Problem solve

Problem solve

Get help with specific problems with your technologies, process and projects.

• How to perform a network device audit

  From unauthorized applications to rogue devices like data-slurping USB sticks, enterprise networks face a growing number of security risks. For financial-services firms, the data loss or network intrusions that can result from unauthorized network ... Continue Reading

• When should a database application be placed in a DMZ?

  Mike Chapple explains the best network location for an important database application. Chapple also reveals the appropriate level of access to grant remote users. Continue Reading

• What are the security risks of opening port 110 and port 25?

  If an external manufacturer wants to remotely access its leased copiers, is it risky to open both port 110 or port 25? Mike Chapple reveals a few security repercussions. Continue Reading

• Can Google Earth and other mash-up applications threaten enterprise security?

  In an expert Q&A, Michael Cobb explores the security issues that occur when an emerging mash-up application like Google Earth is used in the enterprise. Continue Reading

• How to defend against data-pilfering attacks

  In this video from Information Security Decisions 2008, Mandiant's Kevin Mandia details data-pilfering attacks and the four ways hackers can penetrate a network. Continue Reading

• How do I get CPE credits?

  Congratulations, you've earned your CISSP certificate. Now, what are some ways to get CPE credits to keep it up? Find out in this security management expert response.Continue Reading

• Information security forecast: Security management in 2009

  What will the year ahead hold for information security? Learn about the likely trends -- from dealing with questions of enterprise virtualization and SaaS security, to Web application security, to compliance issues.Continue Reading

• Can you combine RFID tag technology with GPS to track stolen goods?

  When laptops or smartphones are stolen, retrieving them can mean the difference between a data breach a close call. Learn if it's possible to combine RFID tag technology with GPS devices for tracking stolen goods to their exact location, and if so ...Continue Reading

• What is the cause of an 'intrusion attempt' message?

  Have you ever received a message from your endpoint security product stating that an intrusion attempt has been blocked? Mike Chapple gives three possibilities for the alert's likely cause.Continue Reading

• Comparing FTP vs. TFTP

  There are some differences between FTP and TFTP, but here's the catch: both are inherently insecure protocols.Continue Reading

• Front-end/back-end firewalls vs. chassis-based firewalls

  Network security expert Mike Chapple explores the different characteristics of devices using a front-end/back-end topology and chassis-based firewalls.Continue Reading

• How to configure a firewall to communicate with an upstream router

  When incorprating a new firewall product, configuration problems can occur between the network device and the router. Mike Chapple reviews some common implementation problems.Continue Reading

• How to prevent cross-site scripting (XSS) session hijacking

  Cross-site scripting and SQL injections still providing hackers with plenty of opportunities to successfully access data or take control of a compromised machine. MIchael Cobb explains how you can improve your application defenses.Continue Reading

• How easily can spyware be placed on a mobile phone?

  John Strand reveals just how easy it is for malware and spyware to be placed on your mobile devices.Continue Reading

• Future security threats: Enterprise attacks of 2009

  Will organizations be ready for next year's enterprise security threats? Expert John Strand reviews what's in store for 2009, including new weapons, old vulnerabilities, and new takes on old attack techniques.Continue Reading

• End-user Compliance: Creating a security awareness training program

  Security awareness training is a must, but what's the best way to create a successful program, and what are the tell-tale signs that it's working? In this tip, security management expert David Mortman explains how to create general as well as ...Continue Reading

• How to prevent clickjacking attacks with security policy, not technology

  Clickjacking, an emerging hacker technique similar to cross-site scripting, tricks a user into executing malicious commands on a seemingly legitimate or innocent website. John Strand reviews how the attack works, how it compares to ...Continue Reading

• Can any firm or organization get a digital signature certificate?

  Learn how a firm can obtain a digital signature certificate. Also, learn about several certificate authorities (CA) that manage them.Continue Reading

• What firewall controls should be placed on the VPN?

  The level of control you place on VPN traffic should be at least as strong as the level of control you place on traffic from similar users on your corporate network. Network expert Mike Chapple explains which firewall controls are necessary.Continue Reading

• What OSI Layer 4 protocol does FTP use to guarantee data delivery?

  What OSI Layer 4 protocol does FTP use to guarantee data delivery?Continue Reading

• How to obtain a digital certificate for a server

  In order to use SSL-protected communications, such as exchanging Web traffic using the HTTPS protocol, an enterprise must first purchase and then install a digital certificate on its server. In this expert Q&A, Mike Chapple explains how to do just ...Continue Reading

• Should the CTO have domain administrator access?

  Should a CTO or SVP of technology have domain administrator access? In this identity and access management expert response, learn whose job description should include domain administrator privileges.Continue Reading

• Deleting user accounts: How to manage users during a layoff

  When budgets get cut across the enterprise, it's likely that employees will get cut, too. So what's the best way to handle a large number of user account modifications or deletions? IAM expert David Griffeth offers a step-by-step process for ...Continue Reading

• What are 'phlashing' attacks?

  Phlashing attacks target network devices and other hardware systems that rely upon firmware to contain their operating systems. Network security expert Mike Chapple explains why the threat is more than theoretical.Continue Reading

• What firewall features will best protect a LAN from Internet hack attacks and malware?

  In the case of a small network, the necessary firewall doesn't need to be anything complicated. Network security expert Mike Chapple reviews the key features of the network device.Continue Reading

• How to become an information security expert

  According to network security expert Mike Chapple, information security is one of the hottest career fields and shows great potential for growth. Learn why.Continue Reading

• Does password sharing in international branches violate SOX?

  Does password sharing in a company's international branch violate Sarbanes Oxley compliance? Learn enterprise password management solutions for international companies.Continue Reading

• Writing Wireshark network traffic filters

  The freely available Wireshark tool can provide valuable analysis of network traffic, but capturing packets can often lead to an overload of data. Mike Chapple explains how to use Wireshark's traffic filters to zero in on the precise information ...Continue Reading

• How to create a policy to avoid disgruntled employee data leaks

  When crafting a data security policy, take into account that disgruntled employees may leak data. Learn how to prevent employee data leakage, and how to handle data loss if it occurs.Continue Reading

• The 100-day plan: Achieving success as a new security manager

  One of the top priorities of any newly minted information security manager is to implement a new enterprise security strategy. In this tip, security management expert Mike Rothman explains what needs to happen in the first 100 days of a security ...Continue Reading

• Review system event logs with Splunk

  Splunk is a free tool that provides log review and management. From parsing files to triggering alerts and scripts, Splunk can greatly reduce the amount of time security teams spend on logs.Continue Reading

• Cloud compliance: How to manage SaaS risk

  While Software as a Service (SaaS) can cut costs, there are definite security concerns to be aware of, including compliance issues. What's the best way to make sure that data is safe and audit-ready on the provider's server? Expert Joel Dubin gives ...Continue Reading

• How to set up a remote access security policy

  Interested in setting up a remote access security policy for users? Learn to use IPsec vs. SSL VPN and appropriate systems, applications and authentication methods.Continue Reading

• How to implement and enforce a social networking security policy

  For a new generation of employees entering the workforce, social networking isn't a luxury, it's a necessity. Yet not all enterprises understand that failing to consider social networking security can lead to unfortunate consequences. David Sherry ...Continue Reading

• The value of application whitelists

  Although some may find Windows Vista's User Account Control feature annoying, it is really a variation of a security mechanism that is now re-emerging: the application whitelist. Michael Cobb explores application whitelist benefits and drawbacks, ...Continue Reading

• PKI and digital certificates: Security, authentication and implementation

  Get more information about PKI and digital certificates, such as how to implement PKI, how to ensure security and available implementation. Also learn about digital certificates, signatures and achieving authentication through a certificate ...Continue Reading

• ID and password authentication: Keeping data safe with management and policies

  Learn how to improve authentication and avoid password hacking with management policies that enforce password expiration, length and complexity requirements.Continue Reading

• Security token and smart card authentication

  Get advice on how to mitigate data theft from hackers with security token and smart card authentication technology, smart card readers and software.Continue Reading

• What are best practices for secure password distribution after a data breach?

  After an information security data breach, it might seem like a good idea to create new user IDs and passwords for all employees in the user directory. But is there an easier way to handle the aftermath of a data breach? Find out more in this IAM ...Continue Reading

• Best practices for merging with a company that is not PCI compliant

  Learn how to make sure you and your partner are compliant with PCI DSS while you prepare for the merger process.Continue Reading

• Biometric authentication know-how: Devices, systems and implementation

  Discover the pros and cons of multiple biometric authentication devices and techniques, such as iris pattern or fingerprint scans, voice recognition and keystroke dynamics. Also get advice on biometric implementation best practices.Continue Reading

• Lessons learned: The Countrywide Financial breach

  The data breach at Countrywide Financial Corp. seems like something out of a TV crime drama: Two men regularly copied customer data and secretly sold it as leads to other mortgage brokers. The tale suggests that data theft is, more often than not, ...Continue Reading

• The top LAN security issues in a client-server network environment

  In this SearchSecurity.com Q&A, network security expert Mike Chapple lays out four of the biggest LAN security threats.Continue Reading

• Options for a mechanical door security system on a server room door

  After a server room door has been compromised, finding a more secure solution is of utmost importance. Learn how to choose a server room door that can secure your server without breaking the bank.Continue Reading

• How will many firewalls serving as the default gateway affect the DMZ?

  If you attempt to have multiple firewalls connected to the same network segment, all serving as the default gateway, routing problems will ensue. Network security expert Mike Chapple explains.Continue Reading

• What is the GISP certification and how does it compare to the CISSP certification?

  In the world of security certifications, what is the GISP and how alike is it to the CISSP? In this security management expert response, learn about scenarios when the GISP might be appropriate and how industry-relevant it may be.Continue Reading

• FISMA compliance made easier with OpenFISMA

  Scott Sidel examines the open source security tool OpenFISMA, a compliance tool that assists government agencies and their contractors in meeting FISMA's requirements.Continue Reading

• Can mutual authentication beat phishing or man-in-the-middle attacks?

  What's the best way to prevent phishing and man-in-the-middle attacks? IAM expert David Griffeth explains the benefits of mutual authentication over one-way SSL.Continue Reading

• Comparing access control mechanisms and identity management techniques

  In the IAM world, what's the difference between access control and identity management. This IAM expert response explains how the two relate as well as some best practices for both access control mechanisams and identity management.Continue Reading

• Using a QSA to write up a PCI DSS report on compliance (ROC)

  Depending on your enterprise, it may or may not be necessary to utilize a QSA. In this security management expert response, learn how to determine your enterprise's level of compliance, whether to utilize a QSA and where to submit the necessary ...Continue Reading

• What are effective ways to stop instant messaging (IM) spam?

  In this expert Q&A, Michael Cobb reveals what techniques and tools can be used to stop instant messaing spam, or spim, in the enterprise.Continue Reading

• Is it impossible to successfully remove a rootkit?

  In this expert Q&A, Michael Cobb takes a closer a look at the nature of rootkits to see why they can be so difficult to remove.Continue Reading

• Workstation hard drive encryption: Overdue or overkill?

  In an age of high-profile data breaches and insider risks, encryption is an important defense mechanism for enterprises. The question is: how much encryption is necessary? Many security pros have gone to great lengths to protect data on network ...Continue Reading

• Can software tools automate the server hardening process?

  Michael Cobb explores the Windows Server 2003 Hardening Guide and how you can tighten the security on your servers.Continue Reading

• Recovering stolen laptops one step at a time

  When a student's laptop was stolen last year on a university campus, police and IT investigators went to work, recovering it within a matter of weeks. Neil Spellman, one of the investigators on the case, offers some best practices on what to do if a...Continue Reading

• How to detect system management mode (SMM) rootkits

  Rootkits were once a system administrator's best friend. Now they have evolved to become an admin's worst nightmare: well-known, surreptitious malware that can provide super user access to an infected machine. Michael Cobb explains how to get rid of...Continue Reading

• How can gap analysis be applied to the security SDLC?

  When developing software securely, what role does gap analysis play? In this security management expert response, learn how to implement gap analysis into software development, and how it can help stop data leaks at your enterprise.Continue Reading

• What are the basics of a Web browser exploit?

  John Strand explains how attackers target a flaw in either the browser or in an application that the browser calls to process a Web request.Continue Reading

• What is the best way to manually test for buffer overflows?

  There are two ways of reviewing a program for buffer overflows. Michael Cobb explains how to examine a program's source code and file code.Continue Reading

• Risk assessments: Internal vs. external

  Risk assessments are a necessary function at financial firms, but how do you know whether to conduct them internally or to use a third party? Expert Rick Lawhorn explores the pros and cons in this tip.Continue Reading

• Could someone place a rootkit on an internal network through a router?

  If a hacker gains control of a router and then uploads a new configuration opening ports up for communication, it may be possible to place a rootkit on the internal network. In this IAM expert response, learn how this attack might happen, and how to...Continue Reading

• WEP to WPA: Wireless encryption in the wake of PCI DSS 1.2

  The PCI Security Standards Council recently announced the upcoming release of PCI DSS version 1.2. Plenty of changes are on the way, but one in particular may call for some significant wireless infrastructure upgrades. Mike Chapple explains why the ...Continue Reading

• Windows registry forensics: Investigating system-wide settings

  Information security forensic investigations can be a big job, but Windows registry command tools can make it easier. From querying autostart programs to getting the goods on every USB device ever connected to a particular Windows machine, these ...Continue Reading

• Vulnerability assessments: Steps to success

  Vulnerability assessments can be effective tools to gauge the greatest risks a financial institution faces. But what's the best way to go about a vulnerability assessment? Expert Rick Lawhorn lays out the steps to a successful test.Continue Reading

• Screencast: How to use Nipper to create network security reports

  Peter Giannoulis of The Academy.ca demonstrates how to use Nipper, a free open source network infrastructure parser tool.Continue Reading

• How to get information security buy-in from the executive team

  When pitching security to the big bosses, it's important to brush up on public-speaking skills and lay out the case in advance. Mike Rothman gives his recommendations on how to prepare for a security presentation in order to receive the necessary ...Continue Reading

• How to configure NAP for Windows Server 2008

  The arrival of Windows Server 2008 ushers in a big portion of Microsoft's long-awaited Network Access Protection (NAP) initiative. In this tip, David Strom uses words and pictures to explain how to get started with NAP using the Network Policy ...Continue Reading

• Should a new user have to confirm an email address to gain access?

  'Authenticate new user' emails can be helpful tools in preventing spammers from creating a million users that will flood a site. Identity and access management expert Joel Dubin gives advice.Continue Reading

• Exploring Microsoft's Network Access Protection policy options

  A policy platform was built into Microsoft Windows Vista and Windows Server 2008, one that offers the ability to create customized health policies that validate a computer's security before allowing access or communication. The mechanism, now known ...Continue Reading

• How does information security prevent fraud in the enterprise?

  When an enterprise is worried about fraud, where does the information security team step in? Security management expert Mike Rothman explains the role information security plays in enterprise fraud-prevention activities.Continue Reading

• How to lay the foundation for role entitlement management

  Role entitlement management is a daunting task, however, there are steps you can take to lay the foundation for a successful management process. In this tip, expert Rick Lawhorn details these seven steps.Continue Reading

• Using batch files for temporary user access to the local admin group

  When a program that many users need to access requires local admin rights to run, what's the best way to manage user privileges? IAM expert Joel Dubin weighs in on how best to manage user accounts.Continue Reading

• Can an IDS, DMZ and honeypot together achieve better network security?

  An IDS and DMZ can be used together to achieve better network security, but expert Mike Chapple explains which tool is too risky to add to the mix.Continue Reading

• How to avoid DLP implementation pitfalls

  Data leak prevention tools effectively reduce the chances that an enterprise's sensitive data will end up where it shouldn't, but several pitfalls can severely curtail a DLP tool's effectiveness. In this tip, Rich Mogull offers several best ...Continue Reading

• Security certifications: Are they worth the trouble?

  Security certifications may or may not be helpful in furthering a security career, but many security pros feel they must "comply" with the unspoken expectation that certifications are a must for career advancement. In this special tip, security ...Continue Reading

• Microsoft Baseline Security Analyzer: Do updates offer improved Windows security?

  The Microsoft Baseline Security Analyzer has always been useful at scanning Windows environments for the presence or absence of security updates. Now, see how the latest version adds support for Windows Vista and Windows Server 2008 to its bag of ...Continue Reading

• Would you recommend SANS Institute security training?

  Depending on what specific goals an infosec pro is trying to accomplish, SANS training may or may not be the swiftest route. Security management expert Mike Rothman gives his advice on when it's a good idea to go for the training.Continue Reading

• Pre-boot biometric user authentication tools and strategies

  Thinking about implementing biometric fingerprint readers for authentication? Learn what to look for in user authentication tools and how to be sure they're compatible with the OS.Continue Reading

• Do the Group Policy Object and 'Password Never Expires' flag interact?

  How does the Group Policy Object interact with the 'Password Never Expires' flag in Active Directory? Identity and access management expert Joel Dubin explains.Continue Reading

• How do RFID-blocking passport wallets work?

  RFID passports can provide quicker passage through customs, but may put sensitive data at risk. Learn about whether RFID-blocking passport wallets can keep personal credentials from being sniffed.Continue Reading

• What vendors would you recommend for software write-blockers?

  In a forensics investigation, a software write-blocker can be very helpful. But which vendors offer the best blockers? Security management expert Mike Rothman explains what to look for.Continue Reading

• Directory services and beyond: The future of LDAP

  From its remarkable debut in 1993 as a directory access system, LDAP has evolved to become one of the premier directory management services, rivaled only by Active Directory. But how implementable is LDAP in the current Microsoft market? Is it ...Continue Reading

• What are the benefits of identity managed as a service?

  How do Software as a Service (SaaS) and IAM interact? Identity and access management expert Joel Dubin weighs in on how to approach the integration of the two.Continue Reading

• Is there a published standard or guideline for system hardening?

  When hardening a system, what specific standards or guidelines should information security pros adhere to? Security management expert Mike Rothman explains.Continue Reading

• What are good features to look for in access control software?

  When supporting environments with HID card readers and proxy cards, what qualities should control access software have? Identity and access management expert Joel Dubin weighs in on software and implementation best practices.Continue Reading

• The steps of privileged account management implementation

  Privileged accounts have always been difficult to secure, and they remain the focal point for the insider attack. Luckily, an emerging class of privileged account management products is here to help. Identity management pro Mark Diodati discusses ...Continue Reading

• Key management challenges and best practices

  Key management is essential to a successful encryption project. In this tip, expert Randy Nash explains the challenges financial organizations face when implementing key management and some of the best practices to overcome them.Continue Reading

• Screencast: Catching network traffic with Wireshark

  This month, Peter Giannoulis of the Academy.ca demonstrates the popular, free network protocol analyzer, Wireshark. See how Peter uses Wireshark to hack into a recorded VoIP phone call.Continue Reading

• Why is backscatter spam so difficult to block?

  When an email address is comandeered by a malicious hacker to send spam, the backscatter can quickly fill an inbox and clog bandwidth. Is there any way to prevent this? Expert Michael Cobb gives advice.Continue Reading

• Ransomware: How to deal with advanced encryption algorithms

  It's late in the day, and your CEO reports a strange message on his computer screen: his files have been encrypted, and a payment is required to return all of his data. What do you do? Don't give in to the cyberterrorists just yet. Mike Chapple ...Continue Reading

• Is the Orange Book still relevant for assessing security controls?

  Is the Orange Book still the be-all and end-all for assessing security controls in the enterprise? Security management expert Mike Rothman explains what happened to the Orange Book, and the Common Criteria for Information Technology Security ...Continue Reading

• Enterprise role management: Trends and best practices

  Enterprise role management technology is intended to help an enterprise keep tabs of who has access to various network resources, and also makes it easier to define groups of users. Joel Dubin explains how the technology integrates with RBAC and IAM...Continue Reading

• Using Nessus Attack Scripting Language (NASL) to find application vulnerabilities

  For anyone who doesn't speak NASL, network security expert Mike Chapple has a firm handle on the Nessus Attack Scripting Language. In this brand-new addition to our Nessus 3 Tutorial, Chapple provides examples of NASL scripts that can find known ...Continue Reading

• Pre-requisites for implementing enterprise single sign-on (SSO)

  Implementing single sign-on (SSO) in an enterprise involves many security considerations, and there are no universal protocals. Identity access management expert Joel Dubin gives his advice on implementation.Continue Reading

• Database patch denial: How 'critical' are Oracle's CPUs?

  A recent survey found that a considerable number of users are outright rejecting Oracle's Critical Patch Updates, perhaps suggesting database administrators feel comfortable with their security defenses or find Oracle's patches to be more of a ...Continue Reading

• Screencast: Recovering lost data with WinHex

  WinHex is a forensics tool that allows users to examine running programs, wipe confidential files or unused space, and perform drive imaging and drive cloning. In this secreencast Peter Giannoulis of http://theacademy.ca shows you how to use WinHex ...Continue Reading

• Allowing select access to IP addresses using Windows Server 2003

  Switching from Zone Alarm 2000 to Windows Server 2003, a SearchSecurity.com reader asks expert Mike Chapple how to limit inbound connections.Continue Reading

• Protecting exposed servers from Google hacks (and Google 'dorks')

  Search engines are now routinely used to find ways of gaining unauthorized access to servers. Michael Cobb explains how to avoid exposing your important data to 'Google dorks.'Continue Reading

• Learn from NIST: Best practices in security program management

  Security success means sweating the small stuff, like ensuring proficiency in implementing patches and configuring systems. Security management expert Mike Rothman offers advice on how certain NIST guidelines can help an organization highlight ...Continue Reading

• Best practices for IDS creation and signature database maintenance

  Mike Chapple offers an alternative to creating an intrusion detection system as well as advice on maintaining a signature database.Continue Reading