Ask the Experts

Ask the Experts

• Defining your security certification objective

  In this SearchSecurity.com Q&A, security management expert Mike Rothman discusses which security certifications, such as CISSP and CISA, comply with specific objectives.  Continue Reading

• How does SSL 'sit' between the network layer and application layer?

  SSL is neither a network layer protocol nor an application layer protocol. In this SearchSecurity.com Q&A, Michael Cobb explains how SSL "sits" between both layers.  Continue Reading

• How secure is the Windows registry?

  In this SearchSecurity.com Q&A, platform security expert Michael Cobb explains the weaknesses of the Windows registry and explores other OS alternatives.  Continue Reading

• Does SMS spoofing require as much effort as email spoofing?

  SMS text message spoofing demands a little more technical knowledge than email spoofing. But not much, says information security threat expert Ed Skoudis. In this Q&A, Skoudis explains how that technical know-how has now been embedded in easy-to-use...  Continue Reading

• Will log-in form data posted to an SSL page always be encrypted?

  If a Web page login form is not SSL-protected, but the login data is posted to an SSL page, is the information encrypted and safe? Not at all, says Michael Cobb in this SearchSecurity.com Q&A.  Continue Reading

• Should third-party software tools be used to customize applications?

  Many features and functions required for today's network-ready applications can be purchased at a fraction of the cost that it would take to build them independently. But are they safe enough? Application security expert Michael Cobb explains.  Continue Reading

• Are one-time password tokens susceptible to man-in-the-middle attacks?

  In this SearchSecurity.com Q&A, security pro Joel Dubin discusses the vulnerabilities of one-time password (OTP) token authentication, including man-in-the-middle attacks.  Continue Reading

• What risks are associated with biometric data, and how can they be avoided?

  In this SearchSecurity.com Q&A, security expert Joel Dubin examines the pros and cons of implementing biometric data and explains how to avoid risks associated with the technology.  Continue Reading

• Is it safe to use remote access tools to grant system access?

  In this SearchSecurity.com Q&A, security expert Joel Dubin discusses remote access tools and examines whether or not these products can have negative effects.  Continue Reading

• What evaluation criteria should be used when buying a firewall?

  Choosing a firewall for the enterprise isn't always easy. In this expert Q&A, Mike Chapple provides three important points to consider before deciding on a product.  Continue Reading

• Is the Storm worm virus still a serious threat?

  Today, attackers continue to have success with the Storm worm and its many variations, using the malware to strengthen their nasty botnets. In this SearchSecurity.com Q&A, expert Ed Skoudis explains why these rather run-of-the-mill attacks are still...  Continue Reading

• What are the risks of turning off pre-boot authentication?

  In this SearchSecurity.com Q&A, identity management and access control expert Joel Dubin discusses the dangers associated with turning off pre-boot authentication (PBA)?  Continue Reading

• What are the pros and cons of outsourcing email security services?

  In this SearchSecurity.com Q&A, application security expert Michael Cobb explains whether it's right for your organization to hand off email security services to another provider.  Continue Reading

• How to select a penetration tester

  Penetration testing tools can simulate attacks and help organizations get an idea of their security vulnerabilities. In this SearchSecurity.com Q&A, platform security expert Michael Cobb explains what you should be getting out of your penetration ...  Continue Reading

• What is the best organizational model for an IT security staff?

  In this SearchSecurity.com Q&A, security management expert Mike Rothman unveils the essential policies, procedures and job functions that contribute to the successful functionality of an IT security staff.  Continue Reading

• What are the pros and cons of using an email encryption gateway?

  In this SearchSecurity.com Q&A, security management expert Mike Rothman discusses the pros and cons of using an email encryption gateway to prevent data leakage.  Continue Reading

• What are the potential risks of giving remote access to a third-party service provider?

  In this SearchSecurity.com Q&A, identity management and access control expert Joel Dubin discusses the potential risks involved with providing remote access to a third-party service provider.  Continue Reading

• Is the use of digital certificates with passwords considered two-factor authentication?

  In this SearchSecurity.com Q&A identity management and access control expert Joel Dubin identifies the factors that contribute to two-factor authentication, such as smart cards and digital certificates.  Continue Reading

• How to test an enterprise single sign-on login

  In this SearchSecurity.com Q&A, identity management and access control expert Joel Dubin examines the best ways to test an enterprise single sign-on (SSO) login.  Continue Reading

• Creating a personal digital certificate

  In this SearchSecurity.com expert Q&A, identity management and access control pro Joel Dubin discusses the pros and cons associated with creating a personal digital certificate.  Continue Reading

• What are the drawbacks to application firewalls?

  Application-layer firewalls examine ingoing and outgoing traffic more carefully than traditional packet-filtering firewalls, so why are some holding back on deployment? In this SearchSecurity.com Q&A, Michael Cobb reveals some cost and performance ...  Continue Reading

• What should be done with a RAID-5 array's failed drives?

  Even one failed drive in a RAID-5 array can present an enterprise with serious data protection concerns. In this SearchSecurity.com Q&A, expert Michael Cobb explains which policies can protect and recover RAID-5 data.  Continue Reading

• How secure are document scanners and other 'scan to email' appliances?

  Copiers and document scanners have always posed challenges for information security teams. In this SearchSecurity.com Q&A, Michael Cobb reveals how the right policies can control the use (and abuse) of these devices.  Continue Reading

• What are the alternatives to RC4 and symmetric cryptography systems?

  In this SearchSecurity.com Q&A, network security expert Mike Chapple explains how RC4 encryption stacks up against public key cryptography.  Continue Reading

• What policies will prevent employees from leaking sensitive data?

  In this SearchSecurity.com Q&A, security management expert Mike Rothman outlines the necessary policies and procedures that corporations should enforce to protect customer information, prevent data leakage and comply with employee privacy rights.  Continue Reading

• How can header information track down an email spoofer?

  Spammers can use spoofed headers to hide the true origin of unwanted email. In this SearchSecurity.com Q&A, application security expert Michael Cobb explains how to trust where a message is coming from.  Continue Reading

• Can a certificate authority be trusted?

  In this expert Q&A, Ed Skoudis reveals what research needs to be done before importing a certificate into your browser.  Continue Reading

• Can keyloggers monitor mouse clicks and keyboard entries?

  Keyloggers may be a security manager's best friend, especially if he or she wants to monitor an employee's keyboard entries. Keyloggers can't do it all, though, says application expert Michael Cobb.  Continue Reading

• Is it possible to prevent email forwarding?

  For professionals who send sensitive information through email, it may be useful to prevent message forwarding. Not so fast, says Ed Skoudis. SearchSecurity.com's information security threat expert explains the limitations of SMTP and why you may ...  Continue Reading

• How vulnerable are network printers?

  Security personnel often don't give network printers much attention; after all, they are "only printers." In this SearchSecurity.com Q&A, Ed Skoudis explains why such devices are, in fact, a juicy target and need to be properly patched and hardened.  Continue Reading

• What is an Nmap Maimon scan?

  Systems are often designed to hide out on a network. In this SearchSecurity.com Q&A, network security expert Mike Chapple explains how Nmap Maimon scans can get a response out of them.  Continue Reading

• Is a digital watermark a legitimate authentication factor?

  Identity management and access control expert Joel Dubin explores how reliable a digital watermark is when acting as a authentication factor.  Continue Reading

• Are knowledge-based authentication systems doing more harm than good?

  In this SearchSecurity.com Q&A, security expert Joel Dubin examines if the password security policies used in knowledge-based authentication systems are doing more harm than good.  Continue Reading

• Choosing the right public key algorithm: RSA vs. Diffie-Hellman

  In this SearchSecurity.com expert response, Joel Dubin explores two different public key encryption algorithms and discusses how to make the right choice for your information security needs.  Continue Reading

• How to keep packet sniffers from collecting sensitive data

  In this SearchSecurity.com Q&A, network security expert Mike Chapple reveals two important actions that can protect users from packet sniffers and other eavesdropping attacks.  Continue Reading

• How do a DMZ and VPN work together?

  In this SearchSecurity.com Q&A, network security expert Mike Chapple explains the three distinct network zones in a typical firewall scenario and reveals how the DMZ and VPN, in particular, co-exist.  Continue Reading

• How to verify 140-2 (FIPS 140-2) compliance

  In this SearchSecurity.com Q&A, identity management and access control expert, Joel Dubin, discuses several ways to verify that Federal Information Processing Standard 140-2 is being enforced.  Continue Reading

• Are rogue DHCP servers a serious network risk?

  Rogue DHCP servers can cause everything from a network outage to an outright interception of network traffic. In this SearchSecurity.com Q&A, network security expert Mike Chapple explains the seriousness of the threat and reveals which tools can ...  Continue Reading

• Can ADFS technology manage multiple-user authentication?

  In this SearchSecurity.com Q&A, Joel Dubin, expert in identity management and access control, addresses multiple aspects of ADFS systems, including the technology's ability to authenticate multiple users to a Web application.  Continue Reading

• What's the difference between CompTIA and CISSP certifications?

  In this SearchSecurity.com Q&A, security management expert Mike Rothman discusses the difference between security certifications, and how much influence, if any, these credentials hold in the field.  Continue Reading

• Why can't antimalware tools scan inside virtual machines?

  You'd think that it would be easy for an antimalware tool to see what's going on inside a virtual workstation. Unfortunately, it's not. In this expert Q&A, Ed Skoudis explains the difficulty of scanning a guest virtual machine.  Continue Reading

• How can attackers exploit RSS software flaws?

  RSS syndication feeds are a convenient way to get your news, blogs or other favorite content, but these popular tools are often left exposed. In this SearchSecurity.com Q&A, Ed Skoudis explains how malicious hackers can attack RSS software and ...  Continue Reading

• How can hackers bypass proxy servers?

  Hackers are bypassing proxy servers all the time and doing so for a variety of reasons. In this SearchSecurity.com expert Q&A, Ed Skoudis points out the holes in your protective filtering tools.  Continue Reading

• What are the best ways to block proxy server sites?

  Proxy services allow employees to view unauthorized content, but the proxies themselves and the sites that list them are tricky to detect. In this SearchSecurity.com Q&A, learn how some content monitoring tools can help block proxy server sites.  Continue Reading

• What's the harm in removing the RFID chip in credit cards?

  If you're concerned that a credit card's RFID chip is putting your personal data at risk, why not just drill the darn thing out? Not so fast, says Joel Dubin. In this SearchSecurity.com Q&A, the identity management and access control expert ...  Continue Reading

• How to ensure that an SSL connection protects sensitive Web data

  In this expert Q&A, application security pro Michael Cobb explains how to secure sensitive Web site data that is sent across the Internet.  Continue Reading

• Are USB storage devices a serious enterprise risk?

  USB drives are common gifts at conferences and trade shows, but how much of a danger are they to your enterprise's network security? In this expert Q&A, Michael Cobb explains the risks of these storage devices and how to control their use.  Continue Reading

• What are the risks of placing enterprise users in a DMZ?

  A demilitarized zone protects systems from an affected server, but enterprise users themselves should have no place in the DMZ. In this expert Q&A, Mike Chapple explains where they belong.  Continue Reading

• What are the benefits of a tunnelless VPN?

  In this SearchSecurity.com Q&A, network security expert Mike Chapple reviews two common tunnelless VPNs: Secure Sockets Layer (SSL) and Group Encrypted Transport (GET).  Continue Reading

• What are common kinds of mobile spyware?

  When it comes to mobile spyware, there are almost too many types. Luckily, in this expert Q&A, Ed Skoudis narrows down the field and reveals how to defend against browser exploits, file droppers and keystroke loggers.  Continue Reading

• What causes buffer overflows and memory leaks in a Web application?

  Buffer overflows and memory leaks can cause serious harm to Web applications. In this SearchSecurity.com Q&A, application security expert Michael Cobb reveals how both can lead to security breaches and system compromises.  Continue Reading

• Should full disk encryption be used to prevent data loss?

  According to a Ponemon Institute survey done in August 2006, eighty-one percent of companies reported the loss of one or more laptops during a 12 month period. In this SearchSecurity.com Q&A, platform security Michael Cobb explains whether that ...  Continue Reading

• Can a TCP connection be made without an open port?

  A company may claim it has an "application" that allows computers to communicate without opening any ports, but network security expert Mike Chapple reveals whether you should believe the hype or not. Read more in this SearchSecurity.com Q&A.  Continue Reading

• Interpretting firewall security alert messages

  If you can't decipher the security alert messages from your firewall, information security threats expert Ed Skoudis can help with some of the interpretation. In this SearchSecurity.com Q&A, Ed Skoudis uses a sample alert message to explain whether ...  Continue Reading

• How does a mail server respond to fake email addresses?

  In this SearchSecurity.com Q&A, Ed Skoudis reviews the actions of a mail server when it is presented with a bogus email address.  Continue Reading

• Cross-site tracing vs. Cross-site scripting

  Cross-site tracing, slightly different from cross-site scripting, can still do some significant damage to your Web applications. In this SearchSecurity.com Q&A, information security threats expert Ed Skoudis reveals how each attack is carried out.  Continue Reading

• How should security and networking groups manage the firewall?

  When it comes to firewalls, the networking group often handles the installation, while the information security department writes the rules. Should these responsibilities be split? In this expert Q&A, security management pro Shon Harris reveals how ...  Continue Reading

• Will biometric authentication replace the password?

  Some security observers say user IDs and passwords are obsolete and can be easily cracked, but that doesn't mean you should fire up biometric authentication projects just yet. In this SearchSecurity.com Q&A, identity management and access control ...  Continue Reading

• Can single sign-on (SSO) provide authentication for remote logons?

  If you're accessing multiple applications through a remote Citrix server, you have two options. Identity management and access control expert Joel Dubin explains both in this SearchSecurity.com Q&A.  Continue Reading

• Is Sender ID an effective email authentication tool?

  Sender ID, used by five million domains, can significantly counter spammers and phishers, but is it the best antispam technology? In this expert Q&A, Michael Cobb reveals the pros and cons of the email authentication framework.  Continue Reading

• Do XPath injection attacks require the same response as SQL injections?

  XPath injection attacks are slightly different (and more dangerous) than SQL injections. In this SearchSecurity.com Q&A, application expert Michael Cobb reveals the preventative steps that can protect your systems from either type of assault.  Continue Reading

• What are application logic attacks?

  In 2005, application logic flaws allowed alert, Web-savvy gamblers the chance to win a lot of money. In this SearchSecurity.com tip, application security expert Michael Cobb examines these types of vulnerabilities and how they can lead to ...  Continue Reading

• Will two different operating systems cause administrative problems?

  Using two different operating systems can often boost a company's security, but there are practical limitations to the enterprise practice. In this expert Q&A, Michael Cobb reveals how separate platforms can lead to deployment issues and higher ...  Continue Reading

• How can rootkit hypervisors affect operating system security?

  What can rookit hypervisors do to your operating system? "Whatever their creators want!" says application security expert Michael Cobb. In this SearchSecurity.com Q&A, Cobb explains how rootkit hypervisors could defeat the security defenses of a ...  Continue Reading

• How can a call center achieve compliance with ISO 27001?

  Before you begin putting the pieces of your security program together, you may want to have a look at ISO 27001. In this expert Q&A, Shon Harris explains the framework and how it can identify and address an organization's security risks.  Continue Reading

• What enterprise tools can scan files for sensitive data?

  Given the many recent high-profile data breaches, organizations seem keen on securing their sensitive data, including credit card and social security numbers. In this expert Q&A, SearchSecurity.com's Mike Chapple reviews tools that can scan ...  Continue Reading

• Should log traffic be encrypted?

  Should you be encrypting your security log transmissions? "It depends!" explains Mike Chapple in this SearchSecurity.com expert Q&A.  Continue Reading

• What are a call center's authentication options when seeking FFIEC compliance?

  There are many ways for a call center to employ two-factor authentication and meet FFIEC standards. In this expert Q&A, Joel Dubin reviews SSL VPNs and other options for compliance-seeking call centers.  Continue Reading

• What is WiPhishing?

  In this expert Q&A, information security threats expert Ed Skoudis addresses WiPhishing and the reasons you shouldn't trust every wireless access point.  Continue Reading

• If a virtual machine is hacked, what are the consequences?

  In our expert Q&A, information security threats expert Ed Skoudis explains how attackers can compromise a virtual machine.  Continue Reading

• Access control management strategy essentials

  In our expert Q&A, Joel Dubin reviews essential components of an access management strategy and reveals how to deliver the plan to executives.  Continue Reading

• What are the criteria for a strong authentication system?

  In this Q&A, identity management and access control expert, Joel Dubin examines what components are necessary to create any secure authentication system.  Continue Reading

• How do local identity, SSO and federated identity management models differ?

  In many organizations, users have several applications that they need to log on to, each requiring distinct user IDs and passwords. In our expert Q&A, Joel Dubin explains how federated identity management and single sign-on can provide convenient ...  Continue Reading

• When choosing a digital certificate, how important is the expiration period?

  In this expert Q&A, application security pro Michael Cobb helps you plan your digital certificate policy. Cobb emphasizes the importance of keeping your Web server certificates up-to-date.  Continue Reading

• For asset management systems, is there a tool more comprehensive than Nmap?

  If you're looking for a network discovery tool, consider Nmap. There are other options for your asset management system, however, and Michael Cobb reviews them in this expert Q&A.  Continue Reading

• Which Internet protocol is more secure: FTPS or SCP?

  In this expert Q&A, Michael Cobb reviews the strengths and weaknesses of various Internet protocols. Learn the pros and cons of FTPS, SCP and SFTP.  Continue Reading

• Should an organization centralize its information security division?

  Is your organization capable of having true information security governance? In our expert Q&A, Shon Harris reveals the ideal components of a centralized security team.  Continue Reading

• What are the best options for handling segregation of duties?

  In this expert Q&A, security management expert Shon Harris explains the benefits to a separation of duties and reveals the best ways to implement tight access control within your enterprise.  Continue Reading

• What is the risk estimation model for SSL VPN implementation?

  Risk assessment is a common way to evaluate new technologies. In our SearchSecurity.com Q&A, network security expert, Mike Chapple, explains how to determine if SSL VPN implementation is right for your organization.  Continue Reading

• What tools are available to verify a patch's validity?

  Ever wonder about the source and integrity of a downloaded patch? In our expert Q&A, platform security expert, Michael Cobb, tells users about various management programs that can verify your patches.  Continue Reading

• How to secure an e-commerce Web site

  If you need to secure an e-commerce Web site, application security expert, Michael Cobb, has a place to start. In this expert Q&A, Cobb recommends the equipment that will secure your online business.  Continue Reading

• What is the cause of a wireless LAN's unsecured connection?

  In our expert Q & A, network security expert, Mike Chapple, reveals the reason behind your wireless LAN's "unsecured connection."  Continue Reading

• If email attachments are sent via SSL will they be encrypted?

  This application security Ask the Expert Q&A explains what happens to traffic that travels over an SSL connection and details how to keep email messages and attachments secure as they travel to and from email clients and SMTP servers.  Continue Reading

• What is the average cost of an MSSP?

  Looking to find the startup and maintenance costs of an MSSP? In this Ask the Expert Q&A, application security expert, Michael Cobb outlines the key issues for businesses to consider when examining managed security arrangements.  Continue Reading

• What components should an application security management system (ASMS) have?

  Is there one product that will solve all of your ASMS needs? Maybe not, but Identity Management and Access Control expert Joel Dubin reviews the three components that should be included in any application security management system, in this Ask the...  Continue Reading

• What is the best authentication method for protecting an online banking site?

  Two-factor authentication isn't bulletproof. SearchSecurity.com's Identity Management and Access Control expert Joel Dubin, reviews authentication possibilities for an e-commerce site and examines the risks involved with one time password tokens, ...  Continue Reading

• How to safely issue passwords to new users

  In this Ask the Expert Q&A, our identity management and access control expert Joel Dubin offers tips on safe password distribution, and reviews the common mistakes that help desks and system administrators make when issuing new passwords.  Continue Reading

• What are the best authentication tools for locking down a laptop?

  Stolen laptops continue to be a troublesome issue for businesses. In this Identity Management and Access Control Ask the Expert Q&A, Joel Dubin reviews the best available authentication and encryption tools for securing company laptops.  Continue Reading

• How do L2TP and PPTP differ from IPsec?

  There are different protocol options when setting up a VPN tunnel. SearchSecurity.com expert Mike Chapple reviews the choices and reveals the one that is most secure.  Continue Reading

• How can I prevent spammers from populating my mailing list?

  SearchSecurity.com's information security threats expert, Ed Skoudis, explains the workings of a spambot and teaches the strategies you need to counter spammers and clean up your mailing lists.  Continue Reading

• Can email header information be used to track down spoofers?

  Expert Mike Cobb explains how to use your received headers to trace unwanted emails.  Continue Reading

• What types of Web services can compromise Web server security?

  SearchSecurity.com expert Michael Chapple reveals how a service overload can leave your system open to attacks.  Continue Reading

• How to selectively block instant messages

  Monitoring instant messaging traffic isn't easy, especially when constantly evolving IM applications are designed to exploit firewall vulnerabilities. SearchSecurity.com's application security expert Michael Cobb reviews the best methods for taking ...  Continue Reading

• Can laptop users' offline activities be monitored?

  There is a direct solution for enterprises looking to enforce a "no USB devices" policy. SearchSecurity.com's network security expert Michael Chapple provides the answer and explains how an enterprise can monitor laptop users' offline activities.  Continue Reading

• The strengths and weaknesses of PKI and PGP systems

  PKI and OpenPGP can enhance the security of your data, but these services differ in how they manage digital certificates. SearchSecurity.com expert Michael Cobb explains the distinct strengths and weaknesses of each program.  Continue Reading

• Which public key algorithm is used for encrypting emails?

  Although PGP and S/MME both use public key encryption, Expert Joel Dubin explains PGP and S/MME's distinct approaches to e-mail coding.  Continue Reading

• What are the top five high risk areas in a network operations environment?

  Although continuity plans, encryptions, and change controls are important security concerns within an organization, they are only some of the components that make up a successful security-integrated business program. Expert Shon Harris explains.  Continue Reading

• How can I protect the sensitive information that resides on my laptop?

  Learn how to safeguard data that resides in your laptop in this Network Security Ask the Expert Q&A.  Continue Reading

• What are the security risks associated with virtual PCs?

  Since Virtual PCs enable you to run multiple operating systems simultaneously on a single piece of hardware, they can introduce risks into your networking environment. In this information security threats Q&A, Ed Skoudis examines what these risks ...  Continue Reading

• How to prevent input validation attacks

  Learn what canonicalization is and what Web developers can do to prevent input validation attacks.  Continue Reading