Ask the Experts

Ask the Experts

• Can Windows EFS hinder malware detection?

  A new malware strain leverages the Encrypting File System to thwart forensic analysis. Learn how to handle attacks that involve Windows EFS.  Continue Reading

• Using DNS monitoring to detect network breaches

  Brad Casey highlights three DNS data-monitoring methods that can help organizations determine if their networks have been breached.  Continue Reading

• Using microVM isolation to improve malware detection and defense

  Use of microVMs for malware detection and isolation is growing, but expert Brad Casey cautions that the tactic isn't a cure-all for fighting malware.  Continue Reading

• Is EAL4 certification necessary for enterprise firewall products?

  EAL4 certification ensures integrity in security products, but is it a must when buying enterprise firewall products? Expert Brad Casey explains.  Continue Reading

• Assessing the threat of proxy auto-config malware

  Expert Nick Lewis explains how attackers are taking advantage of proxy auto-config capabilities in browsers and what mitigations can be put in place.  Continue Reading

• How to manage TeamViewer security risk, mitigate the TeamSpy malware

  In light of the recent TeamSpy malware, Nick Lewis examines whether TeamViewer's security risk has reached an acceptable level for enterprises.  Continue Reading

• Heap spray attacks: Details and mitigations for new techniques

  Expert Nick Lewis details a new heap spray attack technique and provides mitigations for both new and old heap spray attacks.  Continue Reading

• Incident response lessons from Facebook's red team exercises

  Expert Nick Lewis provides advice for enterprises looking to take inspiration for an incident response plan from Facebook's red team exercises.  Continue Reading

• Is FTP malware threatening network port security?

  A diligent enterprise must watch for FTP attacks over non-standard ports, says network security expert Brad Casey.  Continue Reading

• Use John the Ripper to test network devices against brute forcing

  Enterprise IT security organizations should test network devices using John the Ripper to ensure they are not susceptible to brute-force attacks.  Continue Reading

• How to test for and protect against firewall vulnerabilities

  Vulnerabilities in a firewall operating system can render the firewall useless. Learn how to test for and protect against them.  Continue Reading

• The implications of mobile hotspot security vulnerabilities

  Learn how enterprises can ensure mobile hotspot security by guarding against security vulnerabilities in 3G and 4G modems.  Continue Reading

• How do different browsers handle SSL certificate revocation?

  Application security expert Michael Cobb explores how different Web browsers handle SSL certificate revocation.  Continue Reading

• Open source code reuse: What are the security implications?

  Reusing open source code can present a security risk. Application security expert Michael Cobb explains why and how to protect applications.  Continue Reading

• AutoIt script in malware attacks: Defensive best practices

  Industry expert Nick Lewis outlines the growing popularity of AutoIt script code in malware attacks and how to defend against these attacks.  Continue Reading

• Encryption key management: Should keys still be stored in the cloud?

  Expert Joe Granneman explains whether encryption key management in the cloud is still possible after a slew of revelations around the NSA.  Continue Reading

• Evaluating vendor promises: How to create a vendor security checklist

  For enterprises that need to weigh security requirements versus vendors' claims, a vendor security checklist can help. Expert Joe Granneman advises.  Continue Reading

• For a PCI-compliant database, implement database security controls

  Expert Mike Chapple details the necessary database security controls that an organization must implement to achieve a PCI-compliant database.  Continue Reading

• Does running end-of-life software lead to compliance violations?

  There are several risks involved when using end-of-life software, including the possibility of compliance violations. Expert Mike Chapple explains.  Continue Reading

• How to ensure legacy serial port security on enterprise networks

  In the wake of H.D. Moore's discovery of rampant serial port security problems, learn how to secure legacy, Internet-connected serial port servers.  Continue Reading

• The role of the enterprise intrusion prevention system in APT defense

  One research group says an enterprise IPS can't help detect APTs. But network security expert Brad Casey explains why that isn't necessarily true.  Continue Reading

• Will a password-strength meter lead to stronger passwords?

  Security expert Michael Cobb explores the benefits of password-strength meters in the enterprise and how they help users create strong passwords.  Continue Reading

• The value of 2,048-bit encryption: Why encryption key length matters

  Leading browsers are required to use 2,048-bit length keys by the end of the year, but what effect does this have on security?  Continue Reading

• How certificate pinning improves certificate authority security

  Certificate pinning reduces reliance on trusting certificates authorities and improves digital certificate trustworthiness. Michael Cobb explains how.  Continue Reading

• The 2013 OWASP Top 10 list: What's changed and how to respond

  Expert Michael Cobb highlights the changes made in the 2013 OWASP Top 10 list, including new vulnerabilities and what they mean for enterprises.  Continue Reading

• Do two-factor authentication vulnerabilities outweigh the benefits?

  Two-factor authentication vulnerabilities are a real concern, but should they deter enterprises from deploying 2FA? Expert Michael Cobb discusses.  Continue Reading

• Can an unqualified domain name cause man-in-the-middle attacks?

  An unqualified domain name can make reaching internal resources easier, but expert Michael Cobb warns that man-in-the-middle attacks could result.  Continue Reading

• RC4 attack details: Can the RC4 encryption algorithm protect SSL/TLS?

  Expert Michael Cobb provides background on the RC4 encryption algorithm and determines whether a recent RC4 attack signals trouble for SSL/TLS users.  Continue Reading

• Data-classification levels for compliance: Why simple is best

  The best data-classification programs are simple and easy to use. Expert Mike Chapple outlines his four must-have data-classification categories.  Continue Reading

• Understanding the PCI DSS prioritized approach to compliance

  You can take a phased approach to achieving PCI DSS compliance, but expert Mike Chapple says you aren't compliant until you meet all its requirements.  Continue Reading

• How does steganography work and does it threaten enterprise data?

  Expert Joe Granneman explains how steganography works, and the ways it can both protect and threaten enterprise data.  Continue Reading

• Hitting the books: How to study for the CISSP exam

  Expert Joe Granneman offers insights on different ways to prepare for the CISSP exam, and outlines what he thinks is the best way to study.  Continue Reading

• What is the value of the Lockheed Martin cyber kill chain?

  Expert Brad Casey analyzes the value of the Lockheed Martin cyber kill chain strategy, emphasizing data exfiltration over intrusion prevention.  Continue Reading

• OpenFlow security: Does OpenFlow secure software-defined networks?

  Expert Brad Casey answers a question on OpenFlow security implications: Can the OpenFlow protocol foster software-defined networking (SDN) security?  Continue Reading

• Identifying and locking down known Java security vulnerabilities

  Expert Michael Cobb discusses why known Java security vulnerabilities are on so many endpoints and how to contain them -- without updating Java.  Continue Reading

• Why securing internal applications is as important as Web-facing apps

  Securing internal applications requires the same due diligence as their Web-facing counterparts. Expert Michael Cobb explains why.  Continue Reading

• How a DNS reflection attack differs from a standard DoS attack program

  A DNS reflection attack is like a regular denial-of-service attack, but much worse. Nick Lewis explains why.  Continue Reading

• How to detect malware with changing file sizes

  Malware authors change the size of malware files to avoid detection by antivirus software. Learn how to detect this malware from expert Nick Lewis.  Continue Reading

• Foxit Reader vulnerability: Time to find an alternative PDF reader?

  Does the latest Foxit Reader vulnerability mean it's time to find an alternative PDF reader? Expert Nick Lewis offers his advice.  Continue Reading

• The advantages of digital watermarking in enterprise data protection

  Expert Michael Cobb explains the advantages of digital watermarking and analyzes whether improved data security is one of them.  Continue Reading

• VPN use in China: Protecting sensitive business data

  With VPN use in China prohibited, businesses have reason to be concerned about the privacy of their data.  Continue Reading

• Recommended tools for remote access Trojan detection

  Expert Brad Casey suggests tools that can detect remote access Trojans, or RATs, like FAKEM.  Continue Reading

• Application security risks posed by open source Java frameworks

  Expert Michael Cobb says security issues with open source Java applications have more to do with misconfigurations than the frameworks themselves.  Continue Reading

• Is Firefox PDF reader a secure alternative to Adobe Reader?

  Expert Michael Cobb examines Mozilla’s Firefox PDF reader and discusses whether it is more secure than Adobe Reader.  Continue Reading

• What is OCSP? Understanding the Online Certificate Status Protocol

  Expert Michael Cobb explains the CASC's Online Certificate Status Protocol (OCSP) and OCSP stapling.  Continue Reading

• BB10 security: The risks of running Android apps on BlackBerry 10

  Expert Michael Cobb explains the implications of running Android apps on BB10 and the system's new security features, including Balance.  Continue Reading

• Google Chrome clickjacking vulnerability: Time to switch browsers?

  Expert Nick Lewis explains the Google Chrome clickjacking vulnerability, including why avoiding the issue isn't as simple as switching browsers.  Continue Reading

• Open source security tools: Getting more out of an IT security budget

  Open source security tools can help stretch your IT security budget further -- that is, if you use them strategically. Joseph Granneman explains how.  Continue Reading

• Goals for how to become a CISO if you're a security technologist

  Security technologists aspiring to become CISOs must develop a variety of business skills, as Joe Granneman explains in this Ask the Expert Q&A.  Continue Reading

• Using EMET to harden Windows XP and other legacy applications

  Expert Michael Cobb details how using EMET, a free tool from Microsoft, can harden Windows XP and other legacy applications.  Continue Reading

• Web application security testing: Is a pen test or code review better?

  For Web application security testing, if cash is tight, should a penetration test top an application code review? Michael Cobb explains his choice.  Continue Reading

• How will the cloud affect future network security skills requirements?

  Will the ongoing adoption of cloud technology affect the skills that network security engineers need in the future? Matt Pascucci discusses.  Continue Reading

• Fiber optic networking: Assessing security risks

  Matthew Pascucci discusses the potential security risks associated with fiber optic networking.  Continue Reading

• The fundamentals of designing a secure network

  When designing a secure network segmentation, monitoring, logging and encryption should be a priority. Matt Pascucci explains in this expert Q&A.  Continue Reading

• PCI DSS compliance: What to do when agents email credit card numbers

  Emailing unencrypted credit card numbers is a violation of PCI DSS. Learn how to stop customer service agents from practicing this dangerous act.  Continue Reading

• Prevent DDoS DNS amplification attacks by securing DNS resolvers

  Expert Nick Lewis details how misconfigured DNS resolvers can be used for DDoS DNS attacks and how organizations can secure them.  Continue Reading

• Does ISO 27001 certification mean HIPAA and HITECH compliance?

  Mike Chapple clarifies the difference between ISO 27001 certification and HIPAA and HITECH compliance.  Continue Reading

• The Narilam malware: How to protect SQL databases, corporate records

  Expert Nick Lewis explains how the Narilam malware infects SQL databases and destroys corporate records, and offers advice on mitigation.  Continue Reading

• How to limit penetration test risks by defining testing scope

  Expert Nick Lewis explains how to reduce penetration testing risks by limiting the scope of the test.  Continue Reading

• To nullify targeted attacks, limit out-of-office message security risk

  Expert Michael Cobb details how to reduce out-of-office message security risk --and thus targeted attacks -- by limiting personal info given.  Continue Reading

• How to prevent SQL injection attacks by validating user input

  Expert Michael Cobb discusses how to prevent SQL injection attacks by validating user input and utilizing parameterized stored procedures.  Continue Reading

• Updating firewall policies with the frequency of firewall testing

  Should firewall testing frequency be decided and documented when updating firewall policies? Expert Brad Casey discusses how often to test firewalls.  Continue Reading

• Brute-force SSH attack prevention depends on network monitoring basics

  Expert Brad Casey discusses why effective brute-force SSH attack prevention means improving network monitoring instead of closing TCP port 22.  Continue Reading

• The pros and cons of SSL decryption for enterprise network monitoring

  Expert Brad Casey discusses the pros and cons of SSL decryption to determine its viability as an enterprise network monitoring method.  Continue Reading

• Audit log security: How to monitor and protect audit logs

  Is it possible to make audit logs tamper-proof? Expert Matthew Pascucci offers best practices for audit log security and monitoring.  Continue Reading

• Huawei router security: Is there legitimate cause for concern?

  Security expert Matthew Pascucci discusses Huawei router security and offers four tips for evaluating the security of enterprise network equipment.  Continue Reading

• Determining ideal IPS throughput for new implementation

  Several factors go into determining IPS throughput requirements. Expert Matt Pascucci explains in this Q&A.  Continue Reading

• Should syslog format be mandatory in a log management product?

  Matt Pascucci discusses what to look for when evaluating a log management product and whether syslog format should be a requirement.  Continue Reading

• Choosing a switch: Should you splurge on enterprise Ethernet switches?

  Matt Pascucci discusses what to look for when choosing an Ethernet switch, and whether or not to splurge on enterprise Ethernet switches.  Continue Reading

• Remote administration tools: How to develop a secure use policy

  Matt Pascucci offers advice for developing a policy on secure use of remote management tools by network security staff.  Continue Reading

• What to look for in full-packet-capture and network forensic tools

  Matt Pascucci explains what to look for in full-packet-capture network logging and network forensic tools, and areas to focus on during the search.  Continue Reading

• Unencrypted credit card data storage: Why 70% of merchants do it

  Mike Chapple offers four possible reasons why some merchants still store unencrypted credit card data after years of PCI DSS compliance requirements.  Continue Reading

• Application whitelisting vs. blacklisting: Which is the way forward?

  Which method is better at fighting next-gen malware? Security expert Michael Cobb weighs in on the application whitelisting vs. blacklisting debate.  Continue Reading

• Bing security: Is search engine poisoning a problem for Bing users?

  Is Microsoft's Bing search engine more susceptible to search engine poisoning than Google? Expert Michael Cobb discusses Bing security.  Continue Reading

• Cloud IaaS security: Is a virtual firewall the best bet?

  Matthew Pascucci discusses whether organizations should use an IaaS virtual firewall to protect applications that have been moved to the cloud.  Continue Reading

• What risk does the Apple UDID security leak pose to iOS users?

  Expert Michael Cobb details Apple's Unique Device Identifiers, plus why iOS users should be concerned about the Anonymous UDID security leak.  Continue Reading

• Choosing an external auditor: What to look for in an auditing firm

  Expert Mike Chapple advises enterprises on how to choose an external auditor, focusing on four major qualities to look for in an auditing firm.  Continue Reading

• COBIT 5 certification: What training is necessary for accreditation?

  Expert Mike Chapple offers advice for understanding COBIT and what it takes to acquire COBIT 5 certification.  Continue Reading

• How to implement firewall policy management with a 5-tuple firewall

  Matt Pascucci explains how to implement firewall policy management for 5-tuple firewalls when ports must be kept open for business reasons.  Continue Reading

• Exploring the security risks of network management outsourcing

  Is network management outsourcing the future of network security or too great a risk? Matthew Pascucci discusses the risks and rewards.  Continue Reading

• Why companies still use the insecure WPA and WEP protocols

  Expert Matthew Pascucci weighs in on why so many enterprises still use the insecure wireless encryption protocols -- WPA and WEP.  Continue Reading

• Avoiding the invisible: How to defend against iFrame attacks

  How can enterprises and users protect themselves from malicious content embedded in iFrames? Expert Nick Lewis explores iFrame attack mitigations.  Continue Reading

• How to determine if you're using a PCI-compliant cloud provider

  Small business credit card processing from a PCI-compliant cloud provider can help reduce the burden of PCI compliance. Expert Mike Chapple explains.  Continue Reading

• Implement software development security best practices to support WAFs

  WAFs aren't a panacea for all Web security woes. Software development security best practices are still vital. Expert Michael Cobb discusses why.  Continue Reading

• Establish a screen timeout period as part of a BYOD security policy

  Expert Michael Cobb provides advice on why and how enterprises should establish a screen timeout period as part of any BYOD security policy.  Continue Reading

• Can ISO 27002 be used as a standalone guide for security management?

  Learn the difference between ISO 27001 and ISO 27002, and how the latter can be used to build an infosec program.  Continue Reading

• Most common IT audit findings and how to remediate them

  Expert Mike Chapple uncovers some of the most common -- and embarrassing -- IT audit findings and explains how to remediate each one.  Continue Reading

• BYOD security policy: Mitigate BYOD risk with device requirements

  How can enterprises mitigate the BYOD risk? Expert Michael Cobb suggests some device requirements to include in a BYOD security policy.  Continue Reading

• The SSL handshake process: Public and privates keys explained

  Expert Michael Cobb details the SSL handshake and the role of public and private keys in a C2B transaction.  Continue Reading

• How to choose secure Android lock patterns

  Get advice from expert Michael Cobb on how to secure your Android device with good Android lock patterns.  Continue Reading

• Remote access audit: Assessing remote desktop access software

  Is your remote desktop access software really secure? Randall Gamby offers advice for conducting a remote access audit to validate security.  Continue Reading

• Types of SSO: Comparing two vendors' approaches to single sign-on

  Expert Randall Gamby discusses various types of single sign-on, specifically the approaches of Ping Identity's SSO and Symplified SSO.  Continue Reading

• How to manage feedback in the compliance review process

  The compliance review process can be complicated, especially when getting input from others. Mike Chapple offers advice to streamline the process.  Continue Reading

• Monitoring P2P activity by tracking corporate IP addresses

  Mike Chapple discusses whether you should be monitoring P2P activity with site crawling and info gathering websites like YouHaveDownloaded.com.  Continue Reading

• Securing big data: Architecture tips for building security in

  Expert Matt Pascucci advises a reader on securing big data with tips for building security into enterprise big data architectures.  Continue Reading

• Network perimeter security: How to audit remote access services

  Matt Pascucci discusses the best tools to audit Internet-facing remote access services and boost network perimeter security.  Continue Reading

• Privilege access management: User account provisioning best practices

  Broad user account provisioning can give users too much access. Randall Gamby offers privilege access management advice to prevent 'privilege creep.'  Continue Reading

• Secure remote access best practices: Guidelines for the enterprise

  Remote access threats are on the rise. Use expert Randall Gamby's secure remote access best practices to help users make good security decisions.  Continue Reading

• IMEI authentication: OK as a mobile authenticator?

  Is IMEI authentication a secure choice when considering a mobile authenticator? Randall Gamby explains why it may not be a wise choice.  Continue Reading

• MDM architecture considerations for enterprise identity management

  Randall Gamby details which enterprise identity management features to look for when evaluating products as the basis for an MDM architecture.  Continue Reading