Problem solve
Get help with specific problems with your technologies, process and projects.
Problem solve
Get help with specific problems with your technologies, process and projects.
Hacking Windows: MSRPC vulnerabilities
In this book excerpt, learn why attackers are drawn to MSRPC exploits when conducting IIS attacks, and the weaknesses in MSRPC that enterprises struggle to secure. Continue Reading
Top five risks of Web-based e-mail
Learn five specific Web-based e-mail risks and a design strategy for coping with them Continue Reading
Layered access control: Six top defenses that work
Six top strategies and best practices for building layered security in networks. Continue Reading
-
Who's responsible for security? Everyone!
Learn how to decentralize security responsibility in your organization. Continue Reading
Finding an OS for Snort IDS sensors
JP Vossen offers his advice on choosing an OS for Snort sensors. Continue Reading
Where to place IDS network sensors
JP Vossen explains where to place IDS sensors.Continue Reading
How to determine network interface cards for IDS sensors
In this tip, JP Vossen offers advice about choosing and configuring interfaces for an IDS sensor.Continue Reading
Where to find Snort IDS rules
In this tip, JP Vossen points out the four best places to find Snort rules.Continue Reading
How to configure Snort variables
Learn how to define Snort's configuration variables.Continue Reading
Using IDS rules to test Snort
Here are several methods for testing Snort over the wire to ensure it's working properly in your environment.Continue Reading
-
How to handle network design with switches and segments
Expert JP Vossen explains how to handle switches and segments in conjunction with network-based IDS.Continue Reading
Modifying and writing custom Snort IDS rules
Learn more about altering Snort rules.Continue Reading
How to identify and monitor network ports after intrusion detection
What should your next step be after finding an unfamiliar source or destination port on an IDS alert or firewall log? JP Vossen takes you through the process of port analysis.Continue Reading
Adware, rootkits and worms: Translating malware speak
Learn basic translations for common malware terms, including adware, rootkits and worms.Continue Reading
How to decipher the Oinkcode for Snort's VRT rules
Learn how Snort end users can register and download free Snort rules using Oinkcode.Continue Reading
Segmenting a LAN to isolate malware
The disadvantages of segmenting a LAN to isolate a worm or virus, and alternatives for keeping malware off a network.Continue Reading
Ten steps to a successful business impact analysis
What is a business impact analysis, what are the benefits of a BIA and how to conduct one.Continue Reading
Beware of DNS blacklisting perils
The pros and cons of using DNS blacklists for spam mitigation.Continue Reading
How to remove a Trojan downloader
In this thread from the ITKnowledge Exchange, get tips and learn how to remove a Trojan downloader, how they install themselves, how they spread and how to avoid infecting other machines on a network.Continue Reading
Six essential security policies for outsourcing
Kevin Beaver outlines six essential security policies for dealing with external service providers.Continue Reading
Four ways to measure security success
Improve your ability to assess the effectiveness of security programs using these four measures.Continue Reading
How to set up DNS for Linux VPNs
This tip explains how to set up DNS for Linux VPNs so you can access machines that are not available on the Internet at large.Continue Reading
How to tell if you've been hacked: Signs of a compromised system
In this final section in our hacker techniques and tactics series, you will learn how to determine if a hacker has breached your system.Continue Reading
Five steps for beating back the bots
Learn how to identify bots on your network, and get tactics to tune security devices, lock down hosts and preserve evidence for law enforcement.Continue Reading
Sample e-mail policy template and checklist of concerns
Kevin Beaver provides a simple template approach for writing e-mail security policies and a checklist of concerns.Continue Reading
Wireless security basics: Authentication, encryption for access points
This section of our hacker techniques and tactics series focuses on implementing wireless security basics to prevent hacker compromise.Continue Reading
Effectively enforcing e-mail policies
In this tip, our policy expert explains how to establish effective e-mail policy enforcement without having to rule with an iron first.Continue Reading
Outsourcing IT services: Is it worth the security risk?
Kevin Beaver examines the risks to consider when contemplating outsourcing your IT services.Continue Reading
Roberta Bragg's 10 Windows hardening tips in 10 minutes
A Windows security expert helps you harden your systems in ten simple steps.Continue Reading
Three techniques for measuring information systems risk
Improve your ability to measure information systems risk with these three techniques.Continue Reading
Improving your access request process with system authorization
This installment in our series on hacker techniques and tactics focuses on streamlining inefficient application and data access requests with system authorization.Continue Reading
An introduction to SSH2
Learn about the differences between SSH1 and SSH2 and why you should consider upgrading.Continue Reading
Routing protocol security
Here are some of the most common attacks directed at routing infrastructures and the steps you can take to mitigate risk.Continue Reading
Defining authentication system security weaknesses to combat hackers
This installment in our primer series focuses on hardening network access and authentication system security to combat hacker attacks.Continue Reading
Improving network security: How to avoid physical security threats
In this part of our Hacker Tactics and Techniques tutorial learn how to improve network security and prevent physical security threats.Continue Reading
Hacker techniques and exploits: Prevent system fingerprinting, probing
As part of our series on hacker tactics and techniques, in this tip you will learn how to identify and avoid certain hacker strategies, such as probing and fingerprinting.Continue Reading
Quiz: Vulnerability management
Test your knowledge of vulnerability management process and methodology with this quiz by Shon Harris, CISSP.Continue Reading
Protecting the network from Web-based service attacks with defense-in-depth
In this week's tip, Mike Chapple explains how to build a multilayered defense to protect the network from Web-based service attacks.Continue Reading
Letting telecommuters in -- Your VPN alternatives
There are other options to give telecommuters access to your network and its applications than a traditional VPN.Continue Reading
Using security policy templates
Charles Cresson Wood explains the value of and approach to modifying information security policy templates to meet an organization's specific needs.Continue Reading
Two-factor authentication with RSA SecurID 6.0 for Windows
RSA SecurID provides the kind of authentication that networks and mobile-users need to secure today's enterprise environments.Continue Reading
Best practices: Making vendor pitches work for you
Get the most out of vendor calls with these best practices.Continue Reading
Hot Pick: SQL Guard
Learn how Guardium's SQL Guard defends the underlying database code and engines from external attacks and internal misuse by monitoring traffic for illegal and malicious activity.Continue Reading
Vulnerability testing with Open Vulnerability Assessment Language
Learn how the Open Vulnerability Assessment Language (OVAL) can help organizations improve vulnerability testing processes.Continue Reading
How to select the best security assessment tool for the job
Here are four factors to take into account when choosing a security assessment tool.Continue Reading
Hot Pick: Sentivist IPS
Learn how NFR Security's Sentivist IPS detects attacks with few false positives and automated response features that won't break mission-critical apps.Continue Reading
The evolution of the information security specialist
The role of the information security specialist is changing. Expert Jay Heiser explains why -- and how to adapt.Continue Reading
SSO benefits: Security booster or improving end user experience?
Enterprise single sign-on all about simplicity and improving end user experience, security is just a side benefit. Learn why this is true, as well as other technologies that both reduce complexity and improve security.Continue Reading
How to patch vulnerabilities and keep them sealed
Learn how to simplify the patch deployment process and employ methods that will reduce vulnerabilities.Continue Reading
Exam and experience requirements for CCSP
Week 47: Switch security tips
When your organization's networks are connected to the Internet without adequate security measures, you are vulnerable to attacks.Continue Reading
Week 46: Router security tips
Routers are used to control access, help resist attacks, shield other network components, and help protect the integrity and confidentiality of network traffic.Continue Reading
Week 43: Permissions -- How world-writeable are you?
Files, directories and devices that can be modified by any user are known as "world–writable" and are dangerous security holes.Continue Reading
Top six steps for a secure Web server
Looking for a secure Web server checklist? You're in luck. In this tip, Mike Chapple provides six simple actions you can take to make your Web server more secure.Continue Reading
Key security policy elements
CISSP Thomas Peltier provides seven essential elements for defining sound language to outline a security policy's topic, scope, responsibilities and compliance requirements.Continue Reading
The self-defending network: Is it real technology or market speak?
Cisco and other security vendors are touting the "self-defending" network. Is it real technology or market-speak?Continue Reading
Best practices for choosing an outside IT auditor
Learn six points for choosing the right outside auditor.Continue Reading
Math phobia
Reports of breakthroughs that may endanger encryption security are widespread, but how practical are these mathematical solutions?Continue Reading
Be prepared: How to prevent and detect botnets
Sooner or later, enterprises have to deal with a remote-controlled compromise. By treating botnets as a disaster preparedness problem, they'll be on the right track.Continue Reading
Physical security for a data center
Best practices for writing an information classification policy
When developing your organization's information classification policy, there are three best practices that you should keep in mind.Continue Reading
Standardizing information classification
Learn more about standardizing information classification.Continue Reading
Expert advice: Does two-factor authentication protect you from hackers?
Expert Jonathan Callas explains the weaknesses and strengths of two-factor authentication.Continue Reading
Implementing IDS in small- to medium-sized businesses
Using a firewall vs. an IDS
Firewall responsibilities and firewall timeout features
NAC best practices and technologies to meet corporate security policy
New solutions help you secure endpointsContinue Reading
Week 28: New technical manager challenges and pitfalls
In this column, Shelley Bard offers up some tips for the new technical manager.Continue Reading
Battling worms with network-based IPS
Although network-based IPSes have dealt with thwarting DoS floods and preventing system compromise for a few years, their use in thwarting worms has only recently come into vogue.Continue Reading
Prevent data loss, theft by securing outputs
Outputs are where lots of unchecked security leaks occur.Continue Reading
Examining firewall logs for evidence of intrusions
Six key practices for a successful interdepartmental security committee
Best practices for implementing an interdepartmental security committee.Continue Reading
Week 23: Risk assessment steps five and six: Identify threats and determine vulnerabilities
In this week's column, Shelley Bard continues her advice on risk assessment.Continue Reading
Hacking For Dummies: Chapter 7 -- Passwords
In his latest book, "Hacking For Dummies," Kevin Beaver takes the reader into the mindset of a hacker in order to help admins fend off vulnerabilities and attacks.Continue Reading
Week 22: Risk assessment steps three and four: Identifying methodology and assets; assigning value
Shelley Bard continues her series on risk assessment guiding us through identifying methodology and assests, and assigning value.Continue Reading
Five tips for secure database development
A look at some of the specific security issues that impact the application development process.Continue Reading
Where does Citrix fit into the SSL VPN landscape?
Week 21: Risk assessment steps 1 and 2: Establishing boundaries/team building
In this week's column Shelley Bard takes the user through steps one and two of risk assessment -- establishing boundaries and building the team.Continue Reading
How do I review audit logs for reverse shell traffic?
Tier-1 policy overview: Procurement and contracts, records management
In the fourth and last installment of this tier-1 policy overview series, Thomas Peltier looks at Procurement and Contracts, Records Management and Asset Classification Policies.Continue Reading
Information Security Protection Matrix
Information Security has four tenets designed to ensure the total integrity of a system: Confidentiality and integrity of data, availability of service, and accountability (CIA2).Continue Reading
Tier-1 policy overview: Corporate communications, work place security
In this third installment of a four-part series on tier-1 policies, you will learn about corporate communications, work place security.Continue Reading
SSL: A quick primer
A look under the hood of SSL.Continue Reading
Low-cost way to renew CISSP certification
Managing change in information security policies
In this tip, security expert Mike Chapple will highlight a five-step process designed to help your organization approach necessary changes to its IT security policies in a formal, yet flexible fashion. He will also provide several questions that ...Continue Reading
Can you recommend RC4 128-bit encrypted software?
Are any security certifications available mainly for RACF?
How can I authenticate a customer calling over the phone?
How do we protect development code from being stolen over the Internet?
What is the real threat of downstream liability?
Top 10 don'ts for smart card deployment
Here you'll find tips on smart card deployment for your organization.Continue Reading
What percentage of security breaches originate internally vs. externally?
ASP.NET authentication: Three new options for Web services
Web developers migrating to ASP.NET find themselves faced with additional authentication options available for use in Web services.Continue Reading
OS Hardening and Other Essential Linux Skills for Maintaining Security
Jay Beales outlines must-have Linux skills for administrators.Continue Reading
Does a subsidiary need to conform with its parent company's security policies?
How does 'arbitrary code' exploit a device?
Examples of Sarbanes-Oxley violations
Tier-1 policies overview, part one: Employment and Standards of Conduct Policies
Learn more about how information security fits in with organization-wide policies.Continue Reading
Not changing passwords on regular basis
52 weeks of security: A security practitioner's guide
Here you'll find Shelley Bard's outline for a year's worth of security-related activities.Continue Reading