Manage

Manage

Learn to apply best practices and optimize your operations.

• IDP/Network Access Control

  ForeScout Technologies' CounterACT Continue Reading

• Nmap: Firewall configuration testing

  This tip, in our Nmap manual series, explains how Nmap can be used to test the effectiveness of a firewall configuration. Learn how to use the open source network mapper to better understand how your firewall handles uninvited traffic and to test ... Continue Reading

• Identity and Access Management Services, Systems and Technologies

  Government regulations and the convenience of federated identities have made identity management and access control a priority for many enterprises. This Identity and Access Management Services, Systems and Technologies Security School explores ... Continue Reading

• Five freeware tools for mitigating network vulnerabilities

  From Nmap to Snort, there are a variety of viable freeware tools available for information security professionals. In this tip, Michael Cobb reviews five freeware tools and explains why he believes they are the best tools in their space. Continue Reading

• How to configure and implement a DMZ

  Learn how to design and configure a DMZ in this network security Ask the Expert Q&A. Continue Reading

• Information security resume do's and don'ts

  Get advice, and learn do's and don'ts for creating an information security technology or network security resume.Continue Reading

• Career management 101 for information security pros

  Eight questions to help information security professionals determine if their career is on the right track.Continue Reading

• Nmap: More port scanning techniques

  In this fifth tip in our Nmap manual, SearchSecurity.com expert Michael Cobb looks at some of the Nmap port scanning techniques that exploit certain idiosyncrasies of specific platforms or protocols in order to better differentiate between open and ...Continue Reading

• How to configure a server to prevent unauthorized network access

  Learn from other security practitioners as they share ways to configure a network so unauthorized users cannot access files, folders and other sensitive information.Continue Reading

• PIX firewall configuration from scratch

  Learn how to configure passwords, IP addresses, network address translation (NAT) and basic firewall rules in this tip.Continue Reading

• Nmap: How to scan ports and services

  Nmap is the ideal tool for performing a simple network inventory or vulnerability assessment. This article offers tips on how to use a NmapContinue Reading

• Are there any patch management products that track the patching process?

  Before you dip into your IT budget to solve your patching problems, read this Q&A. Our platform security expert examines why security pros should consider using available freeware products to track and manage their patching process.Continue Reading

• Use SHA to encrypt sensitive data

  Complying with the PCI Data Security Standard is now on the forefront of many security practitioner's minds. Learn how using the Secure Hashing Algorithm can help you encrypt sensitive data and help you meet the PCI Data Security Standard ...Continue Reading

• Policy management: Manual vs. automated tools

  Whether you manage policies manually or use automated tools, it is imperative to get your policies and systems in sync.Continue Reading

• How to install and configure Nmap on Linux

  Get tips on how to install and configure Nmap on Linux in an enterprise network environment.Continue Reading

• Alphabet soup: Understanding standards for risk management and compliance

  This article makes sense of the soupy mix of standards by taking a closer look at the various methodologies and frameworks, and examining what each has to offer.Continue Reading

• Preventing blind SQL injection attacks

  Most security professionals know what SQL injection attacks are and how to protect their Web applications against them. But, they may not know that their preventative measures may be leaving their applications open to blind SQL injection attacks. ...Continue Reading

• Intrusion Prevention: McAfee's IntruShield 3000

  McAfee's IntruShield 3000Continue Reading

• Hot Pick: BlueCat Networks' Adonis 1000

  BlueCat Networks' Adonis 1000Continue Reading

• IIS security: Configure Web server permissions for better access control

  Updating user access controls as business portfolios expand can help protect confidential data. Learn how to secure user access controls and keep your greatest asset under lock and key by configuring IIS Web server permissions, in this tip by ...Continue Reading

• How to install and configure Nmap for Windows

  In this second installment of our Nmap Technical Manual, SearchSecurity expert Michael Cobb offers pointers on how to install and configure Nmap for Windows.Continue Reading

• Nmap: A valuable open source tool for network security

  Open source tool Nmap is a popular choice amongst hackers and security pros alike for network mapping, port-scanning and testing for network vulnerabilities.Continue Reading

• Swiping Back

  INDUSTRY COMPLIANCE With the goal of reducing fraud, the credit card associations' PCI standard scores points for clarity.Continue Reading

• HTTP attacks: Strategies for prevention

  Examine how hackers manipulate HTTP requests to solicit an attack, and learn various guidelines developers should follow to mitigate this threat.Continue Reading

• How to implement an effective risk management team

  In this installment of the Risk Management Guide, Shon Harris describes the roles and responsibilities of an information risk management team.Continue Reading

• Information risk management: Defining the scope, methodology and tools

  In this installment of the Risk Management Guide, Shon Harris explains the importance of defining the scope of the IRM team's responsibilities, the difference between qualitative and quantitative risk analysis and the tools used to carry out risk ...Continue Reading

• Biometrics: Best practices, future trends

  Biometrics products are improving, but they still require careful consideration and planning before implementation. In this tip, ID and access management expert Joel Dubin reviews some best practices and pitfalls to watch out for.Continue Reading

• How to write an information risk management policy

  In this installment of the Risk Management Guide, Shon Harris describes the contents of a risk management policy and provides a sample policy template.Continue Reading

• Patch management quiz answers

  Continue Reading

• Best practices for pen testing Web applications

  Performing a Web application penetration test can gauge how well your Web application can withstand an attack. In this tip, platform security expert Michael Cobb provides best practices for performing Web application pen test.Continue Reading

• State-based attacks: Session management

  In this excerpt from Chapter 4 of "How to Break Web Software: Functional and Security Testing of Web Applications and Web Services," authors Mike Andrews and James A. Whittaker identify session management techniques Web developers should use to ...Continue Reading

• Google Hacking: Why being a Google dork is hurting your company

  Are you a Google dork? A simple Google search engine query can expose corporate security secrets and private information. Black hats are aware of it. Are you? Learn how to prevent and defend against Google hacking.Continue Reading

• Application development best practices

  Michael Cobb, SearchSecurity.com's application security expert, discusses best practices for specific application development procedures in this Ask the Expert Q&A.Continue Reading

• Patch management techniques

  In this Ask the Expert Q&A, our platform security expert provides techniques to use when testing, installing and deploying a patch to your network.Continue Reading

• How e-mail message components are used

  Learn what happens when someone's e-mail address differs from the certificate e-mail field value, in this application security Ask the Expert Q&A.Continue Reading

• How VPNs interact with instant-messaging applications

  In this Ask the Expert, application security expert Michael Cobb reviews how an enterprise-wide VPN works and whether it encyrpts and protect instant-messaging communications.Continue Reading

• The pros and cons of proxy firewalls

  In this Ask the Expert Q&A, our application security expert reviews the pros and cons of proxy firewalls.Continue Reading

• What's new in the revision of ISO 17799

  SearchSecurity expert Michael Cobb outlines the latest changes to the ISO 17799 standard.Continue Reading

• Portable device security: Safend's Safend Protector

  Read a security product review of Safend's Safend Protector.Continue Reading

• Step 6: Managing and tracking compliance

  Continue Reading

• Cheat sheet: Access management solutions and their pros and cons

  A cheat sheet of the most common access solutions with a brief description, and their risks and pros and cons to help you choose the solution that is right for your organization.Continue Reading

• Risk Management

  Continue Reading

• Executive Security Management

  Continue Reading

• An overview of the risk management process

  In this installment of the Risk Management Guide, Shon Harris provides a 10,000-foot view of the risk management process.Continue Reading

• How to use IPsec filtering rules to filter network traffic

  Learn how to control what enters and exits your PCs by using IPsec filtering rules to filter particular protocol and port combinations for both inbound and outbound network traffic.Continue Reading

• Preventing Data Theft, Combating Internal Threats

  Defend against internal threats and prevent information leakage and hacker attacks with several tactics such as employee monitoring, behavioral analysis tools, encryption and incident response.Continue Reading

• Mining NetFlow

  Your routers and switches can yield a mother lode of security information about your network--if you know where to digContinue Reading

• The pros and cons of FTP over SSL

  Compare and contrast the pros and cons of having hosts send PGP-encrypted files to an existing FTP site against building an ad hoc FTP server using SSL, in this Ask the Expert Q&AContinue Reading

• Web application variable manipulation

  Learn what happens to a Web application that uses two certificates: a client-side SSL certificate and a server-side certificate, and whether this certificate combination prevents Web application manipulation.Continue Reading

• Proxy server functions

  In this Ask the Expert Q&A, our platform security expert details how proxy servers work and determines whether they protect personal and sensitive information safe from hacker exploits.Continue Reading

• Why form fields aren't a good place to hide sensitive information

  Web security guru Michael Cobb, takes an in-depth look at the dangers of HIDDEN form fields, how attackers use them to gain unauthorized entry or hijack sessions, and most importantly, how to secure the information sent in these fields.Continue Reading

• How buffer-overflow vulnerabilities occur

  Learn about buffer-overflow vulnerabilities; how they occur, types of buffer-overflow attacks, and how hackers exploit them to gain access to secure and sensitive files.Continue Reading

• How RSA keys differ from DH/DSS keys

  In this Ask the Expert Q&A, Michael Cobb, our application security expert explains how RSA and DH/DSS differ, examines the strengths and weaknesses of each, and, explains how to use the compression library Zlib.Continue Reading

• Best practices for managing secure Web server configurations

  In this tip, Michael Cobb, our Web security guru takes an in-depth look at ways to manage securing configurations of multiple Web servers. He explains the process from frequency to documentation and replication.Continue Reading

• How to prevent application attacks and reduce network vulnerabilities

  In this Ask the Expert Q&A, our application security guru discusses how hackers exploit network vulnerabilities to attack your applications and what you can do to mitigate this risk.Continue Reading

• Building A Perimeter Defense With Application-Level Firewalls

  Learn how application level firewalls, when carefully deployed, can build perimeter defenses and prevent hackers from exploiting vulnerabilities, such as application code, to achieve attacks.Continue Reading

• Application Security: Cenzic's Hailstorm v2.6

  Cenzic's Hailstorm v2.6Continue Reading

• How different DBMSes implement Internet database security

  Learn what it takes to achieve comprehensive DBMS security, in this application security Ask the Expert Q&A.Continue Reading

• Five common application-level attacks and the countermeasures to beat them

  This tip reviews five of the most common attacks against applications: injection vulnerabilities, cross-site scripting (XSS), broken authenticcationa nd session management, insecure direct object references and security misconfiguration. Michael ...Continue Reading

• How to keep your data and database secure

  In this Ask the Expert Q&A, Michael Cobb discusses why having a Web-based application that resides on the same server as the database can be problematic, and, what you can do to keep your data safe.Continue Reading

• Developing an incident response plan

  In this Ask the Expert Q&A, Shon Harris provides resources you can use to devise an effective incident response plan.Continue Reading

• MD5 vs. RC4

  In this Ask the Expert Q&A our application security expert compares the MD5 encryption algorithm against its competitor RC4 and examines the security features of each.Continue Reading

• Using attack responses to improve intrusion detection

  IPSes must detect an attack as it comes into the network; however, IDSes have the advantage of identifying an intrusion based on incoming our outgoing network traffic.Continue Reading

• Securing Web apps against authenticated users

  Improve Web site security by securing Web applications from authenticated users and avoiding client-side authentication.Continue Reading

• Avoiding Network Traffic Confusion with Consistent Firewall Rules

  Keep network traffic flowing by collaborating firewall rules and network access devices.Continue Reading

• Patch deployment timeline

  In this Ask the Expert Q&A, our platform security expert discusses how long a mid- to large company should expect to wait before they are able to deploy a patch.Continue Reading

• The future of Telnet and FTP

  In this Ask the Expert Q&A, our application security expert discusses what he believes what will happen to the Telnet and FTP application layer protocols as the industry prepares for the future.Continue Reading

• Protect your Web site against path traversal attacks

  How to protect your Web site against path traversal attacks.Continue Reading

• How to prevent the risks of client-side caching

  Problems of client-side caching and tips for developers on using secure cache-control directives.Continue Reading

• Hercules 4.0 Enterprise Vulnerability Management Suite

  Information Security magazine's contributing editor, James C. Foster , reviews Hercules 4.0 Enterprise Vulnerability Management Suite from Citadel Security Software.Continue Reading

• CRAM (challenge-response authentication mechanism)

  CRAM (challenge-response authentication mechanism) is the two-level scheme for authenticating network users that is used as part of the Web's Hypertext Transfer Protocol (HTTP).Continue Reading

• Market trends: The future of e-mail security

  The e-mail security market is undergoing a change that is marked by commoditization and centralization. Joel Snyder analyzes these trends and offers a glimpse at the future of e-mail security products.Continue Reading

• Using secure MIME (S/MIME) for securing email

  Secure MIME (S/MIME) and digital certificates offer channel professionals a low-cost way to improve their customers' email security. This tip explains how to implement S/MIME and digital certificates for email encryption.Continue Reading

• Step-by-Step Guide: Best practices for security patch management

  This step-by-step guide offers best practices on how to deploy a security patch and provides the tools you will need to mitigate the risk of a compromised computer.Continue Reading

• The pros and cons of application firewalls

  In this Ask the Expert Q&A, our application security expert discusses the pros and cons of application firewalls. He also explains how they differ from packet filter and stateful inspection firewalls, and why they are not the preferred among some ...Continue Reading

• How to prevent drive corruption in the event of power failure

  In this Ask the Expert Q&A, learn how a PDA device stores data and programs. Also learn how Compact Flash cards and hard drives differ and what some are doing to prevent drive corruption in the event of power failure.Continue Reading

• Malware signature updates

  In this Ask the Expert Q&A our platform security expert discusses how the malware detection and virus detection processes differ. Also learn what some are doing to prevent spyware, rootkits, trojans and other types of malware from running on their ...Continue Reading

• Digital certificates and webmail

  In this Ask the expert Q&A, our application security expert analyzes whether or not you can use digital IDs and certificates with webmail. He also discusses how and where to secure these devices to ensure your e-mail system is secure.Continue Reading

• Personal qualifications of an information security manager

  Charles Cresson Wood outlines the personal qualifications every information security manager should possess in this excerpt from Information Security Roles and Responsibilities Made Easy.Continue Reading

• Encryption detection

  In the Ask the Expert Q&A, Michael Cobb, our application security expert discusses if it is possible to detect encryption. He also takes a closer look at steganography, explains what it is and how it is used to secure e-mail communications.Continue Reading

• Imprivata's OneSign 2.8 - Single Sign-On

  Imprivata's OneSign 2.8Continue Reading

• Top 5 Hacker Tools: Google hacker, password cracker, WLAN detector

  Read about five must-have hacker tools: WikTo, a Web scanner and Google hacking tool; Paros Proxy, a Web application manipulation proxy; Cain and Abel, a password sniffer/cracker; Winfingerprint, a Windows configuration harvester; and Wellenreiter, ...Continue Reading

• Risk management methodologies

  Expert advice regarding best practices for risk management methodologies. Also learn how vulnerability management and risk management tools differ and how they can help protect your environment.Continue Reading

• How to configure an FTP server with SSL

  In this expert response, security expert Michael Cobb explains how to securely configure an FTP server with Secure Socket Layering (SSL).Continue Reading

• Storing hashed, encrypted values in a database

  Expert advice on storing hashed and encrypted values in a database.Continue Reading

• Testing a security patch

  Learn tool and techniques you can use to test a security patch prior to deployment.Continue Reading

• Wireless security review: Juniper Networks' Netscreen-5GT Wireless

  Juniper Networks' Netscreen-5GT WirelessContinue Reading

• Intrusion Detection: Tripwire's Enterprise 5.0

  June 2005 review of Tripwire's Enterprise 5.0Continue Reading

• nCircle's IP360 Vulnerability Management System product review

  Product review of nCircle's IP360 Vulnerability Management System pricing, setup, configuration, assessment, and installation feature information.Continue Reading

• Five essentials of a patch management solution

  Learn the key criteria you need to consider when purchasing a patch management solution to ensure it is effective.Continue Reading

• Pre-CISSP: Options for the security newbie

  Shon Harris advises novice security practitioners on the value of entry-level certifications -- and good, old-fashioned experience -- in preparation for the CISSP®.Continue Reading

• Who's responsible for security? Everyone!

  Learn how to decentralize security responsibility in your organization.Continue Reading

• How to configure Snort variables

  Learn how to define Snort's configuration variables.Continue Reading

• Snapping on SNMPv3

  The ubiquitous management protocol is more secure, but upgrading isn't simple.Continue Reading

• Dos and don'ts for passing the CISSP exam

  From choosing an exam date to answering the questions, here are some dos and don'ts for CISSP exam success.Continue Reading

• Identity and Access Management: Provisioning

  Continue Reading

• Wireless security product review: AirTight Networks' SpectraGuard 2.0

  A review of AirTight Networks' SpectraGuard 2.0Continue Reading

• SSHv2: Safe & Secure

  The overhauled encryption protocol helps harden networks.Continue Reading

• Quiz: Vulnerability management

  Test your knowledge of vulnerability management process and methodology with this quiz by Shon Harris, CISSP.Continue Reading

• The Myths of Security

  The ancient Greeks spun myths to explain the unexplainable. Modern enterprises use commonly held myths as a foundation for security.Continue Reading