Ask the Experts

Ask the Experts

• How can header information track down an email spoofer?

  Spammers can use spoofed headers to hide the true origin of unwanted email. In this SearchSecurity.com Q&A, application security expert Michael Cobb explains how to trust where a message is coming from.  Continue Reading

• Can keyloggers monitor mouse clicks and keyboard entries?

  Keyloggers may be a security manager's best friend, especially if he or she wants to monitor an employee's keyboard entries. Keyloggers can't do it all, though, says application expert Michael Cobb.  Continue Reading

• Can a certificate authority be trusted?

  In this expert Q&A, Ed Skoudis reveals what research needs to be done before importing a certificate into your browser.  Continue Reading

• Is it possible to prevent email forwarding?

  For professionals who send sensitive information through email, it may be useful to prevent message forwarding. Not so fast, says Ed Skoudis. SearchSecurity.com's information security threat expert explains the limitations of SMTP and why you may ...  Continue Reading

• How vulnerable are network printers?

  Security personnel often don't give network printers much attention; after all, they are "only printers." In this SearchSecurity.com Q&A, Ed Skoudis explains why such devices are, in fact, a juicy target and need to be properly patched and hardened.  Continue Reading

• What is an Nmap Maimon scan?

  Systems are often designed to hide out on a network. In this SearchSecurity.com Q&A, network security expert Mike Chapple explains how Nmap Maimon scans can get a response out of them.  Continue Reading

• Are knowledge-based authentication systems doing more harm than good?

  In this SearchSecurity.com Q&A, security expert Joel Dubin examines if the password security policies used in knowledge-based authentication systems are doing more harm than good.  Continue Reading

• Choosing the right public key algorithm: RSA vs. Diffie-Hellman

  In this SearchSecurity.com expert response, Joel Dubin explores two different public key encryption algorithms and discusses how to make the right choice for your information security needs.  Continue Reading

• Is a digital watermark a legitimate authentication factor?

  Identity management and access control expert Joel Dubin explores how reliable a digital watermark is when acting as a authentication factor.  Continue Reading

• How to keep packet sniffers from collecting sensitive data

  In this SearchSecurity.com Q&A, network security expert Mike Chapple reveals two important actions that can protect users from packet sniffers and other eavesdropping attacks.  Continue Reading

• How do a DMZ and VPN work together?

  In this SearchSecurity.com Q&A, network security expert Mike Chapple explains the three distinct network zones in a typical firewall scenario and reveals how the DMZ and VPN, in particular, co-exist.  Continue Reading

• How to verify 140-2 (FIPS 140-2) compliance

  In this SearchSecurity.com Q&A, identity management and access control expert, Joel Dubin, discuses several ways to verify that Federal Information Processing Standard 140-2 is being enforced.  Continue Reading

• Are rogue DHCP servers a serious network risk?

  Rogue DHCP servers can cause everything from a network outage to an outright interception of network traffic. In this SearchSecurity.com Q&A, network security expert Mike Chapple explains the seriousness of the threat and reveals which tools can ...  Continue Reading

• What's the difference between CompTIA and CISSP certifications?

  In this SearchSecurity.com Q&A, security management expert Mike Rothman discusses the difference between security certifications, and how much influence, if any, these credentials hold in the field.  Continue Reading

• Can ADFS technology manage multiple-user authentication?

  In this SearchSecurity.com Q&A, Joel Dubin, expert in identity management and access control, addresses multiple aspects of ADFS systems, including the technology's ability to authenticate multiple users to a Web application.  Continue Reading

• How can attackers exploit RSS software flaws?

  RSS syndication feeds are a convenient way to get your news, blogs or other favorite content, but these popular tools are often left exposed. In this SearchSecurity.com Q&A, Ed Skoudis explains how malicious hackers can attack RSS software and ...  Continue Reading

• How can hackers bypass proxy servers?

  Hackers are bypassing proxy servers all the time and doing so for a variety of reasons. In this SearchSecurity.com expert Q&A, Ed Skoudis points out the holes in your protective filtering tools.  Continue Reading

• Why can't antimalware tools scan inside virtual machines?

  You'd think that it would be easy for an antimalware tool to see what's going on inside a virtual workstation. Unfortunately, it's not. In this expert Q&A, Ed Skoudis explains the difficulty of scanning a guest virtual machine.  Continue Reading

• What are the best ways to block proxy server sites?

  Proxy services allow employees to view unauthorized content, but the proxies themselves and the sites that list them are tricky to detect. In this SearchSecurity.com Q&A, learn how some content monitoring tools can help block proxy server sites.  Continue Reading

• What's the harm in removing the RFID chip in credit cards?

  If you're concerned that a credit card's RFID chip is putting your personal data at risk, why not just drill the darn thing out? Not so fast, says Joel Dubin. In this SearchSecurity.com Q&A, the identity management and access control expert ...  Continue Reading

• How to ensure that an SSL connection protects sensitive Web data

  In this expert Q&A, application security pro Michael Cobb explains how to secure sensitive Web site data that is sent across the Internet.  Continue Reading

• Are USB storage devices a serious enterprise risk?

  USB drives are common gifts at conferences and trade shows, but how much of a danger are they to your enterprise's network security? In this expert Q&A, Michael Cobb explains the risks of these storage devices and how to control their use.  Continue Reading

• What are the risks of placing enterprise users in a DMZ?

  A demilitarized zone protects systems from an affected server, but enterprise users themselves should have no place in the DMZ. In this expert Q&A, Mike Chapple explains where they belong.  Continue Reading

• What are the benefits of a tunnelless VPN?

  In this SearchSecurity.com Q&A, network security expert Mike Chapple reviews two common tunnelless VPNs: Secure Sockets Layer (SSL) and Group Encrypted Transport (GET).  Continue Reading

• What are common kinds of mobile spyware?

  When it comes to mobile spyware, there are almost too many types. Luckily, in this expert Q&A, Ed Skoudis narrows down the field and reveals how to defend against browser exploits, file droppers and keystroke loggers.  Continue Reading

• What causes buffer overflows and memory leaks in a Web application?

  Buffer overflows and memory leaks can cause serious harm to Web applications. In this SearchSecurity.com Q&A, application security expert Michael Cobb reveals how both can lead to security breaches and system compromises.  Continue Reading

• Can a TCP connection be made without an open port?

  A company may claim it has an "application" that allows computers to communicate without opening any ports, but network security expert Mike Chapple reveals whether you should believe the hype or not. Read more in this SearchSecurity.com Q&A.  Continue Reading

• Interpretting firewall security alert messages

  If you can't decipher the security alert messages from your firewall, information security threats expert Ed Skoudis can help with some of the interpretation. In this SearchSecurity.com Q&A, Ed Skoudis uses a sample alert message to explain whether ...  Continue Reading

• How does a mail server respond to fake email addresses?

  In this SearchSecurity.com Q&A, Ed Skoudis reviews the actions of a mail server when it is presented with a bogus email address.  Continue Reading

• Cross-site tracing vs. Cross-site scripting

  Cross-site tracing, slightly different from cross-site scripting, can still do some significant damage to your Web applications. In this SearchSecurity.com Q&A, information security threats expert Ed Skoudis reveals how each attack is carried out.  Continue Reading

• How should security and networking groups manage the firewall?

  When it comes to firewalls, the networking group often handles the installation, while the information security department writes the rules. Should these responsibilities be split? In this expert Q&A, security management pro Shon Harris reveals how ...  Continue Reading

• Will biometric authentication replace the password?

  Some security observers say user IDs and passwords are obsolete and can be easily cracked, but that doesn't mean you should fire up biometric authentication projects just yet. In this SearchSecurity.com Q&A, identity management and access control ...  Continue Reading

• Can single sign-on (SSO) provide authentication for remote logons?

  If you're accessing multiple applications through a remote Citrix server, you have two options. Identity management and access control expert Joel Dubin explains both in this SearchSecurity.com Q&A.  Continue Reading

• Is Sender ID an effective email authentication tool?

  Sender ID, used by five million domains, can significantly counter spammers and phishers, but is it the best antispam technology? In this expert Q&A, Michael Cobb reveals the pros and cons of the email authentication framework.  Continue Reading

• Do XPath injection attacks require the same response as SQL injections?

  XPath injection attacks are slightly different (and more dangerous) than SQL injections. In this SearchSecurity.com Q&A, application expert Michael Cobb reveals the preventative steps that can protect your systems from either type of assault.  Continue Reading

• What are application logic attacks?

  In 2005, application logic flaws allowed alert, Web-savvy gamblers the chance to win a lot of money. In this SearchSecurity.com tip, application security expert Michael Cobb examines these types of vulnerabilities and how they can lead to ...  Continue Reading

• Will two different operating systems cause administrative problems?

  Using two different operating systems can often boost a company's security, but there are practical limitations to the enterprise practice. In this expert Q&A, Michael Cobb reveals how separate platforms can lead to deployment issues and higher ...  Continue Reading

• How can rootkit hypervisors affect operating system security?

  What can rookit hypervisors do to your operating system? "Whatever their creators want!" says application security expert Michael Cobb. In this SearchSecurity.com Q&A, Cobb explains how rootkit hypervisors could defeat the security defenses of a ...  Continue Reading

• How can a call center achieve compliance with ISO 27001?

  Before you begin putting the pieces of your security program together, you may want to have a look at ISO 27001. In this expert Q&A, Shon Harris explains the framework and how it can identify and address an organization's security risks.  Continue Reading

• Should an organization centralize its information security division?

  Is your organization capable of having true information security governance? In our expert Q&A, Shon Harris reveals the ideal components of a centralized security team.  Continue Reading

• How to safely issue passwords to new users

  In this Ask the Expert Q&A, our identity management and access control expert Joel Dubin offers tips on safe password distribution, and reviews the common mistakes that help desks and system administrators make when issuing new passwords.  Continue Reading

• The pros and cons of PKI and two-factor authentication methods

  There are myriad authentication methods to choose from today; learn the pros and cons of two such methods, Public Key Infrastructures and two-factor authentication systems, and how each system helps validate user identities, in this identity and ...  Continue Reading

• Designing an architecture for FTP file transfer

   Continue Reading

• Testing a security patch

  Learn tool and techniques you can use to test a security patch prior to deployment.  Continue Reading

• How much time does it take to prepare for the CISSP?

   Continue Reading

• How does 'arbitrary code' exploit a device?

   Continue Reading

• The detection and prevention of split tunneling

   Continue Reading

• Disabling split tunneling for secure remote access

   Continue Reading

• The difference between a two-tier and a three-tier firewall

   Continue Reading

• The risk of allowing UDP traffic through a layered firewall architecture

   Continue Reading

• The dangers of open port 139

   Continue Reading