Problem solve
Get help with specific problems with your technologies, process and projects.
Problem solve
Get help with specific problems with your technologies, process and projects.
Checklist: 11 things to do after a hack
Your network's been cracked, what do you do next? Contributor Jonathan Hassell recommends following these eleven steps to limit damage and preserve evidence. Continue Reading
Cheat sheet: Access management solutions and their pros and cons
A cheat sheet of the most common access solutions with a brief description, and their risks and pros and cons to help you choose the solution that is right for your organization. Continue Reading
Simplifying Nessus security scans with a spreadsheet model
In this tip, expert George Wrenn explains how to divide networks into small, manageable IP spaces and maintain Nessus data with a spreadsheet model. Continue Reading
-
Nessus vulnerability assessment with the SANS Top 20
Using the SANS Top 20 in conjunction with Nessus can help you eliminate exposures that give unauthorized privileged access to vulnerable hosts. Continue Reading
Intermediate-level security certifications
In this security management Ask the Expert Q&A, certification specialist Shon Harris provides an overview of intermediate-level security certifications. Continue Reading
How to use IPsec filtering rules to filter network traffic
Learn how to control what enters and exits your PCs by using IPsec filtering rules to filter particular protocol and port combinations for both inbound and outbound network traffic.Continue Reading
RSS: The next malware target?
A recent report from Trend Micro names RSS as the next likely target for bot worm attacks and predicts feed hijackings will be prevalent with the release of IE 7. In this tip, security expert Mike Chapple explains how RSS could be exploited, and ...Continue Reading
The pros and cons of FTP over SSL
Compare and contrast the pros and cons of having hosts send PGP-encrypted files to an existing FTP site against building an ad hoc FTP server using SSL, in this Ask the Expert Q&AContinue Reading
Web application variable manipulation
Learn what happens to a Web application that uses two certificates: a client-side SSL certificate and a server-side certificate, and whether this certificate combination prevents Web application manipulation.Continue Reading
Synching passwords between an iSeries and Windows network
Learn whether it is possible to synch passwords between an iSeries and a Windows network, and, if there a way to synch password between multiple iSeries, in this Ask the Expert Q&A.Continue Reading
-
Proxy server functions
In this Ask the Expert Q&A, our platform security expert details how proxy servers work and determines whether they protect personal and sensitive information safe from hacker exploits.Continue Reading
Why form fields aren't a good place to hide sensitive information
Web security guru Michael Cobb, takes an in-depth look at the dangers of HIDDEN form fields, how attackers use them to gain unauthorized entry or hijack sessions, and most importantly, how to secure the information sent in these fields.Continue Reading
Service-level agreement advantages and disadvantages
Learn about the advantages and disadvantages of service-level agreements.Continue Reading
How to prevent phishing scams and protect customers
In this tip, Web security guru, Nalneesh Gaur examines how hackers are using phishing scams to exploit financial sectors of the industry, why you should care and what you can do to prevent these attacks.Continue Reading
How to build a user registration form
Learn how to build a secure user registration form and some general Web-based system guidelines to guide you through the process.Continue Reading
How buffer-overflow vulnerabilities occur
Learn about buffer-overflow vulnerabilities; how they occur, types of buffer-overflow attacks, and how hackers exploit them to gain access to secure and sensitive files.Continue Reading
How RSA keys differ from DH/DSS keys
In this Ask the Expert Q&A, Michael Cobb, our application security expert explains how RSA and DH/DSS differ, examines the strengths and weaknesses of each, and, explains how to use the compression library Zlib.Continue Reading
Best practices for managing secure Web server configurations
In this tip, Michael Cobb, our Web security guru takes an in-depth look at ways to manage securing configurations of multiple Web servers. He explains the process from frequency to documentation and replication.Continue Reading
How to prevent application attacks and reduce network vulnerabilities
In this Ask the Expert Q&A, our application security guru discusses how hackers exploit network vulnerabilities to attack your applications and what you can do to mitigate this risk.Continue Reading
The pros and cons of migrating to Firefox
Making the switch from Internet Explorer to Firefox isn't a security cure-all. Here are some factors to consider before you change Web browsers.Continue Reading
Verifying legitimate help desk requests
Learn how to to defeat social engineers and measures help desk staff should take to protect the network after password resets.Continue Reading
How different DBMSes implement Internet database security
Learn what it takes to achieve comprehensive DBMS security, in this application security Ask the Expert Q&A.Continue Reading
How an attacker cracks a symmetric key-based system
Learn how an attacker cracks a symmetric key-based system.Continue Reading
How Kerberos, PKI and IPsec interoperate
In this Ask the Expert Q&A, our identity and access management expert explains how these three unrelated systems interoperate to authenticate and manage digital certificates.Continue Reading
How IPsec and SSL/TLS use symmetric and asymmetric encryption
In this Ask the Expert Q&A, our identity and access management expert explains how IPsec and SSL/TLS use these two authentication methods to establish secure Web sessions.Continue Reading
How to keep your data and database secure
In this Ask the Expert Q&A, Michael Cobb discusses why having a Web-based application that resides on the same server as the database can be problematic, and, what you can do to keep your data safe.Continue Reading
Developing an incident response plan
In this Ask the Expert Q&A, Shon Harris provides resources you can use to devise an effective incident response plan.Continue Reading
MD5 vs. RC4
In this Ask the Expert Q&A our application security expert compares the MD5 encryption algorithm against its competitor RC4 and examines the security features of each.Continue Reading
Educate users about security awareness
User education is one of the hardest security layers for administrators to implement. This article by contributor Tony Bradley provides the top ten things users should know about information security.Continue Reading
Using attack responses to improve intrusion detection
IPSes must detect an attack as it comes into the network; however, IDSes have the advantage of identifying an intrusion based on incoming our outgoing network traffic.Continue Reading
ISO/IEC 17799 vs. COBIT: How do they differ?
Shon Harris looks at the origins of the ISO/IEC 17799 and COBIT security management standards, and discusses the differences between them.Continue Reading
P2P availability, confidentiality and authentication vulnerabilities
Learn tactics you can employ to reduce common P2P vulnerabilities.Continue Reading
How to create a secure password system
In this Ask the Expert Q&A, Joel Dubin examines the security risks associated with using a password system that includes employee identifiers.Continue Reading
How to store and protect captured data on the back end of a biometric application
In this Ask the Expert Q&A, our identity and access management guru discussses how to store and protect biometric data that is placed on database servers.Continue Reading
Authentication Header vs. IKE
In this Ask the Expert Q&A, Joel Dubin discusses how and when the Authentication Header encryption protocol is used.Continue Reading
How to protect a LAN from unauthorized access
In this Ask the Expert Q&A, web access control guru Joel Dubin outlines steps to take to protect a LAN.Continue Reading
Block and reroute denial-of-service attacks
Prevent denial-of-service and distributed denial-of-service attacks from taking down your network by blocking and rerouting DDoS and DoS traffic using honeypots, subnets and intrusion detection and prevention systems.Continue Reading
Securing Web apps against authenticated users
Improve Web site security by securing Web applications from authenticated users and avoiding client-side authentication.Continue Reading
IPsec and SSL VPNs: Solving remote access problems
Learn how to solve remote access problems in this Information Security Decisions presentation by security expert Joel Snyder.Continue Reading
Avoiding Network Traffic Confusion with Consistent Firewall Rules
Keep network traffic flowing by collaborating firewall rules and network access devices.Continue Reading
How to secure session tokens
Dos and don'ts for protecting session IDs for users of e-commerce Web sites.Continue Reading
How to build a secure network from the ground up
Receive peer advice on what steps are crucial when building a secure network from the ground up. Also learn what resources are available to guide you through this process.Continue Reading
The pros and cons of reformatting a hard drive
In this Ask the Expert Q&A, our platform security expert discusses the pros and cons of reformatting a hard drive after an attack.Continue Reading
Patch deployment timeline
In this Ask the Expert Q&A, our platform security expert discusses how long a mid- to large company should expect to wait before they are able to deploy a patch.Continue Reading
The future of Telnet and FTP
In this Ask the Expert Q&A, our application security expert discusses what he believes what will happen to the Telnet and FTP application layer protocols as the industry prepares for the future.Continue Reading
Protect your Web site against path traversal attacks
How to protect your Web site against path traversal attacks.Continue Reading
Auditing firewall activity
This Firewall Architecture Tutorial tip shows how completing a firewall audit of activity can help in the management of valuable firewall data.Continue Reading
How to choose a firewall
Despite the development and evolution of security technologies, the firewall remains a vital component of any network architecture, and today's organizations have myriad options to choose from. This tip outlines five basic questions you should ask ...Continue Reading
Placing systems in a firewall topology
In this Firewall Architecture Tutorial tip, you will learn a firewall topology for placing firewall systems, such as bastion host, screened subnet and multi-homed firewalls.Continue Reading
Choosing the right firewall topology: Bastion host, screened subnet or dual firewalls
An overview of the three most common firewall topologies, including diagrams of a bastion host, screened subnet and dual firewall architectures.Continue Reading
Firewall Architecture Tutorial
In this Firewall Architecture Tutorial you will learn all aspects of firewall implementation such as how to choose the right type of firewall for your organization, how to choose a firewall topology and how to audit firewall activity.Continue Reading
What is network snooping? Can it be used for good?
What is network snooping? Can it be used for good?Continue Reading
How to prevent the risks of client-side caching
Problems of client-side caching and tips for developers on using secure cache-control directives.Continue Reading
How to write an RFP
The principles of Six Sigma can be applied to the process of writing a request for proposal.Continue Reading
Sizing up e-mail appliances
Information Security magazine tests four e-mail appliances designed to clear the way for safe messaging. Here's how they measured up.Continue Reading
Hercules 4.0 Enterprise Vulnerability Management Suite
Information Security magazine's contributing editor, James C. Foster , reviews Hercules 4.0 Enterprise Vulnerability Management Suite from Citadel Security Software.Continue Reading
Hacking smart cards and biometric security systems
In this Ask the Expert Q&A, our identity and access management guru explains how biometrics and smart cards can be fooled.Continue Reading
SMTP policies help reduce the risk of unauthorized mail servers
SMTP policies can help protect systems from rogue e-mail servers that clog the network with viruses, malware and spam.Continue Reading
Using secure MIME (S/MIME) for securing email
Secure MIME (S/MIME) and digital certificates offer channel professionals a low-cost way to improve their customers' email security. This tip explains how to implement S/MIME and digital certificates for email encryption.Continue Reading
How hackers attack undetected
Learn how hackers can attack a network and remain undetected.Continue Reading
Port searching
In this Ask the Expert Q&A our network security expert dicusses whether it is possible to search for a port while it is in use.Continue Reading
Step-by-Step Guide: Best practices for security patch management
This step-by-step guide offers best practices on how to deploy a security patch and provides the tools you will need to mitigate the risk of a compromised computer.Continue Reading
Security patch testing and deployment phase
Learn what conditions should be met in the security patch testing phase prior to deployment. Also learn how to deploy a security patch and what methods, tools to use to ensure a predicable rollout.Continue Reading
Security patch validation and verification
Learn about the verification and review phase of the security patch deployment cycle. Learn how these phases help ensure the organizations security patch management procedure is proactive.Continue Reading
Web security benchmarks
Learn how to increase your security posture and what resources are available to security admininstrators who want to quickly ramp up their posture of their protected systems.Continue Reading
Security awareness training: How to educate employees about spyware
Educated end users are a valuable defense in the fight against spyware. Learn how to conduct effective security awareness training and create spyware policies.Continue Reading
The pros and cons of application firewalls
In this Ask the Expert Q&A, our application security expert discusses the pros and cons of application firewalls. He also explains how they differ from packet filter and stateful inspection firewalls, and why they are not the preferred among some ...Continue Reading
How to prevent drive corruption in the event of power failure
In this Ask the Expert Q&A, learn how a PDA device stores data and programs. Also learn how Compact Flash cards and hard drives differ and what some are doing to prevent drive corruption in the event of power failure.Continue Reading
Malware signature updates
In this Ask the Expert Q&A our platform security expert discusses how the malware detection and virus detection processes differ. Also learn what some are doing to prevent spyware, rootkits, trojans and other types of malware from running on their ...Continue Reading
Digital certificates and webmail
In this Ask the expert Q&A, our application security expert analyzes whether or not you can use digital IDs and certificates with webmail. He also discusses how and where to secure these devices to ensure your e-mail system is secure.Continue Reading
Encryption detection
In the Ask the Expert Q&A, Michael Cobb, our application security expert discusses if it is possible to detect encryption. He also takes a closer look at steganography, explains what it is and how it is used to secure e-mail communications.Continue Reading
Acceptable use policies will minimize email risks
Learn why setting comprehensive email acceptable use policies can help minimize email risks and secure your email applications.Continue Reading
Improper error handling
This tip explains what improper error handling is, how it leads to a variety of application attacks, and what programmers can do to secure their Web applications.Continue Reading
Risk management methodologies
Expert advice regarding best practices for risk management methodologies. Also learn how vulnerability management and risk management tools differ and how they can help protect your environment.Continue Reading
How security audits, vulnerability assessments and penetration tests differ
Learn how security audits, vulnerability assessment and penetration tests differ, and how these tests help promote a more secure environment.Continue Reading
Avoid the hazards of unvalidated Web application input
Learn how unvalidate Web application input works and what programmers can do to secure their Web applications.Continue Reading
Phishing: The business risks and strategies for mitigating them
Understand the business risks posed by phishing attacks and strategies for mitigating them.Continue Reading
Taking the CISSP exam without the required experience
Learn about the Associate CISSP, a program offered by (ISC)2, that enables you to take the CISSP exam without the required experience.Continue Reading
Documenting how to handle confidential criteria
Shon Harris, security management expert, suggests ways to draft an internal procedure on how to handle confidential data. She discusses data classification polices, steps to develop and roll out a data classification program, and what your ...Continue Reading
Designing an architecture for FTP file transfer
How to configure an FTP server with SSL
In this expert response, security expert Michael Cobb explains how to securely configure an FTP server with Secure Socket Layering (SSL).Continue Reading
How to perform a bug sweep
Learn why many corporations have started to perform bug sweeps or Technical Security Counter Measure (TSCM) operations, and five basic technologies used by TSCM operators.Continue Reading
IIS vs. Apache: Which is the right security choice?
From vulnerabilities to administrator and developer skills, this tip analyzes the risks and benefits to weigh when selecting the right Web server for your organization.Continue Reading
Storing hashed, encrypted values in a database
Expert advice on storing hashed and encrypted values in a database.Continue Reading
Technical college vs. university
Get peer advice on the pros and cons of attending a technical college vs. a university.Continue Reading
What is the most difficult thing about being a security specialist?
Our expert discusses some of the challenges involved with being a security professional.Continue Reading
Testing a security patch
Learn tool and techniques you can use to test a security patch prior to deployment.Continue Reading
Using TLS encryption
Learn how the TLS protocol can help add an extra layer of security to your e-mail infrastructure, and five steps to implementing TLS on your server.Continue Reading
A five-point strategy for secure remote access
Systems with remote access are not only more difficult to secure, they pose a greater risk to the network than systems that sit behind the corporate firewall. Here are best practices for securing remote access endpoints.Continue Reading
How to detect and prevent keylogger attacks
Learn five tactics for protecting your systems against keylogger attacks.Continue Reading
How to limit false positives in IPSes
Learn five tactics for reducing false positives in intrusion-prevention systems.Continue Reading
How to reduce spim
Learn three tips for reducing unsolicited instant messages.Continue Reading
Get ready for IPv6: Five security issues to consider
Learn about the potential hazards of migrating to IPv6 and how to ensure a smooth transition without jeopardizing your company's security.Continue Reading
How to reduce risks with URL filtering
Learn how to protect your network from threats by controlling the URLs that enter and leave it.Continue Reading
Five essentials of a patch management solution
Learn the key criteria you need to consider when purchasing a patch management solution to ensure it is effective.Continue Reading
Demand good proposals: Tips for writing an RFP
Learn five guidelines that will improve prospects for proposals that actually respond directly to your requirements.Continue Reading
Limiting the risk and liability of federated identities
You'll learn the legal issues involved in federated identity and how to best manage them.Continue Reading
How to use SMTP relay service to keep spammers away from Exchange Server
Learn how to use the IIS SMTP mail relay service to prevent spammers from directly interacting with your Microsoft Exchange Server.Continue Reading
How to automatically update Snort rules
Learn how Oinkmaster can help you automatically update your Snort rules.Continue Reading
Popular VLAN attacks and how to avoid them
Learn how to secure a VLAN from popular attacks such as the VLAN hopping attack.Continue Reading