Security Management Strategies for the CIO-
The steps of privileged account management implementati
Privileged accounts have always been difficult to secure, and they remain the focal point for the insider attack. Luckily, an emerging class of privileged account management products is here to hel...
-
Screencast: Catching network traffic with Wireshark
This month, Peter Giannoulis of the Academy.ca demonstrates the popular, free network protocol analyzer, Wireshark. See how Peter uses Wireshark to hack into a recorded VoIP phone call.
-
Ransomware: How to deal with advanced encryption algori
It's late in the day, and your CEO reports a strange message on his computer screen: his files have been encrypted, and a payment is required to return all of his data. What do you do? Don't give i...
-
Compliance recycling: Combining compliance efforts to m
While the Payment Card Industry Data Security Standard (PCI DSS) looms large over most enterprises' compliance efforts, it doesn't necessarily mean abandoning other compliance efforts. Expert Diana...
-
Easing e-discovery preparation by mapping enterprise da
With a well-planned data retention policy, an organization can often avoid tracking down old data when served with an e-discovery request. In this tip, Stephen Foskett highlights the linchpin of a ...
-
DNS rebinding defenses still necessary, thanks to Web 2
The scripted content and plug-ins of today's Web 2.0 websites have opened enterprise networks to an old threat: DNS rebinding. The attacks can create serious problems for your enterprise network, b...
-
Enterprise role management: Trends and best practices
Enterprise role management technology is intended to help an enterprise keep tabs of who has access to various network resources, and also makes it easier to define groups of users. Joel Dubin expl...
-
Trends in enterprise identity and access management
The market for identity and access management (IAM) products is growing rapidly to meet varied business and compliance demands. What trends -- good and bad -- are on the horizon? IAM expert Joel Du...
-
Hidden endpoints: Mitigating the threat of non-traditio
Organizations have many safeguards in place for network-enabled devices like PCs and servers, but few realize the threat posed by non-traditional devices like printers, physical access devices and ...
-
Web 2.0 and e-discovery: Risks and countermeasures
Enterprise employees often love Web 2.0 services like wikis and social networking services, but the data employees may create with or provide to those services can put an enterprise at risk, especi...
-
Using Nessus Attack Scripting Language (NASL) to find a
For anyone who doesn't speak NASL, network security expert Mike Chapple has a firm handle on the Nessus Attack Scripting Language. In this brand-new addition to our Nessus 3 Tutorial, Chapple prov...
-
Database patch denial: How 'critical' are Oracle's CPUs
A recent survey found that a considerable number of users are outright rejecting Oracle's Critical Patch Updates, perhaps suggesting database administrators feel comfortable with their security def...
-
Screencast: Recovering lost data with WinHex
WinHex is a forensics tool that allows users to examine running programs, wipe confidential files or unused space, and perform drive imaging and drive cloning. In this secreencast Peter Giannoulis ...
-
How to build security into a virtualized server environ
Virtualization is a transformative technology, and while virtual servers promise to increase efficiency in the enterprise, some key security implications are often going ignored. Contributor Thomas...
-
Learn from NIST: Best practices in security program man
Security success means sweating the small stuff, like ensuring proficiency in implementing patches and configuring systems. Security management expert Mike Rothman offers advice on how certain NIST...
-
Countermeasures against targeted attacks in the enterpr
Security organizations often struggle to compensate for unknowing employees who fall victim to social engineering attacks. It's the unenviable job of information security to prevent that from happe...
-
New defenses for automated SQL injection attacks
By automating SQL injection attacks, hackers have found a way to expedite the process of finding and exploiting vulnerable websites. The old defense of testing and patching Web app code may not be ...
-
Nessus: Vulnerability scanning in the enterprise
General advice for vulnerability scanning in the enterprise with the open source vulnerability scanner Nessus.
-
How to run a Nessus system scan
In the second tip in our series on running Nessus in the enterprise, our contributor takes you step-by-step through the process of running a Nessus system scan. View screenshots of the Nessus inter...
-
How to install and configure Nessus
Nessus, an open source vulnerability scanner, can scan a network for potential security risks and provide detailed reporting that enables you to remediate gaps in your corporation's security postur...
-
Three simple rules for talking compliance with execs
Expert Mike Chapple explains how to communicate the status of a corporate compliance program to the board, including both successes and shortcomings.
-
Advanced malware and threat-detection products emerge
Traditional security tools are no longer sufficient for defending against new breeds of attacks, forcing advanced threat-detection products to emerge.
-
How to deploy network security devices the right way
John Burke offers advice on effectively deploying network security devices to protect sensitive data and manage the mobility boom in the enterprise.
-
Breach crisis: How to get better at intrusion detection
To solve the breach-detection issues highlighted in the 2013 Verizon DBIR, several intrusion detection techniques are needed, says expert Nick Lewis.