Manage
Learn to apply best practices and optimize your operations.
Manage
Learn to apply best practices and optimize your operations.
How to use IPsec filtering rules to filter network traffic
Learn how to control what enters and exits your PCs by using IPsec filtering rules to filter particular protocol and port combinations for both inbound and outbound network traffic. Continue Reading
Preventing Data Theft, Combating Internal Threats
Defend against internal threats and prevent information leakage and hacker attacks with several tactics such as employee monitoring, behavioral analysis tools, encryption and incident response. Continue Reading
Mining NetFlow
Your routers and switches can yield a mother lode of security information about your network--if you know where to dig Continue Reading
-
The pros and cons of FTP over SSL
Compare and contrast the pros and cons of having hosts send PGP-encrypted files to an existing FTP site against building an ad hoc FTP server using SSL, in this Ask the Expert Q&A Continue Reading
Web application variable manipulation
Learn what happens to a Web application that uses two certificates: a client-side SSL certificate and a server-side certificate, and whether this certificate combination prevents Web application manipulation. Continue Reading
Proxy server functions
In this Ask the Expert Q&A, our platform security expert details how proxy servers work and determines whether they protect personal and sensitive information safe from hacker exploits.Continue Reading
Why form fields aren't a good place to hide sensitive information
Web security guru Michael Cobb, takes an in-depth look at the dangers of HIDDEN form fields, how attackers use them to gain unauthorized entry or hijack sessions, and most importantly, how to secure the information sent in these fields.Continue Reading
How buffer-overflow vulnerabilities occur
Learn about buffer-overflow vulnerabilities; how they occur, types of buffer-overflow attacks, and how hackers exploit them to gain access to secure and sensitive files.Continue Reading
How RSA keys differ from DH/DSS keys
In this Ask the Expert Q&A, Michael Cobb, our application security expert explains how RSA and DH/DSS differ, examines the strengths and weaknesses of each, and, explains how to use the compression library Zlib.Continue Reading
Best practices for managing secure Web server configurations
In this tip, Michael Cobb, our Web security guru takes an in-depth look at ways to manage securing configurations of multiple Web servers. He explains the process from frequency to documentation and replication.Continue Reading
-
How to prevent application attacks and reduce network vulnerabilities
In this Ask the Expert Q&A, our application security guru discusses how hackers exploit network vulnerabilities to attack your applications and what you can do to mitigate this risk.Continue Reading
Building A Perimeter Defense With Application-Level Firewalls
Learn how application level firewalls, when carefully deployed, can build perimeter defenses and prevent hackers from exploiting vulnerabilities, such as application code, to achieve attacks.Continue Reading
Application Security: Cenzic's Hailstorm v2.6
Cenzic's Hailstorm v2.6Continue Reading
How different DBMSes implement Internet database security
Learn what it takes to achieve comprehensive DBMS security, in this application security Ask the Expert Q&A.Continue Reading
Five common application-level attacks and the countermeasures to beat them
This tip reviews five of the most common attacks against applications: injection vulnerabilities, cross-site scripting (XSS), broken authenticcationa nd session management, insecure direct object references and security misconfiguration. Michael ...Continue Reading
How to keep your data and database secure
In this Ask the Expert Q&A, Michael Cobb discusses why having a Web-based application that resides on the same server as the database can be problematic, and, what you can do to keep your data safe.Continue Reading
Developing an incident response plan
In this Ask the Expert Q&A, Shon Harris provides resources you can use to devise an effective incident response plan.Continue Reading
MD5 vs. RC4
In this Ask the Expert Q&A our application security expert compares the MD5 encryption algorithm against its competitor RC4 and examines the security features of each.Continue Reading
Using attack responses to improve intrusion detection
IPSes must detect an attack as it comes into the network; however, IDSes have the advantage of identifying an intrusion based on incoming our outgoing network traffic.Continue Reading
Securing Web apps against authenticated users
Improve Web site security by securing Web applications from authenticated users and avoiding client-side authentication.Continue Reading
Avoiding Network Traffic Confusion with Consistent Firewall Rules
Keep network traffic flowing by collaborating firewall rules and network access devices.Continue Reading
Patch deployment timeline
In this Ask the Expert Q&A, our platform security expert discusses how long a mid- to large company should expect to wait before they are able to deploy a patch.Continue Reading
The future of Telnet and FTP
In this Ask the Expert Q&A, our application security expert discusses what he believes what will happen to the Telnet and FTP application layer protocols as the industry prepares for the future.Continue Reading
Protect your Web site against path traversal attacks
How to protect your Web site against path traversal attacks.Continue Reading
How to prevent the risks of client-side caching
Problems of client-side caching and tips for developers on using secure cache-control directives.Continue Reading
Hercules 4.0 Enterprise Vulnerability Management Suite
Information Security magazine's contributing editor, James C. Foster , reviews Hercules 4.0 Enterprise Vulnerability Management Suite from Citadel Security Software.Continue Reading
CRAM (challenge-response authentication mechanism)
CRAM (challenge-response authentication mechanism) is the two-level scheme for authenticating network users that is used as part of the Web's Hypertext Transfer Protocol (HTTP).Continue Reading
Market trends: The future of e-mail security
The e-mail security market is undergoing a change that is marked by commoditization and centralization. Joel Snyder analyzes these trends and offers a glimpse at the future of e-mail security products.Continue Reading
Using secure MIME (S/MIME) for securing email
Secure MIME (S/MIME) and digital certificates offer channel professionals a low-cost way to improve their customers' email security. This tip explains how to implement S/MIME and digital certificates for email encryption.Continue Reading
Step-by-Step Guide: Best practices for security patch management
This step-by-step guide offers best practices on how to deploy a security patch and provides the tools you will need to mitigate the risk of a compromised computer.Continue Reading
The pros and cons of application firewalls
In this Ask the Expert Q&A, our application security expert discusses the pros and cons of application firewalls. He also explains how they differ from packet filter and stateful inspection firewalls, and why they are not the preferred among some ...Continue Reading
How to prevent drive corruption in the event of power failure
In this Ask the Expert Q&A, learn how a PDA device stores data and programs. Also learn how Compact Flash cards and hard drives differ and what some are doing to prevent drive corruption in the event of power failure.Continue Reading
Malware signature updates
In this Ask the Expert Q&A our platform security expert discusses how the malware detection and virus detection processes differ. Also learn what some are doing to prevent spyware, rootkits, trojans and other types of malware from running on their ...Continue Reading
Digital certificates and webmail
In this Ask the expert Q&A, our application security expert analyzes whether or not you can use digital IDs and certificates with webmail. He also discusses how and where to secure these devices to ensure your e-mail system is secure.Continue Reading
Personal qualifications of an information security manager
Charles Cresson Wood outlines the personal qualifications every information security manager should possess in this excerpt from Information Security Roles and Responsibilities Made Easy.Continue Reading
Encryption detection
In the Ask the Expert Q&A, Michael Cobb, our application security expert discusses if it is possible to detect encryption. He also takes a closer look at steganography, explains what it is and how it is used to secure e-mail communications.Continue Reading
Imprivata's OneSign 2.8 - Single Sign-On
Imprivata's OneSign 2.8Continue Reading
Top 5 Hacker Tools: Google hacker, password cracker, WLAN detector
Read about five must-have hacker tools: WikTo, a Web scanner and Google hacking tool; Paros Proxy, a Web application manipulation proxy; Cain and Abel, a password sniffer/cracker; Winfingerprint, a Windows configuration harvester; and Wellenreiter, ...Continue Reading
Risk management methodologies
Expert advice regarding best practices for risk management methodologies. Also learn how vulnerability management and risk management tools differ and how they can help protect your environment.Continue Reading
How to configure an FTP server with SSL
In this expert response, security expert Michael Cobb explains how to securely configure an FTP server with Secure Socket Layering (SSL).Continue Reading
Storing hashed, encrypted values in a database
Expert advice on storing hashed and encrypted values in a database.Continue Reading
Testing a security patch
Learn tool and techniques you can use to test a security patch prior to deployment.Continue Reading
Wireless security review: Juniper Networks' Netscreen-5GT Wireless
Juniper Networks' Netscreen-5GT WirelessContinue Reading
Intrusion Detection: Tripwire's Enterprise 5.0
June 2005 review of Tripwire's Enterprise 5.0Continue Reading
nCircle's IP360 Vulnerability Management System product review
Product review of nCircle's IP360 Vulnerability Management System pricing, setup, configuration, assessment, and installation feature information.Continue Reading
Five essentials of a patch management solution
Learn the key criteria you need to consider when purchasing a patch management solution to ensure it is effective.Continue Reading
Pre-CISSP: Options for the security newbie
Shon Harris advises novice security practitioners on the value of entry-level certifications -- and good, old-fashioned experience -- in preparation for the CISSP®.Continue Reading
Who's responsible for security? Everyone!
Learn how to decentralize security responsibility in your organization.Continue Reading
How to configure Snort variables
Learn how to define Snort's configuration variables.Continue Reading
Snapping on SNMPv3
The ubiquitous management protocol is more secure, but upgrading isn't simple.Continue Reading
Dos and don'ts for passing the CISSP exam
From choosing an exam date to answering the questions, here are some dos and don'ts for CISSP exam success.Continue Reading
Identity and Access Management: Provisioning
Wireless security product review: AirTight Networks' SpectraGuard 2.0
A review of AirTight Networks' SpectraGuard 2.0Continue Reading
SSHv2: Safe & Secure
The overhauled encryption protocol helps harden networks.Continue Reading
Quiz: Vulnerability management
Test your knowledge of vulnerability management process and methodology with this quiz by Shon Harris, CISSP.Continue Reading
The Myths of Security
The ancient Greeks spun myths to explain the unexplainable. Modern enterprises use commonly held myths as a foundation for security.Continue Reading
Best practices: Making vendor pitches work for you
Get the most out of vendor calls with these best practices.Continue Reading
Vulnerability testing with Open Vulnerability Assessment Language
Learn how the Open Vulnerability Assessment Language (OVAL) can help organizations improve vulnerability testing processes.Continue Reading
Simplify with SIM: Evaluating security information management systems
Security information management tools are key to refining the deluge of raw data in an enterprise network into actionable intelligence. Expert Joel Snyder discusses.Continue Reading
Password security issues: How enterprise single sign-on can help
Learn how the U.S. Postal Service has reduced password security issues and improved productivity by leveraging enterprise single sign-on.Continue Reading
Benefits of encryption: Improving your enterprise IT security structure
Learn the benefits of encryption and how it can be one of the only true secure ways to protect your enterprise.Continue Reading
The downside of cybercrime investigation and prosecution
Prosecuting cybercrime puts your organization -- and your security -- on the hot seat.Continue Reading
Preventing spyware and third-party attacks
Is your IT infrastructure prepared for spyware? In this feature, learn how to prepare your enterprise for spyware and how best to avoid these third-party attacks.Continue Reading
The self-defending network: Is it real technology or market speak?
Cisco and other security vendors are touting the "self-defending" network. Is it real technology or market-speak?Continue Reading
Best practices for choosing an outside IT auditor
Learn six points for choosing the right outside auditor.Continue Reading
Outsourcing best practices: Identifying offshoring risks
Offshoring is good for business, but lax security practices can torpedo your investment.Continue Reading
Service-level agreement management: Defining security policy roles
Does your security plan include expectations or incentives for SLAs? Lawrence Walsh explains why setting standards for your enterprise is essential.Continue Reading
Best practices for writing an information classification policy
When developing your organization's information classification policy, there are three best practices that you should keep in mind.Continue Reading
Firewall responsibilities and firewall timeout features
NAC best practices and technologies to meet corporate security policy
New solutions help you secure endpointsContinue Reading
Week 28: New technical manager challenges and pitfalls
In this column, Shelley Bard offers up some tips for the new technical manager.Continue Reading
Six Sigma and CMM models offer security best practices
Security can learn a lot from Six Sigma, CMM and other established business methodologies.Continue Reading
Tier-1 policy overview: Procurement and contracts, records management
In the fourth and last installment of this tier-1 policy overview series, Thomas Peltier looks at Procurement and Contracts, Records Management and Asset Classification Policies.Continue Reading
Laws of security: 10 security best practices
Learn the laws of security and 10 security best practices.Continue Reading
The future of software security vulnerabilities
The evolution of software security vulnerabilities opens new vistas for business... and the bad guys.Continue Reading
Audit failure: How one lab raised IT security awareness and its audit grade
Learn how Argonne National Lab raised IT security awareness and its audit grade from 'F' to 'A'.Continue Reading
Database security tools for preventing SQL injection attacks
An emerging breed of database security tools is helping security teams spot attackers' favorite techniques, like SQL injection.Continue Reading
Managing change in information security policies
In this tip, security expert Mike Chapple will highlight a five-step process designed to help your organization approach necessary changes to its IT security policies in a formal, yet flexible fashion. He will also provide several questions that ...Continue Reading
Implementing a better operational risk management framework
Hackers don't impact long-term stock prices; rogue traders and lousy products do.Continue Reading
A step-by-step network incident response plan
We need automated response tools that go beyond fledging IPSes. In this tip you will learn how to create an IT incident response plan, step-by-step.Continue Reading
Best practices for security report writing
Concise, targeted security reports command the attention of the executives who need to act on them. Learn best practices for security report writing.Continue Reading
A Patch in Time: Considering automated patch management
Vulnerabilities are followed by patches, followed by exploits, followed by misery. Automated patch management solutions ease the pain and cut costs.Continue Reading
Keys to an effective virus incident-response team
How you recover from a malicious code attack depends on how quickly you respond. Learn how to coordinate a virus incident-response team to help minimize malware damage.Continue Reading
Business continuity roles improve security incident management
IT personnel may be front-line responders, but if they "own" incident management, your enterprise is at risk. Here's a business blueprint for an effective security incident management program with business continuity roles.Continue Reading
Review: RSA ClearTrust 5.5 secure federated identity management system
RSA ClearTrust 5.5 eases the administration of securing Web services identity management across business partners' systems.Continue Reading
Week 1: The security manager's daily checklist
Here's a daily checklist for security managers.Continue Reading
Using control change management to improve attack resistance
Learn how control change management can free your enterprise from the "widget mentality" -- and ensure better attack resistance.Continue Reading
Four steps to ensure security deployment success
Security deployment will go smoother if enterprises step back, ask questions, involve everyone and lower expectations.Continue Reading
Computer Associates' Sanjay Kumar on the once-troubled firm's comeback
Can Computer Associates' Sanjay Kumar convince the world that the once-troubled tech giant has changed?Continue Reading
Vendor liability: Should we be suing for security?
The latest lawsuit against Microsoft revives the legal debate of how much of security is the responsibility of the consumer, and how much is vendor liability.Continue Reading
The security costs of outsourcing software development
Before outsourcing software development, enterprises should make sure they perform due diligence and understand the associated security costs.Continue Reading
Home office security: Seven ways to secure remote employees
Fred Avolio outlines seven strategies enterprises should use to ensure their remote employees participate in good home office security.Continue Reading
Fear factor: Malicious code and why the worst is yet to come
As bad as the malicious code landscape may seem with Code Red, Nimda, and Sobig, Ed Skoudis says you ain't seen nothin' yet.Continue Reading
Controlling Linux root privilege in a Linux environment
If your enterprise has multiple sysadmins, giving them separate accounts is advisable. Su and Sudo can aid in keeping Linux root privilege rooted in safety.Continue Reading
Employee privacy rights: When is it OK to spy on employees?
Having a sound enterprise policy is everything if your organization wants to "spy" on employees -- otherwise it'll find itself violating employee privacy rights.Continue Reading
Frank Abagnale preaches the dangers of hacking
A penitent Frank Abagnale Jr. shuns white-collar crime and fraud, and helps others understand how to guard against the dangers of hacking.Continue Reading
Proactive security: Make offense your best defense
Information Security editorial director Andrew Briney outlines three measures that will help enterprises turn their reactive security into proactive security.Continue Reading
Security survey results: Six information security myths dispelled
A rose is a rose is a rose, but Information Security magazine and SearchSecurity surveys bust six security myths, proving infosec is maturing as a profession and a practice.Continue Reading
Chain of command: Inside Prudential's security management program
Information Security's October 2003 issue examines the security management program at Prudential Financial and why it's processes and people are a rock of information security stability. Also in this issue: how to reduce insider risk, how the ...Continue Reading
Defending the rock: Prudential's security culture and change control management
Cover story: Prudential's ingrained security culture and change control management makes it a security program worth emulating.Continue Reading