Ask the Experts

Ask the Experts

• How to implement PCI network segmentation

  When trying to comply with PCI DSS, network segmentation can be a tricky subject. In this expert response, Mike Chapple explains how to separate payment system's credit card processing functionality from the rest of an enterprise network.  Continue Reading

• Should IDS and SIM/SEM/SIEM be used for network intrusion monitoring?

  Is it enough just to monitor log data, or does that data need to be fed into a SIM/SEM/SIEM product in order to ease the data analysis process? Network security expert Mike Chapple weighs in.  Continue Reading

• How to analyze a TCP and UDP network traffic spike

  What does it mean when TCP and UDP network traffic spikes? Network security expert Mike Chapple explains what this means for enterprise network security management.  Continue Reading

• How to perform a network forensic analysis and investigation

  Situation: A breach has occurred at your enterprise, and you need to gather relevant data, fast. What tools can you use to get the job done? In this expert response, Mike Chapple gives pointers on which network forensic analysis tools can help.  Continue Reading

• What does 'invoked by uid 78' mean?

  Are you seeing a 'uid 78' in your emails? In this expert response, Michael Cobb explains what the message means.  Continue Reading

• Can S/MIME, XML and IPsec operate in one protocol layer?

  It is possible to build security systems that reside within a single layer of the OSI model, but why limit yourself?  Continue Reading

• What are the best practices for IPS implementation?

  Implementing an intrusion prevention system can be a tricky proposition. Network expert Mike Chapple explains some common IPS deployment challenges.  Continue Reading

• How to configure firewall ports for webmail system implementation

  Network security expert Mike Chapple explains why he always recommends placing any server accessible from the Internet into the DMZ.  Continue Reading

• How secure are iPhone App Store mobile applications?

  Expert Michael Cobb reviews the steps that Apple has taken to ensure the quality and safety of any applications developed for the iPhone.  Continue Reading

• How to harden Linux operating systems

  Specific advice on hardening a server depends to some extent on its intended role, says expert Michael Cobb in this SearchSecurity.com Q&A.  Continue Reading

• How to detect input validation errors and vulnerabilities

  Expert John Strand reviews how to spot input validation flaws on your websites.  Continue Reading

• What are today's antivirus software trends?

  Expert John Strand reveals two exciting trends in antivirus software.  Continue Reading

• What security software should be installed on Internet café computers?

  The security provided by many Internet cafes and other similar public access points has greatly improved over the last few years. But that's no substitute for due diligence on the part of users, says expert Michael Cobb.  Continue Reading

• How to create a secure network through a shared Internet connection

  When setting up a corporate network through a shared Internet connection, security is of paramount importance. Learn best practices for creating this kind of network from expert Mike Chapple.  Continue Reading

• The telltale signs of a network attack

  Some people believe that if IP addresses from China are attacking their network, then they are under attack from China. Expert John Strand explains why all that it is irrelevant.  Continue Reading

• How to detect keyloggers

  In this expert response, Michael Cobb explains how to detect the many rootkits available to today's attackers.  Continue Reading

• How to set up a corporate cell phone management strategy

  Mobile devices are ubiquitous in today's enterprise environments, but how can security pros keep them from becoming malware-laden, data-leaking devices? In this expert response, Mike Chapple gives pointers on a corporate cell phone management ...  Continue Reading

• Best practices for log data retention

  Figuring out how long to retain log data and how much log data should be kept in the event of incident response can be tricky to navigate. In this information security management expert response, David Mortman gives best practices for log data ...  Continue Reading

• How to secure SSL following new man-in-the-middle SSL attacks

  Man-in-the-middle SSL attacks at Black Hat D.C. exposed a flaw in the https structure, so how can you avoid such an attack at your enterprise? Find out in Mike Chapple's expert response.  Continue Reading

• How do I transition to a career in IT security?

  Looking to move into a career in IT security? Network security expert Mike Chapple how to take a business or sales background and turn it into just that.  Continue Reading

• How to avoid HIPAA Social Security number compliance violations

  It can be difficult to decipher what a HIPAA Social Security number violation is. In this information security management expert response, David Mortman explains how to avoid HIPAA SSN violations as an employer.  Continue Reading

• A simple substitution cipher vs. one-time pad software

  Both a simple subsitution cipher and one-time pad software have data encryption benefits despite their differences.  Continue Reading

• When should a virtual patch be used?

  Learn how virtual patches can help administrators review, test and schedule official patch updates and find out about the benefits a virtual patch provides, such as protection against identified vulnerabilities.  Continue Reading

• How to estimate log generation rates

  In this expert response, Mike Chapple explains why estimating log generation rates is so difficult.  Continue Reading

• Is it more secure to have a mainframe or a collection of servers?

  The general public may think that mainframe computing is a thing of the past, but expert Michael Cobb reviews why the mainframe is still the cornerstone most large IT projects.  Continue Reading

• What is the best operating system for an FTP server implementation?

  When it comes to recommending an operating system for a task such as hosting an FTP server, expert Michael Cobb says it depends on what in-house expertise you have.  Continue Reading

• How does a Web server model differ from an application server model?

  A Web server model and an application server model share many similarities but require different defense methods. Each model, for example, calls for distinct placement of application servers.  Continue Reading

• What are the ethical issues when consulting for two competing companies?

  Security consulting is a job in which privacy is paramount. Leaking security strategies to the wrong people -- especially a company's competition -- could lead to breaches or break ins. In this expert response, David Mortman gives best practices for...  Continue Reading

• How to prevent SSH brute force attacks

  Brute force attacks on the Secure Shell (SSH) service have been used more frequently to compromise accounts and passwords. Expert John Strand explains how to defend against these brute-force threats.  Continue Reading

• What are the security risks of opening port 110 and port 25?

  If an external manufacturer wants to remotely access its leased copiers, is it risky to open both port 110 or port 25? Mike Chapple reveals a few security repercussions.  Continue Reading

• When should a database application be placed in a DMZ?

  Mike Chapple explains the best network location for an important database application. Chapple also reveals the appropriate level of access to grant remote users.  Continue Reading

• Can Google Earth and other mash-up applications threaten enterprise security?

  In an expert Q&A, Michael Cobb explores the security issues that occur when an emerging mash-up application like Google Earth is used in the enterprise.  Continue Reading

• How do I get CPE credits?

  Congratulations, you've earned your CISSP certificate. Now, what are some ways to get CPE credits to keep it up? Find out in this security management expert response.  Continue Reading

• Can you combine RFID tag technology with GPS to track stolen goods?

  When laptops or smartphones are stolen, retrieving them can mean the difference between a data breach a close call. Learn if it's possible to combine RFID tag technology with GPS devices for tracking stolen goods to their exact location, and if so ...  Continue Reading

• What is the cause of an 'intrusion attempt' message?

  Have you ever received a message from your endpoint security product stating that an intrusion attempt has been blocked? Mike Chapple gives three possibilities for the alert's likely cause.  Continue Reading

• Front-end/back-end firewalls vs. chassis-based firewalls

  Network security expert Mike Chapple explores the different characteristics of devices using a front-end/back-end topology and chassis-based firewalls.  Continue Reading

• How to configure a firewall to communicate with an upstream router

  When incorprating a new firewall product, configuration problems can occur between the network device and the router. Mike Chapple reviews some common implementation problems.  Continue Reading

• Comparing FTP vs. TFTP

  There are some differences between FTP and TFTP, but here's the catch: both are inherently insecure protocols.  Continue Reading

• How to prevent cross-site scripting (XSS) session hijacking

  Cross-site scripting and SQL injections still providing hackers with plenty of opportunities to successfully access data or take control of a compromised machine. MIchael Cobb explains how you can improve your application defenses.  Continue Reading

• Can any firm or organization get a digital signature certificate?

  Learn how a firm can obtain a digital signature certificate. Also, learn about several certificate authorities (CA) that manage them.  Continue Reading

• What OSI Layer 4 protocol does FTP use to guarantee data delivery?

  What OSI Layer 4 protocol does FTP use to guarantee data delivery?  Continue Reading

• What firewall controls should be placed on the VPN?

  The level of control you place on VPN traffic should be at least as strong as the level of control you place on traffic from similar users on your corporate network. Network expert Mike Chapple explains which firewall controls are necessary.  Continue Reading

• How to obtain a digital certificate for a server

  In order to use SSL-protected communications, such as exchanging Web traffic using the HTTPS protocol, an enterprise must first purchase and then install a digital certificate on its server. In this expert Q&A, Mike Chapple explains how to do just ...  Continue Reading

• Should the CTO have domain administrator access?

  Should a CTO or SVP of technology have domain administrator access? In this identity and access management expert response, learn whose job description should include domain administrator privileges.  Continue Reading

• What are 'phlashing' attacks?

  Phlashing attacks target network devices and other hardware systems that rely upon firmware to contain their operating systems. Network security expert Mike Chapple explains why the threat is more than theoretical.  Continue Reading

• How to become an information security expert

  According to network security expert Mike Chapple, information security is one of the hottest career fields and shows great potential for growth. Learn why.  Continue Reading

• What firewall features will best protect a LAN from Internet hack attacks and malware?

  In the case of a small network, the necessary firewall doesn't need to be anything complicated. Network security expert Mike Chapple reviews the key features of the network device.  Continue Reading

• Does password sharing in international branches violate SOX?

  Does password sharing in a company's international branch violate Sarbanes Oxley compliance? Learn enterprise password management solutions for international companies.  Continue Reading

• How to create a policy to avoid disgruntled employee data leaks

  When crafting a data security policy, take into account that disgruntled employees may leak data. Learn how to prevent employee data leakage, and how to handle data loss if it occurs.  Continue Reading

• How to set up a remote access security policy

  Interested in setting up a remote access security policy for users? Learn to use IPsec vs. SSL VPN and appropriate systems, applications and authentication methods.  Continue Reading

• Best practices for merging with a company that is not PCI compliant

  Learn how to make sure you and your partner are compliant with PCI DSS while you prepare for the merger process.  Continue Reading

• What are best practices for secure password distribution after a data breach?

  After an information security data breach, it might seem like a good idea to create new user IDs and passwords for all employees in the user directory. But is there an easier way to handle the aftermath of a data breach? Find out more in this IAM ...  Continue Reading

• Options for a mechanical door security system on a server room door

  After a server room door has been compromised, finding a more secure solution is of utmost importance. Learn how to choose a server room door that can secure your server without breaking the bank.  Continue Reading

• The top LAN security issues in a client-server network environment

  In this SearchSecurity.com Q&A, network security expert Mike Chapple lays out four of the biggest LAN security threats.  Continue Reading

• How will many firewalls serving as the default gateway affect the DMZ?

  If you attempt to have multiple firewalls connected to the same network segment, all serving as the default gateway, routing problems will ensue. Network security expert Mike Chapple explains.  Continue Reading

• What is the GISP certification and how does it compare to the CISSP certification?

  In the world of security certifications, what is the GISP and how alike is it to the CISSP? In this security management expert response, learn about scenarios when the GISP might be appropriate and how industry-relevant it may be.  Continue Reading

• Can mutual authentication beat phishing or man-in-the-middle attacks?

  What's the best way to prevent phishing and man-in-the-middle attacks? IAM expert David Griffeth explains the benefits of mutual authentication over one-way SSL.  Continue Reading

• Comparing access control mechanisms and identity management techniques

  In the IAM world, what's the difference between access control and identity management. This IAM expert response explains how the two relate as well as some best practices for both access control mechanisams and identity management.  Continue Reading

• What are effective ways to stop instant messaging (IM) spam?

  In this expert Q&A, Michael Cobb reveals what techniques and tools can be used to stop instant messaing spam, or spim, in the enterprise.  Continue Reading

• Is it impossible to successfully remove a rootkit?

  In this expert Q&A, Michael Cobb takes a closer a look at the nature of rootkits to see why they can be so difficult to remove.  Continue Reading

• Using a QSA to write up a PCI DSS report on compliance (ROC)

  Depending on your enterprise, it may or may not be necessary to utilize a QSA. In this security management expert response, learn how to determine your enterprise's level of compliance, whether to utilize a QSA and where to submit the necessary ...  Continue Reading

• Can software tools automate the server hardening process?

  Michael Cobb explores the Windows Server 2003 Hardening Guide and how you can tighten the security on your servers.  Continue Reading

• What are the basics of a Web browser exploit?

  John Strand explains how attackers target a flaw in either the browser or in an application that the browser calls to process a Web request.  Continue Reading

• How can gap analysis be applied to the security SDLC?

  When developing software securely, what role does gap analysis play? In this security management expert response, learn how to implement gap analysis into software development, and how it can help stop data leaks at your enterprise.  Continue Reading

• What is the best way to manually test for buffer overflows?

  There are two ways of reviewing a program for buffer overflows. Michael Cobb explains how to examine a program's source code and file code.  Continue Reading

• Could someone place a rootkit on an internal network through a router?

  If a hacker gains control of a router and then uploads a new configuration opening ports up for communication, it may be possible to place a rootkit on the internal network. In this IAM expert response, learn how this attack might happen, and how to...  Continue Reading

• Should a new user have to confirm an email address to gain access?

  'Authenticate new user' emails can be helpful tools in preventing spammers from creating a million users that will flood a site. Identity and access management expert Joel Dubin gives advice.  Continue Reading

• How does information security prevent fraud in the enterprise?

  When an enterprise is worried about fraud, where does the information security team step in? Security management expert Mike Rothman explains the role information security plays in enterprise fraud-prevention activities.  Continue Reading

• Using batch files for temporary user access to the local admin group

  When a program that many users need to access requires local admin rights to run, what's the best way to manage user privileges? IAM expert Joel Dubin weighs in on how best to manage user accounts.  Continue Reading

• Can an IDS, DMZ and honeypot together achieve better network security?

  An IDS and DMZ can be used together to achieve better network security, but expert Mike Chapple explains which tool is too risky to add to the mix.  Continue Reading

• Pre-boot biometric user authentication tools and strategies

  Thinking about implementing biometric fingerprint readers for authentication? Learn what to look for in user authentication tools and how to be sure they're compatible with the OS.  Continue Reading

• Would you recommend SANS Institute security training?

  Depending on what specific goals an infosec pro is trying to accomplish, SANS training may or may not be the swiftest route. Security management expert Mike Rothman gives his advice on when it's a good idea to go for the training.  Continue Reading

• Do the Group Policy Object and 'Password Never Expires' flag interact?

  How does the Group Policy Object interact with the 'Password Never Expires' flag in Active Directory? Identity and access management expert Joel Dubin explains.  Continue Reading

• What vendors would you recommend for software write-blockers?

  In a forensics investigation, a software write-blocker can be very helpful. But which vendors offer the best blockers? Security management expert Mike Rothman explains what to look for.  Continue Reading

• How do RFID-blocking passport wallets work?

  RFID passports can provide quicker passage through customs, but may put sensitive data at risk. Learn about whether RFID-blocking passport wallets can keep personal credentials from being sniffed.  Continue Reading

• What are the benefits of identity managed as a service?

  How do Software as a Service (SaaS) and IAM interact? Identity and access management expert Joel Dubin weighs in on how to approach the integration of the two.  Continue Reading

• What are good features to look for in access control software?

  When supporting environments with HID card readers and proxy cards, what qualities should control access software have? Identity and access management expert Joel Dubin weighs in on software and implementation best practices.  Continue Reading

• Is there a published standard or guideline for system hardening?

  When hardening a system, what specific standards or guidelines should information security pros adhere to? Security management expert Mike Rothman explains.  Continue Reading

• Why is backscatter spam so difficult to block?

  When an email address is comandeered by a malicious hacker to send spam, the backscatter can quickly fill an inbox and clog bandwidth. Is there any way to prevent this? Expert Michael Cobb gives advice.  Continue Reading

• Is the Orange Book still relevant for assessing security controls?

  Is the Orange Book still the be-all and end-all for assessing security controls in the enterprise? Security management expert Mike Rothman explains what happened to the Orange Book, and the Common Criteria for Information Technology Security ...  Continue Reading

• Pre-requisites for implementing enterprise single sign-on (SSO)

  Implementing single sign-on (SSO) in an enterprise involves many security considerations, and there are no universal protocals. Identity access management expert Joel Dubin gives his advice on implementation.  Continue Reading

• Protecting exposed servers from Google hacks (and Google 'dorks')

  Search engines are now routinely used to find ways of gaining unauthorized access to servers. Michael Cobb explains how to avoid exposing your important data to 'Google dorks.'  Continue Reading

• Allowing select access to IP addresses using Windows Server 2003

  Switching from Zone Alarm 2000 to Windows Server 2003, a SearchSecurity.com reader asks expert Mike Chapple how to limit inbound connections.  Continue Reading

• Best practices for IDS creation and signature database maintenance

  Mike Chapple offers an alternative to creating an intrusion detection system as well as advice on maintaining a signature database.  Continue Reading

• How to hide system information from network scanning software

  Network scanning software is capable of obtaining sensitive system information. Mike Chappel explains how implementing various firewalls can stop intrusive software in its tracks.  Continue Reading

• What are the top five concepts or lessons on security management?

  Many security managers wish their company executives understood more about the importance of information security. Security management expert Mike Rothman lists the top five things every executive should be informed of.  Continue Reading

• Is a Master Boot Record (MBR) rootkit completely invisible to the OS?

  Whether or not we see widespread attacks that use MBR rootkits will depend upon two factors. Platform security expert Michael Cobb explains them both.  Continue Reading

• Can a hacker actually post malicious scripts to any server using a drop-down list?

  By viewing a page's HTML source code and writing malicious scripts to a drop-down list, hackers may be able to re-post the malicous page to the server. In this security threats expert response, learn how to avoid this attack.  Continue Reading

• What are the pros and cons of zero-knowledge penetration tests?

  A penetration tester with no previous knowledge of the site being tested may be able to give some insight unavailable to other forms of penetration testing, but there are pros and cons. Expert Michael Cobb weighs in.  Continue Reading

• To what exactly would a request for biometric data from an insurance provider pertain?

  Biometric data serves only to verify identity. Identity and expert management expert Joel Dubin explains what an insurance company might want with biometric data.  Continue Reading

• What tools can a hacker use to crack a laptop password?

  Password cracking may be a hacker's specialty, but there are also many strategies to keep passwords secure.  Continue Reading

• Are Internet cafe users' email credentials at risk?

  Most browsers store all Web pages, including a user's message and other information, in a cache from which it is retrievable with relative ease. Expert Michael Cobb explains how to keep the personal data from getting into the wrong hands.  Continue Reading

• Should iPhone email be sent without SSL encryption?

  SSL encrypts all of the communication between your iPhone and your mail server. Network security expert Mike Chapple explains how important that feature really is.  Continue Reading

• What are the possible benefits of microchip implants and RFID tags for employees?

  Though it may seem like a good idea to mark employees in high risk areas with implants or RFID tags, there are some serious security concerns to take into account.  Continue Reading

• Which is a more secure data access technology: SPAN or TAP?

  When monitoring traffic on a network, which is the best tool to use? Network security expert Mike Chapple gives advice.  Continue Reading

• Which operating system can best secure an FTP site?

  In this expert Q&A, platform security expert Michael Cobb explains how a secure FTP protocol can improve websites and Web services.  Continue Reading

• Should a domain controller be placed within the DMZ?

  When creating an Active Directory network, is it necessary to place domain controllers in the DMZ? Network security expert Mike Chapple explains.  Continue Reading

• What are the dangers of cross-site request forgery attacks (CSRF)?

  Ed Skoudis defines the threats posed by cross-site request forgery attacks (CSRF), and explains how they are similar and different from cross-site scripting attacks.  Continue Reading

• What ports should be opened and closed when IPsec filters are used?

  In this SearchSecurity.com Q&A, application security expert Michael Cobb explains how to set up separate branch IPsec filters that connect with a head office.  Continue Reading

• Is Triple DES a more secure encryption scheme than DUKPT?

  Both DES and TDES use a symmetric key, but Michael Cobb explains their separate and distinct roles in protecting financial transactions.  Continue Reading