Problem solve

Problem solve

Get help with specific problems with your technologies, process and projects.

• Does Teredo present security risks to the enterprise?

  Teredo allows internal networks to transition to IPv6, interconnecting them through their NAT devices and across the IPv4 Internet. Ed Skoudis explains why this function isn't as innocent as it seems. Continue Reading

• What security risks do enterprise honeypots pose?

  Honeypots can provide a great deal of insight into an environment's attack activity. However, before implementing them, there are some significant issues that require careful consideration and planning. Continue Reading

• How effective are phishing links that refer to FTP sites?

  The vast majority of phishing emails still include HTTP links, but there has been a recent smattering that refer to FTP sites. In this SearchSecurity.com Q&A, Ed Skoudis explains how to be ready for the malicious messages. Continue Reading

• Should a Java Runtime Environment (JRE) be kept up to date?

  Critical security flaws are often discovered in Java Runtime Environment implementations. Unfortunately, most users don't apply any appropriate patches. Ed Skoudis reveals the security risks posed by a vulnerable JRE. Continue Reading

• Thinking fast-flux: New bait for advanced phishing tactics

  Bot herders haven't made millions of dollars by relying on yesterday's botnet techniques. In fact, the bad guys have found an innovative new way to leverage thousands of drone machines; it's called fast flux, and it makes even the largest botnets ... Continue Reading

• How to conduct an efficient and thorough employee access review

  In order to meet HIPAA and SOX compliance requirements, an employee access review is necessary.Continue Reading

• Will one failed drive corrupt the rest of a RAID-5 array?

  In this expert Q&A, Michael Cobb explains when it is appropriate to keep a RAID-5 array's failed drive online.Continue Reading

• What security issues can arise from unsynchronized system clocks?

  Network administrators don't always pay enough attention to the issues of system clock accuracy and time synchronization. Michael Cobb explains why that can lead to security problems.Continue Reading

• What precautions should be taken if biometric data is compromised?

  In this Q&A, Joel Dubin discusses what precautions to take if corporate biometric data is stolen.Continue Reading

• Is it against HIPAA regulations to display client names?

  Security management expert Mike Rothman discusses the terms of HIPAA, specifically if it is a violation of the act to publicly display client names.Continue Reading

• Getting started on a career in penetration testing

  In this expert response, Mike Rothman offers insight on how to start a career in penetration testing.Continue Reading

• What is Spycar?

  Spycar, still available for free, tests a machine against 17 daggressive spyware-like behaviors. Information security threat expert Ed Skoudis explains the tool and gives a preview of Spycar 2.Continue Reading

• How to prevent hackers from accessing your router security password

  In this Q&A, Joel Dubin unveils the best practices for protecting a router security password from compromise.Continue Reading

• Lessons learned from TJX: Best practices for enterprise wireless encryption

  The TJX data breach revealed all too well the weaknesses of the Wired Equivalent Privacy security model. The retailer's well-documented compromise of more than 94 million credit card numbers proved that intruders can easily take advantage of ...Continue Reading

• Partner access: Balancing security and availability

  Granting business partners access to corporate systems and data is essential to keep business processes on track, but doing so insecurely could mean exposing your enterprise to a plethora of insider threats. In this tip, contributor Joel Dubin ...Continue Reading

• How does identity propagation work?

  In this expert Q&A, Joel Dubin defines identity propagation and explains how it works.Continue Reading

• What is the best way to comply with PCI DSS requirements 9 and 10?

  Security management expert Mike Rothman unveils how corporations can get compliant with PCI DSS guidelines, specifically requirements 9 and 10.Continue Reading

• Comparing proxy servers and packet-filtering firewalls

  In the world of security, judging proxy servers and packet-filtering firewalls together is like comparing apples and oranges. But that won't stop network security expert Mike Chapple from giving such comparisons a try.Continue Reading

• How can root and administrator privileges of different systems be delegated on one account?

  In this expert response, Joel Dubin discusses how corporations can manage "superuser" accounts by delegating root and administrator privileges.Continue Reading

• Preventing spam bots from hijacking an enterprise network

  According to security expert Michael Cobb, the likelihood of your enterprise being compromised by a botnet is not a question of if, but when. In this Messaging Security School tip, Cobb discusses how spammers use botnets to corrupt enterprise ...Continue Reading

• Will FTP ever be a secure way to transfer files?

  A SearchSecurity.com member asks our network security expert Mike Chapple: Is the File Transfer Protocol a secure way to transfer files? As one of his many monthly responses to readers, Chapple reveals a better alternative to FTP.Continue Reading

• Applying PCI DSS to Web application security

  With millions of online credit card transactions taking place each day, Web application security is a critical issue for any enterprise. In this tip, contributor Diana Kelley reviews the key PCI DSS sub-requirements for Web applications, and ...Continue Reading

• Email authentication showdown: IP-based vs. signature-based

  Email has long been a favorite method for malicious hackers looking to launch attacks, and one of the first steps in defending against vicious email threats lies in developing a strong email authentication strategy. In this tip, contributor Noah ...Continue Reading

• Getting the best bargain on network vulnerability scanning

  When it comes to enterprise network analysis, is it best to use a costly commercial vulnerability scanner or a less expensive open source product? In this week's tip, Mike Chapple explains which enterprise assets require the expensive stuff and ...Continue Reading

• What is the best way to securely change the local administrator password in a domain?

  Identity management and access control expert Joel Dubin unveils how a corporation can change local administrator accounts and passwords on a domain system.Continue Reading

• Is it a violation of HIPAA to collect consumer Social Security numbers?

  In this expert response, Mike Rothman discusses if collecting consumer SSNs is a HIPAA violation, and unveils how to handle employees that disregard corporate policies.Continue Reading

• Making the case for Web application vulnerability scanners

  If a Web application scanner can find common SQL injection flaws, cross-site scripting vulnerabilities, buffer overflows and dangerous backdoors, then why aren't more enterprises using them? In this tip, Michael Cobb not only examines where the ...Continue Reading

• What are the security risks of a corporate divestiture?

  Security management expert Mike Rothman discusses the data protection issues involved with a corporate divestiture .Continue Reading

• Will enabling Group Policy password settings affect existing user accounts?

  In this expert response, identity management and access control expert Joel Dubin discusses the affect that Active Directory Group Policy password settings can have on user accounts.Continue Reading

• Are challenge-response technologies the best way to stop spam?

  Challenge-response spam technology intercepts incoming emails and sends a challenge to the sender, asking him or her to confirm the message's validity. Though the antispam mechanism has gained popularity, there may be more secure alternatives, says ...Continue Reading

• Screencast: Snort -- Tactics for basic network analysis

  In this exclusive screencast step-by-step demo, Tom Bowers explains how the Snort open source IDS tool works and illustrates how it can help security pros assess network security.Continue Reading

• How to test an e-commerce Web site's security and privacy defenses

  Assessing the security of e-commerce sites means checking up on their associated servers, databases and applications. In this expert response, Michael Cobb explains where to start.Continue Reading

• Is it possible to identify a fake wireless access point?

  A network's identity is easy to fake. If you're looking for proof of a valid access point, Mike Chapple reveals some secure wireless options.Continue Reading

• Using fingerprint door locks in a network environment

  Identity management and access control expert Joel Dubin discusses fingerprint door lock technology, and unveils whether or not they can be controlled through a network.Continue Reading

• Why does Skype connect to so many servers?

  Skype is a peer-to-peer service that uses a distributed network of "supernodes" to facilitate communication throughout the world. But is it safe to have so many "volunteer" connections? Mike Chapple explains.Continue Reading

• Traditional single sign-on (SSO) products versus federated identities

  Identity management and access control expert Joel Dubin discusses the pros and cons of single sign-on products and federated identities.Continue Reading

• What are the dangers of Web-based remote access systems?

  Identity management and access control expert Joel Dubin discusses the security risk associated with using Web-based remote access systems, such as LogMeIn and GoToMyPC.Continue Reading

• Where did the biometric device come from?

  In this expert Q&A, security expert Joel Dubin discusses the history of the biometric device, more specifically the fingerprint reader and scanner.Continue Reading

• What are the best bot detection tools?

  Today, antimalware tools can detect hundreds of different bot variants using signature and heuristic techniques, but they aren't perfect. Ed Skoudis reveals some other options.Continue Reading

• Can fuzzing identify cross-site scripting (XSS) vulnerabilities?

  Fuzzing may find weaknesses in software, but the testing process can't find every flaw. Ed Skoudis explains what other tools are necessary when looking for cross-site scripting vulnerabilities.Continue Reading

• What is an ideal patch management process for small businesses?

  Patch management and testing can be a time-consuming and resource-hungry task. In this expert response, Michael Cobb demonstrates how to streamline the process.Continue Reading

• Can Snort stop application-layer attacks?

  Even though Snort can add an important layer of defense for applications, it won't fix the underlying problem of poorly written ones. Michael Cobb reveals a more efficient technique for patching up XSS and SQL injection vulnerabilities.Continue Reading

• Preparing for uniform resource identifier (URI) exploits

  URIs have always been a user-friendly way to recognize and access Web resources. By crafting malicious URLs and manipulating protocol handlers, however, attackers have devised new attacks that take advantage of the URI's locator functionality. Web ...Continue Reading

• What types of software can help a company perform a security risk assessment?

  Security management expert Mike Rothman unveils what kind of software is on the market to help assist a company in the risk assessment process.Continue Reading

• Is encrypting cookies a PCI DSS requirement?

  Security management expert Mike Rothman discusses whether or not storing sensitive information in the form of a cookie is considered a violation of PCI DSS.Continue Reading

• IT discussion: Is malware the cause of a DNS server error?

  DNS connectivity problems are quite common, but an increasing number of DNS issues are being caused by surreptitious attacks. In this Q&A thread from SearchSecurity.com's redesigned IT Knowledge Exchange, learn how an innocent query about a finicky ...Continue Reading

• Complex password compliance requirements made simple

  In order to comply with a number of well-known industry regulations, it's necessary for enterprises to have stringent password management requirements in place. In this tip, expert Joel Dubin reviews the password requirements put forth by key ...Continue Reading

• How should sensitive customer data, such as driver's license information, be handled?

  In this Q&A, Identity management and access control expert Joel Dubin discusses how to properly protect the personal data of a driver's license.Continue Reading

• Choosing from the top PKI products and vendors

  In this expert response, security pro Joel Dubin discusses the best ways to compare PKI products and vendors for enterprise implementation of PKI.Continue Reading

• Does single sign-on (SSO) improve security?

  In this expert response, security pro Joel Dubin discusses the impact that enterprise single sign-on (SSO) can have on a security program.Continue Reading

• What are the pros and cons of using keystroke dynamic-based authentication systems?

  In this SearchSecurity.com Q&A, security pro Joel Dubin discusses the positive and negative aspects of using keystroke dynamic-based authentication systems.Continue Reading

• What mistakes are made when implementing enterprise IAM systems?

  In this SearchSecurity.com Q&A, security expert Joel Dubin unveils the biggest mistakes made by corporations during identity and access management system implementation, and offers advice on how to avoid them.Continue Reading

• What are the best laptop data encryption options?

  When it comes to protecting laptops and hard drives, there are plenty of choices. In this expert Q&A, Michael Cobb lays out some data protection options. And they're not just software-based, either.Continue Reading

• How to keep personally identifiable information out of access logs

  Are there products available that can hide the internal IP addresses recorded in log files? Maybe not, but in this expert Q&A, Michael Cobb reveals which tools can prevent the transfer of personally identifiable information to third parties.Continue Reading

• Can the symmetric encryption algorithm for S/MIME messages be changed?

  Encryption algorithm requirements ensure a base level of interoperability among all S/MIME implementations. Email clients, however, can add additional algorithms, provided they correctly identify which algorithms a particular message uses. Expert ...Continue Reading

• Guide to passing PCI's five toughest requirements

  As data security breach threats increase and the Payment Card Industry (PCI) Data Security Standard's authority continues to expand, credit card-processing companies have little choice but to implement PCI's dozen requirements. Some best practices, ...Continue Reading

• What are the proper procedures for handling a potential insider threat?

  In this SearchSecuity.com Q&A, Mike Rothman discusses how corporations can avoid insider threats by forming an incident response plan and monitoring employee behavior.Continue Reading

• How to avoid dangling pointers: Tiny programming errors leave serious security vulnerabilities

  For years, many have said that there is no practical way to exploit a dangling pointer, a common application programming error. But these software bugs should no longer be thought of as simple quality-assurance problems. Michael Cobb explains how ...Continue Reading

• How expensive are IPsec VPN setup costs?

  Although IPsec VPN tunnels tend to be fairly low maintenance, their setup and maintenance costs can quickly mount, depending on an enterprise's equipment. In this expert Q&A, Mike Chapple reveals how much enterprises can expect to pay on a new ...Continue Reading

• What is the relationship between open port range and overall risk?

  Exposing a large number of well-known ports could be a substantial risk, depending upon their nature. In this expert Q&A, Mike Chapple explains why it may be best to narrow down a port range.Continue Reading

• Will iptables screen UDP traffic?

  UDP is a connectionless protocol that can't be screened using strict stateful inspection. However, most modern firewalls, including iptables, treat UDP in the same manner as a connection-oriented protocol. Mike Chapple explains the process in this ...Continue Reading

• Building malware defenses: From rootkits to bootkits

  There's an evolving form of malware on the scene that can silently and maliciously wreak havoc on operating systems. Meet the "bootkit" -- a rootkit variant reminiscent of the old-school boot sector virus. While software exists for rootkit detection...Continue Reading

• Enterprise risk management frameworks: Controls for people, processes, technology

  Once responsibilities and requirements are defined, the next stage in developing a successful risk management framework involves developing controls. As Khalid Kark explains, that includes developing a culture of security, using technology in the ...Continue Reading

• Will deploying VoIP on an 802.1x network create security problems?

  Voice over IP telephony is beginning to replace traditional PBX in the enterprise. In this expert Q&A, Mike Chapple explains how the popular VoIP technology has its own unique security implications.Continue Reading

• Should a router be placed between the firewall and DMZ?

  Modern firewalls have the ability to serve as a router, negating the need of another device on a network. There are exceptions to this router rule, however. Network security expert Mike Chapple explains.Continue Reading

• Finding malware on your Windows box (using the command line)

  Security professionals typically overlook the Windows command line, instead spending their time with more complex GUI-based forensics tools. In this tip, Ed Skoudis explains how just a few command-line tricks can help users closely examine the ...Continue Reading

• PCI Data Security Standard compliance: Setting the record straight

  Helping executives understand what PCI Data Security Standard compliance is all about can be a challenge, especially when it comes to debunking the many myths that have been perpetuated over the years. Read this tip by contributor John Kindervag as ...Continue Reading

• Defining your security certification objective

  In this SearchSecurity.com Q&A, security management expert Mike Rothman discusses which security certifications, such as CISSP and CISA, comply with specific objectives.Continue Reading

• How does SSL 'sit' between the network layer and application layer?

  SSL is neither a network layer protocol nor an application layer protocol. In this SearchSecurity.com Q&A, Michael Cobb explains how SSL "sits" between both layers.Continue Reading

• COSO and COBIT: The value of compliance frameworks for SOX

  In an attempt to blaze a path through the myriad of compliance regulations and requirements, organizations are looking to frameworks like COSO and COBIT. In this tip, contributor Mike Rothman examines these compliance paradigms and offers insights ...Continue Reading

• How secure is the Windows registry?

  In this SearchSecurity.com Q&A, platform security expert Michael Cobb explains the weaknesses of the Windows registry and explores other OS alternatives.Continue Reading

• Does SMS spoofing require as much effort as email spoofing?

  SMS text message spoofing demands a little more technical knowledge than email spoofing. But not much, says information security threat expert Ed Skoudis. In this Q&A, Skoudis explains how that technical know-how has now been embedded in easy-to-use...Continue Reading

• Will log-in form data posted to an SSL page always be encrypted?

  If a Web page login form is not SSL-protected, but the login data is posted to an SSL page, is the information encrypted and safe? Not at all, says Michael Cobb in this SearchSecurity.com Q&A.Continue Reading

• Should third-party software tools be used to customize applications?

  Many features and functions required for today's network-ready applications can be purchased at a fraction of the cost that it would take to build them independently. But are they safe enough? Application security expert Michael Cobb explains.Continue Reading

• Are one-time password tokens susceptible to man-in-the-middle attacks?

  In this SearchSecurity.com Q&A, security pro Joel Dubin discusses the vulnerabilities of one-time password (OTP) token authentication, including man-in-the-middle attacks.Continue Reading

• What risks are associated with biometric data, and how can they be avoided?

  In this SearchSecurity.com Q&A, security expert Joel Dubin examines the pros and cons of implementing biometric data and explains how to avoid risks associated with the technology.Continue Reading

• Is it safe to use remote access tools to grant system access?

  In this SearchSecurity.com Q&A, security expert Joel Dubin discusses remote access tools and examines whether or not these products can have negative effects.Continue Reading

• What evaluation criteria should be used when buying a firewall?

  Choosing a firewall for the enterprise isn't always easy. In this expert Q&A, Mike Chapple provides three important points to consider before deciding on a product.Continue Reading

• Using an XML security gateway in a service-oriented architecture

  Enabling security for enterprise Web services and service-oriented architectures (SOA) requires an approach that differs from traditional security practices. In this tip, Gunnar Peterson explains how XML security gateways can help keep network ...Continue Reading

• Is the Storm worm virus still a serious threat?

  Today, attackers continue to have success with the Storm worm and its many variations, using the malware to strengthen their nasty botnets. In this SearchSecurity.com Q&A, expert Ed Skoudis explains why these rather run-of-the-mill attacks are still...Continue Reading

• What are the risks of turning off pre-boot authentication?

  In this SearchSecurity.com Q&A, identity management and access control expert Joel Dubin discusses the dangers associated with turning off pre-boot authentication (PBA)?Continue Reading

• Compliance benefits of tokenization

  If your organization handles credit card data, then it's probably already heard about the benefits of tokenization. However, as Joel Dubin explains, tokenization not only keeps confidential data out of the hands of malicious hackers, but also offers...Continue Reading

• Troubleshooting proxy firewall connections

  Investigating the TCP 'handshake' between clients and servers has always been a useful way to diagnose Web server and application problems. Firewalls, however, can interfere with the normal transmission control protocol process. In this tip, network...Continue Reading

• What are the pros and cons of outsourcing email security services?

  In this SearchSecurity.com Q&A, application security expert Michael Cobb explains whether it's right for your organization to hand off email security services to another provider.Continue Reading

• Investigating logic bomb attacks and their explosive effects

  A logic bomb is a dangerous piece of software designed to damage a computer or network and cause massive data destruction. In this tip from SearchSecurity.com's Ask the Expert section, Ed Skoudis explains how an enterprise can prepare for a hacker's...Continue Reading

• How to select a penetration tester

  Penetration testing tools can simulate attacks and help organizations get an idea of their security vulnerabilities. In this SearchSecurity.com Q&A, platform security expert Michael Cobb explains what you should be getting out of your penetration ...Continue Reading

• The dangers of granting system access to a third-party provider

  Granting system access to a third-party provider is a risk that can introduce security threats and technical and business dangers into your enterprise. In this tip, security expert Joel Dubin discusses the potential threats involved with granting ...Continue Reading

• M&A: Merging network security policies

  Company mergers often call for the consolidation of two different network policies. But before making any final decisions on technology, the staff members of both organizations need to be on the same page. In this tip, contributor Mike Chapple ...Continue Reading

• Screencast: How to configure a UTM device

  Unified threat management technologies provide protection against various network attacks, but properly configuring UTM boxes can be a whole other battle. In this exclusive screencast, expert David Strom gives an easy-to-follow, on-screen ...Continue Reading

• Mergers and acquisitions: Building up security after an M&A

  Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed ...Continue Reading

• Understanding PCI DSS compensating controls

  By-the-book PCI DSS compliance scores big points with auditors, but abiding by all the regulations and requirements is a tall order in many organizations. Security management expert Mike Rothman discusses how compensating controls play a role in ...Continue Reading

• What is the best organizational model for an IT security staff?

  In this SearchSecurity.com Q&A, security management expert Mike Rothman unveils the essential policies, procedures and job functions that contribute to the successful functionality of an IT security staff.Continue Reading

• What are the pros and cons of using an email encryption gateway?

  In this SearchSecurity.com Q&A, security management expert Mike Rothman discusses the pros and cons of using an email encryption gateway to prevent data leakage.Continue Reading

• Unified communications infrastructure threats and defense strategies

  Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the threats facing unified communications and how to ...Continue Reading

• Best practices for compliance during a merger

  Company mergers involve more than just aligning two different security infrastructures. When one vendor acquires another, it's the handling of compliance issues that can be an IT security staff's toughest task. In this tip, security expert Joel ...Continue Reading

• What are the potential risks of giving remote access to a third-party service provider?

  In this SearchSecurity.com Q&A, identity management and access control expert Joel Dubin discusses the potential risks involved with providing remote access to a third-party service provider.Continue Reading

• Is the use of digital certificates with passwords considered two-factor authentication?

  In this SearchSecurity.com Q&A identity management and access control expert Joel Dubin identifies the factors that contribute to two-factor authentication, such as smart cards and digital certificates.Continue Reading

• How to test an enterprise single sign-on login

  In this SearchSecurity.com Q&A, identity management and access control expert Joel Dubin examines the best ways to test an enterprise single sign-on (SSO) login.Continue Reading

• Creating a personal digital certificate

  In this SearchSecurity.com expert Q&A, identity management and access control pro Joel Dubin discusses the pros and cons associated with creating a personal digital certificate.Continue Reading

• What are the drawbacks to application firewalls?

  Application-layer firewalls examine ingoing and outgoing traffic more carefully than traditional packet-filtering firewalls, so why are some holding back on deployment? In this SearchSecurity.com Q&A, Michael Cobb reveals some cost and performance ...Continue Reading