April 2009

• April 13, 2009 13 Apr'09

  HIPAA compliance manual: Training, audit and requirement checklist

  In this HIPAA compliance manual you will recieve advice on how to prepare for a security audit as well as a checklist for HIPAA training, gudielines and requirements.  Continue Reading

• April 13, 2009 13 Apr'09

  Entrust to be acquired by investment firm

  Entrust Inc. agreed to be acquired by private investment firm Thoma Bravo LLC in a deal valued at $114 million.  Continue Reading

• April 09, 2009 09 Apr'09

  New Conficker variant has ties to Storm botnet

  Conficker.E drops the malicious Waledac worm giving it the ability to spread to other vulnerable machines, and ultimately send spam.  Continue Reading

• April 09, 2009 09 Apr'09

  Microsoft to issue eight security bulletins, five critical

  Software giant will release eight security bulletins next week, including five critical ones affecting Windows, Excel and Internet Explorer.  Continue Reading

• April 08, 2009 08 Apr'09

  PCI DSS Q&A: Answering your questions

  Payment Card Industry Data Security Standard (PCI DSS) expert Ed Moyle of CTG recently joined SearchSecurity.com for a live Q&A to address your ...  Continue Reading

• April 08, 2009 08 Apr'09

  Information Security magazine April 2009 issue PDF

  Download the April 2009 issue of Information Security in PDF format.  Continue Reading

• April 08, 2009 08 Apr'09

  Experts alarmed over U.S. electrical grid penetration

  Russian and Chinese probing of the U.S. electrical grid has prompted a call on lawmakers to act quickly to strengthen cybersecurity of the nation's critical infrastructure.  Continue Reading

• April 07, 2009 07 Apr'09

  Kerberos configuration as an authentication system for single sign-on

  Looking to implement single sign-on in your enterprise, but have a lot of custom applications that don't seem compatible? In this tip, IAM expert David Griffeth takes a look at Kerberos, a non-proprietary IAM tool, as a solution to network ...  Continue Reading

• April 07, 2009 07 Apr'09

  How to perform a network forensic analysis and investigation

  Situation: A breach has occurred at your enterprise, and you need to gather relevant data, fast. What tools can you use to get the job done? In this expert response, Mike Chapple gives pointers on which network forensic analysis tools can help.  Continue Reading

• April 06, 2009 06 Apr'09

  Imperva assigns security risk levels to databases

  The latest version of Imperva's SecureSphere software assigns a risk score to databases based on data sensitivity, misconfiguration issues and database vulnerabilities.  Continue Reading

• April 06, 2009 06 Apr'09

  Preparing enterprise Wi-Fi networks for PCI compliance

  The Payment Card Industry Data Security Standard (PCI DSS) requires several key measures are in place to protect transaction data on enterprise Wi-Fi networks. In this special tip from Forrester Research, Senior Analyst John Kindervag details what ...  Continue Reading

• April 04, 2009 04 Apr'09

  Conficker leaves security industry looking clueless

  The true Conficker story may well turn into an introspective of the security industry. It should start with hard questions of security vendors and service providers.  Continue Reading

• April 03, 2009 03 Apr'09

  What are the security risks of Windows Vista RSS functionality?

  The RSS support in Windows Vista exposes feed handling and management to other Windows applications. However, any technology that allows data to be shared across applications carries risks, says expert Michael Cobb.  Continue Reading

• April 03, 2009 03 Apr'09

  What does 'invoked by uid 78' mean?

  Are you seeing a 'uid 78' in your emails? In this expert response, Michael Cobb explains what the message means.  Continue Reading

• April 03, 2009 03 Apr'09

  Attackers target new Microsoft PowerPoint zero-day flaw

  Microsoft said it is aware of limited, targeted attacks against a new PowerPoint zero-day flaw that surfaced Thursday. The software giant hasn't ruled out an out-of-cycle patch.  Continue Reading

• April 03, 2009 03 Apr'09

  What are the best practices for IPS implementation?

  Implementing an intrusion prevention system can be a tricky proposition. Network expert Mike Chapple explains some common IPS deployment challenges.  Continue Reading

• April 03, 2009 03 Apr'09

  How to prevent DDoS attacks on websites

  Expert Mike Chapple reviews actions that you can take to protect yourself against large-scale DDoS attacks.  Continue Reading

• April 03, 2009 03 Apr'09

  How to configure firewall ports for webmail system implementation

  Network security expert Mike Chapple explains why he always recommends placing any server accessible from the Internet into the DMZ.  Continue Reading

• April 03, 2009 03 Apr'09

  Can S/MIME, XML and IPsec operate in one protocol layer?

  It is possible to build security systems that reside within a single layer of the OSI model, but why limit yourself?  Continue Reading

• April 03, 2009 03 Apr'09

  How should service providers address VoIP security issues and threats?

  Many VoIP providers do not offer encryption services due to the difficulty inherent in encrypting voice traffic. Network security expert Mike Chapple explains what you can do to secure voice over IP networks.  Continue Reading