Security Management Strategies for the CIO-
Screencast: How to use Wikto for Web server assessment
Peter Giannoulis demonstrates what kinds of website and Web server information can be found using the free Wikto tool.
-
How to avoid DLP implementation pitfalls
Data leak prevention tools effectively reduce the chances that an enterprise's sensitive data will end up where it shouldn't, but several pitfalls can severely curtail a DLP tool's effectiveness. I...
-
Microsoft Baseline Security Analyzer: Do updates offer
The Microsoft Baseline Security Analyzer has always been useful at scanning Windows environments for the presence or absence of security updates. Now, see how the latest version adds support for Wi...
-
Security certifications: Are they worth the trouble?
Security certifications may or may not be helpful in furthering a security career, but many security pros feel they must "comply" with the unspoken expectation that certifications are a must for ca...
-
How to patch Kaminsky's DNS vulnerability
When Dan Kaminsky revealed the details of his recently discovered DNS flaw at this year's Black Hat briefings, it confirmed what many in the security community already feared: that it was one of th...
-
Web advertising exploits: Protecting Web browsers and s
Web browser exploits are nothing new, but few security managers are consciously aware of the threat that Web advertisement exploits represent.
-
How to look past information security vendor rhetoric
Security professionals are bombarded with messages from vendors (and their marketing messages) heralding sure-fire cure-alls for compliance and information security woes. So what's the best way to ...
-
Directory services and beyond: The future of LDAP
From its remarkable debut in 1993 as a directory access system, LDAP has evolved to become one of the premier directory management services, rivaled only by Active Directory. But how implementable ...
-
The steps of privileged account management implementati
Privileged accounts have always been difficult to secure, and they remain the focal point for the insider attack. Luckily, an emerging class of privileged account management products is here to hel...
-
Screencast: Catching network traffic with Wireshark
This month, Peter Giannoulis of the Academy.ca demonstrates the popular, free network protocol analyzer, Wireshark. See how Peter uses Wireshark to hack into a recorded VoIP phone call.
-
Ransomware: How to deal with advanced encryption algori
It's late in the day, and your CEO reports a strange message on his computer screen: his files have been encrypted, and a payment is required to return all of his data. What do you do? Don't give i...
-
Compliance recycling: Combining compliance efforts to m
While the Payment Card Industry Data Security Standard (PCI DSS) looms large over most enterprises' compliance efforts, it doesn't necessarily mean abandoning other compliance efforts. Expert Diana...
-
DNS rebinding defenses still necessary, thanks to Web 2
The scripted content and plug-ins of today's Web 2.0 websites have opened enterprise networks to an old threat: DNS rebinding. The attacks can create serious problems for your enterprise network, b...
-
Easing e-discovery preparation by mapping enterprise da
With a well-planned data retention policy, an organization can often avoid tracking down old data when served with an e-discovery request. In this tip, Stephen Foskett highlights the linchpin of a ...
-
Enterprise role management: Trends and best practices
Enterprise role management technology is intended to help an enterprise keep tabs of who has access to various network resources, and also makes it easier to define groups of users. Joel Dubin expl...
-
Trends in enterprise identity and access management
The market for identity and access management (IAM) products is growing rapidly to meet varied business and compliance demands. What trends -- good and bad -- are on the horizon? IAM expert Joel Du...
-
Hidden endpoints: Mitigating the threat of non-traditio
Organizations have many safeguards in place for network-enabled devices like PCs and servers, but few realize the threat posed by non-traditional devices like printers, physical access devices and ...
-
Web 2.0 and e-discovery: Risks and countermeasures
Enterprise employees often love Web 2.0 services like wikis and social networking services, but the data employees may create with or provide to those services can put an enterprise at risk, especi...
-
Using Nessus Attack Scripting Language (NASL) to find a
For anyone who doesn't speak NASL, network security expert Mike Chapple has a firm handle on the Nessus Attack Scripting Language. In this brand-new addition to our Nessus 3 Tutorial, Chapple prov...
-
Database patch denial: How 'critical' are Oracle's CPUs
A recent survey found that a considerable number of users are outright rejecting Oracle's Critical Patch Updates, perhaps suggesting database administrators feel comfortable with their security def...
-
A smarter, programmatic approach to SOX compliance
After 11 years of Sarbanes-Oxley and other mandates, enterprises have finally embraced holistic compliance program management as a best practice.
-
Next-gen firewalls improve application awareness
Learn how next-gen firewalls offer improved application awareness and granularity to manage or block particular application features.
-
Choosing the right IT security framework
Expert Joe Granneman introduces several IT security frameworks and standards, and offers advice on choosing the right one for your organization.
-
Anyka - Fotolia
The role of sandboxing in advanced malware detection
Expert Brad Casey details how advanced malware detection products rely heavily on sandboxing technology, though it's not a cure all for enterprises.