Tips

  • Vista WIL: How to take control of data integrity level

    In the past, Windows users could tweak NTFS permissions and decide who should have access to important data. With the introduction of the Windows Vista operating system, however, the Windows Integr...

  • Tracing malware's steps with RE:Trace

    As application monitoring and troubleshooting becomes more difficult, security professionals are relying on the use of system tools to ease the process. In this tip, contributor Noah Schiffman give...

  • Screencast: Penetration testing with Metasploit

    Peter Giannoulis of Bones Consulting demonstrates how the tool can be used to test commercial and custom-made applications, servers and operating systems.

  • Microsoft PatchGuard: Locking down the kernel, or locki

    With Microsoft's release of Windows Vista, the software giant locked down the kernel and forced independent security vendors to change the way that they provide antivirus services. So is the OS saf...

  • Worst practices: Learning from bad security tips

    In this tip, information security threats expert Ed Skoudis exposes some bad security practices, highlights the common and dangerous misconceptions held by security personnel, and offers insight on...

  • The ins and outs of database encryption

    While pundits and gurus may say the "easy" data protection option is for an enterprise to encrypt its entire database, the truth is it's much harder than many realize. In this tip, database securit...

  • How to lock down instant messaging in the enterprise

    The popularity of instant messaging programs in the enterprise creates a huge problem for companies concerned about data leakage and Web-based malware. In this tip, application security expert Mich...

  • Worst practices: Bad security incidents to avoid

    Some of information security's worst practices are just best practices ignored. And those guilty of today's big infosec mistakes range from chief security officers to network firewall managers to s...

  • Employee-owned handhelds: Security and network policy c

    Consumer use of iPhones, smartphones and other handhelds has exploded in recent years, and naturally more employees want to use them for business. With today's growing number of personally owned de...

  • Worst practices: Encryption conniptions

    Through the years, SearchSecurity.com's expert contributors have no doubt spent much of their time pointing out a variety of security best practices. But what about the worst practices? In honor...

  • Worst practices: Recognizing the biggest compliance mis

    With all of the compliance requirements and regulations organizations need to abide by these days, corporate compliance blunders are inevitable. In this tip, security management expert Mike Rothman...

  • Worst Practices: Three big identity and access manageme

    Simple IAM mistakes such as writing down passwords and unaudited user accounts can allow malicious access into corporate networks. In this tip, contributor Joel Dubin exposes the most common identi...

  • Failure mode and effects analysis: Process and system r

    Information security pros are always trying to assess which systems and processes pose the greatest risk to an organization. In this tip, Gideon T. Rasmussen explains how the failure mode and effec...

  • Google hacking exposes a world of security flaws

    In this tip, contributor Scott Sidel examines Goolag, a open source security tool that assists security pros in finding flaws in websites through Google hacking.

  • E-discovery management: How IT should interact with the

    Amid the growing important of electronic discovery, it's critical that an organization's IT team strike a good working relationship with its legal team. But this can be un-chartered territory for I...

  • Screencast: Using Nessus to scan for vulnerabilities

    Peter Giannoulis of Bones Consulting demonstrates how Nessus can be used as a vulnerability assessment tool that enterprises can use to help protect critical systems and networks.

  • Phased NAC deployment for compliance and policy enforce

    Thinking about NAC? You're not alone. Many organizations are taking a new look at the latest generation of network access control tools, with the hopes of mapping security policy requirements to te...

  • Web scanning and reporting best practices

    Implementing a solid Web scanning routine is a key way to avoid corporate Web application attacks. And with industry requirements such as PCI DSS, performing vulnerability scans are also required t...

  • Windows BitLocker: Enabling disk encryption for data pr

    With Windows Vista, Microsoft introduced a whole-disk encryption mechanism called BitLocker. The feature has enabled Windows to provide better data protection, but the tool is not without drawbacks...

  • Stopping malware in its tracks

    There's no such thing as a cure-all for stopping malware. Effective malware defense demands a keen attention to detail and careful planning. Expert Lenny Zeltser offers a malware-defense blueprint ...