Security Management Strategies for the CIO-
Screencast: Recovering lost data with WinHex
WinHex is a forensics tool that allows users to examine running programs, wipe confidential files or unused space, and perform drive imaging and drive cloning. In this secreencast Peter Giannoulis ...
-
Learn from NIST: Best practices in security program man
Security success means sweating the small stuff, like ensuring proficiency in implementing patches and configuring systems. Security management expert Mike Rothman offers advice on how certain NIST...
-
How to build security into a virtualized server environ
Virtualization is a transformative technology, and while virtual servers promise to increase efficiency in the enterprise, some key security implications are often going ignored. Contributor Thomas...
-
Countermeasures against targeted attacks in the enterpr
Security organizations often struggle to compensate for unknowing employees who fall victim to social engineering attacks. It's the unenviable job of information security to prevent that from happe...
-
New defenses for automated SQL injection attacks
By automating SQL injection attacks, hackers have found a way to expedite the process of finding and exploiting vulnerable websites. The old defense of testing and patching Web app code may not be ...
-
How to install and configure Nessus
Nessus, an open source vulnerability scanner, can scan a network for potential security risks and provide detailed reporting that enables you to remediate gaps in your corporation's security postur...
-
How to run a Nessus system scan
In the second tip in our series on running Nessus in the enterprise, our contributor takes you step-by-step through the process of running a Nessus system scan. View screenshots of the Nessus inter...
-
Nessus: Vulnerability scanning in the enterprise
General advice for vulnerability scanning in the enterprise with the open source vulnerability scanner Nessus.
-
Windows registry forensics guide: Investigating hacker
The Windows registry can be used as a helpful tool for professionals looking to investigate employee activity or track the whereabouts of important corporate files. In this tip, contributor Ed Skou...
-
Best practices for application-level firewall selection
Application-level firewalls are an essential aspect of any organization's multi-layered defense strategy, but the implementation process has some security pros scratching their heads. In this tip, ...
-
Screencast: An introduction to the Open Source Security
Watch Peter Giannoulis as he introduces the Open Source Security Testing Methodology Manual (OSSTMM)and demonstrates how it can be used to defend machines from a brute-force dictionary attack.
-
Security breach management: Planning and preparation
All organizations face the risk of an information security breach. While it can be a gut-wrenching ordeal, learning how to manage a breach can make it much easier to contain the damage. In this tip...
-
The 'security standards dilemma': Network segmentation
The Hannford Bros. data security breach led many to believe that even PCI-compliant organizations did not properly segment their networks -- or that PCI does not adequately address the importance o...
-
Understanding multifactor authentication features in IA
Enterprises often make the mistake of assuming that IAM suites come with tightly integrated multifactor authentication features, but in reality making sure they work together well can be a challeng...
-
Ophcrack: Password cracking made easy
Scott Sidel examines the open source security tool Ophcrack, a password cracking tool aimed at ensuring the strength of corporate passwords.
-
More built-in Windows commands for system analysis
Windows command-line tools can be a valuable resource to security professionals charged with the secure configuration of Windows' machines. In this tip, Ed Skoudis defines five more useful Windows ...
-
Webmail security: Best practices for data protection
Webmail has become a popular choice for enterprises looking to provide users with email access outside the office, but deployment of any Web-based email system presents a unique set of security cha...
-
Network IPS: Is now the time?
After a few years of growing pains, today's IPS vendors are touting the maturity of their products. Not so fast, says Mike Chapple. The network security expert explains why the more IPSes "change,"...
-
PCI compliance and Web applications: Code review or fir
The Payment Card Industry Data Security Standard is about to get a new wrinkle involving Web applications. As of June 30, 2008, to achieve PCI compliance, enterprises must either have their custom ...
-
Penetration testing: Helping your compliance efforts
Penetration testing can be helpful as part of a corporate vulnerability assessment, but is it as valuable for enterprise compliance? In this tip, contributor Mike Rothman examines the connection be...
-
A smarter, programmatic approach to SOX compliance
After 11 years of Sarbanes-Oxley and other mandates, enterprises have finally embraced holistic compliance program management as a best practice.
-
Next-gen firewalls improve application awareness
Learn how next-gen firewalls offer improved application awareness and granularity to manage or block particular application features.
-
Choosing the right IT security framework
Expert Joe Granneman introduces several IT security frameworks and standards, and offers advice on choosing the right one for your organization.
-
Anyka - Fotolia
The role of sandboxing in advanced malware detection
Expert Brad Casey details how advanced malware detection products rely heavily on sandboxing technology, though it's not a cure all for enterprises.