Problem solve
Get help with specific problems with your technologies, process and projects.
Problem solve
Get help with specific problems with your technologies, process and projects.
How to perform a network device audit
From unauthorized applications to rogue devices like data-slurping USB sticks, enterprise networks face a growing number of security risks. For financial-services firms, the data loss or network intrusions that can result from unauthorized network ... Continue Reading
When should a database application be placed in a DMZ?
Mike Chapple explains the best network location for an important database application. Chapple also reveals the appropriate level of access to grant remote users. Continue Reading
What are the security risks of opening port 110 and port 25?
If an external manufacturer wants to remotely access its leased copiers, is it risky to open both port 110 or port 25? Mike Chapple reveals a few security repercussions. Continue Reading
-
Can Google Earth and other mash-up applications threaten enterprise security?
In an expert Q&A, Michael Cobb explores the security issues that occur when an emerging mash-up application like Google Earth is used in the enterprise. Continue Reading
How to defend against data-pilfering attacks
In this video from Information Security Decisions 2008, Mandiant's Kevin Mandia details data-pilfering attacks and the four ways hackers can penetrate a network. Continue Reading
How do I get CPE credits?
Congratulations, you've earned your CISSP certificate. Now, what are some ways to get CPE credits to keep it up? Find out in this security management expert response.Continue Reading
Information security forecast: Security management in 2009
What will the year ahead hold for information security? Learn about the likely trends -- from dealing with questions of enterprise virtualization and SaaS security, to Web application security, to compliance issues.Continue Reading
Can you combine RFID tag technology with GPS to track stolen goods?
When laptops or smartphones are stolen, retrieving them can mean the difference between a data breach a close call. Learn if it's possible to combine RFID tag technology with GPS devices for tracking stolen goods to their exact location, and if so ...Continue Reading
What is the cause of an 'intrusion attempt' message?
Have you ever received a message from your endpoint security product stating that an intrusion attempt has been blocked? Mike Chapple gives three possibilities for the alert's likely cause.Continue Reading
Comparing FTP vs. TFTP
There are some differences between FTP and TFTP, but here's the catch: both are inherently insecure protocols.Continue Reading
-
Front-end/back-end firewalls vs. chassis-based firewalls
Network security expert Mike Chapple explores the different characteristics of devices using a front-end/back-end topology and chassis-based firewalls.Continue Reading
How to configure a firewall to communicate with an upstream router
When incorprating a new firewall product, configuration problems can occur between the network device and the router. Mike Chapple reviews some common implementation problems.Continue Reading
How to prevent cross-site scripting (XSS) session hijacking
Cross-site scripting and SQL injections still providing hackers with plenty of opportunities to successfully access data or take control of a compromised machine. MIchael Cobb explains how you can improve your application defenses.Continue Reading
How easily can spyware be placed on a mobile phone?
John Strand reveals just how easy it is for malware and spyware to be placed on your mobile devices.Continue Reading
Future security threats: Enterprise attacks of 2009
Will organizations be ready for next year's enterprise security threats? Expert John Strand reviews what's in store for 2009, including new weapons, old vulnerabilities, and new takes on old attack techniques.Continue Reading
End-user Compliance: Creating a security awareness training program
Security awareness training is a must, but what's the best way to create a successful program, and what are the tell-tale signs that it's working? In this tip, security management expert David Mortman explains how to create general as well as ...Continue Reading
How to prevent clickjacking attacks with security policy, not technology
Clickjacking, an emerging hacker technique similar to cross-site scripting, tricks a user into executing malicious commands on a seemingly legitimate or innocent website. John Strand reviews how the attack works, how it compares to ...Continue Reading
Can any firm or organization get a digital signature certificate?
Learn how a firm can obtain a digital signature certificate. Also, learn about several certificate authorities (CA) that manage them.Continue Reading
What firewall controls should be placed on the VPN?
The level of control you place on VPN traffic should be at least as strong as the level of control you place on traffic from similar users on your corporate network. Network expert Mike Chapple explains which firewall controls are necessary.Continue Reading
What OSI Layer 4 protocol does FTP use to guarantee data delivery?
What OSI Layer 4 protocol does FTP use to guarantee data delivery?Continue Reading
How to obtain a digital certificate for a server
In order to use SSL-protected communications, such as exchanging Web traffic using the HTTPS protocol, an enterprise must first purchase and then install a digital certificate on its server. In this expert Q&A, Mike Chapple explains how to do just ...Continue Reading
Should the CTO have domain administrator access?
Should a CTO or SVP of technology have domain administrator access? In this identity and access management expert response, learn whose job description should include domain administrator privileges.Continue Reading
Deleting user accounts: How to manage users during a layoff
When budgets get cut across the enterprise, it's likely that employees will get cut, too. So what's the best way to handle a large number of user account modifications or deletions? IAM expert David Griffeth offers a step-by-step process for ...Continue Reading
What are 'phlashing' attacks?
Phlashing attacks target network devices and other hardware systems that rely upon firmware to contain their operating systems. Network security expert Mike Chapple explains why the threat is more than theoretical.Continue Reading
What firewall features will best protect a LAN from Internet hack attacks and malware?
In the case of a small network, the necessary firewall doesn't need to be anything complicated. Network security expert Mike Chapple reviews the key features of the network device.Continue Reading
How to become an information security expert
According to network security expert Mike Chapple, information security is one of the hottest career fields and shows great potential for growth. Learn why.Continue Reading
Does password sharing in international branches violate SOX?
Does password sharing in a company's international branch violate Sarbanes Oxley compliance? Learn enterprise password management solutions for international companies.Continue Reading
Writing Wireshark network traffic filters
The freely available Wireshark tool can provide valuable analysis of network traffic, but capturing packets can often lead to an overload of data. Mike Chapple explains how to use Wireshark's traffic filters to zero in on the precise information ...Continue Reading
How to create a policy to avoid disgruntled employee data leaks
When crafting a data security policy, take into account that disgruntled employees may leak data. Learn how to prevent employee data leakage, and how to handle data loss if it occurs.Continue Reading
The 100-day plan: Achieving success as a new security manager
One of the top priorities of any newly minted information security manager is to implement a new enterprise security strategy. In this tip, security management expert Mike Rothman explains what needs to happen in the first 100 days of a security ...Continue Reading
Review system event logs with Splunk
Splunk is a free tool that provides log review and management. From parsing files to triggering alerts and scripts, Splunk can greatly reduce the amount of time security teams spend on logs.Continue Reading
Cloud compliance: How to manage SaaS risk
While Software as a Service (SaaS) can cut costs, there are definite security concerns to be aware of, including compliance issues. What's the best way to make sure that data is safe and audit-ready on the provider's server? Expert Joel Dubin gives ...Continue Reading
How to set up a remote access security policy
Interested in setting up a remote access security policy for users? Learn to use IPsec vs. SSL VPN and appropriate systems, applications and authentication methods.Continue Reading
How to implement and enforce a social networking security policy
For a new generation of employees entering the workforce, social networking isn't a luxury, it's a necessity. Yet not all enterprises understand that failing to consider social networking security can lead to unfortunate consequences. David Sherry ...Continue Reading
The value of application whitelists
Although some may find Windows Vista's User Account Control feature annoying, it is really a variation of a security mechanism that is now re-emerging: the application whitelist. Michael Cobb explores application whitelist benefits and drawbacks, ...Continue Reading
PKI and digital certificates: Security, authentication and implementation
Get more information about PKI and digital certificates, such as how to implement PKI, how to ensure security and available implementation. Also learn about digital certificates, signatures and achieving authentication through a certificate ...Continue Reading
ID and password authentication: Keeping data safe with management and policies
Learn how to improve authentication and avoid password hacking with management policies that enforce password expiration, length and complexity requirements.Continue Reading
Security token and smart card authentication
Get advice on how to mitigate data theft from hackers with security token and smart card authentication technology, smart card readers and software.Continue Reading
What are best practices for secure password distribution after a data breach?
After an information security data breach, it might seem like a good idea to create new user IDs and passwords for all employees in the user directory. But is there an easier way to handle the aftermath of a data breach? Find out more in this IAM ...Continue Reading
Best practices for merging with a company that is not PCI compliant
Learn how to make sure you and your partner are compliant with PCI DSS while you prepare for the merger process.Continue Reading
Biometric authentication know-how: Devices, systems and implementation
Discover the pros and cons of multiple biometric authentication devices and techniques, such as iris pattern or fingerprint scans, voice recognition and keystroke dynamics. Also get advice on biometric implementation best practices.Continue Reading
Lessons learned: The Countrywide Financial breach
The data breach at Countrywide Financial Corp. seems like something out of a TV crime drama: Two men regularly copied customer data and secretly sold it as leads to other mortgage brokers. The tale suggests that data theft is, more often than not, ...Continue Reading
The top LAN security issues in a client-server network environment
In this SearchSecurity.com Q&A, network security expert Mike Chapple lays out four of the biggest LAN security threats.Continue Reading
Options for a mechanical door security system on a server room door
After a server room door has been compromised, finding a more secure solution is of utmost importance. Learn how to choose a server room door that can secure your server without breaking the bank.Continue Reading
How will many firewalls serving as the default gateway affect the DMZ?
If you attempt to have multiple firewalls connected to the same network segment, all serving as the default gateway, routing problems will ensue. Network security expert Mike Chapple explains.Continue Reading
What is the GISP certification and how does it compare to the CISSP certification?
In the world of security certifications, what is the GISP and how alike is it to the CISSP? In this security management expert response, learn about scenarios when the GISP might be appropriate and how industry-relevant it may be.Continue Reading
FISMA compliance made easier with OpenFISMA
Scott Sidel examines the open source security tool OpenFISMA, a compliance tool that assists government agencies and their contractors in meeting FISMA's requirements.Continue Reading
Can mutual authentication beat phishing or man-in-the-middle attacks?
What's the best way to prevent phishing and man-in-the-middle attacks? IAM expert David Griffeth explains the benefits of mutual authentication over one-way SSL.Continue Reading
Comparing access control mechanisms and identity management techniques
In the IAM world, what's the difference between access control and identity management. This IAM expert response explains how the two relate as well as some best practices for both access control mechanisams and identity management.Continue Reading
Using a QSA to write up a PCI DSS report on compliance (ROC)
Depending on your enterprise, it may or may not be necessary to utilize a QSA. In this security management expert response, learn how to determine your enterprise's level of compliance, whether to utilize a QSA and where to submit the necessary ...Continue Reading
What are effective ways to stop instant messaging (IM) spam?
In this expert Q&A, Michael Cobb reveals what techniques and tools can be used to stop instant messaing spam, or spim, in the enterprise.Continue Reading
Is it impossible to successfully remove a rootkit?
In this expert Q&A, Michael Cobb takes a closer a look at the nature of rootkits to see why they can be so difficult to remove.Continue Reading
Workstation hard drive encryption: Overdue or overkill?
In an age of high-profile data breaches and insider risks, encryption is an important defense mechanism for enterprises. The question is: how much encryption is necessary? Many security pros have gone to great lengths to protect data on network ...Continue Reading
Can software tools automate the server hardening process?
Michael Cobb explores the Windows Server 2003 Hardening Guide and how you can tighten the security on your servers.Continue Reading
Recovering stolen laptops one step at a time
When a student's laptop was stolen last year on a university campus, police and IT investigators went to work, recovering it within a matter of weeks. Neil Spellman, one of the investigators on the case, offers some best practices on what to do if a...Continue Reading
How to detect system management mode (SMM) rootkits
Rootkits were once a system administrator's best friend. Now they have evolved to become an admin's worst nightmare: well-known, surreptitious malware that can provide super user access to an infected machine. Michael Cobb explains how to get rid of...Continue Reading
How can gap analysis be applied to the security SDLC?
When developing software securely, what role does gap analysis play? In this security management expert response, learn how to implement gap analysis into software development, and how it can help stop data leaks at your enterprise.Continue Reading
What are the basics of a Web browser exploit?
John Strand explains how attackers target a flaw in either the browser or in an application that the browser calls to process a Web request.Continue Reading
What is the best way to manually test for buffer overflows?
There are two ways of reviewing a program for buffer overflows. Michael Cobb explains how to examine a program's source code and file code.Continue Reading
Risk assessments: Internal vs. external
Risk assessments are a necessary function at financial firms, but how do you know whether to conduct them internally or to use a third party? Expert Rick Lawhorn explores the pros and cons in this tip.Continue Reading
Could someone place a rootkit on an internal network through a router?
If a hacker gains control of a router and then uploads a new configuration opening ports up for communication, it may be possible to place a rootkit on the internal network. In this IAM expert response, learn how this attack might happen, and how to...Continue Reading
WEP to WPA: Wireless encryption in the wake of PCI DSS 1.2
The PCI Security Standards Council recently announced the upcoming release of PCI DSS version 1.2. Plenty of changes are on the way, but one in particular may call for some significant wireless infrastructure upgrades. Mike Chapple explains why the ...Continue Reading
Windows registry forensics: Investigating system-wide settings
Information security forensic investigations can be a big job, but Windows registry command tools can make it easier. From querying autostart programs to getting the goods on every USB device ever connected to a particular Windows machine, these ...Continue Reading
Vulnerability assessments: Steps to success
Vulnerability assessments can be effective tools to gauge the greatest risks a financial institution faces. But what's the best way to go about a vulnerability assessment? Expert Rick Lawhorn lays out the steps to a successful test.Continue Reading
Screencast: How to use Nipper to create network security reports
Peter Giannoulis of The Academy.ca demonstrates how to use Nipper, a free open source network infrastructure parser tool.Continue Reading
How to get information security buy-in from the executive team
When pitching security to the big bosses, it's important to brush up on public-speaking skills and lay out the case in advance. Mike Rothman gives his recommendations on how to prepare for a security presentation in order to receive the necessary ...Continue Reading
How to configure NAP for Windows Server 2008
The arrival of Windows Server 2008 ushers in a big portion of Microsoft's long-awaited Network Access Protection (NAP) initiative. In this tip, David Strom uses words and pictures to explain how to get started with NAP using the Network Policy ...Continue Reading
Should a new user have to confirm an email address to gain access?
'Authenticate new user' emails can be helpful tools in preventing spammers from creating a million users that will flood a site. Identity and access management expert Joel Dubin gives advice.Continue Reading
Exploring Microsoft's Network Access Protection policy options
A policy platform was built into Microsoft Windows Vista and Windows Server 2008, one that offers the ability to create customized health policies that validate a computer's security before allowing access or communication. The mechanism, now known ...Continue Reading
How does information security prevent fraud in the enterprise?
When an enterprise is worried about fraud, where does the information security team step in? Security management expert Mike Rothman explains the role information security plays in enterprise fraud-prevention activities.Continue Reading
How to lay the foundation for role entitlement management
Role entitlement management is a daunting task, however, there are steps you can take to lay the foundation for a successful management process. In this tip, expert Rick Lawhorn details these seven steps.Continue Reading
Using batch files for temporary user access to the local admin group
When a program that many users need to access requires local admin rights to run, what's the best way to manage user privileges? IAM expert Joel Dubin weighs in on how best to manage user accounts.Continue Reading
Can an IDS, DMZ and honeypot together achieve better network security?
An IDS and DMZ can be used together to achieve better network security, but expert Mike Chapple explains which tool is too risky to add to the mix.Continue Reading
How to avoid DLP implementation pitfalls
Data leak prevention tools effectively reduce the chances that an enterprise's sensitive data will end up where it shouldn't, but several pitfalls can severely curtail a DLP tool's effectiveness. In this tip, Rich Mogull offers several best ...Continue Reading
Security certifications: Are they worth the trouble?
Security certifications may or may not be helpful in furthering a security career, but many security pros feel they must "comply" with the unspoken expectation that certifications are a must for career advancement. In this special tip, security ...Continue Reading
Microsoft Baseline Security Analyzer: Do updates offer improved Windows security?
The Microsoft Baseline Security Analyzer has always been useful at scanning Windows environments for the presence or absence of security updates. Now, see how the latest version adds support for Windows Vista and Windows Server 2008 to its bag of ...Continue Reading
Would you recommend SANS Institute security training?
Depending on what specific goals an infosec pro is trying to accomplish, SANS training may or may not be the swiftest route. Security management expert Mike Rothman gives his advice on when it's a good idea to go for the training.Continue Reading
Pre-boot biometric user authentication tools and strategies
Thinking about implementing biometric fingerprint readers for authentication? Learn what to look for in user authentication tools and how to be sure they're compatible with the OS.Continue Reading
Do the Group Policy Object and 'Password Never Expires' flag interact?
How does the Group Policy Object interact with the 'Password Never Expires' flag in Active Directory? Identity and access management expert Joel Dubin explains.Continue Reading
How do RFID-blocking passport wallets work?
RFID passports can provide quicker passage through customs, but may put sensitive data at risk. Learn about whether RFID-blocking passport wallets can keep personal credentials from being sniffed.Continue Reading
What vendors would you recommend for software write-blockers?
In a forensics investigation, a software write-blocker can be very helpful. But which vendors offer the best blockers? Security management expert Mike Rothman explains what to look for.Continue Reading
Directory services and beyond: The future of LDAP
From its remarkable debut in 1993 as a directory access system, LDAP has evolved to become one of the premier directory management services, rivaled only by Active Directory. But how implementable is LDAP in the current Microsoft market? Is it ...Continue Reading
What are the benefits of identity managed as a service?
How do Software as a Service (SaaS) and IAM interact? Identity and access management expert Joel Dubin weighs in on how to approach the integration of the two.Continue Reading
Is there a published standard or guideline for system hardening?
When hardening a system, what specific standards or guidelines should information security pros adhere to? Security management expert Mike Rothman explains.Continue Reading
What are good features to look for in access control software?
When supporting environments with HID card readers and proxy cards, what qualities should control access software have? Identity and access management expert Joel Dubin weighs in on software and implementation best practices.Continue Reading
The steps of privileged account management implementation
Privileged accounts have always been difficult to secure, and they remain the focal point for the insider attack. Luckily, an emerging class of privileged account management products is here to help. Identity management pro Mark Diodati discusses ...Continue Reading
Key management challenges and best practices
Key management is essential to a successful encryption project. In this tip, expert Randy Nash explains the challenges financial organizations face when implementing key management and some of the best practices to overcome them.Continue Reading
Screencast: Catching network traffic with Wireshark
This month, Peter Giannoulis of the Academy.ca demonstrates the popular, free network protocol analyzer, Wireshark. See how Peter uses Wireshark to hack into a recorded VoIP phone call.Continue Reading
Why is backscatter spam so difficult to block?
When an email address is comandeered by a malicious hacker to send spam, the backscatter can quickly fill an inbox and clog bandwidth. Is there any way to prevent this? Expert Michael Cobb gives advice.Continue Reading
Ransomware: How to deal with advanced encryption algorithms
It's late in the day, and your CEO reports a strange message on his computer screen: his files have been encrypted, and a payment is required to return all of his data. What do you do? Don't give in to the cyberterrorists just yet. Mike Chapple ...Continue Reading
Is the Orange Book still relevant for assessing security controls?
Is the Orange Book still the be-all and end-all for assessing security controls in the enterprise? Security management expert Mike Rothman explains what happened to the Orange Book, and the Common Criteria for Information Technology Security ...Continue Reading
Enterprise role management: Trends and best practices
Enterprise role management technology is intended to help an enterprise keep tabs of who has access to various network resources, and also makes it easier to define groups of users. Joel Dubin explains how the technology integrates with RBAC and IAM...Continue Reading
Using Nessus Attack Scripting Language (NASL) to find application vulnerabilities
For anyone who doesn't speak NASL, network security expert Mike Chapple has a firm handle on the Nessus Attack Scripting Language. In this brand-new addition to our Nessus 3 Tutorial, Chapple provides examples of NASL scripts that can find known ...Continue Reading
Pre-requisites for implementing enterprise single sign-on (SSO)
Implementing single sign-on (SSO) in an enterprise involves many security considerations, and there are no universal protocals. Identity access management expert Joel Dubin gives his advice on implementation.Continue Reading
Database patch denial: How 'critical' are Oracle's CPUs?
A recent survey found that a considerable number of users are outright rejecting Oracle's Critical Patch Updates, perhaps suggesting database administrators feel comfortable with their security defenses or find Oracle's patches to be more of a ...Continue Reading
Screencast: Recovering lost data with WinHex
WinHex is a forensics tool that allows users to examine running programs, wipe confidential files or unused space, and perform drive imaging and drive cloning. In this secreencast Peter Giannoulis of http://theacademy.ca shows you how to use WinHex ...Continue Reading
Allowing select access to IP addresses using Windows Server 2003
Switching from Zone Alarm 2000 to Windows Server 2003, a SearchSecurity.com reader asks expert Mike Chapple how to limit inbound connections.Continue Reading
Protecting exposed servers from Google hacks (and Google 'dorks')
Search engines are now routinely used to find ways of gaining unauthorized access to servers. Michael Cobb explains how to avoid exposing your important data to 'Google dorks.'Continue Reading
Learn from NIST: Best practices in security program management
Security success means sweating the small stuff, like ensuring proficiency in implementing patches and configuring systems. Security management expert Mike Rothman offers advice on how certain NIST guidelines can help an organization highlight ...Continue Reading
Best practices for IDS creation and signature database maintenance
Mike Chapple offers an alternative to creating an intrusion detection system as well as advice on maintaining a signature database.Continue Reading