Security Management Strategies for the CIO-
Scapy tutorial: How to use Scapy to test Snort rules
When creating Snort rules, it's often difficult to test them before they go live. In this Scapy tutorial, Judy Novak explains how to use Scapy, a tool that simplifies packet crafting, to test new S...
-
Clientless SSL VPN vulnerability and Web browser protec
In a recent US-CERT advisory, clientless SSL VPN vulnerabilities were listed as posing serious threats to Web browser security. In this tip, learn possible actions to take for Web browser protection.
-
How to prevent iPhone spying: Mobile phone management t
So you have an iPhone, you don't access the Internet, you use a PIN to authenticate and you never let the device out of your site. Michael Cobb explains why iPhone spying still isn't out of the que...
-
How to use hping to craft packets
A packet crafting tool that's been around for a long time, hping can be used to test if ports are open, as well as for firewall testing. Learn how to use hping in this tutorial.
-
PCI compliance requirements affect IT risk assessments
In their book PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance, authors Dr. Anton Chuvakin and Branden Williams discuss how to best approach PCI compliance...
-
Networking for career success in the information securi
Networking for career success in information security can be a difficult task. In this month's infosec career tip, learn how to build an effective information security career network, and why doing...
-
Securing naming and directory services for application
There are several aspects of naming and directory services when it comes to security. In this tip, part of the SearchSecurity.com Application Security School lesson, learn how to secure LDAP, as we...
-
Five endpoint DLP deployment data security tips
Deploying data loss prevention technology on endpoints requires a careful roll-out. Expert Rich Mogull offers five tips, including the need to start slowly with a set of power users and how to mana...
-
Improving software with the Building Security in Maturi
Learn about the Building Security in Maturity Model (BSIMM), a software security framework that emphasizes attack models, software security testing, code review and compliance policies. Also, does ...
-
Defending against RAM scraper malware in the enterprise
A new type of malware attack, RAM scraper, may pose a serious threat to enterprise security. Learn what a RAM scraper attack is, and how you can defend your organization from this potentially damag...
-
How to properly implement firewall egress filtering
Deploying outbound rules on a firewall is easier said than done. Scott Floyd reviews how to block outbound network traffic while avoiding mistakes that may lead to business process interruptions.
-
Server Message Block Version 2 security in question
Nick Lewis reviews the recent vulnerability discovered in a popular Windows file-sharing and printing protocol. Yes, there's a patch, but should you deploy it, or simply disable SMBv2?
-
What to do with network penetration test results
It takes a lot of time and effort to plan and conduct an enterprise network penetration test, but the work doesn't stop there. Contributor David Meier explains how to conduct an analysis of pen tes...
-
Cloud computing in 2010: Be ready for risk management c
As our tip series continues, Michael Cobb predicts some risk management challenges in 2010 as more companies get caught with their head in the 'cloud.'
-
How to use TrueCrypt for disk encryption
Learn how to use TrueCrypt to create an ecrypted drive on a Windows PC, as well as how to create a hidden drive within a drive as an additional data protection measure.
-
Stay or jump ship? How to be happy with your infosec j
Don't leave your job just yet. Lee Kushner and Mike Murray suggest ways to maximize your role and stay satisfied with your career path.
-
Preparing for future security threats, evolving malware
Security expert Nick Lewis predicts how infosec threats will evolve in 2010. Luckily, enterprise defenses will evolve, too.
-
Security compliance predictions for 2010: New regulatio
What will 2010 hold for security compliance? Security management expert David Mortman discusses HITECH, changes to PCI and cloud computing compliance strategies for the new year.
-
The future of PCI DSS encryption requirements? Tokeniza
Can tokenization help reduce the scope of PCI DSS? How does tokenization interact with PCI DSS encryption requirements? Learn more about this technology and whether it's right for your enterprise.
-
IAM trends: Rebuilding security with provisioning techn
There's no question that the coming year will bring new demands for IAM technologies. In this tip, learn what expert Randall Gamby believes will be the best technologies on which to focus your effo...
-
Three simple rules for talking compliance with execs
Expert Mike Chapple explains how to communicate the status of a corporate compliance program to the board, including both successes and shortcomings.
-
Advanced malware and threat-detection products emerge
Traditional security tools are no longer sufficient for defending against new breeds of attacks, forcing advanced threat-detection products to emerge.
-
How to deploy network security devices the right way
John Burke offers advice on effectively deploying network security devices to protect sensitive data and manage the mobility boom in the enterprise.
-
Breach crisis: How to get better at intrusion detection
To solve the breach-detection issues highlighted in the 2013 Verizon DBIR, several intrusion detection techniques are needed, says expert Nick Lewis.