Manage
Learn to apply best practices and optimize your operations.
Manage
Learn to apply best practices and optimize your operations.
Incident response policies and procedures
Learn how policies and procedures fit in incident response. Continue Reading
Cybersecurity and boards of directors: Understanding corporate risk
Learn how corporate risk can be capitalized on in order to maintain a high profile for cybersecurity among enterprise board of directors. Continue Reading
Dorothy Denning: Leading authority on cybercrime, information warfare
The longtime computer science professor is one of the world's top authorities on encryption and cyberterrorism. Continue Reading
-
Women of vision: Honoring 25 outstanding women of IT security
Cover story: Profiling 25 outstanding technologists, researchers and executives who are reshaping information security. Continue Reading
History of IPSec, SSL VPN products: How will the market change?
Today's SSL VPNs address a single problem: secure remote access. Will that be enough to sustain the vendors in this market? History offers some clues. Continue Reading
Examining device-based authentication
Combining device-based authentication technology with existing user-based authentication would be appealing for many organizations, but technical details remain unclear.Continue Reading
Working with Linux: Disable service to improve network security
Linux security expert Jay Beale offers a code-by-code instructional walk-through to help system administrators disable Linux services.Continue Reading
Web services security best practices: Presentation and application architectures
Splitting the presentation and application architecture layers allows for checking each SOAP packet request and is a necessary Web service security best practice.Continue Reading
Beyond network perimeter defense: A 'submarine warfare' strategy
Today's attacker can be anywhere, meaning network perimeter defense alone is futile. Change your thinking, and your tactics.Continue Reading
Case study: SSL VPN enables secure remote email access
A global minerals firm seeking secure remote email tested other systems before choosing an SSL VPN.Continue Reading
-
Virus protection: Prevention, detection, response
How to prevent, detect and respond.Continue Reading
Firewall checkup: Testing your firewall's health
Uncover six important steps for testing your firewall to make sure it is running safely and smoothly.Continue Reading
How to address SAN architecture security weaknesses
SAN technology has burst out of the data center, exposing the world to SAN architecture security weaknesses.Continue Reading
IPSec best practices to secure IP-based storage systems
Learn the security challenges associated with IP-based storage systems and uncover IPSec best practices to help ensure system safety without sacrificing performance.Continue Reading
How to avoid federal Wiretap Act issues with a honeypot network security system
Hackers have rights, too. How can you deploy honeypots without running afoul of the law?Continue Reading
Using decision-tree modeling to determine paths of attack
Learn how one startup leverages decision-tree modeling to identify unwanted outcomes.Continue Reading
Honeypot technology: How honeypots work in the enterprise
The founder of the Honeynet Project explains how honeypots work and how they complement other technologies.Continue Reading
IT risk assessment: Using security resource planning products to improve
Enterprise risk management is a delicate balancing act. A look at three "security resource planning" products that seek to bring order to the process.Continue Reading
Establishing a Metrics Management System
This chapter is designed to provide basic guidance necessary for the development of a metrics methodology to understand what, why, when and how infosec can be measured.Continue Reading
How to learn IT security in your spare time
When considering how to learn IT security, never underestimate the power of a few minutes of downtime.Continue Reading
Keeping security initiatives on track through executive, management turnover
How to keep enterprise security initiatives on track...even when there are cracks in the corporate ladder.Continue Reading
The security risk management lifecycle framework
Learn about the seven steps in the enterprise information security risk management lifecycle framework.Continue Reading
Test center: CORE IMPACT 3.1 automated pen testing tool
Numerous mistakes tarnish the benefits of CORE Security's CORE IMPACT 3.1 automated pen testing tool.Continue Reading
Top challenges facing defense-in-depth firewall technology
Defense-in-depth firewall technology may offer value, but there are six barriers thwarting firewall technology on the port level.Continue Reading
Designing a defense-in-depth network security model
We challenged networking and firewall vendors to provide defense-in-depth security from the perimeter to the core. Their responses give us a glimpse into the future of enterprise network security.Continue Reading
CISSP study plan: CISSP prep books, guides and resources
Check out Andrew Briney's CISSP study plan recommendations on the best CISSP prep books, guides and websites.Continue Reading
Preparing for CISSP exam questions: What to expect
Anybody who says the CISSP exam is easy isn't telling the whole story. There are plenty of difficult questions--some legitimate, some goofy.Continue Reading
VoIP network security protocols: Is VoIP secure?
Is your network equal to the task? Are you willing to risk exposing data and voice on the Internet?Continue Reading
WLAN security: Best practices for wireless network security
WEP and war drivers scaring you away? Try these wireless network security basics and best practices to protect your enterprise.Continue Reading
Merging firewalls: Making your enterprise more secure with Sidewinder
Review: Secure Computing creates an impressive product by merging two leading firewalls into the Sidewinder G2.Continue Reading
Network packet analyzers enable enterprise 'packet peeking'
Marcus Ranum explains how network packet analyzers offer a worm's-eye view of what's traversing an enterprise network.Continue Reading
Examining Windows Server 2003 operating system security
Microsoft promised Windows Server 2003 would be "secure by design, secure by default and secure in deployment." We took the wrapper off this new OS to see if it lives up to expectations.Continue Reading
Exposing and addressing wireless security concerns
Campus IT managers' emphasis on wireless security puts them at the head of the class.Continue Reading
Keeping WLANs safe with WLAN security tools
Check out a variety of seurity managers tools to help keep WLANs safe.Continue Reading
Protect Active Directory traffic with a VPN
Active Directory network traffic is mission critical and highly sensitive, and must be protected by a VPN.Continue Reading
Six steps for security patch management best practices
Six steps to help decide when you must patch...and when it's OK to wait.Continue Reading
Security audit tools: Vendors every auditor should use
Sidebar: An auditor should be familiar with a variety of tools and utilities, not just a single packaged scanner. They include utilities and power tools, both open source and commercial.Continue Reading
Egress filtering
A look at some policies for egress filtering that can help limit your liability in DDoS attacks.Continue Reading
Roundtable: Advice on IT security budget management
Four CISOs discuss practical strategies for getting the security budget you need, and spending it wisely.Continue Reading
IT security auditing: Best practices for conducting audits
Even if you hate security audits, it's in your best interest to make sure they're done right.Continue Reading
Tips and tricks for IDS deployment best practices
Intrusion detection remains an over-hyped technology because most companies have no idea what to do with it.Continue Reading
Best practices for securing remote-access solutions
Using HoneyD configurations to build honeypot systems
Spoofing, diversion and obfuscation are all part of honeyd's powerful arsenal.Continue Reading
Is it best to focus on the technical or business side for a management position?
4- Virus Management
Top issuesContinue Reading
Firewall best practices
Kevin Beaver lists suggested best practices for managing your firewall in this Network Security Tip.Continue Reading
Pitfalls of security layers (and how to avoid them)
Overtaxed and mismatched security layers can affect many aspects of the enterprise, which can have long-lasting negative effects.Continue Reading
CISSP requirements: Can (ISC)2 verify its applicants?
While CISSP requirements are extensive, some unqualified applicants are slipping through. The way in which potential candidates are evaluated for the CISSP is going to change.Continue Reading
What the virtual perimeter means for firewall technology
Firewall technology makes it easier for businesses to recognize potential threats. With a virtual perimeter, enterprises can modify and adjust certain firewalls to their benefit.Continue Reading
An inside look at types of Microsoft security patches
Expert Russ Cooper explains the various Microsoft security patches and updates, detailing how they range from fixing specific problems to enhancing customer experience.Continue Reading
Twelve ways to reduce PGP-based file transfer security risks
Learn why PGP systems, which are designed for file transfer security, are a good alternative to using VPNs.Continue Reading
Fighting viruses: Seven things you should know about antivirus tools
Learn what you should and shouldn't do when it comes to fighting viruses as Rob Rosenberger debunks myths about AV software, updates, reports and unexploited vulnerabilities.Continue Reading
Centralized antivirus management: Get a bird's-eye view of AV defenses
Centralized antivirus management technologies provide enterprises a bird's-eye view of AV defenses and establish applications that protect against unwanted malware and viruses.Continue Reading
Predicting the future of malware and tomorrow's malicious code
The future of malware will grow exponentially. David Harley presents his predictions on blended threats, e-mail exploits, social engineering and more.Continue Reading
Thirteen website attacks that damage an enterprise's Web presence
Many website attacks are potentially dangerous and can damage an organization's Web presence. Learn about the most common attacks and how they function.Continue Reading
CRM privacy management: How you can help
In this edition of Scheier's Security Roundup, Robert Scheier explains the security admin's role in customer privacy.Continue Reading
Information security professional: What's in a name?
Uncover the new faces of information security and explore how the industry is changing and adapting to a surge of high-tech, computer savvy information security professionals.Continue Reading
Building blocks of an identity management system
Learn best practices for securing an identity management system for users inside and outside of the organization without reducing security effectiveness.Continue Reading
Access control issues: The unsolvable problem
Access control issues can be remedied when properly implemented tools are used and today's developers avoid the mistakes made by their predecessors.Continue Reading
How to ease password security problems
Learn how self-service reset and password synchronization products are a new and cost-effective solution for easing enterprise password security problems.Continue Reading
Automating access management
Robert Scheier takes a look at access management applications.Continue Reading
IIS server patching best practices
Avoid the complications of IIS server patching by securing a system that is resistant to attacks.Continue Reading
Simplify defense-in-depth security with redundant security controls
Synergistic and redundant security controls are a more effective and more realistic defense-in-depth strategy than cashing out on a single line of protection.Continue Reading
Reduce Windows command line scripting risks with least privilege
JP Vossen explains and demonstrates how least privilege can be used to prevent attackers from gaining administrative access when using Windows command line scripting.Continue Reading
Four steps to sound security vulnerability management
If you're bedeviled by swarms of alerts, you can take control by practicing good security vulnerability management with these four steps.Continue Reading
Gateway filtering and server hardening: Security sans user complaints
Incremental changes, including gateway filtering and server hardening, will lead to a tighter security model without provoking too much user backlash.Continue Reading
Dynamic Host Configuration Protocol and security
Firewall configuration
Managing network security vulnerabilities
Here's some advice for managing network vulnerabilities.Continue Reading