Ask the Experts

Ask the Experts

• Can the patching cycle keep up with so many zero-day exploits?

  With the growing body of malware and zero-day exploits, is the patching process really sustainable? Threats expert Nick Lewis weighs in.  Continue Reading

• How to thwart a drive-by cache attack

  Threats expert Nick Lewis explains how a drive-by cache attack can infect user machines, and what you can do to prevent it from infiltrating your enterprise.  Continue Reading

• How to remove Trojan malware without a Trojan signature

  When it comes to removing Trojans, having strong infection-remediation practices is key. Threats expert Nick Lewis gives tips.  Continue Reading

• Next-gen firewall vs. UTM device: Which is better for Web 2.0 risks?

  How does a next-gen firewall differ from a UTM device, and how does each stack up against Web 2.0 risks?  Continue Reading

• Will independent endpoint protection review improve products?

  ICSA Labs recently announced a new endpoint security certification. Could it help improve endpoint security products?  Continue Reading

• Network security metrics: Basic network security controls assessment

  Get advice on how to devise appropriate network security metrics for your enterprise from expert Mike Chapple.  Continue Reading

• Cloud computing providers and PCI virtualization requirements

  Find out how enterprises should approach cloud computing providers following the debut of the PCI virtualization requirements.  Continue Reading

• Can the VMware PCI Compliance Checker assess my compliance posture?

  The VMware PCI Compliance Checker claims to assess the compliance of a VMware virtual environment. Does it work? SearchSecurity has the answer.  Continue Reading

• PCI Requirement 12.8.2: When is client compliance necessary?

  Find out whether the PCI 12.8.2 requirement forces an organization working with a payment card merchant to become compliant.  Continue Reading

• Cloud computing PCI compliance: Is it possible?

  Is enterprise cloud computing PCI compliance possible? Discover how to use cloud computing and be PCI DSS-compliant.  Continue Reading

• Comparing certifications: ISO 27001 vs. SAS 70, SSAE 16

  Learn about ISO 27001 vs. SAS 70, and why enterprises should pay attention to SSAE 16 over SAS 70.  Continue Reading

• Is laptop remote wipe needed for effective laptop data protection?

  Expert Michael Cobb explains how laptop remote wipe technology can ease data loss fears, but shouldn’t be solely relied upon.  Continue Reading

• Is Internet Explorer 9 security better than alternative browsers?

  IE security hasn’t always been great. However, expert Michael Cobb explains why Internet Explorer 9 may be the most secure browser out there.  Continue Reading

• Secure coding best practices: PHP and programming language security

  Michael Cobb explains how proper secure coding training is much more important than PHP programming language security.  Continue Reading

• How to mitigate the risk of a TOCTTOU attack

  Are TOCTTOU attacks, exploiting time-of-check-to-time-of-use race conditions, a threat to your enterprise file systems? Expert Michael Cobb discusses the dangers and how to mitigate them.  Continue Reading

• How MAC and HMAC use hash function encryption for authentication

  Hash function encryption is the key for MAC and HMAC message authentication. See how this differs from other message authentication tools from expert Michael Cobb.  Continue Reading

• Is full-disk server encryption software worth the resource overhead?

  While encrypting production servers may seem like a good security move, according to Anand Sastry, doing so may not be worth the resources it uses.  Continue Reading

• How to set up SFTP automation for FTP/DMZ transfer

  Transferring files from a DMZ to an internal FTP server can be risky. In this expert response, Anand Sastry explains how to use SFTP automation to lock it down.  Continue Reading

• SSL alternatives? Crafting Web-security programs for emerging threats

  Expert Nick Lewis reacts to breaches at SSL certificate issuers and tackles whether enterprises should turn to SSL alternatives.  Continue Reading

• Evolution of online banking malware: Tatanarg Trojan and OddJob Trojan

  Online banking credentials are one of the most lucrative bits of information available to steal. Expert Nick Lewis advises how to keep cutting-edge Trojans off company machines.  Continue Reading

• Locate IP address location: How to confirm the origin of a cyberattack

  What's the best way to determine the origin of a cyberattack? Expert Nick Lewis weighs in.  Continue Reading

• How to protect intellectual property from hacker theft

  More hackers are targeting corporate IP over SSNs and card data. Expert Nick Lewis explains how to protect intellectual property in the enterprise.  Continue Reading

• How to set up a site-to-site VPN to coexist with a DMZ

  When setting up a site-to-site VPN, where should the VPN endpoint be in the DMZ? Learn more in this expert response.  Continue Reading

• IPv6 malware: With the transition, will IPv6 spam increase?

  The transition from IPv4 to IPv6 could have some unintended negative consequences for security.  Continue Reading

• Can any one endpoint security system prevent all types of Web attacks?

  Is there one tool that combines all the functionalities needed to protect against Web-based attacks? Expert Nick Lewis weighs in.  Continue Reading

• IEEE 802.11: Handling the standard's wireless network vulnerabilities

  IEEE 802.11 has several known vulnerabilities, so what's the best way for enterprises to handle them? Expert Anand Sastry explains.  Continue Reading

• How to protect against the Bredolab virus Trojan in job applications

  Learn more about a recent Bredolab Trojan exploit involving online job applications, and how you can protect your organization from such threats.  Continue Reading

• Will host-based intrusion detection software replace signature IDS?

  As signature-based IDS becomes less effective, is host-based IDS the best option to replace it? Expert Anand Sastry weighs in.  Continue Reading

• Hop-by-hop encryption: A safe enterprise email encryption option?

  Learn how hop-by-hop encryption gives enterprises the opportunity to send encrypted emails to large amounts of employees without a digital signature for each email from expert Michael Cobb.  Continue Reading

• How Microsoft security assessment tools can benefit your enterprise

  Expert Michael Cobb explains how Microsoft security assessment tools can find and help your enterprise fix vulnerabilities in its Windows environment.  Continue Reading

• Microsoft security check: Is a Redmond Internet health check viable?

  While it would be nice to check every computer for malware before allowing it on the Internet, expert Nick Lewis details why this is problematic.  Continue Reading

• OddJob Trojan: Different from other online security banking threats?

  What particular risks does the OddJob Trojan pose to the security of financial transactions over the Web? Expert Nick Lewis explains.  Continue Reading

• URL shortening security best practices

  Expert Michael Cobb weighs in on risks you may not know about with shortened URLs from TinyURL or Bit.ly.  Continue Reading

• How to ensure the security of financial transactions online

  Financial transactions are some of the most high-risk activities performed online. Expert Nick Lewis gives advice to financial firms on how they can prevent online transaction fraud.  Continue Reading

• Enterprise antivirus comparison: Is cloud-based antivirus better?

  Cloud-based antivirus has pros and cons, but, on the whole, can it be more effective than regular antivirus products? Learn more from expert Nick Lewis.  Continue Reading

• Zero-day attack protection for Microsoft Graphics Rendering Engine

  How vulnerable is the Windows Graphics Rendering Engine, and how should companies address recent zero-day attacks? Learn more in this expert response.  Continue Reading

• MHTML security for Internet Explorer: Worth disabling MHTML IE?

  Threats expert Nick Lewis discusses a recent vulnerability in MHTML security, and whether disabling the MHTML IE function is the best defense tactic.  Continue Reading

• Virtualized behavior-based monitoring: Improving performance visibility

  Learn about virtual behavior-based monitoring tactics, which allow for easy anomaly detection and can help defend a virtualization infrastructure.  Continue Reading

• Learn how to utilize a free spam-filtering service for your SMB

  Learn how a Web-based free spam-filtering service can secure email and prevent spam from attacking your enterprise.  Continue Reading

• Free Web application vulnerability scanners to secure your apps

  Expert Michael Cobb points to several free Web application vulnerability scanners to help prevent SQL injection or XSS exploits.  Continue Reading

• How an IIS Web application pool can help secure your enterprise

  Did you know an IIS Web application pool not only helps manage your applications, but also makes them more secure? Expert Michael Cobb explains the benefits of Web application pools.  Continue Reading

• What is SQL Server Atlanta?

  Have you heard about Microsoft’s cloud-based SQL Server Atlanta service? Expert Michael Cobb discusses how Atlanta can help improve performance and security.  Continue Reading

• Debug and test Web applications using Burp Proxy

  The Burp Proxy tool, part of the Burp Suite, has many useful features that test Web application security. Learn how to start using Burp Proxy.  Continue Reading

• Rating Windows 7 mobile device encryption

  Is it true that Windows 7 mobile device encryption isn’t on-board? How does that affect the phones’ security? Expert Michael Cobb looks at how mobile encryption is vital to enterprise security.  Continue Reading

• Which is best: An infosec certification or an IT security degree?

  Which will be more likely to further your infosec career: A certification, or an advanced degree? Expert Ernie Hayden weighs in.  Continue Reading

• Wireless key security: How to lock down enterprise wireless networking

  In this expert response, Mike Chapple presents guidelines for wireless key security, including choosing the most secure wireless key possible.  Continue Reading

• How to find a real IP address using proxy server logs

  While using proxy server logs to identify the real IP address of an attacker using a proxy server is technically easy, there are other difficulties along the way. Expert Mike Chapple explains.  Continue Reading

• Getting started with a DNSSEC implementation

  The many well-publicized flaws in DNS make implementing DNSSEC even more vital. In this expert response, Mike Chapple explains the enterprise basics for a DNSSEC implementation.  Continue Reading

• Can rootkit detection mechanisms stop the Blue Pill?

  At Black Hat 2006, researcher Joanna Rutkowska unveiled a piece of machine-based malware called the Blue Pill. But is it a serious threat to your operating system? Ed Skoudis explains in this expert Q&A.  Continue Reading

• How to defend against pivot attacks in the enterprise

  Nick Lewis explains what a pivot attack is and tells how to go about defending your organization against this threat.  Continue Reading

• Can threat modeling tools help with securing mobile applications?

  When developing enterprise applications, do you know the quickest way to bridge the gap between an information security team and a development group?  Continue Reading

• Social networking best practices for preventing social network malware

  Get advice on social networking security best practices that can help prevent data leaks and other social network malware that could harm to your enterprise.  Continue Reading

• Google 'Gchat' security and Internet application security best practices

  Users in the enterprise may unknowingly be exposed to 'Gchat' security risks. Expert Michael Cobb discusses Internet application security best practices that can help protect enterprise users.  Continue Reading

• Valuable third-party patch deployment software, tools

  Do you know some of the best third-party patch deployment tools? See expert Michael Cobb's recommendations on which tools would work best for your enterprise.  Continue Reading

• Secure cloud file storage for health care: How to regain control

  Should health care organizations endorse the use of secure cloud file storage? Michael Cobb offers advice on establishing governance processes for cloud-based services.  Continue Reading

• Guidance on dual-homed server security

  Learn more about how a dual-homed server operates, and what security restrictions it entails in this expert response from Anand Sastry.  Continue Reading

• How to monitor network traffic: Appliance placement and choke points

  Monitoring network traffic is crucial, but where's the best place to put network monitoring tools? Expert Anand Sastry gives advice.  Continue Reading

• Security/virtualization concerns: Where to place a firewall connection

  Is it worthwhile to place signature-based blocking technology before a firewall connection? Learn more in this expert response from Anand Sastry.  Continue Reading

• How to create a secure conference room with a WLC/NAC configuration

  Conference rooms are often hosts to corporate-owned and guest devices, so what 's the best secure authentication setup? Security pro Anand Sastry weighs in.  Continue Reading

• Do gigabyte converter and SPF records present a security threat?

  Do gigabyte interface converters or sender policy framework transceivers retain any of the information that passes through them? Network security expert Anand Sastry explains.  Continue Reading

• Best practices for information security reward incentive programs

  While employee termination may be necessary in cases of insecure conduct, most employees are more encouraged by the carrot than the stick when it comes to security and compliance.  Continue Reading

• Using a Web application honeypot to boost security for Web applications

  Honeypots can be a valuable tool for logging and analyzing intrusions, but do you know the disadvantages to setting up a honeypot? Expert Michael Cobb explains some honeypot best practices.  Continue Reading

• Can honeypots for network security detect a P2P botnet?

  Honeypots can be a great network security tool, but are they capable of detecting a P2P botnet? In this expert response, Nick Lewis details how and what kind of threats a honeypot can identify.  Continue Reading

• Using virtual test labs for virtual software testing

  Do you know of virtualization that reduces your investment in hardware, space and general overhead? Virtual test labs can do just that. Expert Michael Cobb explains virtual software testing and how it can benefit your enterprise.  Continue Reading

• Merger management: How to handle potential merger threats to security

  During a merger, management of information security becomes even more crucial in order to mitigate threats, including the many new insiders and attentive attackers that want to take advantage of holes in the companies' infosec integration.  Continue Reading

• Smishing: How to protect enterprises from SMS fraud

  Learn more about protecting enterprises from smishing, or SMS fraud, in this expert response from Nick Lewis.  Continue Reading

• Virtualization security concerns: The threat of hypervisor malware

  What is hypervisor malware, and how worried should enterprises employing virtualization be about it? Threats expert Nick Lewis explains.  Continue Reading

• Can I trace email origin locations to thwart email attachment viruses?

  Can tracing an email back to its origin help to prevent the threat of future viruses via email? Learn more in this expert response.  Continue Reading

• Latest computer virus count: Does more malware mean greater threat?

  With the number of viruses reaching an all-time high, how should enterprises react to sustain information security? Threats expert Nick Lewis weighs in.  Continue Reading

• Is a full vulnerability disclosure strategy a responsible approach?

  When it comes to vulnerability disclosure, is it responsible for an infosec research firm to release all the details of a flaw before patching measures are in place? Expert Nick Lewis examines the question in this response.  Continue Reading

• Validating ERP system security and ERP best practices

  Is your ERP system security effective? How can you be sure? Expert Mike Cobb offers up some ERP security best practices.  Continue Reading

• Computer hijacking: Protecting against the Microsoft DLL download flaw

  If exploited, the Microsoft DLL load-hijacking flaw could allow attackers to execute arbitrary code on machines. In this expert response, Nick Lewis explains how to protect against this vulnerability.  Continue Reading

• With EMET, Microsoft ranges beyond mitigation security technology

  The Enhanced Mitigation Experience Toolkit is designed to help improve your enterprise application security. See how the EMET toolkit can help protect older Windows systems.  Continue Reading

• Are RealPlayer, Adobe Shockwave vulnerability risks too great for the enterprise?

  Adobe Shockwave and RealNetworks RealPlayer are fun and convenient for enterprise users, but are their vulnerabilities worth the risk of having them?  Continue Reading

• Adobe Flash alternatives: The best way to avoid Adobe Flash malware?

  It's no secret that Adobe Flash is plagued with malware, so, do enterprises really need it? In this expert response, Nick Lewis discusses how you can weigh the importance of functionality and security when it comes to Flash.  Continue Reading

• Will Certificate of Cloud Security Knowledge boost cloud security best practices?

  The Cloud Security Alliance has created a new certification to help promote cloud security best practices. Platform security expert Michael Cobb explains whether it's worth obtaining.  Continue Reading

• What is DLL? It's more than a new and improved .EXE file

  You see the term dynamic-link libraries a lot, but what is DLL and is it secure?  Continue Reading

• What does the Stuxnet worm mean for SCADA systems security?

  SCADA systems have been highlighted in recent months for their insecurities, perhaps most notably with the release of the Stuxnet worm targeting them directly. But is the Stuxnet worm unique, or simply a sign of SCADA insecurity? Learn more in this ...  Continue Reading

• Creating a third-party security policy to prevent a software exploit

  Third-party software vulnerabilities are one of the most likely attack vectors in the information security landscape today. In this expert response, Nick Lewis discusses how to prevent these vulnerabilities from becoming exploits.  Continue Reading

• Prevent a privilege escalation attack with database security policy

  Privilege escalation attacks are dangerous wherever they occur, but can be particularly harmful if run in a database. Learn more from threats expert Nick Lewis.  Continue Reading

• Seeking an ethical hacking career: How to learn ethical hacking

  In this expert response, Nick Lewis explains what an ethical hacker is and what skills such a hacker needs to be successful and compliant with the law.  Continue Reading

• Managing remote workers: Musts for setting up a secure home network

  Is it the enterprise's responsibility to ensure that remote workers' home networks are secure? And, if so, how should they do it? Get expert advice from Nick Lewis.  Continue Reading

• Windows Server 2008 migration: Is it essential?

  While many experts say the Windows Server 2008 operating system is Microsoft's most secure OS yet, expert Michael Cobb explains why a migration may not be essential for all companies.  Continue Reading

• How to use Wget commands and PHP cURL options for URL retrieval

  When TCP or HTTP connections aren't behaving as expected, free tools like Wget and cURL can help with URL retrieval. Learn more in this expert response from Anand Sastry.  Continue Reading

• Can regional banking Trojans hide from signature-based antivirus?

  Signature-based antivirus is useful for detecting many different kinds of malware, but has a notoriously difficult time tracking regional malware. In this expert response, Nick Lewis explains how regional banking Trojans elude detection and what ...  Continue Reading

• Does Internet protocol version 6 (IPv6) make applications more secure?

  Will an enterprise transitioning to IPv6 automatically make applications more secure? In this expert response, learn what an IPv6 implementation can and cannot do for application security.  Continue Reading

• Security for Windows XP: Knowing when to update a Windows version

  Is Windows XP still secure enough for enterprise use, or should infosec pros be updating to more secure Windows versions as soon as possible? Threats expert Nick Lewis weighs in.  Continue Reading

• Perform a Windows Active Directory security configuration assessment

  How secure is your configuration of Active Directory? Learn how to perform a security configuration assessment on such a directory in this expert response .  Continue Reading

• UTM appliances: How to choose among UTM vendors

  Choosing a UTM appliance is a big job, as testing can take months and the costs aren't negligible. In this expert response, get advice on how many UTM devices to test, and what to consider during the testing process.  Continue Reading

• HTTP vs. HTTPS: Is digital SSL certificate cost hurting Web security?

  Learn why a digital SSL certificate could be the reason preventing many users from utilizing HTTPS.  Continue Reading

• How to keep messages secure with an email digital certificate

  Using an email digital certificate can help protect important information from being read by anyone except the intended recipient.  Continue Reading

• After Facebook attack, has the threat of clickjacking attacks increased?

  Learn more about the recent Facebook attack, and how clickjacking attacks in general can affect enterprise information security in this expert response from Nick Lewis.  Continue Reading

• How does DNA cryptography relate to company information security?

  What is DNA cryptography, and would it be an effective method for us in enterprise information security? IAM expert Randall Gamby discusses how DNA cryptography works and how to use it.  Continue Reading

• Is there antivirus software that detects malware files via database files?

  Is malware that contains database files easier to detect than other types of malware? Threats expert Nick Lewis explains.  Continue Reading

• How to stop a DoS attack against a key server

  When a disgruntled former employee decides to wreak havoc on a network with a DoS attack, there are a few quick steps you can take to minimize the damage. Learn more in this expert response.  Continue Reading

• Utilizing a hash function algorithm to help secure data

  Learn how a hash function algorithm -- specifically a one-way hash function of the Dynamic SHA-2 algorithm -- can help protect important documents using a variety of hashes to confuse malicious code.  Continue Reading

• Cisco network appliance security: Does 'self-defending' network stack up?

  Cisco has for years touted its concept of a "self-defending" network, but what does it actually entail? In this expert response, Anand Sastry explains what "self-defending" means (at least, according to vendors), and whether it's really possible.  Continue Reading

• Why it's important to turn on DEP and ASLR Windows security features

  In the quest for application security, many developers are disabling or incorrectly implementing two important Windows security features. In this expert response, Michael Cobb explains why ASLR and DEP should always be turned on.  Continue Reading

• What to include in a remote access audit

  When conducting a remote access audit, there are specific questions you should be sure to ask to make sure everything is secure. In this expert response, Randall Gamby describes what to look for.  Continue Reading

• Will biometric authentication devices integrate with in-house software?

  Biometric devices may provide an added level of security, but how much effort is required to integrate them with existing software and systems, particularly those systems custom made for an organization? Learn more in this expert response from ...  Continue Reading