from expert Michael Cobb. Answer
-
Secure OpenVPN config with PAM
Network security expert Anand Sastry explains the relationship between OpenVPN and TLS, and points out where to learn about using OpenVPN and PAM. Ask the Expert
-
How to set up a split-tunnel VPN in Windows Vista
Setting up a split-tunnel VPN in Vista can help quicken network flow in the enterprise. In this expert response, Mike Chapple explains the steps to create a split-tunnel VPN. Ask the Expert
-
Securing the intranet with remote access VPN security
Connecting remote offices with the main branch can be done many ways, but for those companies looking at tightly securing their intranet, they may need to consider remote access with VPN security. Learn more in this expert response. Ask the Expert
- See more Expert Advice on SSL and TLS VPN Security
-
wildcard certificate
A wildcard certificate is a digital certificate that is applied to a domain and all its subdomains. Definition
-
SSL VPN (Secure Sockets Layer virtual private network)
An SSL VPN (Secure Sockets Layer virtual private network) is a form of VPN that can be used with a standard Web browser... (Continued) Definition
-
Secure Sockets Layer (SSL)
SSL (Secure Sockets Layer) is a commonly-used protocol for managing the security of a message transmission on the Internet; it uses a program layer located between the Internet's HTTP and TCP program layers. Definition
-
Transport Layer Security (TLS)
Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. Definition
-
server accelerator card (SSL card)
A server accelerator card (also known as an SSL card) is a Peripheral Component Interconnect (PCI) card used to generate encryption keys for secure transactions on e-commerce Web sites. Definition
-
Secure Shell (SSH)
Secure Shell (SSH), sometimes known as Secure Socket Shell, is a UNIX-based command interface and protocol for securely getting access to a remote computer. Definition
-
Cryptoseal CEO Ryan Lackey on cloud VPN service
Video: The Cryptoseal CEO explains how his work as a military contractor in Iraq influenced his work at the cloud VPN service vendor. Video
-
The pros and cons of SSL decryption for enterprise network monitoring
Expert Brad Casey discusses the pros and cons of SSL decryption to determine its viability as an enterprise network monitoring method. Answer
-
Cryptoseal CEO Ryan Lackey on cloud VPN service
Video: The Cryptoseal CEO explains how his work as a military contractor in Iraq influenced his work at the cloud VPN service vendor. Video
-
Quiz: Why SSL certificate security matters
In this five-question quiz, evaluate your knowledge of our Security School lesson on why SSL certificate security is important. Quiz
-
Secure remote access best practices: Guidelines for the enterprise
Remote access threats are on the rise. Use expert Randall Gamby's secure remote access best practices to help users make good security decisions. Answer
-
Does BEAST SSL tool represent an SSL threat?
Expert Nick Lewis analyzes the potential SSL threat that the BEAST SSL tool poses and discusses whether enterprises should be concerned. Answer
-
Threat of SSL malware highlights SSL security issues
Expert Nick Lewis highlights SSL security issues and the threat of SSL malware being transmitted via HTTPS. Is this a serious blow to SSL security? Answer
-
NAC security guide: How to achieve secure network access in the enterprise
This multi-part network access control (NAC) security guide covers a variety of NAC-related topics, offering tips and expert advice on how to thoroughly secure network access to the enterprise. Learning Guide
-
RSA 2012: SSL certificate authority security takes a beating
Researcher Moxie Marlinspike came down on certificate authority security at RSA Conference 2012, calling for trusted notary servers as an alternative. News
-
Wireless vs. wired security: Wireless network security best practices
Expert Mike Chapple examines wireless vs. wired security and offers his enterprise wireless network security best practices. Answer
-
How secure is a VPN? Exploring the most secure remote access methods
Virtual private networks are a common means of providing remote access, but expert Mike Chapple addresses whether it is the most secure option available. Answer
- See more All on SSL and TLS VPN Security
About SSL and TLS VPN Security
In this Secure Sockets Layer (SSL) VPN and TLS how-to, get advice on using SSL certificates, configuration, server, authentication, security and how to enable SSL.