Security Management Strategies for the CIO-
Linux security best practices for Linux server systems
Linux servers are used throughout many enterprises, and their security posture shouldn't be overlooked. In this tip, King Ables discusses risk assessment pointers for Linux server systems.
-
How to plan a secure network by practicing defense-in-d
When designing an enterprise network that includes hosted infrastructure components, many different layers must work together to keep it secure. Learn how to build network security in by practicing...
-
Creating a Java security framework that thwarts a Java
The number of attacks on Java is steadily increasing, and many enterprises are unprepared for the threat. Get advice on how to lock down Java from expert Nick Lewis.
-
ngrep: Learn how to find new malware with ngrep example
In this video, Peter Giannoulis of the AcademyPro.com uses several ngrep examples to show how to find new malware that antivirus or IPS might not pick up on with this free tool.
-
3 key steps for next-generation SOC
According to Forrester Research, traditional security operations are no longer practical. Forrester's John Kindervag discusses the new model, SOC 2.0, why it's important, and how to make it happen.
-
Review your career plan for the New Year
The end of the year is the perfect time to review how your career has played out during the past 12 months and refine future goals. In this tip, infosec career experts Lee Kushner and Mike Murray e...
-
A primer for user privilege management in Windows Serve
Privilege management can be a troublesome endeavor, but Windows Server 2008 introduces a multi-level privilege attribute system with better limits for standard users. Expert Randall Gamby explains ...
-
Stuxnet and multiple zero-days: The future of malware?
A recent and disturbing malware trend involves attacks that attempt to compromise multiple zero-day flaws at once. Threats expert Nick Lewis explains what you can do to protect your enterprise.
-
DATA Act protection: Effects of a federal breach notifi
The federal Data Accountability and Trust (DATA) Act is still awaiting congressional approval, but what sort of effect would such a law have on overall compliance requirements? Expert Richard Macke...
-
PCI encryption requirements: Limiting PCI scope with P2
P2P encryption, or encryption of data in transit, has long been a point of confusion for PCI DSS-bound merchants. In this tip, expert Ed Moyle explains the PCI SSC's recent guidance on P2P encryption.
-
Video: OSSEC screenshots show how to use the free IDS
An intrusion detection system has become necessary for most enterprises, but they can be both expensive and difficult to configure. In part two of this screencast, learn how to use the free IDS OSSEC.
-
IDS vs. IPS: How to know when you need the technology
IDS and IPS are useful security technologies, but how do you know whether your enterprise can benefit from one? In this tip, infosec pro Jennifer Jabbusch offers a few specific use cases to help yo...
-
Honeypots for network security: How to track attackers'
Honeypots have long been used to track attackers' activity and defend against coming threats. In this tip, network security expert Anand Sastry describes the different types of honeypots and which ...
-
User provisioning best practices: Access recertificatio
User access recertification is the process of continually auditing users' permissions to make sure they have access only to what they need. Implementing recertification, however, can be challenging...
-
Android enterprise security: Mobile phone data protecti
Android devices are increasingly popular among enterprise users, but is Android enterprise security where it needs to be to ensure the safety of important enterprise documents? Expert Michael Cobb ...
-
SSL vulnerabilities: Trusted SSL certificate generation
Presentations at both Black Hat and Defcon 2010 demonstrated serious vulnerabilities in the SSL protocol, which, considering how widely used SSL is, could mean security problems for many enterprise...
-
Firewall logging: Telling valid traffic from network 'a
While tracking firewall "deny" actions is a good way to identify threats, logging the "allow" actions can give greater insight into malicious traffic that could be both more subtle and more dangerous.
-
PCI DSS 2.0: PCI assessment changes explained
PCI DSS expert Ed Moyle explains how the changes in PCI DSS 2.0 will affect companies during the PCI assessment process.
-
PCI 2.0: Changes aren't drastic, but don't address card
In this first look at the changes in PCI DSS version 2.0, expert Diana Kelley says most compliance programs won't be drastically affected, but some of the standard's key shortcomings remain.
-
How to install an OSSEC server on Linux and an OSSEC Wi
Learn how to install the free, host-based intrusion detection system OSSEC, with step-by-step instructions on setting up an OSSEC Linux server with an OSSEC Windows agent.
-
A smarter, programmatic approach to SOX compliance
After 11 years of Sarbanes-Oxley and other mandates, enterprises have finally embraced holistic compliance program management as a best practice.
-
Next-gen firewalls improve application awareness
Learn how next-gen firewalls offer improved application awareness and granularity to manage or block particular application features.
-
Choosing the right IT security framework
Expert Joe Granneman introduces several IT security frameworks and standards, and offers advice on choosing the right one for your organization.
-
Anyka - Fotolia
The role of sandboxing in advanced malware detection
Expert Brad Casey details how advanced malware detection products rely heavily on sandboxing technology, though it's not a cure all for enterprises.