Problem solve
Get help with specific problems with your technologies, process and projects.
Problem solve
Get help with specific problems with your technologies, process and projects.
Low-cost way to renew CISSP certification
Managing change in information security policies
In this tip, security expert Mike Chapple will highlight a five-step process designed to help your organization approach necessary changes to its IT security policies in a formal, yet flexible fashion. He will also provide several questions that ... Continue Reading
Can you recommend RC4 128-bit encrypted software?
-
Are any security certifications available mainly for RACF?
How can I authenticate a customer calling over the phone?
How do we protect development code from being stolen over the Internet?
What is the real threat of downstream liability?
Top 10 don'ts for smart card deployment
Here you'll find tips on smart card deployment for your organization.Continue Reading
What percentage of security breaches originate internally vs. externally?
ASP.NET authentication: Three new options for Web services
Web developers migrating to ASP.NET find themselves faced with additional authentication options available for use in Web services.Continue Reading
-
OS Hardening and Other Essential Linux Skills for Maintaining Security
Jay Beales outlines must-have Linux skills for administrators.Continue Reading
Does a subsidiary need to conform with its parent company's security policies?
How does 'arbitrary code' exploit a device?
Examples of Sarbanes-Oxley violations
Tier-1 policies overview, part one: Employment and Standards of Conduct Policies
Learn more about how information security fits in with organization-wide policies.Continue Reading
Not changing passwords on regular basis
52 weeks of security: A security practitioner's guide
Here you'll find Shelley Bard's outline for a year's worth of security-related activities.Continue Reading
What is the value of a CISSP certification?
The dangers of ActiveX
Is Snort better than proprietary IDS?
Secure coding essential to risk mitigation planning
Information Security magazine's editorial director Andrew Briney talks about the lack of incentive for making code more secure.Continue Reading
Can't delete mysterious folders from the Web server
Web application isolation
Mike Chapple expains how to isolate Web applications.Continue Reading
Target-based IDS muffles the noise to take aim on the alerts that count
Learn how target-based IDS is making IDS a more accurate and efficient network scanning tool.Continue Reading
PDA Security: Chapter 4, When a Handheld Becomes Information Security's Problem
This book covers the security aspects of handhelds in the enterprise.Continue Reading
WEP vulnerabilities -- wired equivalent privacy?
A brief look at some of the security issues related to WEP usage and a link to a more detailed examination of these issues.Continue Reading
Does HIPAA prohibit printing PHI on local printers?
Understanding malware: A lesson in vocabulary
You are better able to secure your network if you understand what you're securing it from.Continue Reading
The ethical hacker debate
Ira Winkler advises against hiring hackers for penetration tests.Continue Reading
Choosing the right vendor-specific security cert
SearchSecurity.com expert Ed Tittel sorts out the vendor-specific security certification landscape.Continue Reading
Does a firewall protect against application attacks?
Trend to ponder: Passive vulnerability assessment
Jim Reavis examines the pros and cons of passive vulnerability assessment.Continue Reading
Week 1: The security manager's daily checklist
Here's a daily checklist for security managers.Continue Reading
Thwart attacks by switching vulnerable SSH daemon to random ports
Switching a vulnerable SSH daemon to a randomly chosen port can slow or even thwart an attacker.Continue Reading
Taking a closer look at a Homeland Security certification
Ed Tittel sheds some light on the Certified in Homeland Security cert from the American College of Forensic Examiners International.Continue Reading
Security certification landscape: Vendor-neutral certs abound
With the help of Kim Lindros, Ed Tittle updates SearchSecurity's semi-annual vendor-neutral certification survey.Continue Reading
Set up 802.1x authentication
Step by step setup.Continue Reading
IDS and IPS: Information security technology working together
This article explains why organizations need both an IDS and IPS.Continue Reading
Using control change management to improve attack resistance
Learn how control change management can free your enterprise from the "widget mentality" -- and ensure better attack resistance.Continue Reading
Vendor liability: Should we be suing for security?
The latest lawsuit against Microsoft revives the legal debate of how much of security is the responsibility of the consumer, and how much is vendor liability.Continue Reading
The security costs of outsourcing software development
Before outsourcing software development, enterprises should make sure they perform due diligence and understand the associated security costs.Continue Reading
Home office security: Seven ways to secure remote employees
Fred Avolio outlines seven strategies enterprises should use to ensure their remote employees participate in good home office security.Continue Reading
Setting a policy for laptop screensaver timeouts
Security policy and employee access
A look at employee access documentation.Continue Reading
It doesn't take rocket science to prevent Web site defacement
Here are some tools and strategies for protecting a Web site against defacement.Continue Reading
Implementing security policies to make them stick
Learn how better technology, war stories and enforcement can make implementing security policies a company-wide activity.Continue Reading
Proactive security: Make offense your best defense
Information Security editorial director Andrew Briney outlines three measures that will help enterprises turn their reactive security into proactive security.Continue Reading
Defending the rock: Prudential's security culture and change control management
Cover story: Prudential's ingrained security culture and change control management makes it a security program worth emulating.Continue Reading
What is the future of computer forensics?
Are P2P applications worth the risk?
There are inherent security dangers in P2P applications. Kevin Beaver helps you determine if they're worth the risk.Continue Reading
Experienced security pro ponders taking the ISSMP or CISM cert
Should I setup a VPN from inside our network to an outside server?
Laptop security policy: Key to avoiding infection
Some tips for keeping remote laptop users virus free.Continue Reading
Network security monitoring -- Going beyond intrusion detection
Richard Bejtlich answers frequently asked questions about network security monitoring.Continue Reading
Cybersecurity and boards of directors: Understanding corporate risk
Learn how corporate risk can be capitalized on in order to maintain a high profile for cybersecurity among enterprise board of directors.Continue Reading
The security policy document library: Firewall policy
The next topic in Ed Tittel's ongoing security policy document library is firewall policy.Continue Reading
The battle over security vs. convenience
Expert Kevin Beaver helps infosec managers draw the line between security and convenience.Continue Reading
Intrusion detection basics
A look at the basics of intrusion detection.Continue Reading
CISM vs. CISSP
The risks of putting the email server in the DMZ
Currently our internal email server is located on a computer behind the firewall like everything else. Our database administrator has asked that I move our email server to the DMZ so that the database can link with the email system. Apparently, the ...Continue Reading
Wireless networking security policy
Here are some of the necessary elements of a wireless security policy.Continue Reading
VPN fast facts: True or false?
Lisa Phifer separates the truth from fiction about VPNs.Continue Reading
Evaluating and tuning an intrusion-detection system
A good way to evaluate the quality of competing IDSs.Continue Reading
Working with Linux: Disable service to improve network security
Linux security expert Jay Beale offers a code-by-code instructional walk-through to help system administrators disable Linux services.Continue Reading
Web services security best practices: Presentation and application architectures
Splitting the presentation and application architecture layers allows for checking each SOAP packet request and is a necessary Web service security best practice.Continue Reading
A Ph.D. or Master's degree in cryptography?
E-Commerce Security Needs
This excerpt is from Network Security: A Beginner's Guide, written by Eric Maiwald.Continue Reading
Security Models and Architecture
This excerpt is from CISSP All-in-One Exam Guide, Second Edition by Shon Harris.Continue Reading
Security in the software development life cycle
Small changes in the software development life cycle can substantially improve security without breaking the bank or the project schedule.Continue Reading
Virus protection: Prevention, detection, response
How to prevent, detect and respond.Continue Reading
Writing a security policy
An attempt to distill the often overwhelming amount of security policy information into a few concise ideas.Continue Reading
Hping: How to better understand how hackers attack
Hping's packet-crafting function can point out holes a black hat may exploit, as well as spot imperfections in hackers' forgeries.Continue Reading
Firewall checkup: Testing your firewall's health
Uncover six important steps for testing your firewall to make sure it is running safely and smoothly.Continue Reading
IPSec best practices to secure IP-based storage systems
Learn the security challenges associated with IP-based storage systems and uncover IPSec best practices to help ensure system safety without sacrificing performance.Continue Reading
How to avoid federal Wiretap Act issues with a honeypot network security system
Hackers have rights, too. How can you deploy honeypots without running afoul of the law?Continue Reading
10 Common questions (and answers) on WLAN security
Networking guru Lisa Phifer answers ten commonly asked questions about securing wireless LANs.Continue Reading
Voice mail security
Here are sample policies and proceedures to help secure your organization's PBX.Continue Reading
What is a land attack?
Secure LAN Switching
This chapter focuses on the Cisco Catalyst 5000/5500 series switches. We will discuss private VLANs in the context of the 6000 series switches.Continue Reading
The Security Review Process
This excerpt is from Chapter 2, The Security Review Process, of Internet Security: A Jumpstart for Systems Managers and IT Managers.Continue Reading
The 'Swiss Army Knife' security tool
The LiSt Open Files command is like a Swiss Army Knife: It has a variety of uses -- for security or utility -- and fits easily in your pocket.Continue Reading
Tutorial test: Identifying WLAN threats
Test your knowledge of wireless LAN threats.Continue Reading
Establishing a Metrics Management System
This chapter is designed to provide basic guidance necessary for the development of a metrics methodology to understand what, why, when and how infosec can be measured.Continue Reading
Identify malicious users
You will soon notice the ever-present malicious user. What we are referring to is an individual or group who has the knowledge, skills or access to compromise a system's security.Continue Reading
POF fingerprint scanning tools mitigate OS fingerprinting vulnerabilities
Nmap's silent parnter, POF is an OS fingerprinting tool for the good guys.Continue Reading
Which key is which?
A look at the differences between symmetric and asymmetric keys.Continue Reading
Developing an antivirus policy
Some things to take into account when developing an antivirus policy.Continue Reading
Placing your servers outside the DMZ
Learning the difference between PGP and SSL
The difference between TFTP and FTP
How an IT sales pro should become CISSP certified
Windows-based file encryption may corrupt data
Windows-based file encryption may corrupt data depending on the platform you are using. Read about the workaround in this tip.Continue Reading
How to secure DNS servers
Some advice on how to secure your DNS servers.Continue Reading
Best firewall to protect application and database
IM policy template
Firewall blocking network connection
Checklist for secure wireless LAN deployment
Lisa Phifer outlines a checklist for secure wireless LAN deployment in the areas of policy, integration planning, and deployment and beyond.Continue Reading
PHI in the subject line of e-mail
Snort -- The poor man's intrusion-detection system
A look at the free, open-source IDS, Snort.Continue Reading
Ability to find employment with a CISA