Problem solve

Problem solve

Get help with specific problems with your technologies, process and projects.

• Can the symmetric encryption algorithm for S/MIME messages be changed?

  Encryption algorithm requirements ensure a base level of interoperability among all S/MIME implementations. Email clients, however, can add additional algorithms, provided they correctly identify which algorithms a particular message uses. Expert ... Continue Reading

• What are the proper procedures for handling a potential insider threat?

  In this SearchSecuity.com Q&A, Mike Rothman discusses how corporations can avoid insider threats by forming an incident response plan and monitoring employee behavior. Continue Reading

• How to avoid dangling pointers: Tiny programming errors leave serious security vulnerabilities

  For years, many have said that there is no practical way to exploit a dangling pointer, a common application programming error. But these software bugs should no longer be thought of as simple quality-assurance problems. Michael Cobb explains how ... Continue Reading

• Will iptables screen UDP traffic?

  UDP is a connectionless protocol that can't be screened using strict stateful inspection. However, most modern firewalls, including iptables, treat UDP in the same manner as a connection-oriented protocol. Mike Chapple explains the process in this ... Continue Reading

• How expensive are IPsec VPN setup costs?

  Although IPsec VPN tunnels tend to be fairly low maintenance, their setup and maintenance costs can quickly mount, depending on an enterprise's equipment. In this expert Q&A, Mike Chapple reveals how much enterprises can expect to pay on a new ... Continue Reading

• Building malware defenses: From rootkits to bootkits

  There's an evolving form of malware on the scene that can silently and maliciously wreak havoc on operating systems. Meet the "bootkit" -- a rootkit variant reminiscent of the old-school boot sector virus. While software exists for rootkit detection...Continue Reading

• Enterprise risk management frameworks: Controls for people, processes, technology

  Once responsibilities and requirements are defined, the next stage in developing a successful risk management framework involves developing controls. As Khalid Kark explains, that includes developing a culture of security, using technology in the ...Continue Reading

• Should a router be placed between the firewall and DMZ?

  Modern firewalls have the ability to serve as a router, negating the need of another device on a network. There are exceptions to this router rule, however. Network security expert Mike Chapple explains.Continue Reading

• Will deploying VoIP on an 802.1x network create security problems?

  Voice over IP telephony is beginning to replace traditional PBX in the enterprise. In this expert Q&A, Mike Chapple explains how the popular VoIP technology has its own unique security implications.Continue Reading

• Finding malware on your Windows box (using the command line)

  Security professionals typically overlook the Windows command line, instead spending their time with more complex GUI-based forensics tools. In this tip, Ed Skoudis explains how just a few command-line tricks can help users closely examine the ...Continue Reading

• COSO and COBIT: The value of compliance frameworks for SOX

  In an attempt to blaze a path through the myriad of compliance regulations and requirements, organizations are looking to frameworks like COSO and COBIT. In this tip, contributor Mike Rothman examines these compliance paradigms and offers insights ...Continue Reading

• How does SSL 'sit' between the network layer and application layer?

  SSL is neither a network layer protocol nor an application layer protocol. In this SearchSecurity.com Q&A, Michael Cobb explains how SSL "sits" between both layers.Continue Reading

• How secure is the Windows registry?

  In this SearchSecurity.com Q&A, platform security expert Michael Cobb explains the weaknesses of the Windows registry and explores other OS alternatives.Continue Reading

• Does SMS spoofing require as much effort as email spoofing?

  SMS text message spoofing demands a little more technical knowledge than email spoofing. But not much, says information security threat expert Ed Skoudis. In this Q&A, Skoudis explains how that technical know-how has now been embedded in easy-to-use...Continue Reading

• Should third-party software tools be used to customize applications?

  Many features and functions required for today's network-ready applications can be purchased at a fraction of the cost that it would take to build them independently. But are they safe enough? Application security expert Michael Cobb explains.Continue Reading

• Will log-in form data posted to an SSL page always be encrypted?

  If a Web page login form is not SSL-protected, but the login data is posted to an SSL page, is the information encrypted and safe? Not at all, says Michael Cobb in this SearchSecurity.com Q&A.Continue Reading

• What risks are associated with biometric data, and how can they be avoided?

  In this SearchSecurity.com Q&A, security expert Joel Dubin examines the pros and cons of implementing biometric data and explains how to avoid risks associated with the technology.Continue Reading

• Are one-time password tokens susceptible to man-in-the-middle attacks?

  In this SearchSecurity.com Q&A, security pro Joel Dubin discusses the vulnerabilities of one-time password (OTP) token authentication, including man-in-the-middle attacks.Continue Reading

• What evaluation criteria should be used when buying a firewall?

  Choosing a firewall for the enterprise isn't always easy. In this expert Q&A, Mike Chapple provides three important points to consider before deciding on a product.Continue Reading

• Is the Storm worm virus still a serious threat?

  Today, attackers continue to have success with the Storm worm and its many variations, using the malware to strengthen their nasty botnets. In this SearchSecurity.com Q&A, expert Ed Skoudis explains why these rather run-of-the-mill attacks are still...Continue Reading

• Using an XML security gateway in a service-oriented architecture

  Enabling security for enterprise Web services and service-oriented architectures (SOA) requires an approach that differs from traditional security practices. In this tip, Gunnar Peterson explains how XML security gateways can help keep network ...Continue Reading

• Compliance benefits of tokenization

  If your organization handles credit card data, then it's probably already heard about the benefits of tokenization. However, as Joel Dubin explains, tokenization not only keeps confidential data out of the hands of malicious hackers, but also offers...Continue Reading

• What are the risks of turning off pre-boot authentication?

  In this SearchSecurity.com Q&A, identity management and access control expert Joel Dubin discusses the dangers associated with turning off pre-boot authentication (PBA)?Continue Reading

• Troubleshooting proxy firewall connections

  Investigating the TCP 'handshake' between clients and servers has always been a useful way to diagnose Web server and application problems. Firewalls, however, can interfere with the normal transmission control protocol process. In this tip, network...Continue Reading

• What are the pros and cons of outsourcing email security services?

  In this SearchSecurity.com Q&A, application security expert Michael Cobb explains whether it's right for your organization to hand off email security services to another provider.Continue Reading

• How to select a penetration tester

  Penetration testing tools can simulate attacks and help organizations get an idea of their security vulnerabilities. In this SearchSecurity.com Q&A, platform security expert Michael Cobb explains what you should be getting out of your penetration ...Continue Reading

• Investigating logic bomb attacks and their explosive effects

  A logic bomb is a dangerous piece of software designed to damage a computer or network and cause massive data destruction. In this tip from SearchSecurity.com's Ask the Expert section, Ed Skoudis explains how an enterprise can prepare for a hacker's...Continue Reading

• The dangers of granting system access to a third-party provider

  Granting system access to a third-party provider is a risk that can introduce security threats and technical and business dangers into your enterprise. In this tip, security expert Joel Dubin discusses the potential threats involved with granting ...Continue Reading

• M&A: Merging network security policies

  Company mergers often call for the consolidation of two different network policies. But before making any final decisions on technology, the staff members of both organizations need to be on the same page. In this tip, contributor Mike Chapple ...Continue Reading

• Mergers and acquisitions: Building up security after an M&A

  Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed ...Continue Reading

• Understanding PCI DSS compensating controls

  By-the-book PCI DSS compliance scores big points with auditors, but abiding by all the regulations and requirements is a tall order in many organizations. Security management expert Mike Rothman discusses how compensating controls play a role in ...Continue Reading

• What is the best organizational model for an IT security staff?

  In this SearchSecurity.com Q&A, security management expert Mike Rothman unveils the essential policies, procedures and job functions that contribute to the successful functionality of an IT security staff.Continue Reading

• What are the pros and cons of using an email encryption gateway?

  In this SearchSecurity.com Q&A, security management expert Mike Rothman discusses the pros and cons of using an email encryption gateway to prevent data leakage.Continue Reading

• Unified communications infrastructure threats and defense strategies

  Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the threats facing unified communications and how to ...Continue Reading

• Best practices for compliance during a merger

  Company mergers involve more than just aligning two different security infrastructures. When one vendor acquires another, it's the handling of compliance issues that can be an IT security staff's toughest task. In this tip, security expert Joel ...Continue Reading

• What are the potential risks of giving remote access to a third-party service provider?

  In this SearchSecurity.com Q&A, identity management and access control expert Joel Dubin discusses the potential risks involved with providing remote access to a third-party service provider.Continue Reading

• Is the use of digital certificates with passwords considered two-factor authentication?

  In this SearchSecurity.com Q&A identity management and access control expert Joel Dubin identifies the factors that contribute to two-factor authentication, such as smart cards and digital certificates.Continue Reading

• How to test an enterprise single sign-on login

  In this SearchSecurity.com Q&A, identity management and access control expert Joel Dubin examines the best ways to test an enterprise single sign-on (SSO) login.Continue Reading

• Creating a personal digital certificate

  In this SearchSecurity.com expert Q&A, identity management and access control pro Joel Dubin discusses the pros and cons associated with creating a personal digital certificate.Continue Reading

• What should be done with a RAID-5 array's failed drives?

  Even one failed drive in a RAID-5 array can present an enterprise with serious data protection concerns. In this SearchSecurity.com Q&A, expert Michael Cobb explains which policies can protect and recover RAID-5 data.Continue Reading

• What are the drawbacks to application firewalls?

  Application-layer firewalls examine ingoing and outgoing traffic more carefully than traditional packet-filtering firewalls, so why are some holding back on deployment? In this SearchSecurity.com Q&A, Michael Cobb reveals some cost and performance ...Continue Reading

• How secure are document scanners and other 'scan to email' appliances?

  Copiers and document scanners have always posed challenges for information security teams. In this SearchSecurity.com Q&A, Michael Cobb reveals how the right policies can control the use (and abuse) of these devices.Continue Reading

• What are the alternatives to RC4 and symmetric cryptography systems?

  In this SearchSecurity.com Q&A, network security expert Mike Chapple explains how RC4 encryption stacks up against public key cryptography.Continue Reading

• What policies will prevent employees from leaking sensitive data?

  In this SearchSecurity.com Q&A, security management expert Mike Rothman outlines the necessary policies and procedures that corporations should enforce to protect customer information, prevent data leakage and comply with employee privacy rights.Continue Reading

• Using VMware for malware analysis

  Virtualization software like VMware helps ease the challenges of malware analysis. Malware expert Lenny Zeltser explains the steps enterprises must take to ensure malicious software doesn't leak out of their VMware-based labs and endanger production...Continue Reading

• CISSP certification can serve as introduction to regulatory compliance

  The CISSP is widely considered a valuable baseline certification for information security professionals, but its coursework can also be a valuable introduction to the complex world of regulatory compliance. As certification expert Peter H. Gregory ...Continue Reading

• How to choose the right smart card

  The ISO 7816 form factor is the most commonly deployed smart card in the enterprise, but it's not always the best option. As Burton Group's Mark Diodati explains, those looking for desktop simplicity and lower costs may want to consider an ...Continue Reading

• Digital forensics tool Helix 'does no harm'

  Forensics isn't just for the scientists. This month, contributor Scott Sidel recommends Helix, a digital forensics tool that can do some important detective work on your system.Continue Reading

• How to conduct a data classification assessment

  Before businesses safeguard mission-critical data, they must know how to conduct data classification processes. Even though it is time-consuming and involves many steps, as Tom Bowers writes, data classification makes it easier to figure out where ...Continue Reading

• Employee profiling: A proactive defense against insider threats

  Employee profiling is one technique to combat malicious insiders, but organizations should tread carefully. As identity and access management expert Joel Dubin writes, protecting data and systems against insiders with criminal intentions requires a ...Continue Reading

• How can header information track down an email spoofer?

  Spammers can use spoofed headers to hide the true origin of unwanted email. In this SearchSecurity.com Q&A, application security expert Michael Cobb explains how to trust where a message is coming from.Continue Reading

• Can keyloggers monitor mouse clicks and keyboard entries?

  Keyloggers may be a security manager's best friend, especially if he or she wants to monitor an employee's keyboard entries. Keyloggers can't do it all, though, says application expert Michael Cobb.Continue Reading

• Can a certificate authority be trusted?

  In this expert Q&A, Ed Skoudis reveals what research needs to be done before importing a certificate into your browser.Continue Reading

• Is it possible to prevent email forwarding?

  For professionals who send sensitive information through email, it may be useful to prevent message forwarding. Not so fast, says Ed Skoudis. SearchSecurity.com's information security threat expert explains the limitations of SMTP and why you may ...Continue Reading

• How vulnerable are network printers?

  Security personnel often don't give network printers much attention; after all, they are "only printers." In this SearchSecurity.com Q&A, Ed Skoudis explains why such devices are, in fact, a juicy target and need to be properly patched and hardened.Continue Reading

• What is an Nmap Maimon scan?

  Systems are often designed to hide out on a network. In this SearchSecurity.com Q&A, network security expert Mike Chapple explains how Nmap Maimon scans can get a response out of them.Continue Reading

• Building application firewall rule bases

  Security professionals have worked hard in recent years to tighten up their security controls, but they often neglected one area: the application layer. In this tip, Mike Chapple explains how a carefully deployed application firewall can plug a ...Continue Reading

• Are knowledge-based authentication systems doing more harm than good?

  In this SearchSecurity.com Q&A, security expert Joel Dubin examines if the password security policies used in knowledge-based authentication systems are doing more harm than good.Continue Reading

• Choosing the right public key algorithm: RSA vs. Diffie-Hellman

  In this SearchSecurity.com expert response, Joel Dubin explores two different public key encryption algorithms and discusses how to make the right choice for your information security needs.Continue Reading

• Is a digital watermark a legitimate authentication factor?

  Identity management and access control expert Joel Dubin explores how reliable a digital watermark is when acting as a authentication factor.Continue Reading

• How to keep packet sniffers from collecting sensitive data

  In this SearchSecurity.com Q&A, network security expert Mike Chapple reveals two important actions that can protect users from packet sniffers and other eavesdropping attacks.Continue Reading

• How do a DMZ and VPN work together?

  In this SearchSecurity.com Q&A, network security expert Mike Chapple explains the three distinct network zones in a typical firewall scenario and reveals how the DMZ and VPN, in particular, co-exist.Continue Reading

• How to verify 140-2 (FIPS 140-2) compliance

  In this SearchSecurity.com Q&A, identity management and access control expert, Joel Dubin, discuses several ways to verify that Federal Information Processing Standard 140-2 is being enforced.Continue Reading

• Are rogue DHCP servers a serious network risk?

  Rogue DHCP servers can cause everything from a network outage to an outright interception of network traffic. In this SearchSecurity.com Q&A, network security expert Mike Chapple explains the seriousness of the threat and reveals which tools can ...Continue Reading

• What's the difference between CompTIA and CISSP certifications?

  In this SearchSecurity.com Q&A, security management expert Mike Rothman discusses the difference between security certifications, and how much influence, if any, these credentials hold in the field.Continue Reading

• Can ADFS technology manage multiple-user authentication?

  In this SearchSecurity.com Q&A, Joel Dubin, expert in identity management and access control, addresses multiple aspects of ADFS systems, including the technology's ability to authenticate multiple users to a Web application.Continue Reading

• How can attackers exploit RSS software flaws?

  RSS syndication feeds are a convenient way to get your news, blogs or other favorite content, but these popular tools are often left exposed. In this SearchSecurity.com Q&A, Ed Skoudis explains how malicious hackers can attack RSS software and ...Continue Reading

• How can hackers bypass proxy servers?

  Hackers are bypassing proxy servers all the time and doing so for a variety of reasons. In this SearchSecurity.com expert Q&A, Ed Skoudis points out the holes in your protective filtering tools.Continue Reading

• Why can't antimalware tools scan inside virtual machines?

  You'd think that it would be easy for an antimalware tool to see what's going on inside a virtual workstation. Unfortunately, it's not. In this expert Q&A, Ed Skoudis explains the difficulty of scanning a guest virtual machine.Continue Reading

• Network isolation as a PCI Data Security Standard compliance strategy

  One way to minimize your exposure to the 12 PCI Data Security Standard requirements is to use a stand-alone network to isolate payment card data. As Mike Chapple explains, while the approach is not without its drawbacks, it can not only eliminate a ...Continue Reading

• What are the best ways to block proxy server sites?

  Proxy services allow employees to view unauthorized content, but the proxies themselves and the sites that list them are tricky to detect. In this SearchSecurity.com Q&A, learn how some content monitoring tools can help block proxy server sites.Continue Reading

• What's the harm in removing the RFID chip in credit cards?

  If you're concerned that a credit card's RFID chip is putting your personal data at risk, why not just drill the darn thing out? Not so fast, says Joel Dubin. In this SearchSecurity.com Q&A, the identity management and access control expert ...Continue Reading

• How to ensure that an SSL connection protects sensitive Web data

  In this expert Q&A, application security pro Michael Cobb explains how to secure sensitive Web site data that is sent across the Internet.Continue Reading

• Are USB storage devices a serious enterprise risk?

  USB drives are common gifts at conferences and trade shows, but how much of a danger are they to your enterprise's network security? In this expert Q&A, Michael Cobb explains the risks of these storage devices and how to control their use.Continue Reading

• Essential elements of a network access control (NAC) endpoint security strategy

  Don't make the mistake in believing that network access control is simply about endpoint security. In fact, it's about much more. As contributor Joel Snyder writes, understanding the NAC security lifecycle is the first step toward a successful NAC ...Continue Reading

• Defending layer 7: A look inside application-layer firewalls

  Run-of-the-mill network firewalls can't properly defend applications. As Michael Cobb explains, application-layer firewalls offer Layer 7 security on a more granular level, and may even help organizations to get more out of existing network devices.Continue Reading

• What are the risks of placing enterprise users in a DMZ?

  A demilitarized zone protects systems from an affected server, but enterprise users themselves should have no place in the DMZ. In this expert Q&A, Mike Chapple explains where they belong.Continue Reading

• What are the benefits of a tunnelless VPN?

  In this SearchSecurity.com Q&A, network security expert Mike Chapple reviews two common tunnelless VPNs: Secure Sockets Layer (SSL) and Group Encrypted Transport (GET).Continue Reading

• What are common kinds of mobile spyware?

  When it comes to mobile spyware, there are almost too many types. Luckily, in this expert Q&A, Ed Skoudis narrows down the field and reveals how to defend against browser exploits, file droppers and keystroke loggers.Continue Reading

• Wireshark: Taking a bite out of packet analysis

  If you need to sniff out problem packets, you don't have to spend thousands of dollars on network data analysis. Scott sidel recommends a free tool that's right under your nose: Wireshark.Continue Reading

• Dynamic code obfuscation: New threat requires innovative defenses

  Dynamic code obfuscation used to be a taxing effort, but now even the most junior-level malicious hackers have learned how to effectively hide their code. In this tip, Michael Cobb examines how dynamic code obfuscation works, why it's on the rise ...Continue Reading

• Windows Vista: Security issues to consider

  Windows Vista is now in the wild. With its myriad new security features, are enterprises foolish not to adopt right away? In this tip, contributor Michael Cobb examines the security-related pros and cons of Microsoft's latest operating system and ...Continue Reading

• What causes buffer overflows and memory leaks in a Web application?

  Buffer overflows and memory leaks can cause serious harm to Web applications. In this SearchSecurity.com Q&A, application security expert Michael Cobb reveals how both can lead to security breaches and system compromises.Continue Reading

• How compliance control frameworks ease risk assessment burdens

  Control and governance frameworks like COBIT and ISO17799 can make compliance goals easier to achieve. In this tip, part of SearchSecurity.com's Compliance School, expert Richard E. Mackey explains how to approach these frameworks and why they're ...Continue Reading

• Can a TCP connection be made without an open port?

  A company may claim it has an "application" that allows computers to communicate without opening any ports, but network security expert Mike Chapple reveals whether you should believe the hype or not. Read more in this SearchSecurity.com Q&A.Continue Reading

• Interpretting firewall security alert messages

  If you can't decipher the security alert messages from your firewall, information security threats expert Ed Skoudis can help with some of the interpretation. In this SearchSecurity.com Q&A, Ed Skoudis uses a sample alert message to explain whether ...Continue Reading

• How does a mail server respond to fake email addresses?

  In this SearchSecurity.com Q&A, Ed Skoudis reviews the actions of a mail server when it is presented with a bogus email address.Continue Reading

• Cross-site tracing vs. Cross-site scripting

  Cross-site tracing, slightly different from cross-site scripting, can still do some significant damage to your Web applications. In this SearchSecurity.com Q&A, information security threats expert Ed Skoudis reveals how each attack is carried out.Continue Reading

• Snort: A capable network intrusion prevention tool

  Most security practitioners have heard of the open source network intrusion detection system, Snort. For those who haven't, however, contributor Scott Sidel highlights the tool's ability to monitor traffic, log packets and analyze protocols. See how...Continue Reading

• Will biometric authentication replace the password?

  Some security observers say user IDs and passwords are obsolete and can be easily cracked, but that doesn't mean you should fire up biometric authentication projects just yet. In this SearchSecurity.com Q&A, identity management and access control ...Continue Reading

• Can single sign-on (SSO) provide authentication for remote logons?

  If you're accessing multiple applications through a remote Citrix server, you have two options. Identity management and access control expert Joel Dubin explains both in this SearchSecurity.com Q&A.Continue Reading

• Cyberwar: A threat to business

  In the dark crevices of the virtual world, malicious individuals and groups are at the ready, waiting for the perfect opportunity to target U.S. businesses where and when they least expect it. In this tip, contributor Gideon T. Rasmussen profiles ...Continue Reading

• Using role management in provisioning and compliance

  Role management provides the necessary framework for enterprises to efficiently govern access to sensitive data based on workers' jobs. However, many organizations fail to rescind unnecessary access privileges when employees change roles. In this ...Continue Reading

• Is Sender ID an effective email authentication tool?

  Sender ID, used by five million domains, can significantly counter spammers and phishers, but is it the best antispam technology? In this expert Q&A, Michael Cobb reveals the pros and cons of the email authentication framework.Continue Reading

• Do XPath injection attacks require the same response as SQL injections?

  XPath injection attacks are slightly different (and more dangerous) than SQL injections. In this SearchSecurity.com Q&A, application expert Michael Cobb reveals the preventative steps that can protect your systems from either type of assault.Continue Reading

• Quiz: Defending mobile devices from viruses, spyware and malware

  Test your understanding of the content presented in Defending mobile devices from viruses and malware lesson of SearchSecurity.com's Messaging Security School.Continue Reading

• What are application logic attacks?

  In 2005, application logic flaws allowed alert, Web-savvy gamblers the chance to win a lot of money. In this SearchSecurity.com tip, application security expert Michael Cobb examines these types of vulnerabilities and how they can lead to ...Continue Reading

• Will two different operating systems cause administrative problems?

  Using two different operating systems can often boost a company's security, but there are practical limitations to the enterprise practice. In this expert Q&A, Michael Cobb reveals how separate platforms can lead to deployment issues and higher ...Continue Reading

• How can rootkit hypervisors affect operating system security?

  What can rookit hypervisors do to your operating system? "Whatever their creators want!" says application security expert Michael Cobb. In this SearchSecurity.com Q&A, Cobb explains how rootkit hypervisors could defeat the security defenses of a ...Continue Reading

• Reasons why enterprise networking and security roles must stay separate

  Enterprise network managers are responsible for configuring and managing network devices, but should they be accountable for tasks that are typically handled by the information security team? Contributor Shon Harris examines why networking and ...Continue Reading