Tips

  • Windows registry forensics guide: Investigating hacker

    The Windows registry can be used as a helpful tool for professionals looking to investigate employee activity or track the whereabouts of important corporate files. In this tip, contributor Ed Skou...

  • Best practices for application-level firewall selection

    Application-level firewalls are an essential aspect of any organization's multi-layered defense strategy, but the implementation process has some security pros scratching their heads. In this tip, ...

  • Security breach management: Planning and preparation

    All organizations face the risk of an information security breach. While it can be a gut-wrenching ordeal, learning how to manage a breach can make it much easier to contain the damage. In this tip...

  • Screencast: An introduction to the Open Source Security

    Watch Peter Giannoulis as he introduces the Open Source Security Testing Methodology Manual (OSSTMM)and demonstrates how it can be used to defend machines from a brute-force dictionary attack.

  • The 'security standards dilemma': Network segmentation

    The Hannford Bros. data security breach led many to believe that even PCI-compliant organizations did not properly segment their networks -- or that PCI does not adequately address the importance o...

  • Understanding multifactor authentication features in IA

    Enterprises often make the mistake of assuming that IAM suites come with tightly integrated multifactor authentication features, but in reality making sure they work together well can be a challeng...

  • Ophcrack: Password cracking made easy

    Scott Sidel examines the open source security tool Ophcrack, a password cracking tool aimed at ensuring the strength of corporate passwords.

  • More built-in Windows commands for system analysis

    Windows command-line tools can be a valuable resource to security professionals charged with the secure configuration of Windows' machines. In this tip, Ed Skoudis defines five more useful Windows ...

  • Webmail security: Best practices for data protection

    Webmail has become a popular choice for enterprises looking to provide users with email access outside the office, but deployment of any Web-based email system presents a unique set of security cha...

  • Network IPS: Is now the time?

    After a few years of growing pains, today's IPS vendors are touting the maturity of their products. Not so fast, says Mike Chapple. The network security expert explains why the more IPSes "change,"...

  • PCI compliance and Web applications: Code review or fir

    The Payment Card Industry Data Security Standard is about to get a new wrinkle involving Web applications. As of June 30, 2008, to achieve PCI compliance, enterprises must either have their custom ...

  • Penetration testing: Helping your compliance efforts

    Penetration testing can be helpful as part of a corporate vulnerability assessment, but is it as valuable for enterprise compliance? In this tip, contributor Mike Rothman examines the connection be...

  • Vista WIL: How to take control of data integrity level

    In the past, Windows users could tweak NTFS permissions and decide who should have access to important data. With the introduction of the Windows Vista operating system, however, the Windows Integr...

  • Tracing malware's steps with RE:Trace

    As application monitoring and troubleshooting becomes more difficult, security professionals are relying on the use of system tools to ease the process. In this tip, contributor Noah Schiffman give...

  • Screencast: Penetration testing with Metasploit

    Peter Giannoulis of Bones Consulting demonstrates how the tool can be used to test commercial and custom-made applications, servers and operating systems.

  • Microsoft PatchGuard: Locking down the kernel, or locki

    With Microsoft's release of Windows Vista, the software giant locked down the kernel and forced independent security vendors to change the way that they provide antivirus services. So is the OS saf...

  • Worst practices: Learning from bad security tips

    In this tip, information security threats expert Ed Skoudis exposes some bad security practices, highlights the common and dangerous misconceptions held by security personnel, and offers insight on...

  • How to lock down instant messaging in the enterprise

    The popularity of instant messaging programs in the enterprise creates a huge problem for companies concerned about data leakage and Web-based malware. In this tip, application security expert Mich...

  • The ins and outs of database encryption

    While pundits and gurus may say the "easy" data protection option is for an enterprise to encrypt its entire database, the truth is it's much harder than many realize. In this tip, database securit...

  • Worst practices: Bad security incidents to avoid

    Some of information security's worst practices are just best practices ignored. And those guilty of today's big infosec mistakes range from chief security officers to network firewall managers to s...