Ask the Experts

Ask the Experts

• Does .cc domain malware demand domain blocking?

  Learn how to deal with .cc domain malware threats found within DNS traffic. Is domain blocking at the perimeter the best defense strategy?  Continue Reading

• Network topology mapping: How to automate network documentation

  Network topology mapping to boost security can be time-consuming. Learn how to automate network documentation with network management tools.  Continue Reading

• UTM devices: Efficient security or a firewall failure risk?

  UTM devices provide more protection than a simple firewall, but do they increase the risk of an enterprise firewall failure?  Continue Reading

• SIEM vs. DAM technology: Enterprise DAM implementation best practices

  Mike Cobb analyzes the differences between a SIEM and DAM implementation and how to successfully configure an enterprise DAM.  Continue Reading

• The switch to HTTPS: Understanding the benefits and limitations

  Expert Mike Cobb explains the value and limitations of HTTPS, and why making the switch to HTTPS may be easier than it seems.  Continue Reading

• Webmail forensics: Investigating issues with email forwarding security

  Expert Mike Cobb discusses webmail forensics possibilities for dealing with the aftermath of an issue involving an email forwarding security breach.  Continue Reading

• What are the best tools for enterprise Windows security logs analysis?

  Expert Mike Cobb provides some of the best Windows security log tools available for the enterprise.  Continue Reading

• BIOS security: Are BIOS attacks worth defending against?

  Expert Nick Lewis analyzes the risk of a BIOS attack in juxtaposition to the irritation and expense of securing a network against this threat.  Continue Reading

• How to protect a website from malware redirects

  Malware redirects are a serious hazard in the jungle of infiltration exploits; Nick Lewis explains how they can be avoided.  Continue Reading

• RTP attacks: How to prevent enterprise data exfiltration

  How big of an issue are RTP attacks in the context of all attacks via covert channels? Nick Lewis looks at tunneling for enterprise data exfiltration.  Continue Reading

• Use Telnet alternative SSH to thwart Telnet security risks

  The inherently insecure Telnet protocol shouldn’t be used on modern networks. Learn why and what to use in its place.  Continue Reading

• Is it possible to prevent DDoS attacks?

  A distributed denial-of-service (DDoS) attack can consume all your network bandwidth. Learn how to prevent a DDoS attack in this expert response.  Continue Reading

• Dynamic authorization vs. other access management technologies

  Randall Gamby discusses the advantages of dynamic authorization vs. other access management strategies and implementation best practices.  Continue Reading

• Image-based authentication: Viable alternative authentication method?

  Randall Gamby addresses the criticisms of image-based authentication and considers if it's a viable enterprise alternative authentication method.  Continue Reading

• SaaS access management: Finding the best single sign-on technology

  Expert Randall Gamby details key strategies for SaaS access management and contemporary single sign-on technology that's truly interoperable.  Continue Reading

• Explaining how trusted SSL certificates and forged SSL certificates work

  Web security relies on valid, trusted SSL certificates, but as Michael Cobb explains, forged SSL certificates undermine the model for trusted Web connections.  Continue Reading

• BIOS management best practices: BIOS patches and BIOS updates

  Amid growing concern over BIOS threats, expert Mike Cobb discusses how organizations should manage BIOS patches and BIOS updates.  Continue Reading

• Enterprise user de-provisioning best practices: How to efficiently revoke access

  Misplaced or stagnant employee access can be dangerous; Randall Gamby details user provisioning best practices for setting up a system to combat this risk.  Continue Reading

• Talking with lawyers: How to manage information security legal issues

  Dealing with lawyers is often a challenge. Ernie Hayden offers advice for CISOs dealing with enterprise information security legal issues.  Continue Reading

• Role-based access control: Making an enterprise RBAC implementation easier

  Learn the benefits of role-based access control based on job functions of network accessing employees, and how to make an RBAC implementation easier.  Continue Reading

• Personal online banking at work: Avoiding online banking security issues

  Is it OK to allow personal online banking at work? Get advice on avoiding online banking security issues with enterprise users.  Continue Reading

• Privileged account policy: Securely managing privileged accounts

  Randall Gamby discusses how to securely implement a privileged account policy within the enterprise and collectively manage sensitive account information.  Continue Reading

• How penetration testing helps ensure a secure data store

  A third-party penetration test is the best way to determine whether an online data store can be compromised.  Continue Reading

• OpenStack security analysis: Pros and cons of open source cloud software

  Expert Michael Cobb examines the open source cloud computing platform OpenStack and relevant OpenStack security issues.  Continue Reading

• Detecting and blocking suspicious logins, unusual login activity in the enterprise

  Randall Gamby dissects the delicate but crucial science of detecting and blocking suspicious logins and unusual login activity in the enterprise.  Continue Reading

• Advice for developing a vendor compliance checklist for a vendor review process

  Get advice for developing a vendor compliance checklist to support a vendor review process or a third-party vendor audit.  Continue Reading

• Firewall network security: Thwarting sophisticated attacks

  Firewall network security is still a critical part of securing an enterprise. Learn what sophisticated attacks a firewall can effectively prevent.  Continue Reading

• Web server encryption: Enterprise website encryption best practices

  Network security expert Mike Chapple details the fundamentals of Web server encryption and Web encryption deployment best practices.  Continue Reading

• How to bolster BIOS security to prevent BIOS attacks

  BIOS attacks can be thwarted by implementing NIST guidelines for BIOS security.  Continue Reading

• Securing IE with plug-ins Google Chrome Frame and IETab

  Web browser plug-ins can bolster IE security for legacy apps that have to run on outdated versions of Internet Explorer.  Continue Reading

• Learning from the MySQL.com hack: How to stop website redirects

  Learn how to stop website redirects put in place by malicious hackers, and how to prevent attacks like the MySQL.com hack.  Continue Reading

• Detecting covert channels to prevent enterprise data exfiltration

  A covert channel is just one more way data can leave the network. Learn how to detect and block covert channels from threats expert Nick Lewis.  Continue Reading

• What is ISO certified vs. ISO compliant?

  Discover the difference between an ISO 27002 certification report and an ISO 27002 compliant report.  Continue Reading

• Automated file and registry monitoring tools for Windows

  A file and registry monitoring tool like Process Monitor can help IT organizations identify suspicious behavior that may be related to a malware infection.  Continue Reading

• Securing applications with a network pen test

  Network penetration testing can help protect applications by uncovering weaknesses that provide an alternate route to sensitive data.  Continue Reading

• OAuth 2.0: Pros and cons of using the federation protocol

  Learn the advantages and disadvantages of using Open Authorization for Web application authentication.  Continue Reading

• Stop hackers from finding data during Web application fingerprinting

  Hackers use Web application fingerprinting to learn about their target. You can reduce the amount of information they uncover with these tips.  Continue Reading

• Incident response best practices after Sony breach

  Following the recent Sony breach, there are a few lessons other enterprises can learn about incident response.  Continue Reading

• How DHCP works and the security implications of high DHCP churn

  Learn about the potential problems with high DHCP churn and whether it should be a concern to your organization.  Continue Reading

• How secure is a VPN? Exploring the most secure remote access methods

  Virtual private networks are a common means of providing remote access, but expert Mike Chapple addresses whether it is the most secure option available.  Continue Reading

• How to choose application security tools for certain scenarios

  Learn about application whitelisting, application firewalls and activity monitoring, and how to choose the right application security tools and products.  Continue Reading

• Software testing methodologies: Dynamic versus static application security testing

  Learn about two software security testing methodologies – dynamic and static testing – in this expert response by Michael Cobb.  Continue Reading

• Open source testing tools for Web applications: Website vulnerability scanner and recon tools

  Google’s open source testing tools for Web applications can save organizations money and improve the security of Web apps.  Continue Reading

• Managing toolbars and other third-party browser extensions

  Third-party browser extensions like toolbars can jeopardize client security. Expert Michael Cobb discusses what can be done to manage these risks.  Continue Reading

• Java Virtual Machine architecture: Applet to applet communication

  In a Java Virtual Machine architecture, is it possible for two machines to communicate with one another? Expert Michael Cobb describes how the applet-to-applet communication process works.  Continue Reading

• Managing application permissions through isolated storage

  Application permissions are essential in securing application data. Learn how isolated storage allows secure, controlled access to application files.  Continue Reading

• Comparing relational database security and NoSQL security

  In this introduction to database security, expert Michael Cobb explains the differences between relational database and NoSQL security.  Continue Reading

• Hacker chatter: Can hacker websites help companies anticipate attacks?

  Tracking hacker chatter could be useful for discovering attacks, but there may be other, less risky routes to finding the same information.  Continue Reading

• Insufficient authorization: Hardening Web application authorization

  Insufficient authorization errors can lead to Web app compromises and data loss. Learn how to fix these authorization errors.  Continue Reading

• How to erase browser history proactively for enterprise security

  Attackers often try to access enterprise users’ browsing history. Expert Michael Cobb explains how to erase browser history proactively.  Continue Reading

• Drive-by virus: How to prevent drive-by download malware

  There are several security strategies enterprises can implement to prevent drive-by download malware infections. Get tips in this expert response.  Continue Reading

• Zeus Trojan analysis: How to decode the Zeus config.bin file

  Learn how to analyze the Zeus config.bin file in order to identify targeted URLs and infected computers on your network.  Continue Reading

• Internet Explorer 8 XSS filter: Setting the bar for cross-site scripting prevention

  The Internet Explorer 8 XSS filter can assist in cross-site scripting prevention. Michael Cobb explains how it works in this expert response.  Continue Reading

• Symmetric key encryption algorithms and hash function cryptography united

  Can a secure symmetric key encryption algorithm be used in hash function cryptography? Learn more about these data encryption techniques.  Continue Reading

• Network security metrics: Basic network security controls assessment

  Get advice on how to devise appropriate network security metrics for your enterprise from expert Mike Chapple.  Continue Reading

• PCI Requirement 12.8.2: When is client compliance necessary?

  Find out whether the PCI 12.8.2 requirement forces an organization working with a payment card merchant to become compliant.  Continue Reading

• Cloud computing PCI compliance: Is it possible?

  Is enterprise cloud computing PCI compliance possible? Discover how to use cloud computing and be PCI DSS-compliant.  Continue Reading

• Comparing certifications: ISO 27001 vs. SAS 70, SSAE 16

  Learn about ISO 27001 vs. SAS 70, and why enterprises should pay attention to SSAE 16 over SAS 70.  Continue Reading

• Is laptop remote wipe needed for effective laptop data protection?

  Expert Michael Cobb explains how laptop remote wipe technology can ease data loss fears, but shouldn’t be solely relied upon.  Continue Reading

• Secure coding best practices: PHP and programming language security

  Michael Cobb explains how proper secure coding training is much more important than PHP programming language security.  Continue Reading

• How to mitigate the risk of a TOCTTOU attack

  Are TOCTTOU attacks, exploiting time-of-check-to-time-of-use race conditions, a threat to your enterprise file systems? Expert Michael Cobb discusses the dangers and how to mitigate them.  Continue Reading

• How MAC and HMAC use hash function encryption for authentication

  Hash function encryption is the key for MAC and HMAC message authentication. See how this differs from other message authentication tools from expert Michael Cobb.  Continue Reading

• How to set up SFTP automation for FTP/DMZ transfer

  Transferring files from a DMZ to an internal FTP server can be risky. In this expert response, Anand Sastry explains how to use SFTP automation to lock it down.  Continue Reading

• Locate IP address location: How to confirm the origin of a cyberattack

  What's the best way to determine the origin of a cyberattack? Expert Nick Lewis weighs in.  Continue Reading

• How to set up a site-to-site VPN to coexist with a DMZ

  When setting up a site-to-site VPN, where should the VPN endpoint be in the DMZ? Learn more in this expert response.  Continue Reading

• IEEE 802.11: Handling the standard's wireless network vulnerabilities

  IEEE 802.11 has several known vulnerabilities, so what's the best way for enterprises to handle them? Expert Anand Sastry explains.  Continue Reading

• Will host-based intrusion detection software replace signature IDS?

  As signature-based IDS becomes less effective, is host-based IDS the best option to replace it? Expert Anand Sastry weighs in.  Continue Reading

• Hop-by-hop encryption: A safe enterprise email encryption option?

  Learn how hop-by-hop encryption gives enterprises the opportunity to send encrypted emails to large amounts of employees without a digital signature for each email from expert Michael Cobb.  Continue Reading

• How Microsoft security assessment tools can benefit your enterprise

  Expert Michael Cobb explains how Microsoft security assessment tools can find and help your enterprise fix vulnerabilities in its Windows environment.  Continue Reading

• URL shortening security best practices

  Expert Michael Cobb weighs in on risks you may not know about with shortened URLs from TinyURL or Bit.ly.  Continue Reading

• How to ensure the security of financial transactions online

  Financial transactions are some of the most high-risk activities performed online. Expert Nick Lewis gives advice to financial firms on how they can prevent online transaction fraud.  Continue Reading

• Enterprise antivirus comparison: Is cloud-based antivirus better?

  Cloud-based antivirus has pros and cons, but, on the whole, can it be more effective than regular antivirus products? Learn more from expert Nick Lewis.  Continue Reading

• How an IIS Web application pool can help secure your enterprise

  Did you know an IIS Web application pool not only helps manage your applications, but also makes them more secure? Expert Michael Cobb explains the benefits of Web application pools.  Continue Reading

• Debug and test Web applications using Burp Proxy

  The Burp Proxy tool, part of the Burp Suite, has many useful features that test Web application security. Learn how to start using Burp Proxy.  Continue Reading

• Which is best: An infosec certification or an IT security degree?

  Which will be more likely to further your infosec career: A certification, or an advanced degree? Expert Ernie Hayden weighs in.  Continue Reading

• How to find a real IP address using proxy server logs

  While using proxy server logs to identify the real IP address of an attacker using a proxy server is technically easy, there are other difficulties along the way. Expert Mike Chapple explains.  Continue Reading

• How to defend against pivot attacks in the enterprise

  Nick Lewis explains what a pivot attack is and tells how to go about defending your organization against this threat.  Continue Reading

• Social networking best practices for preventing social network malware

  Get advice on social networking security best practices that can help prevent data leaks and other social network malware that could harm to your enterprise.  Continue Reading

• Valuable third-party patch deployment software, tools

  Do you know some of the best third-party patch deployment tools? See expert Michael Cobb's recommendations on which tools would work best for your enterprise.  Continue Reading

• Guidance on dual-homed server security

  Learn more about how a dual-homed server operates, and what security restrictions it entails in this expert response from Anand Sastry.  Continue Reading

• How to monitor network traffic: Appliance placement and choke points

  Monitoring network traffic is crucial, but where's the best place to put network monitoring tools? Expert Anand Sastry gives advice.  Continue Reading

• Best practices for information security reward incentive programs

  While employee termination may be necessary in cases of insecure conduct, most employees are more encouraged by the carrot than the stick when it comes to security and compliance.  Continue Reading

• Using a Web application honeypot to boost security for Web applications

  Honeypots can be a valuable tool for logging and analyzing intrusions, but do you know the disadvantages to setting up a honeypot? Expert Michael Cobb explains some honeypot best practices.  Continue Reading

• Merger management: How to handle potential merger threats to security

  During a merger, management of information security becomes even more crucial in order to mitigate threats, including the many new insiders and attentive attackers that want to take advantage of holes in the companies' infosec integration.  Continue Reading

• Virtualization security concerns: The threat of hypervisor malware

  What is hypervisor malware, and how worried should enterprises employing virtualization be about it? Threats expert Nick Lewis explains.  Continue Reading

• Validating ERP system security and ERP best practices

  Is your ERP system security effective? How can you be sure? Expert Mike Cobb offers up some ERP security best practices.  Continue Reading

• Adobe Flash alternatives: The best way to avoid Adobe Flash malware?

  It's no secret that Adobe Flash is plagued with malware, so, do enterprises really need it? In this expert response, Nick Lewis discusses how you can weigh the importance of functionality and security when it comes to Flash.  Continue Reading

• What does the Stuxnet worm mean for SCADA systems security?

  SCADA systems have been highlighted in recent months for their insecurities, perhaps most notably with the release of the Stuxnet worm targeting them directly. But is the Stuxnet worm unique, or simply a sign of SCADA insecurity? Learn more in this ...  Continue Reading

• Creating a third-party security policy to prevent a software exploit

  Third-party software vulnerabilities are one of the most likely attack vectors in the information security landscape today. In this expert response, Nick Lewis discusses how to prevent these vulnerabilities from becoming exploits.  Continue Reading

• Prevent a privilege escalation attack with database security policy

  Privilege escalation attacks are dangerous wherever they occur, but can be particularly harmful if run in a database. Learn more from threats expert Nick Lewis.  Continue Reading

• Managing remote workers: Musts for setting up a secure home network

  Is it the enterprise's responsibility to ensure that remote workers' home networks are secure? And, if so, how should they do it? Get expert advice from Nick Lewis.  Continue Reading

• How to use Wget commands and PHP cURL options for URL retrieval

  When TCP or HTTP connections aren't behaving as expected, free tools like Wget and cURL can help with URL retrieval. Learn more in this expert response from Anand Sastry.  Continue Reading

• Utilizing a hash function algorithm to help secure data

  Learn how a hash function algorithm -- specifically a one-way hash function of the Dynamic SHA-2 algorithm -- can help protect important documents using a variety of hashes to confuse malicious code.  Continue Reading

• Why it's important to turn on DEP and ASLR Windows security features

  In the quest for application security, many developers are disabling or incorrectly implementing two important Windows security features. In this expert response, Michael Cobb explains why ASLR and DEP should always be turned on.  Continue Reading

• What to include in a remote access audit

  When conducting a remote access audit, there are specific questions you should be sure to ask to make sure everything is secure. In this expert response, Randall Gamby describes what to look for.  Continue Reading

• Will biometric authentication devices integrate with in-house software?

  Biometric devices may provide an added level of security, but how much effort is required to integrate them with existing software and systems, particularly those systems custom made for an organization? Learn more in this expert response from ...  Continue Reading

• How to set up Apache Web server access control

  If you're hoping to allow or deny Apache Web server access based on IP address, check out this expert response from Randall Gamby.  Continue Reading

• How to block port scan attempts on a public wireless network

  Network security expert Anand Sastry explains how to block port scan attempts on a public wireless network at the host level.  Continue Reading

• Secure OpenVPN config with PAM

  Network security expert Anand Sastry explains the relationship between OpenVPN and TLS, and points out where to learn about using OpenVPN and PAM.  Continue Reading

• OpenLDAP migration: OpenLDAP from an Active Directory schema

  While integrating user provisioning products may seem like a lot of work, there are strategies to make it go smoothly. In this expert response, Randall Gamby describes how to incorporate OpenLDAP into an Active Directory schema.  Continue Reading