Security Management Strategies for the CIO-
Security in virtualization: IDS/IPS implementation stra
Considering virtualization? Take into account that your IDS or IPS may not work the same way in a virtualized environment as it does in a physical one. Expert Dave Shackleford explains how to addre...
-
PCI requirement 7: PCI compliance policy for access con
Though PCI DSS is generally prescriptive, when it comes to requirement 7, organizations have more leeway -- and, thus, more potential for error -- than other sections of the standard. Learn how to ...
-
The state of enterprise spam filters: Can more be done
Does your enterprise rely solely on its email filter to protect against spam? Are you aware of how spam filters work? Expert Michael Cobb discusses how today's spam works, and what can help control...
-
Netcat tutorial: How to use the free Netcat command-lin
Helpful for penetration testers and network admins who need to debug infected systems, the netcat command-line tool boasts many free features for enterprise use.
-
Enterprise antivirus protection: Is signature AV worth
There's little doubt that signature-based enterprise antivirus protection is dying, but what technologies should enterprises consider to replace it? Expert Nick Lewis weighs in.
-
Understanding the value of an enterprise application-aw
Today's enterprise application-aware firewall technology offers a host of features to manage application and Web 2.0 traffic. Expert Michael Cobb takes a look at the features and how to make the mo...
-
Creating a culture for compliance, risk management
Creating a culture of compliance takes time, but expert Eric Holmquist offers five time-tested tactics to help break down cultural barriers to improve information security risk and compliance manag...
-
Career strategies: Alternatives to certification
Certification isn't the only -- and may not even be the best -- way to set yourself apart in the eyes of potential employers. Learn networking strategies to get your name in front of the right people.
-
Data sanitization policy: How to ensure thorough data s
Could you be inadvertently leaking sensitive data via poorly sanitized devices? Learn techniques for thorough data scrubbing in this tip.
-
P0f: A free collection of passive OS fingerprinting too
In this screencast, learn how to use p0f, a collection of free passive OS fingerprinting tools.
-
How secure managed file transfers help meet compliance
By using a properly configured Managed File Transfer system as your sole means of transmitting data—potentially both within your organization and externally—you can become compliant wit...
-
Data breach procedures to stop Gawker-type Web password
Following its recent security breach, Gawker.com has promised to boost its security, but, in this tip, threats expert Nick Lewis looks at what the site could've done to pre-empt the breach in the f...
-
How to plan a secure network by practicing defense-in-d
When designing an enterprise network that includes hosted infrastructure components, many different layers must work together to keep it secure. Learn how to build network security in by practicing...
-
Linux security best practices for Linux server systems
Linux servers are used throughout many enterprises, and their security posture shouldn't be overlooked. In this tip, King Ables discusses risk assessment pointers for Linux server systems.
-
Creating a Java security framework that thwarts a Java
The number of attacks on Java is steadily increasing, and many enterprises are unprepared for the threat. Get advice on how to lock down Java from expert Nick Lewis.
-
ngrep: Learn how to find new malware with ngrep example
In this video, Peter Giannoulis of the AcademyPro.com uses several ngrep examples to show how to find new malware that antivirus or IPS might not pick up on with this free tool.
-
3 key steps for next-generation SOC
According to Forrester Research, traditional security operations are no longer practical. Forrester's John Kindervag discusses the new model, SOC 2.0, why it's important, and how to make it happen.
-
Review your career plan for the New Year
The end of the year is the perfect time to review how your career has played out during the past 12 months and refine future goals. In this tip, infosec career experts Lee Kushner and Mike Murray e...
-
A primer for user privilege management in Windows Serve
Privilege management can be a troublesome endeavor, but Windows Server 2008 introduces a multi-level privilege attribute system with better limits for standard users. Expert Randall Gamby explains ...
-
Stuxnet and multiple zero-days: The future of malware?
A recent and disturbing malware trend involves attacks that attempt to compromise multiple zero-day flaws at once. Threats expert Nick Lewis explains what you can do to protect your enterprise.
-
Three simple rules for talking compliance with execs
Expert Mike Chapple explains how to communicate the status of a corporate compliance program to the board, including both successes and shortcomings.
-
Advanced malware and threat-detection products emerge
Traditional security tools are no longer sufficient for defending against new breeds of attacks, forcing advanced threat-detection products to emerge.
-
How to deploy network security devices the right way
John Burke offers advice on effectively deploying network security devices to protect sensitive data and manage the mobility boom in the enterprise.
-
Breach crisis: How to get better at intrusion detection
To solve the breach-detection issues highlighted in the 2013 Verizon DBIR, several intrusion detection techniques are needed, says expert Nick Lewis.