Information Security Learning Guides

Information security learning guides cover topics such as firewalls, Snort, VoIP, Bluetooth security, intrusion prevention, spyware, web security, network access control and more.

The staff of SearchSecurity has compiled articles by our experts targeting specific topics to create these Learning Guides that will provide you with all the resources you need in one place. 

From cloud computing risk management and PCI in cloud environments to security patch management and intrusion prevention/detection systems, you will find a plethora of information to help you conquer your organization's toughest security challenges and woes. 

Check out our extensive collection below and be sure to let us know what other guides you would like to see featured on Don't forget to bookmark this page to check back for new additions.


For comprehensive technical tutorials on key areas of interest for enterprise information security, visit's Security School course catalog.

For in-depth news analysis on the hottest and most controversial topics making headlines, see's continuing news series Eye On IT Security.

Is RDP secure? Guide to Microsoft RDP security, secure remote access
Is RDP secure? This mini learning guide examines the recent Microsoft RDP security vulnerabilities and how these problems could negatively impact an enterprise, as well as remote access security issues and best practices. 

Cloud computing and data protection: Cloud computing encryption tutorial
This cloud computing data protection guide, which is a collection of news and expert technical content, offers advice on how to secure data in the cloud and acts as a cloud computing encryption tutorial, discussing the benefits of cloud encryption, the challenges of implementing cloud encryption, as well as common use cases.'s guide to information security certifications
Navigating the security certification landscape can be dizzying. Simply identifying the vast array of offerings can be time-consuming and overwhelming, never mind determining which certification best suits your needs. This guide to infosec certifications provides an overview of the myriad options, whether you're just embarking on your journey up the infosec career ladder or wish to hone your skills in a specialized area. Updated April 2012's guide to vendor-specific information security certifications
Despite a burgeoning battery of vendor-specific security certifications, identifying which ones best suit your educational or career needs remains fairly straightforward. In this semi-annual vendor-specific certification survey, you'll find an alphabetized list of security certification programs from various vendors, a brief description of each cert and pointers to further details. We also give you some tips on choosing the right certification. Updated April 2012's guide to vendor-neutral security certifications
This information security certification guide highlights and examines the best vendor-neutral security certifications for achieving your IT career goals and and putting you on the right IT career path. Updated April 2012

HIPAA cloud computing advice: Ensuring cloud computing compliance
How can an enterprise ensure its cloud service provider is compliant with the Health Insurance Portability and Accountability Act (HIPAA)? Is it considered a business associate as defined by the HIPAA Privacy Rule? Is the provider devoted to maintaining compliance? This HIPAA cloud computing guide, brought to you from, is composed of a variety of tips that offer advice on how to ensure cloud computing compliance.

Network virtualization in the cloud: Managing virtualization security risks
This mini learning guide, brought to you by, discusses several different aspects of virtual network security, including how to evaluate virtual firewalls, network segmentation best practices and the top virtualization security risks and how organizations can manage them.

Cloud computing risk management: Assessing key risks of cloud computing
This mini learning guide discusses the potential risks of cloud computing and cloud computing risk management, including how organizations can prepare for cloud outages, conduct a cloud computing risk assessment and evaluate cloud providers.

PCI and cloud computing: Cloud computing compliance guide
In this cloud computing compliance guide, you will learn more about several aspects of PCI and cloud computing, including virtualization in the cloud, what you need to know about compliance and cloud providers, Web security in the cloud and log management.

AWS security and Amazon EC2 security tutorial
This AWS security and Amazon EC2 tutorial, brought to you by, discusses AWS security and the basics of Amazon EC2 security, including how to secure Amazon EC2 instances.

Cloud computing legal issues: Developing cloud computing contracts
This mini learning guide discusses several cloud computing legal issues and key provisions for developing, maintaining and terminating cloud computing contracts.

IPv6 tutorial: Understanding IPv6 security issues, threats, defenses
This IPv6 tutorial, brought to you by, highlights IPv6 security issues, revealing IPv6 security threats and offers tactics on how you can secure IPv6 in your organization. 

Cloud computing legal issues: Developing cloud computing contracts
This mini learning guide discusses several cloud computing legal issues and risks surrounding data protection and security in the cloud and highlights key provisions for creating, maintaining and terminating cloud computing contracts.

IT security awareness training tutorial: Employee compliance education
This IT security awareness training tutorial contains advice from experts on how to properly conduct IT security awareness training sessions and what they should cover.  

XSS cheat sheet: How to prevent XSS attacks and detect exploits
This mini learning guide, can be used a XSS prevention cheat sheet, highlighting the threats and risks of cross-site scripting, and offering guidance to security professionals on XSS protection and prevention.

Network security audit guidelines: Inside the importance of audit planning
This mini learning guide acts as a network security audit planning guide, offering guidelines for audit planning and presentation, as well as advice for security solution providers on how to perform and audit.

PCI 2.0 guide: How have PCI compliance requirements changed?
In this mini learning guide our experts offer a comprehensive look at PCI DSS 2.0, including what's new with version 2.0 and what those changes mean for your enterprise.

Snort Tutorial: How to use Snort intrusion detection resources
In this Snort Tutorial, brought to you by, you will learn how to use Snort, how to test Snort and receive advice and best practices on writing Snort rules, upgrading Snort and Snort installation and resources.

VoIP system security: VoIP security issues, training, best practices
In this VoIP system security tutorial, value-added resellers can learn how to thwart VoIP security issues and vulnerabilities, get VoIP security training best practices and understand the benefits of encryption to VoIP networks.

NAC security: Network access control policy, product best practices
This learning guide highlights the importance of implementing a network access control policy in terms of network security and also covers NAC and regulatory compliance, endpoint security best practices and NAC product implementation.

IT security policy management: Effective polices to mitigate threats
Gain a better understanding of IT security policy management by learning how to create an effective IT security policy, how to ensure security polices are managed appropriately, best practices for policy implementation and how to properly handle change in IT security policies.

Understanding tokenization amid PCI encryption requirements
In this mini learning guide, security professionals will gain a better understanding of the relationship between PCI DSS and tokenization and will discover how the technology can help their organization meet PCI DSS encryption requirements.

Handheld and mobile device security: Mobile malware, breach prevention
Enhance your handheld and mobile device security strategy and learn how to stop mobile malware, prevent data security breaches and how to properly implement effective policies and procedures with these mobile device security tips and best practices.

Web application firewall security guide: Stop vulnerabilities, threats
This Web application firewall security guide unveils how Web application firewalls work and how security professionals can use Web application firewalls to stop and prevent Web application vulnerabilities and threats.

Securing your wireless network: Preventing wireless security threats
Get more information and advice on securing wireless networks and preventing wireless security threats, as well as how to develop a wireless security policy and achieve compliance with the PCI DSS wireless security guidelines.

PCI DSS compliance help: Using frameworks, technology to aid efforts
Learn how you can get PCI DSS compliance help by using several frameworks, technologies and standards, such as tokenization, ISO 27002 and Secure Hashing Algorithm to manage PCI DSS efforts and get compliant.

PCI compliance requirements guide
Diana Kelley and Ed Moyle know the Payment Card Industry Data Security Standard inside and out. Do you? In this series of videos, the PCI pros take each of the standard's 12 requirements and review how you can pass them all with flying colors. Kelley and Moyle also share the most common mistakes they've seen during audits.

Hacker attack techniques and tactics: Understanding hacking strategies
In this tutorial on hacker attack techniques and tactics you will learn common strategies used by hackers to attack your network, as well as some methods for preventing them. You with receive a plethora of tips on understanding hacking strategies and expert advice that offers more in-depth information about each technique and various tactics you can employ to protect your network.

Cloud computing security model overview: Network infrastructure issues
In this cloud computing security mini-guide, you will learn about the basics of data security in the cloud, how to secure network infrastructure and devices that interact with cloud-based services and the threats and attacks that pose a risk to enterprises.

HIPAA compliance manual: Training, audit and requirement checklist
HIPAA deadlines come and go, but compliance is forever. Whether you've met all the deadlines or you've fallen severely behind, this HIPAA Compliance Manual from is full of news articles, analysis reports, expert advice, white papers and case studies that will help keep you on track.

Spyware Protection and Removal Tutorial
As spyware continues to threaten the stability of corporate infrastructures, it's crucial to understand how this malicious software works and how to defend against it. This guide is a compilation of resources that explain what spyware is, how it attacks and most importantly what you can to do to win the war on spyware.

Exploring authentication methods: How to develop secure systems
At a time when identity theft is running rampant, it's crucial to have sound practices for authenticating your users, customers and partners. This learning guide is a comprehensive compilation of tips, expert advice, featured articles, and other original materials that will help you understand today's authentication challenges.

Enterprise Security 2008 Learning Guide
New malware has hit the scene, cyberterrorist attacks have become more common, and virtualization technology has presented different enterprise network security challenges. Mike Chapple, Michael Cobb, Joel Dubin, Mike Rothman and Ed Skoudis make various information security predictions for 2008 and point out the new threats that every organization needs to be ready for.

Guide to passing PCI's five toughest requirements
As data security breach threats increase and the Payment Card Industry (PCI) Data Security Standard's authority continues to expand, credit card-processing companies have little choice but to implement PCI's dozen requirements. Some best practices, however, are more difficult to achieve than the others. In this learning guide, Craig Norris explains how to successfully implement the five PCI DSS requirements that have been continuously stumping security professionals.

Corporate Mergers and Acquisitions Security Learning Guide
Although it may be difficult to predict what a corporate merger will do for company profits, M&A activity will almost certainly have an effect on the employees of the two organizations. In this Learning Guide, an expert panel breaks down merger security priorities and explains the best ways to manage disparate staffs, technologies and policies.

Information Security Governance Guide 
While security governance and security programs are often discussed in tandem, many security practitioners have difficulty understanding how the concepts relate to each other and how an organization can apply them to develop a successful information security governance framework. Created in collaboration with security management expert Shon Harris, our Information Security Governance Guide covers the components needed to ensure your information security governance program is focused, precise and effective.

Nmap Technical Manual
By now, most infosec pros have heard of Nmap, and most would agree that even though the popular freeware tool is invaluable, installing, configuring and running it in the enterprise is no easy task. With that in mind,, in collaboration with security expert Michael Cobb, has produced an Nmap Technical Manual, detailing how this free tool can help make your organization more secure.

Insider Threat Management Guide
Learn how to protect your network from the inside out with our new Insider Threat Management Guide. Contributor Gideon Rasmussen reviews how to fortify your organization's current insider threat controls and keep internal dangers to a minimum.

Web browser security tutorial: Safari, IE, Firefox browser protection
If not properly secured, Web browsers can serve as a gateway for malicious hackers who want to infect your network. Created in partnership with, this learning guide identifies the inherent flaws of Internet Explorer and Mozilla Firefox, introduces viable Web browser alternatives, and provides tools and tactics to maximize your Web browsing security.

NAC security guide: How to achieve secure network access in the enterprise
From PDAs to insecure wireless modems, users have myriad options for connecting to -- and infecting -- the network. Created in partnership with our sister site, this guide offers tips and expert advice on network access control. Learn how unauthorized users gain network access, how to block and secure untrusted endpoints, and get Windows-specific and universal access control policies and procedures. As a bonus, this learning guide is also available as a PDF download.

Web application attacks security guide: Preventing attacks and flaws
From buffer-overflows to SQL injection, hackers have various techniques at their disposal to attack Web applications. This guide explains how Web application attacks occur, identifies common and obscure Web application attacks, and provides Web application security tools and tactics to protect against them. As a bonus, this learning is also available as a PDF download.

Nessus Tutorial
Have you been searching for an inexpensive vulnerability scanner? Check out our Nessus Tutorial. It not only examines the benefits of this free open source tool, but also walks you through the processes of using it in the enterprise, from installation and configuration to using Nessus with the SANS Top 20 to identify critical vulnerabilities.

SOX Compliance for the Security Practitioner
This collection of resources offers security practitioners tips and strategies for keeping their organizations compliant with the ongoing demands of the Sarbanes-Oxley Act. Learn how other security practitioners are handling SOX compliance, financial woes, internal controls, auditing, steps for achieving compliance, avoiding product hype and what happens when you don't comply.

Firewall Architecture Tutorial
Designing and implementing a firewall solution for an enterprise can be a daunting task. Choices made early in the design process can have far-reaching security implications for years to come. This guide provides a detailed look at the process used to implement a firewall and helps guide you through the design process.

Intrusion detection and prevention: IDS/IPS security guide 
It's no secret that a layered security structure is the key to protecting networks from pernicious intrusions. One of the major components in that structure is having solid intrusion detection and prevention. Created in partnership with our sister site,, this guide is a compilation of resources that explain what intrusion detection and prevention are, how they work, troubleshooting, configurations and more.

Best practices for security patch management
Security patch management is a proactive procedure enterprises should use to eliminate security vulnerabilities and mitigate the risk of a compromised computer. This guide explains how to successfully deploy a patch through each phase of the deployment cycle.

SAP Security Learning Guide
Need to bulletproof your SAP system? This handy Learning Guide pulls SAP security information from both and its sister site,, to provide the most comprehensive resource around. Get the scoop on everything from authentication and RFID security to compliance and auditing here.

Firewall security best practices: Get firewall network security advice 
Firewalls are an essential tool in protecting your network from various threats. Created in partnership with our sister site,, this guide is a compilation of resources that explain what firewalls are, how they work, vulnerabilities, troubleshooting, configurations and more.

Secure VoIP tutorial: Understanding VoIP security best practices
More organizations are choosing to implement VoIP telephony for its cost savings. However, securing the technology comes with its own price tag. Created in partnership with our sister site,, this SearchSecurity guide is a compilation of resources that review the importance of VoIP security, protocols and standards, LAN security, vulnerabilities, troubleshooting, threats and more.

Snort Intrusion Detection and Prevention Guide
Arguably one of the best network intrusion-detection systems (NIDS) is the free and open source Snort package. It has a large and active community, and is backed by the commercial company SourceFire, making Snort a strong contender in the NIDS market. The package itself is free. All that's required is some hardware to run it on and the time to install, configure and maintain it. Snort runs on any modern operating system (including Windows and Linux), but some consider it to be complicated to operate. The goal of this guide is to take some of the mystery out of Snort.

Bluetooth Security Basics
As with all networking technologies, the mere presence of Bluetooth on a device introduces security risks, especially when the end user is unaware of Bluetooth's presence, or of how to secure the technology. So, how can you protect your network from Bluetooth threats? Here are five steps for securing Bluetooth devices in the enterprise.

XML Web services tutorial: How to improve security in Web services
Securing XML is an essential element in keeping Web services secure. Created in partnership with our sister site,, this Learning Guide is a compilation of resources that review different types of XML security standards and approaches for keeping your XML Web services secure.

This was last published in July 2009

Dig Deeper on Information security policies, procedures and guidelines