Problem solve

Problem solve

Get help with specific problems with your technologies, process and projects.

• Firewall rule management best practices

  Given the growing complexity of firewalls, organizations often have hundreds, even thousands, of rules to review and manage. But configuration doesn't have to be overly complicated. Michael Cobb offers best practices that can allow you to make ... Continue Reading

• A short enterprise VPN deployment guide

  When deploying a VPN in your enterprise, first check out this guide for some basic best practices, including how to define authentication requirements for the VPN and create a written user access policy. Continue Reading

• What is the difference between a VPN and remote control?

  Mike Chapple reviews VPNs, remote controls, and how the two security technologies can be used in tandem. Continue Reading

• What are the disadvantages of proxy-based firewalls?

  Network security expert Mike Chapple explains why he strongly recommends the use of proxy-based firewalls. Continue Reading

• Should enterprises be running multiple firewalls?

  While there may be scenarios where a single firewall is an appropriate architecture for an organization, it's equally true that many environments may benefit from the use of more than one network device Continue Reading

• What are best practices for fiber optic cable security?

  Mike Chapple compares the security of fiber optic cables to copper ones.Continue Reading

• When BIOS updates become malware attacks

  Most security pros don't give the system BIOS a second thought, or even a first one, but today's BIOS types are highly susceptible to malicious hackers. Information security threats expert Sherri Davidoff explains how attackers can plant BIOS ...Continue Reading

• The basics of enterprise GRC project management

  Implementing an enterprise GRC project requires not only the right technology and training, it also requires cooperation with the executives and employees whose systems and daily work functions may change as a result of the implementation. In this ...Continue Reading

• Best practices for a privileged access policy to secure user accounts

  Enterprises need to secure accounts belonging to actual users by reviewing and monitoring their privileged access.Continue Reading

• Are Web application penetration tests still important?

  Web application penetration tests continue to be an important part of the secure software development lifecycle process in order to reduce the number and severity of security-related design and coding errors.Continue Reading

• The top 5 network security practices

  Looking to brush up your network security practices? Check out these top five recommendations from expert Mike Chapple.Continue Reading

• The requirements needed to make an external penetration test legal

  Rule number one of pen testing: Make sure you have permission in hand before you begin. But there's much more than this needed to perform a successful penetration test on a wireless network.Continue Reading

• Creating an SSL connection between servers

  Learn the most secure way to create and SSL connection between servers with this advice from network security expert Mike Chapple.Continue Reading

• How to align an information security framework to your business model

  CISOs should consider blending traditional business models with information security frameworks, and not rely solely on regulations to drive security programs.Continue Reading

• Comparing an application proxy firewall and a gateway server firewall

  There are many types of firewalls in use in today's enterprises, so it's easy to get confused about the functions of each. In this expert response, learn the difference between a proxy server firewall and a gateway server firewall.Continue Reading

• Rootkit Hunter demo: Detect and remove Linux rootkits

  Peter Giannoulis of The Academy Home and The Academy Pro demonstrates how to install and use Rootkit Hunter, a free rootkit scanner for Linux and BSD distributions.Continue Reading

• How to set up a DMZ

  Looking to set up a DMZ? Look no further. In this expert response, Mike Chapple explains the steps to creating a demilitarized zone.Continue Reading

• IPS and IDS deployment strategies

  Deploying an IDS and an IPS system may seem like two different tasks, but really the two are closely related. Mike Chapple weighs in on the similarities of the deployment strategies.Continue Reading

• Best practices: How to implement and maintain enterprise user roles

  Effective enterprise role management is essential for properly managing user access rights and enforcing access policies, but the implementation process can be challenging. In this tip, Forrester Research Principal Analyst Andras Cser offers a ...Continue Reading

• How to find and stop automated SQL injection attacks

  Automated SQL injection worms use search engines to filter through vulnerable Web servers. In this tip, Patrick Szeto explains how to keep your website off of the malware's radar.Continue Reading

• How to fill patch management gaps using Microsoft MBSA

  Microsoft Baseline Security Analyzer examines and quantitatively summarizes the state of your organization's Windows security.Continue Reading

• An inside look at security log management forensics investigations

  David Strom provides some examples of log data that provided key clues to enterprise data breaches.Continue Reading

• How to implement PCI network segmentation

  When trying to comply with PCI DSS, network segmentation can be a tricky subject. In this expert response, Mike Chapple explains how to separate payment system's credit card processing functionality from the rest of an enterprise network.Continue Reading

• How to find sensitive information on the endpoint

  Worried that your enterprise endpoints may be harboring sensitive information like credit card numbers or Social Security numbers? Fear not. Mike Chapple offers algorithms and tools to conduct a search and advice on dealing with the results.Continue Reading

• Five steps to eliminate rogue wireless access

  Unauthorized wireless access points aren't always malicious. Learn how to distinguish between them and mitigate threats posed by rogue APs.Continue Reading

• When to use open source security tools over commercial products

  When budgets are cut and open networks still need securing, it may be helpful to try open source security tools as a sufficient and affordable alternative to pricey commercial products.Continue Reading

• How to spot attacks through Apache Web server log analysis

  Log analysis requires refined search skills that will help you ferret out security issues. Brad Causey explains how to sift through log data and find the relevant security information.Continue Reading

• Should IDS and SIM/SEM/SIEM be used for network intrusion monitoring?

  Is it enough just to monitor log data, or does that data need to be fed into a SIM/SEM/SIEM product in order to ease the data analysis process? Network security expert Mike Chapple weighs in.Continue Reading

• How to analyze a TCP and UDP network traffic spike

  What does it mean when TCP and UDP network traffic spikes? Network security expert Mike Chapple explains what this means for enterprise network security management.Continue Reading

• How to perform a network forensic analysis and investigation

  Situation: A breach has occurred at your enterprise, and you need to gather relevant data, fast. What tools can you use to get the job done? In this expert response, Mike Chapple gives pointers on which network forensic analysis tools can help.Continue Reading

• Kerberos configuration as an authentication system for single sign-on

  Looking to implement single sign-on in your enterprise, but have a lot of custom applications that don't seem compatible? In this tip, IAM expert David Griffeth takes a look at Kerberos, a non-proprietary IAM tool, as a solution to network ...Continue Reading

• Can S/MIME, XML and IPsec operate in one protocol layer?

  It is possible to build security systems that reside within a single layer of the OSI model, but why limit yourself?Continue Reading

• How to configure firewall ports for webmail system implementation

  Network security expert Mike Chapple explains why he always recommends placing any server accessible from the Internet into the DMZ.Continue Reading

• What does 'invoked by uid 78' mean?

  Are you seeing a 'uid 78' in your emails? In this expert response, Michael Cobb explains what the message means.Continue Reading

• What are the best practices for IPS implementation?

  Implementing an intrusion prevention system can be a tricky proposition. Network expert Mike Chapple explains some common IPS deployment challenges.Continue Reading

• How to create a secure network through a shared Internet connection

  When setting up a corporate network through a shared Internet connection, security is of paramount importance. Learn best practices for creating this kind of network from expert Mike Chapple.Continue Reading

• What security software should be installed on Internet café computers?

  The security provided by many Internet cafes and other similar public access points has greatly improved over the last few years. But that's no substitute for due diligence on the part of users, says expert Michael Cobb.Continue Reading

• How to harden Linux operating systems

  Specific advice on hardening a server depends to some extent on its intended role, says expert Michael Cobb in this SearchSecurity.com Q&A.Continue Reading

• What are today's antivirus software trends?

  Expert John Strand reveals two exciting trends in antivirus software.Continue Reading

• How to detect input validation errors and vulnerabilities

  Expert John Strand reviews how to spot input validation flaws on your websites.Continue Reading

• How secure are iPhone App Store mobile applications?

  Expert Michael Cobb reviews the steps that Apple has taken to ensure the quality and safety of any applications developed for the iPhone.Continue Reading

• Data loss prevention benefits in the real world

  DLP promises strong data protection via content inspection and security monitoring, but real-world implementations can be complex and expensive; these eight real-world lessons help you use DLP to its fullest.Continue Reading

• The telltale signs of a network attack

  Some people believe that if IP addresses from China are attacking their network, then they are under attack from China. Expert John Strand explains why all that it is irrelevant.Continue Reading

• How to detect keyloggers

  In this expert response, Michael Cobb explains how to detect the many rootkits available to today's attackers.Continue Reading

• Data security best practices for PCI DSS compliance

  The glut of recent data breaches, such as the one at Heartland Payment Systems Inc., leaves some security pros wondering if PCI DSS is doing its job. Is it worth all the effort to become PCI compliant if breaches still seem inevitable? In this ...Continue Reading

• How to set up a corporate cell phone management strategy

  Mobile devices are ubiquitous in today's enterprise environments, but how can security pros keep them from becoming malware-laden, data-leaking devices? In this expert response, Mike Chapple gives pointers on a corporate cell phone management ...Continue Reading

• Vulnerability test methods for application security assessments

  Learn what to do when you have a huge portfolio of potentially insecure applications, limited resources and an overwhelming sense of urgency.Continue Reading

• Best practices for log data retention

  Figuring out how long to retain log data and how much log data should be kept in the event of incident response can be tricky to navigate. In this information security management expert response, David Mortman gives best practices for log data ...Continue Reading

• How to secure SSL following new man-in-the-middle SSL attacks

  Man-in-the-middle SSL attacks at Black Hat D.C. exposed a flaw in the https structure, so how can you avoid such an attack at your enterprise? Find out in Mike Chapple's expert response.Continue Reading

• How to avoid HIPAA Social Security number compliance violations

  It can be difficult to decipher what a HIPAA Social Security number violation is. In this information security management expert response, David Mortman explains how to avoid HIPAA SSN violations as an employer.Continue Reading

• How do I transition to a career in IT security?

  Looking to move into a career in IT security? Network security expert Mike Chapple how to take a business or sales background and turn it into just that.Continue Reading

• How to clear out anonymous Web proxy servers in the workplace

  Enterprises may use Web filtering software to limit Internet use, but some employees may respond right back with easily available anonymizing proxies. John Strand explains how to keep your users from bypassing content filters.Continue Reading

• How to use (almost) free tools to find sensitive data

  No matter how much security awareness training employees get, some of them will still store sensitive data in insecure places. As a security manager, finding that data becomes of paramount importance -- but how to do it? In this tip, John Soltys ...Continue Reading

• How to integrate the security of both physical and virtual machines

  According to a recent Gartner Inc. research report, 60% of virtual machines will be less secure than their physical counterparts through 2009. Michael Cobb explores the challenges of securing a mixed infrastructure of physical and virtual machines.Continue Reading

• How many firewalls do you need?

  Whether your organizations needs multiple sets of firewalls depends on whether they will protect clients, servers or both and what kind of traffic they will monitor.Continue Reading

• From the gateway to the application: Effective access control strategies

  Organizations need to strike a balance between so-called front-door access control and more fine grained controls established within an application itself. This article discusses the difference between products designed to set access at the gateway ...Continue Reading

• A simple substitution cipher vs. one-time pad software

  Both a simple subsitution cipher and one-time pad software have data encryption benefits despite their differences.Continue Reading

• Recovering lost passwords with Cain & Abel

  In his latest screencast, Peter Giannoulis of The AcademyPro.com demonstrates how to use the Cain & Abel tool to decipher or track down lost passwords..Continue Reading

• What are common (and uncommon) unified threat management features?

  Unified threat management products have gained popularity because they bring multiple security tools together into one appliance. In this SearchSecurity.com Q&A, Michael Cobb reviews just what those security tools are.Continue Reading

• When should a virtual patch be used?

  Learn how virtual patches can help administrators review, test and schedule official patch updates and find out about the benefits a virtual patch provides, such as protection against identified vulnerabilities.Continue Reading

• Is it more secure to have a mainframe or a collection of servers?

  The general public may think that mainframe computing is a thing of the past, but expert Michael Cobb reviews why the mainframe is still the cornerstone most large IT projects.Continue Reading

• How to estimate log generation rates

  In this expert response, Mike Chapple explains why estimating log generation rates is so difficult.Continue Reading

• What is the best operating system for an FTP server implementation?

  When it comes to recommending an operating system for a task such as hosting an FTP server, expert Michael Cobb says it depends on what in-house expertise you have.Continue Reading

• Strategies for email archiving and meeting compliance regulations

  According to a recent study, 29% of surveyed IT professionals archive their email for compliance reasons. Michael Cobb reviews compliance regulations that demand email archiving and how such products can ease some of the pain that comes with the ...Continue Reading

• Understanding the FFIEC remote deposit capture guidance

  Federal banking regulators recently released guidance for assessing and managing risks associated with remote deposit capture. In this tip, Dan Fisher explains the key components of the guidance, including its definition of RDC and how it emphasizes...Continue Reading

• How does a Web server model differ from an application server model?

  A Web server model and an application server model share many similarities but require different defense methods. Each model, for example, calls for distinct placement of application servers.Continue Reading

• Are wireless networks inherently insecure?

  Wireless access protection and WPA2 are both good ways to keep networks secure, though nothing's perfect. Network security expert Mike Chapple expounds.Continue Reading

• How should a company's security program define roles and responsibilities?

  In many organizations, it's not uncommon for physical, legal and information security departments to step on each other's toes. In this expert Q&A, security management pro Shon Harris reveals how a CSO can bring these teams together and implement a ...Continue Reading

• What are the benefits of employee security awareness training?

  In this Q&A, security management expert Mike Rothman discusses the short-term and long-term benefits of employee security awareness training.Continue Reading

• How should multiple firewall rules be managed?

  Even with a change management system, firewall rule bases can become a nightmare for administrators. In this Q&A, network security expert Mike Chapple points out incorrect, overlapping and unused rules that can ruin your firewall.Continue Reading

• What are ways to measure security risks, threats and vulnerabilities?

  In this Q&A, security management expert Mike Rothman offers advice on the most effective ways to manage and access security risks, threats and vulnerabilities within an enterprise.Continue Reading

• What are the risks associated with outsourcing security services?

  In this expert Q&A, security management pro Mike Rothman discusses why outsourcing security services could be a bad idea.Continue Reading

• Should a firewall ever be placed before the router?

  In terms of unit cost, it's generally much cheaper for a router to handle a packet than for a firewall to analyze it. But as network security expert Mike Chapple explains, one does not necessarily have to be placed before the other.Continue Reading

• File format vulnerabilities: Protecting your applications

  From WMF to the latest Excel file exploits, it's clear that attacks targeting file format vulnerabilities are on the rise. In this tip, network security expert Mike Chapple examines why files have become a tempting vector, and explores what can be ...Continue Reading

• IPsec tunneling: Exploring the security risks

  As part of his monthly responses to readers, Mike Chapple reveals some information about VPNs that many may not want to hear.Continue Reading

• How to conduct firewall configuration reviews

  As any firewall administrator knows, it's all too easy for a rule base to become convoluted over time, containing rules that may be outdated or simply incorrect. In this SearchSecurity.com Q&A, network security expert Mike Chapple reveals how to ...Continue Reading

• What are the ethical issues when consulting for two competing companies?

  Security consulting is a job in which privacy is paramount. Leaking security strategies to the wrong people -- especially a company's competition -- could lead to breaches or break ins. In this expert response, David Mortman gives best practices for...Continue Reading

• How to prevent SSH brute force attacks

  Brute force attacks on the Secure Shell (SSH) service have been used more frequently to compromise accounts and passwords. Expert John Strand explains how to defend against these brute-force threats.Continue Reading

• How to perform a network device audit

  From unauthorized applications to rogue devices like data-slurping USB sticks, enterprise networks face a growing number of security risks. For financial-services firms, the data loss or network intrusions that can result from unauthorized network ...Continue Reading

• When should a database application be placed in a DMZ?

  Mike Chapple explains the best network location for an important database application. Chapple also reveals the appropriate level of access to grant remote users.Continue Reading

• What are the security risks of opening port 110 and port 25?

  If an external manufacturer wants to remotely access its leased copiers, is it risky to open both port 110 or port 25? Mike Chapple reveals a few security repercussions.Continue Reading

• Can Google Earth and other mash-up applications threaten enterprise security?

  In an expert Q&A, Michael Cobb explores the security issues that occur when an emerging mash-up application like Google Earth is used in the enterprise.Continue Reading

• How to defend against data-pilfering attacks

  In this video from Information Security Decisions 2008, Mandiant's Kevin Mandia details data-pilfering attacks and the four ways hackers can penetrate a network.Continue Reading

• How do I get CPE credits?

  Congratulations, you've earned your CISSP certificate. Now, what are some ways to get CPE credits to keep it up? Find out in this security management expert response.Continue Reading

• Can you combine RFID tag technology with GPS to track stolen goods?

  When laptops or smartphones are stolen, retrieving them can mean the difference between a data breach a close call. Learn if it's possible to combine RFID tag technology with GPS devices for tracking stolen goods to their exact location, and if so ...Continue Reading

• What is the cause of an 'intrusion attempt' message?

  Have you ever received a message from your endpoint security product stating that an intrusion attempt has been blocked? Mike Chapple gives three possibilities for the alert's likely cause.Continue Reading

• Comparing FTP vs. TFTP

  There are some differences between FTP and TFTP, but here's the catch: both are inherently insecure protocols.Continue Reading

• Front-end/back-end firewalls vs. chassis-based firewalls

  Network security expert Mike Chapple explores the different characteristics of devices using a front-end/back-end topology and chassis-based firewalls.Continue Reading

• How to configure a firewall to communicate with an upstream router

  When incorprating a new firewall product, configuration problems can occur between the network device and the router. Mike Chapple reviews some common implementation problems.Continue Reading

• How to prevent cross-site scripting (XSS) session hijacking

  Cross-site scripting and SQL injections still providing hackers with plenty of opportunities to successfully access data or take control of a compromised machine. MIchael Cobb explains how you can improve your application defenses.Continue Reading

• How easily can spyware be placed on a mobile phone?

  John Strand reveals just how easy it is for malware and spyware to be placed on your mobile devices.Continue Reading

• End-user Compliance: Creating a security awareness training program

  Security awareness training is a must, but what's the best way to create a successful program, and what are the tell-tale signs that it's working? In this tip, security management expert David Mortman explains how to create general as well as ...Continue Reading

• How to prevent clickjacking attacks with security policy, not technology

  Clickjacking, an emerging hacker technique similar to cross-site scripting, tricks a user into executing malicious commands on a seemingly legitimate or innocent website. John Strand reviews how the attack works, how it compares to ...Continue Reading

• Can any firm or organization get a digital signature certificate?

  Learn how a firm can obtain a digital signature certificate. Also, learn about several certificate authorities (CA) that manage them.Continue Reading

• What firewall controls should be placed on the VPN?

  The level of control you place on VPN traffic should be at least as strong as the level of control you place on traffic from similar users on your corporate network. Network expert Mike Chapple explains which firewall controls are necessary.Continue Reading

• What OSI Layer 4 protocol does FTP use to guarantee data delivery?

  What OSI Layer 4 protocol does FTP use to guarantee data delivery?Continue Reading

• How to obtain a digital certificate for a server

  In order to use SSL-protected communications, such as exchanging Web traffic using the HTTPS protocol, an enterprise must first purchase and then install a digital certificate on its server. In this expert Q&A, Mike Chapple explains how to do just ...Continue Reading

• Should the CTO have domain administrator access?

  Should a CTO or SVP of technology have domain administrator access? In this identity and access management expert response, learn whose job description should include domain administrator privileges.Continue Reading

• Deleting user accounts: How to manage users during a layoff

  When budgets get cut across the enterprise, it's likely that employees will get cut, too. So what's the best way to handle a large number of user account modifications or deletions? IAM expert David Griffeth offers a step-by-step process for ...Continue Reading

• What are 'phlashing' attacks?

  Phlashing attacks target network devices and other hardware systems that rely upon firmware to contain their operating systems. Network security expert Mike Chapple explains why the threat is more than theoretical.Continue Reading