Manage
Learn to apply best practices and optimize your operations.
Manage
Learn to apply best practices and optimize your operations.
Five freeware tools for mitigating network vulnerabilities
From Nmap to Snort, there are a variety of viable freeware tools available for information security professionals. In this tip, Michael Cobb reviews five freeware tools and explains why he believes they are the best tools in their space. Continue Reading
How to configure and implement a DMZ
Learn how to design and configure a DMZ in this network security Ask the Expert Q&A. Continue Reading
Information security resume do's and don'ts
Get advice, and learn do's and don'ts for creating an information security technology or network security resume. Continue Reading
-
Career management 101 for information security pros
Eight questions to help information security professionals determine if their career is on the right track. Continue Reading
Nmap: More port scanning techniques
In this fifth tip in our Nmap manual, SearchSecurity.com expert Michael Cobb looks at some of the Nmap port scanning techniques that exploit certain idiosyncrasies of specific platforms or protocols in order to better differentiate between open and ... Continue Reading
How to configure a server to prevent unauthorized network access
Learn from other security practitioners as they share ways to configure a network so unauthorized users cannot access files, folders and other sensitive information.Continue Reading
PIX firewall configuration from scratch
Learn how to configure passwords, IP addresses, network address translation (NAT) and basic firewall rules in this tip.Continue Reading
Nmap: How to scan ports and services
Nmap is the ideal tool for performing a simple network inventory or vulnerability assessment. This article offers tips on how to use a NmapContinue Reading
Are there any patch management products that track the patching process?
Before you dip into your IT budget to solve your patching problems, read this Q&A. Our platform security expert examines why security pros should consider using available freeware products to track and manage their patching process.Continue Reading
Use SHA to encrypt sensitive data
Complying with the PCI Data Security Standard is now on the forefront of many security practitioner's minds. Learn how using the Secure Hashing Algorithm can help you encrypt sensitive data and help you meet the PCI Data Security Standard ...Continue Reading
-
Policy management: Manual vs. automated tools
Whether you manage policies manually or use automated tools, it is imperative to get your policies and systems in sync.Continue Reading
How to install and configure Nmap on Linux
Get tips on how to install and configure Nmap on Linux in an enterprise network environment.Continue Reading
Alphabet soup: Understanding standards for risk management and compliance
This article makes sense of the soupy mix of standards by taking a closer look at the various methodologies and frameworks, and examining what each has to offer.Continue Reading
Ping: Don Ulsch
Don UlschContinue Reading
Preventing blind SQL injection attacks
Most security professionals know what SQL injection attacks are and how to protect their Web applications against them. But, they may not know that their preventative measures may be leaving their applications open to blind SQL injection attacks. ...Continue Reading
Intrusion Prevention: McAfee's IntruShield 3000
McAfee's IntruShield 3000Continue Reading
Hot Pick: BlueCat Networks' Adonis 1000
BlueCat Networks' Adonis 1000Continue Reading
IIS security: Configure Web server permissions for better access control
Updating user access controls as business portfolios expand can help protect confidential data. Learn how to secure user access controls and keep your greatest asset under lock and key by configuring IIS Web server permissions, in this tip by ...Continue Reading
How to install and configure Nmap for Windows
In this second installment of our Nmap Technical Manual, SearchSecurity expert Michael Cobb offers pointers on how to install and configure Nmap for Windows.Continue Reading
Nmap: A valuable open source tool for network security
Open source tool Nmap is a popular choice amongst hackers and security pros alike for network mapping, port-scanning and testing for network vulnerabilities.Continue Reading
Swiping Back
INDUSTRY COMPLIANCE With the goal of reducing fraud, the credit card associations' PCI standard scores points for clarity.Continue Reading
HTTP attacks: Strategies for prevention
Examine how hackers manipulate HTTP requests to solicit an attack, and learn various guidelines developers should follow to mitigate this threat.Continue Reading
How to implement an effective risk management team
In this installment of the Risk Management Guide, Shon Harris describes the roles and responsibilities of an information risk management team.Continue Reading
Information risk management: Defining the scope, methodology and tools
In this installment of the Risk Management Guide, Shon Harris explains the importance of defining the scope of the IRM team's responsibilities, the difference between qualitative and quantitative risk analysis and the tools used to carry out risk ...Continue Reading
Biometrics: Best practices, future trends
Biometrics products are improving, but they still require careful consideration and planning before implementation. In this tip, ID and access management expert Joel Dubin reviews some best practices and pitfalls to watch out for.Continue Reading
How to write an information risk management policy
In this installment of the Risk Management Guide, Shon Harris describes the contents of a risk management policy and provides a sample policy template.Continue Reading
Patch management quiz answers
Best practices for pen testing Web applications
Performing a Web application penetration test can gauge how well your Web application can withstand an attack. In this tip, platform security expert Michael Cobb provides best practices for performing Web application pen test.Continue Reading
State-based attacks: Session management
In this excerpt from Chapter 4 of "How to Break Web Software: Functional and Security Testing of Web Applications and Web Services," authors Mike Andrews and James A. Whittaker identify session management techniques Web developers should use to ...Continue Reading
Google Hacking: Why being a Google dork is hurting your company
Are you a Google dork? A simple Google search engine query can expose corporate security secrets and private information. Black hats are aware of it. Are you? Learn how to prevent and defend against Google hacking.Continue Reading
Application development best practices
Michael Cobb, SearchSecurity.com's application security expert, discusses best practices for specific application development procedures in this Ask the Expert Q&A.Continue Reading
Patch management techniques
In this Ask the Expert Q&A, our platform security expert provides techniques to use when testing, installing and deploying a patch to your network.Continue Reading
How e-mail message components are used
Learn what happens when someone's e-mail address differs from the certificate e-mail field value, in this application security Ask the Expert Q&A.Continue Reading
How VPNs interact with instant-messaging applications
In this Ask the Expert, application security expert Michael Cobb reviews how an enterprise-wide VPN works and whether it encyrpts and protect instant-messaging communications.Continue Reading
The pros and cons of proxy firewalls
In this Ask the Expert Q&A, our application security expert reviews the pros and cons of proxy firewalls.Continue Reading
What's new in the revision of ISO 17799
SearchSecurity expert Michael Cobb outlines the latest changes to the ISO 17799 standard.Continue Reading
Portable device security: Safend's Safend Protector
Read a security product review of Safend's Safend Protector.Continue Reading
Step 6: Managing and tracking compliance
Cheat sheet: Access management solutions and their pros and cons
A cheat sheet of the most common access solutions with a brief description, and their risks and pros and cons to help you choose the solution that is right for your organization.Continue Reading
Risk Management
Executive Security Management
An overview of the risk management process
In this installment of the Risk Management Guide, Shon Harris provides a 10,000-foot view of the risk management process.Continue Reading
How to use IPsec filtering rules to filter network traffic
Learn how to control what enters and exits your PCs by using IPsec filtering rules to filter particular protocol and port combinations for both inbound and outbound network traffic.Continue Reading
Preventing Data Theft, Combating Internal Threats
Defend against internal threats and prevent information leakage and hacker attacks with several tactics such as employee monitoring, behavioral analysis tools, encryption and incident response.Continue Reading
Mining NetFlow
Your routers and switches can yield a mother lode of security information about your network--if you know where to digContinue Reading
The pros and cons of FTP over SSL
Compare and contrast the pros and cons of having hosts send PGP-encrypted files to an existing FTP site against building an ad hoc FTP server using SSL, in this Ask the Expert Q&AContinue Reading
Web application variable manipulation
Learn what happens to a Web application that uses two certificates: a client-side SSL certificate and a server-side certificate, and whether this certificate combination prevents Web application manipulation.Continue Reading
Proxy server functions
In this Ask the Expert Q&A, our platform security expert details how proxy servers work and determines whether they protect personal and sensitive information safe from hacker exploits.Continue Reading
Why form fields aren't a good place to hide sensitive information
Web security guru Michael Cobb, takes an in-depth look at the dangers of HIDDEN form fields, how attackers use them to gain unauthorized entry or hijack sessions, and most importantly, how to secure the information sent in these fields.Continue Reading
How buffer-overflow vulnerabilities occur
Learn about buffer-overflow vulnerabilities; how they occur, types of buffer-overflow attacks, and how hackers exploit them to gain access to secure and sensitive files.Continue Reading
How RSA keys differ from DH/DSS keys
In this Ask the Expert Q&A, Michael Cobb, our application security expert explains how RSA and DH/DSS differ, examines the strengths and weaknesses of each, and, explains how to use the compression library Zlib.Continue Reading
Best practices for managing secure Web server configurations
In this tip, Michael Cobb, our Web security guru takes an in-depth look at ways to manage securing configurations of multiple Web servers. He explains the process from frequency to documentation and replication.Continue Reading
How to prevent application attacks and reduce network vulnerabilities
In this Ask the Expert Q&A, our application security guru discusses how hackers exploit network vulnerabilities to attack your applications and what you can do to mitigate this risk.Continue Reading
Building A Perimeter Defense With Application-Level Firewalls
Learn how application level firewalls, when carefully deployed, can build perimeter defenses and prevent hackers from exploiting vulnerabilities, such as application code, to achieve attacks.Continue Reading
Application Security: Cenzic's Hailstorm v2.6
Cenzic's Hailstorm v2.6Continue Reading
How different DBMSes implement Internet database security
Learn what it takes to achieve comprehensive DBMS security, in this application security Ask the Expert Q&A.Continue Reading
Five common application-level attacks and the countermeasures to beat them
This tip reviews five of the most common attacks against applications: injection vulnerabilities, cross-site scripting (XSS), broken authenticcationa nd session management, insecure direct object references and security misconfiguration. Michael ...Continue Reading
How to keep your data and database secure
In this Ask the Expert Q&A, Michael Cobb discusses why having a Web-based application that resides on the same server as the database can be problematic, and, what you can do to keep your data safe.Continue Reading
Developing an incident response plan
In this Ask the Expert Q&A, Shon Harris provides resources you can use to devise an effective incident response plan.Continue Reading
MD5 vs. RC4
In this Ask the Expert Q&A our application security expert compares the MD5 encryption algorithm against its competitor RC4 and examines the security features of each.Continue Reading
Using attack responses to improve intrusion detection
IPSes must detect an attack as it comes into the network; however, IDSes have the advantage of identifying an intrusion based on incoming our outgoing network traffic.Continue Reading
Securing Web apps against authenticated users
Improve Web site security by securing Web applications from authenticated users and avoiding client-side authentication.Continue Reading
Avoiding Network Traffic Confusion with Consistent Firewall Rules
Keep network traffic flowing by collaborating firewall rules and network access devices.Continue Reading
Patch deployment timeline
In this Ask the Expert Q&A, our platform security expert discusses how long a mid- to large company should expect to wait before they are able to deploy a patch.Continue Reading
The future of Telnet and FTP
In this Ask the Expert Q&A, our application security expert discusses what he believes what will happen to the Telnet and FTP application layer protocols as the industry prepares for the future.Continue Reading
Protect your Web site against path traversal attacks
How to protect your Web site against path traversal attacks.Continue Reading
How to prevent the risks of client-side caching
Problems of client-side caching and tips for developers on using secure cache-control directives.Continue Reading
Hercules 4.0 Enterprise Vulnerability Management Suite
Information Security magazine's contributing editor, James C. Foster , reviews Hercules 4.0 Enterprise Vulnerability Management Suite from Citadel Security Software.Continue Reading
CRAM (challenge-response authentication mechanism)
CRAM (challenge-response authentication mechanism) is the two-level scheme for authenticating network users that is used as part of the Web's Hypertext Transfer Protocol (HTTP).Continue Reading
Market trends: The future of e-mail security
The e-mail security market is undergoing a change that is marked by commoditization and centralization. Joel Snyder analyzes these trends and offers a glimpse at the future of e-mail security products.Continue Reading
Using secure MIME (S/MIME) for securing email
Secure MIME (S/MIME) and digital certificates offer channel professionals a low-cost way to improve their customers' email security. This tip explains how to implement S/MIME and digital certificates for email encryption.Continue Reading
Step-by-Step Guide: Best practices for security patch management
This step-by-step guide offers best practices on how to deploy a security patch and provides the tools you will need to mitigate the risk of a compromised computer.Continue Reading
The pros and cons of application firewalls
In this Ask the Expert Q&A, our application security expert discusses the pros and cons of application firewalls. He also explains how they differ from packet filter and stateful inspection firewalls, and why they are not the preferred among some ...Continue Reading
How to prevent drive corruption in the event of power failure
In this Ask the Expert Q&A, learn how a PDA device stores data and programs. Also learn how Compact Flash cards and hard drives differ and what some are doing to prevent drive corruption in the event of power failure.Continue Reading
Familiarity with information security management
Malware signature updates
In this Ask the Expert Q&A our platform security expert discusses how the malware detection and virus detection processes differ. Also learn what some are doing to prevent spyware, rootkits, trojans and other types of malware from running on their ...Continue Reading
Digital certificates and webmail
In this Ask the expert Q&A, our application security expert analyzes whether or not you can use digital IDs and certificates with webmail. He also discusses how and where to secure these devices to ensure your e-mail system is secure.Continue Reading
Personal qualifications of an information security manager
Charles Cresson Wood outlines the personal qualifications every information security manager should possess in this excerpt from Information Security Roles and Responsibilities Made Easy.Continue Reading
Encryption detection
In the Ask the Expert Q&A, Michael Cobb, our application security expert discusses if it is possible to detect encryption. He also takes a closer look at steganography, explains what it is and how it is used to secure e-mail communications.Continue Reading
Imprivata's OneSign 2.8 - Single Sign-On
Imprivata's OneSign 2.8Continue Reading
Top 5 Hacker Tools: Google hacker, password cracker, WLAN detector
Read about five must-have hacker tools: WikTo, a Web scanner and Google hacking tool; Paros Proxy, a Web application manipulation proxy; Cain and Abel, a password sniffer/cracker; Winfingerprint, a Windows configuration harvester; and Wellenreiter, ...Continue Reading
Risk management methodologies
Expert advice regarding best practices for risk management methodologies. Also learn how vulnerability management and risk management tools differ and how they can help protect your environment.Continue Reading
How to configure an FTP server with SSL
In this expert response, security expert Michael Cobb explains how to securely configure an FTP server with Secure Socket Layering (SSL).Continue Reading
Storing hashed, encrypted values in a database
Expert advice on storing hashed and encrypted values in a database.Continue Reading
Testing a security patch
Learn tool and techniques you can use to test a security patch prior to deployment.Continue Reading
Wireless security review: Juniper Networks' Netscreen-5GT Wireless
Juniper Networks' Netscreen-5GT WirelessContinue Reading
Intrusion Detection: Tripwire's Enterprise 5.0
June 2005 review of Tripwire's Enterprise 5.0Continue Reading
nCircle's IP360 Vulnerability Management System product review
Product review of nCircle's IP360 Vulnerability Management System pricing, setup, configuration, assessment, and installation feature information.Continue Reading
Five essentials of a patch management solution
Learn the key criteria you need to consider when purchasing a patch management solution to ensure it is effective.Continue Reading
Pre-CISSP: Options for the security newbie
Shon Harris advises novice security practitioners on the value of entry-level certifications -- and good, old-fashioned experience -- in preparation for the CISSP®.Continue Reading
Who's responsible for security? Everyone!
Learn how to decentralize security responsibility in your organization.Continue Reading
How to configure Snort variables
Learn how to define Snort's configuration variables.Continue Reading
Snapping on SNMPv3
The ubiquitous management protocol is more secure, but upgrading isn't simple.Continue Reading
Dos and don'ts for passing the CISSP exam
From choosing an exam date to answering the questions, here are some dos and don'ts for CISSP exam success.Continue Reading
Identity and Access Management: Provisioning
Wireless security product review: AirTight Networks' SpectraGuard 2.0
A review of AirTight Networks' SpectraGuard 2.0Continue Reading
SSHv2: Safe & Secure
The overhauled encryption protocol helps harden networks.Continue Reading
Quiz: Vulnerability management
Test your knowledge of vulnerability management process and methodology with this quiz by Shon Harris, CISSP.Continue Reading
The Myths of Security
The ancient Greeks spun myths to explain the unexplainable. Modern enterprises use commonly held myths as a foundation for security.Continue Reading
Best practices: Making vendor pitches work for you
Get the most out of vendor calls with these best practices.Continue Reading