News

November 15, 2004 15 Nov'04
Open-source IPS testing tool released

Free tool can gauge effectiveness, performance of IPS devices.
October 06, 2004 06 Oct'04
302 and 404: Key SOX requirements for security managers.

SOX is mandatory for most public corporations and focuses on regulating corporate behavior to protect financial audit records. Read about the three main areas of SOX that affect IT: Sections 302, 404 and 802.
October 06, 2004 06 Oct'04
'Typical' SOX violations

Sarbanes-Oxley contains many features, but there are two that stand out from an IT security perspective.
October 06, 2004 06 Oct'04
Spyware vs. spyware: Employer and employee monitoring

What rights and responsibilities do employers and employees have when monitoring others' use of company systems?
August 18, 2004 18 Aug'04
Graphical passwords still far from picture perfect

The proliferation of data and devices is making more enterprises consider graphics-based authentication, from which arises a greater pool of possibilities -- and problems.
Sponsored News
- It’s Time to Modernize Your SOC
  
  Sponsored by Microsoft - With the shift to remote work caused by COVID-19, Security Operations Centers (SOCs) are under more pressure than ever, particularly with many SOC workers also working from home. Today’s reality is that SOCs have to embrace a new way of working in order to keep their analysts and admins effective and to ensure that morale doesn’t collapse under the weight of too much work and pressure. See More
- 6 Factors to Consider in Building Resilience Now
  
  Sponsored by Microsoft - COVID-19 has been, and continues to be, a stark reminder of the importance of business resilience. Organizations of all types and sizes have had to adjust to rapidly changing and unpredictable circumstances: A shift to remote work, supply chain disruptions, new digitally driven business models and an environment where uncertainty is the rule, not the exception. See More
- Why Zero Trust, Why Now
  
  Sponsored by Microsoft - The concept of a Zero Trust cybersecurity architecture has been around for more than a decade, but adoption didn’t really begin to take hold until the past couple of years. As with many technology innovations, it hasn’t always been clear just what Zero Trust is all about and, more important, how to implement it easily and cost effectively. See More
- 5 Best Practices To Secure Remote Workers
  
  Sponsored by Microsoft - The impact of COVID-19 has changed the dynamics and landscape of remote work for at least the foreseeable future and, probably, forever. All of a sudden, organizations across all industries had to scale remote workers at unprecedented intensity and speed. See More
View All Sponsored News
June 17, 2004 17 Jun'04
Application security: How much does software really cost?

When purchasing software, asking tough questions and other steps can help you to determine application security -- a major component of the total cost of ownership.
June 01, 2004 01 Jun'04
Firewall and system logs: Using log file analysis for defense

Log analysis is the most under-appreciated, unsexy aspect of infosecurity, yet Marcus Ranum says it's one of the most important.
May 27, 2004 27 May'04
Case study: L.A. health alerts don't miss a beat

Los Angeles County Department of Health Services bioterrorism IT coordinator David Cardenas fields and distributes about a dozen serious health alerts to physicians, hospitals and response agencies and must ensure the flow of such sensitive ...
April 01, 2004 01 Apr'04
Using tax depreciation to increase security budgets

The depreciation of capital assets, such as security hardware and software, is a tax benefit that every infosec manager should take into consideration.
April 01, 2004 01 Apr'04
Cyberwar myths: Are cyberwarfare and cyberterrorism overblown?

Marcus Ranum explains why the whole notion of cyberwarfare is a scam.
April 01, 2004 01 Apr'04
Database security tools for preventing SQL injection attacks

An emerging breed of database security tools is helping security teams spot attackers' favorite techniques, like SQL injection.
March 04, 2004 04 Mar'04
Dangers of .zip files

Reader inquiries about security issues surrounding .zip files prompted a Q&A with Wild List moderator Bruce Hughes, who cites more than 40 worms since 1999 that have taken advantage of the compressed file format to spread.
March 01, 2004 01 Mar'04
Firewall comparison: Packet-filtering firewalls versus proxy firewalls

Stateful packet-filtering firewalls account for more than 90% of the market, but the proxy firewall folks haven't rolled up their tents yet. In this firewall comparision you will discover which is better for your enterprise?
January 05, 2004 05 Jan'04
Face-off: Hiring a hacker

SearchSecurity.com editors Crystal Ferraro and Mia Shopis take up the debate of whether enterprises should hire reformed hackers.
October 14, 2003 14 Oct'03
Logical integration: Physical and IT security

In this interview, the security officer for Terminal 4 at JFK International Airport talks about the integration of logical and physical security, and the role biometrics can play.
August 19, 2003 19 Aug'03
Benevolent Nachi worm doing more harm than good

The Nachi worm, which tries to delete the Lovsan worm and patch infected systems, is clogging internal networks with trash traffic.
August 03, 2003 03 Aug'03
Examining device-based authentication

Combining device-based authentication technology with existing user-based authentication would be appealing for many organizations, but technical details remain unclear.
June 02, 2003 02 Jun'03
How to learn IT security in your spare time

When considering how to learn IT security, never underestimate the power of a few minutes of downtime.
April 01, 2003 01 Apr'03
Network packet analyzers enable enterprise 'packet peeking'

Marcus Ranum explains how network packet analyzers offer a worm's-eye view of what's traversing an enterprise network.
January 22, 2003 22 Jan'03
Remote Access Trojans warrant attention

Smell a RAT? Some security experts predict you will at some point during 2003. Remote access Trojans often leave backdoors wide open for attackers to prowl through your company's networks or systems.
December 20, 2002 20 Dec'02
The virus name game

If you're a virus writer, don't expect to have your nefarious work named after your favorite dog, diet drink or exotic dancer. Antivirus researchers have first dibs on virus names.
November 27, 2002 27 Nov'02
4- Virus Management

Top issues
October 24, 2002 24 Oct'02
Debugging IPsec VPNs: Questions and answers

SearchSecurity recently invited networking expert Lisa Phifer to speak about troubleshooting IPSec VPNs. We ran out of time during the Webcast for her to answer several questions from the audience, but, she answers those questions here. Phifer is ...
October 03, 2002 03 Oct'02
SANS, FBI identify top 20 Windows, Unix vulnerabilities

SANS, FBI identify top 20 Windows, Unix vulnerabilities
September 13, 2002 13 Sep'02
Tutorial test answers: Intrusion detection basics

Here are the answers to the intrusion detection basics test based on the tutorial Webcast.
July 23, 2002 23 Jul'02
PHP flaw could crash, burn Web servers

PHP flaw could crash, burn Web servers
July 23, 2002 23 Jul'02
Quick Takes: Major vendors throw support at SAML

Quick Takes: Major vendors throw support at SAML
March 29, 2002 29 Mar'02
Crypto for VPNs: Questions and answers

SearchSecurity recently invited networking expert Lisa Phifer to speak about understanding IPSec VPN crypto. We ran out of time during the Webcast for her to answer several questions from the audience, but, she answers those questions here. If you ...
March 18, 2002 18 Mar'02
Authentication questions and answers

SearchSecurity invited author and security expert Dr. Richard Smith to speak about authentication and his recently published book on the subject last month. We ran out of time during the Webcast for him to answer several questions from the audience,...
December 13, 2000 13 Dec'00
Political hacking: Crime or activism?

News

Sponsored News