Tips

Tips

• Hacktivism examples: What companies can learn from the HBGary attack

  A few simple security best practices may have spared security company HBGary Federal from the recent attack by the hacktivist group Anonymous. Nick Lewis explains what happened and how to prevent such an attack against your company.  Continue Reading

• Botnet removal: Detect botnet infection and prevent re-infiltration

  Though botnet mitigation tactics continue to mature, so do the botnets themselves. In this tip, expert Nick Lewis gives best practices for detecting and removing cutting edge botnets.  Continue Reading

• Firewall deployment scenarios for new types of security threats

  Is the firewall still an effective defense against new types of security threats? Network security expert Anand Sastry offers up contemporary firewall deployment scenarios for improving security.  Continue Reading

• Secure browsing: Free plug-in lessens social networking security risks

  Looking for ways to improve employees' browsing security? Learn about the free SecureBrowsing plug-in from M86 Security that can lessen social networking security risks.  Continue Reading

• PCI DSS questions answered: Solutions to tough PCI problems

  Experts Diana Kelley and Ed Moyle answer your PCI DSS questions and give advice on how to solve your enterprise's toughest PCI problems.  Continue Reading

• Understanding SCAP NIST guidance and using SCAP tools to automate security

  The Security Content Automation Protocol (SCAP) is intended to help automate vulnerability management, but is it really effective? Learn how NIST guidance can help you navigate an SCAP implementation.  Continue Reading

• Security sandbox program: Defense-in-depth or layered vulnerabilities?

  Recently, companies like Adobe and Google have been using sandboxes to aid measures in their applications, but how can sandboxes be useful in the enterprise, and do they just add more vulnerabilities than they're worth?  Continue Reading

• Database monitoring best practices: Using DAM tools

  To effectively use DAM tools, admins must prioritize which transactions are important, learn how to collect events, and write and implement database security policies.  Continue Reading

• Identity and access management concepts and predictions to watch in 2011

  Forrester's Andras Cser discusses the emerging identity and access management concepts and market predictions enterprises should be prepared for in 2011.  Continue Reading

• Log Parser examples: Using the free log analysis tool

  Log analysis is an essential security function for almost all enterprises, and, with Log Parser, much of it can be done for free. Learn how to use Microsoft's free Log Parser in this expert tip.  Continue Reading

• Security in virtualization: IDS/IPS implementation strategy

  Considering virtualization? Take into account that your IDS or IPS may not work the same way in a virtualized environment as it does in a physical one. Expert Dave Shackleford explains how to address this potential problem.  Continue Reading

• PCI requirement 7: PCI compliance policy for access control procedures

  Though PCI DSS is generally prescriptive, when it comes to requirement 7, organizations have more leeway -- and, thus, more potential for error -- than other sections of the standard. Learn how to handle PCI DSS requirement 7 in this expert tip.  Continue Reading

• The state of enterprise spam filters: Can more be done to control spam?

  Does your enterprise rely solely on its email filter to protect against spam? Are you aware of how spam filters work? Expert Michael Cobb discusses how today's spam works, and what can help control spam in an enterprise setting.  Continue Reading

• Netcat tutorial: How to use the free Netcat command-line tool

  Helpful for penetration testers and network admins who need to debug infected systems, the netcat command-line tool boasts many free features for enterprise use.  Continue Reading

• Enterprise antivirus protection: Is signature AV worth the money?

  There's little doubt that signature-based enterprise antivirus protection is dying, but what technologies should enterprises consider to replace it? Expert Nick Lewis weighs in.  Continue Reading

• Understanding the value of an enterprise application-aware firewall

  Today's enterprise application-aware firewall technology offers a host of features to manage application and Web 2.0 traffic. Expert Michael Cobb takes a look at the features and how to make the most of them.  Continue Reading

• Creating a compliance culture to boost infosec compliance and risk management

  Creating a culture of compliance takes time, but expert Eric Holmquist offers five time-tested tactics to help break down cultural barriers to improve information security risk and compliance management.  Continue Reading

• Career networking strategies: Alternatives to infosec certification

  Certification isn't the only -- and may not even be the best -- way to set yourself apart in the eyes of potential employers. Learn networking strategies to get your name in front of the right people.  Continue Reading

• Data sanitization policy: How to ensure thorough data scrubbing

  Could you be inadvertently leaking sensitive data via poorly sanitized devices? Learn techniques for thorough data scrubbing in this tip.  Continue Reading

• P0f: A free collection of passive OS fingerprinting tools

  In this screencast, learn how to use p0f, a collection of free passive OS fingerprinting tools.  Continue Reading

• How secure managed file transfers help meet compliance requirements

  By using a properly configured Managed File Transfer system as your sole means of transmitting data—potentially both within your organization and externally—you can become compliant with requirements much more easily.  Continue Reading

• Data breach procedures to stop Gawker-type Web password security leaks

  Following its recent security breach, Gawker.com has promised to boost its security, but, in this tip, threats expert Nick Lewis looks at what the site could've done to pre-empt the breach in the first place.  Continue Reading

• How to plan a secure network by practicing defense-in-depth

  When designing an enterprise network that includes hosted infrastructure components, many different layers must work together to keep it secure. Learn how to build network security in by practicing defense in depth.  Continue Reading

• Linux security best practices for Linux server systems

  Linux servers are used throughout many enterprises, and their security posture shouldn't be overlooked. In this tip, King Ables discusses risk assessment pointers for Linux server systems.  Continue Reading

• Creating a Java security framework that thwarts a Java exploit

  The number of attacks on Java is steadily increasing, and many enterprises are unprepared for the threat. Get advice on how to lock down Java from expert Nick Lewis.  Continue Reading

• ngrep: Learn how to find new malware with ngrep examples

  In this video, Peter Giannoulis of the AcademyPro.com uses several ngrep examples to show how to find new malware that antivirus or IPS might not pick up on with this free tool.  Continue Reading

• SOC 2.0: Three key steps toward the next-generation security operations center

  According to Forrester Research, traditional security operations are no longer practical. Forrester's John Kindervag discusses the new model, SOC 2.0, why it's important, and how to make it happen.  Continue Reading

• Reviewing your information security career path plan for the New Year

  The end of the year is the perfect time to review how your career has played out during the past 12 months and refine future goals. In this tip, infosec career experts Lee Kushner and Mike Murray explain the best questions to ask.  Continue Reading

• A primer for user privilege management in Windows Server 2008

  Privilege management can be a troublesome endeavor, but Windows Server 2008 introduces a multi-level privilege attribute system with better limits for standard users. Expert Randall Gamby explains the options in Windows Server 2008 for user ...  Continue Reading

• DATA Act protection: Effects of a federal breach notification law

  The federal Data Accountability and Trust (DATA) Act is still awaiting congressional approval, but what sort of effect would such a law have on overall compliance requirements? Expert Richard Mackey weighs in.  Continue Reading

• Why attackers exploit multiple zero-day attacks and how to respond

  A recent and disturbing malware trend involves attacks that attempt to compromise multiple zero-day flaws at once. Threats expert Nick Lewis explains what you can do to protect your enterprise.  Continue Reading

• PCI encryption requirements: Limiting PCI scope with P2P encryption

  P2P encryption, or encryption of data in transit, has long been a point of confusion for PCI DSS-bound merchants. In this tip, expert Ed Moyle explains the PCI SSC's recent guidance on P2P encryption.  Continue Reading

• Video: OSSEC screenshots show how to use the free IDS

  An intrusion detection system has become necessary for most enterprises, but they can be both expensive and difficult to configure. In part two of this screencast, learn how to use the free IDS OSSEC.  Continue Reading

• IDS vs. IPS: How to know when you need the technology

  IDS and IPS are useful security technologies, but how do you know whether your enterprise can benefit from one? In this tip, infosec pro Jennifer Jabbusch offers a few specific use cases to help you know when to consider IDS/IPS.  Continue Reading

• Honeypots for network security: How to track attackers' activity

  Honeypots have long been used to track attackers' activity and defend against coming threats. In this tip, network security expert Anand Sastry describes the different types of honeypots and which is best for your enterprise.  Continue Reading

• User provisioning best practices: Access recertification

  User access recertification is the process of continually auditing users' permissions to make sure they have access only to what they need. Implementing recertification, however, can be challenging. Get best practices on creating a recertification ...  Continue Reading

• Android enterprise security: Mobile phone data protection advice

  Android devices are increasingly popular among enterprise users, but is Android enterprise security where it needs to be to ensure the safety of important enterprise documents? Expert Michael Cobb offers his take.  Continue Reading

• SSL vulnerabilities: Trusted SSL certificate generation for enterprises

  Presentations at both Black Hat and Defcon 2010 demonstrated serious vulnerabilities in the SSL protocol, which, considering how widely used SSL is, could mean security problems for many enterprises. In this tip, Nick Lewis examines the researchers'...  Continue Reading

• Firewall logging: Telling valid traffic from network 'allows' threats

  While tracking firewall "deny" actions is a good way to identify threats, logging the "allow" actions can give greater insight into malicious traffic that could be both more subtle and more dangerous.  Continue Reading

• PCI DSS 2.0: PCI assessment changes explained

  PCI DSS expert Ed Moyle explains how the changes in PCI DSS 2.0 will affect companies during the PCI assessment process.  Continue Reading

• PCI 2.0: Changes aren't drastic, but don't address card brand autonomy

  In this first look at the changes in PCI DSS version 2.0, expert Diana Kelley says most compliance programs won't be drastically affected, but some of the standard's key shortcomings remain.  Continue Reading

• How to install an OSSEC server on Linux and an OSSEC Windows agent

  Learn how to install the free, host-based intrusion detection system OSSEC, with step-by-step instructions on setting up an OSSEC Linux server with an OSSEC Windows agent.  Continue Reading

• How to successfully 'invest' in your career

  Credentials that set you apart from other information security applicants can determine whether you land your dream job. In this tip, Lee Kushner and Mike Murray give advice on how to choose effective career differentiators.  Continue Reading

• Resist credit card data compromise threats due to memory-scraping malware

  PCI DSS does a good job of making sure credit card data in persistent storage is secure, however, such data in non-persistent storage -- such as files stored temporarily in memory -- can still be vulnerable to compromise, particularly via ...  Continue Reading

• Database security best practices: Tuning database audit tools

  Database auditing requires more than just the right tools: Those tools also have to be properly configured to offer the information that's needed and database performance that's required. Learn more about tuning database audit tools in this tip.  Continue Reading

• Microsoft IIS 7 security best practices

  Are you up to date with Microsoft IIS security best practices? Don't allow your enterprise to become vulnerable.  Continue Reading

• The pros and cons of deploying OpenLDAP: Windows and Unix

  Randall Gamby discusses how OpenLDAP should (or shouldn't) be used in conjunction with enterprise directory implementations.  Continue Reading

• A pre-implementation Windows 7 security guide for enterprises

  Many enterprises are preparing to upgrade to Windows 7, but what are the security advantages and implications of the move? Expert Michael Cobb has the answers.  Continue Reading

• Cisco MARS: What third-party lockout means for SIEM products

  Now that Cisco's MARS SIEM product no longer supports third-party product integration, should enterprises migrate away from the product? In this tip, network security expert Anand Sastry discusses how MARS works and whether the technology is still ...  Continue Reading

• XSSer demo: How to use open source penetration testing tools

  In this video demo, learn how to use XSSer, open source penetration testing tools for detecting various Web application flaws and exploiting cross-site scripting (XSS) vulnerabilities against applications.  Continue Reading

• Handling mergers and acquisitions: Career success tips for infosec pros

  A company merger or acquisition is always a tumultuous time, and can be even more nerve wracking if you're concerned that your position might be eliminated. In this tip, career experts Lee Kushner and Mike Murray give proactive strategies you can ...  Continue Reading

• How to refine an enterprise database security policy

  Noel Yuhanna of Forrester Research outlines what should be covered in a successful enterprise database security policy, including foundational security, preventative measures and intrusion detection.  Continue Reading

• Creating a network endpoint security policy for hostile endpoints

  The plethora of IP-enabled devices available today makes it harder to discern a friendly endpoint from a hostile one. Learn how to create an endpoint security policy for non-corporate-owned devices.  Continue Reading

• Self-service user identity management: Pitfalls and processes

  While it might seem that self-service user identity management can save time and money, as well as keep information more current, there are a number of potential pitfalls. In this expert tip, Randall Gamby explains how to avoid these issues.  Continue Reading

• A PCI compliance network testing checklist to limit PCI DSS scope

  Network security pros may not realize it, but they may inadvertently be on the hook regarding PCI DSS compliance if card data is inadvertently spread across the network. Ed Moyle discusses how this happens and how to make sure the network falls out ...  Continue Reading

• A vulnerability management process for the Windows XP Help Center flaw

  A recently discovered flaw in the Windows XP Help and Support Center could leave your enterprise open to infection. In this tip, Nick Lewis explains the vulnerability management process that organizations can use to keep themselves secure.  Continue Reading

• How to build a toolset to avoid Web 2.0 security issues

  An enterprise defense-in-depth strategy should include security tools that monitor, prevent, alert, encrypt and quarantine data from leaving your network, as well as processes put in place to monitor the Web for sensitive data that may have leaked.  Continue Reading

• How to use NeXpose: Free enterprise vulnerability management tools

  Learn how to use NeXpose Community Edition, a free collection of vulnerability management tools that offers pre-defined scan templates, and the ability to scan networks, OSes, desktops and databases.  Continue Reading

• Unmasking data masking techniques in the enterprise

  Patch-testing and development environments can't use live data and keep it secure. That's where data masking comes in. Michael Cobb examines the principles behind data masking and why security pros should endorse its use in order to keep production ...  Continue Reading

• The people have spoken: IT security salary survey reveals infosec compensation expectations

  Recently, Lee Kushner and Mike Murray of Information Security Leaders surveyed nearly 500 infosec pros to discover how they felt about their current compensation.  Continue Reading

• Monitoring strategies for insider threat detection

  Insider threat detection is a vital part of the security of any enterprise organization. In this tip, part of the SearchSecurity.com Insider Threats Security School lesson, learn about the best insider threat detection strategies.  Continue Reading

• Assessment success: PCI DSS standards and secure data storage

  PCI DSS standards for secure data storage are specific and detailed, but there are two key steps that can significantly reduce the pain of an assessment. PCI DSS expert Anton Chuvakin explains.  Continue Reading

• Fake antivirus pop-up scams: Forming a security awareness training plan

  Rogue antimalware programs have been around for a while, and, according to a recent Google report, are more prominent and more difficult to detect than ever before. In this expert tip, Michael Cobb explains how to train employees to deal with these ...  Continue Reading

• Role-based access control: Pros of an open source RBAC implementation

  There are many advantages to an open source RBAC implementation. However, it's important to know the context in which such a product will work best. In this tip, expert Randall Gamby discusses how to determine if open source RBAC is right for you.  Continue Reading

• Email, website and IP spoofing: How to prevent a spoofing attack

  Find out how to prevent spoofing attacks, including IP spoofing, email and website spoofing.  Continue Reading

• FTP security best practices for the enterprise

  FTP is easy and commonly used in the enterprise, but is it secure? Anand Sastry discusses its security shortcomings, best practices for securing FTP in the enterprise and FTP alternatives that may be even more secure.  Continue Reading

• Database application security: Balancing encryption, access control

  Database applications are often the epicenter of a company's sensitive data, so security is paramount, but maintaining a balance between security and business use can be tricky. In this tip, Andreas Antonopoulos discusses encryption strategies for ...  Continue Reading

• Log management best practices: Five tips for success

  The right log management tool can quickly seem like the wrong one without advance planning on how to make the most of it. Diana Kelley offers six log management best practices to help do just that.  Continue Reading

• Using the Microsoft Sysinternals suite for a computer systems audit

  If you're an auditor, or are looking to perform an internal audit, Microsoft's suite of Sysinternals tools could greatly help you. Learn how to use these free tools in this video demo.  Continue Reading

• How to use a PDF redaction tool with a redacted document policy

  It may seem rudimentary, but sensitive data commonly leaks out of corporate networks in plain sight in the form of un-redacted documents. Such files -- those still containing hidden data or Microsoft "Track Changes" data -- can potentially lead to ...  Continue Reading

• KHOBE attack technique: Kernel bypass risk or much ado about nothing?

  Some say the KHOBE attack technique is a serious threat looming over enterprises, while others believe it's been greatly over-hyped. Who's right? Nick Lewis offers his analysis.  Continue Reading

• Alternatives to password-reset questions tackle social networking cons

  With so much personal information available on the Internet, finding the answers to someone's password-reset questions can be quite easy. In this tip, learn about alternatives to the password-reset question option that can lead to more secure ...  Continue Reading

• When to leave a job: Deciding to look for a new job in IT security

  Knowing when to leave a job can be difficult, as transitions and building clout in the new position take time. In this expert tip, learn how to know when it's worthwhile to scope new security jobs.  Continue Reading

• Web 2.0 widgets: Enterprise protection for Web add-ons

  Web 2.0 widgets represent a threat vector that should not be overlooked at any enterprise organization. In this tip, Nick Lewis explains what a Web 2.0 widget is, and how companies can protect against them.  Continue Reading

• HIPAA covered entity and business associate agreement requirements

  Under HITECH, both "covered entities" and "business associates" must comply with HIPAA data protection mandates, but, as a covered entity, what's the best way both to maintain compliance for your organization, and make sure all your BAs are ...  Continue Reading

• Free port scan: How to use Angry IP scanner

  Scanning IP ports is a critical part of maintaining enterprise information security. In this screencast, Peter Giannoulis explains how to use the free tool Angry IP scanner for these port scans.  Continue Reading

• Zeus botnet analysis: Past, present and future threats

  The Zeus botnet isn't showing signs of fading. In fact, it now threatens a wider scope of organizations beyond the banking industry. Expert Nick Lewis offers a Zeus botnet analysis, looking at why it's been so effective, what it's doing now and how ...  Continue Reading

• Choosing smartphone encryption software for mobile smartphone security

  If your enterprise users have smartphones, then your enterprise may need smartphone encryption. In this tip, expert Dave Shackleford describes what to look for in smartphone encryption software, from cost to management capabilities.  Continue Reading

• Endpoint fingerprinting: How to improve NAC security for 'dumb devices'

  Many enterprises underestimate the potential security problems posed by "dumb devices" like network printers or IP phones. Forrester Research analyst Usman Sindhu explains how endpoint fingerprinting can be used as a NAC add-on to identify and ...  Continue Reading

• How to perform an Active Directory security audit

  As a security professional, you depend on Active Directory to provision users, but how secure is your implementation of AD itself? Learn how to perform an Active Directory security audit in this expert tip.  Continue Reading

• Enterprise PDF attack prevention best practices

  Malicious PDF exploits are at an all-time high. Should enterprises dump PDFs altogether? Expert Michael Cobb answers that question and offers his key enterprise PDF attack prevention tactics.  Continue Reading

• Incident response security plans for advanced persistent threat

  Dealing with advanced persistent threat (APT) presents unique challenges. Learn how an incident repsonse program can save your enterprise from APT.  Continue Reading

• Database activity monitoring (DAM) software deployment issues to avoid

  Database activity monitoring software deployments can have their shortcomings. For example, issues with network monitoring and policy overload can impact compliance audits and database performance.  Continue Reading

• Information security salary: Determining the value of security skills

  Understanding the leverage you may have in your information security job is critical to getting the maximum compensation for your skills. In this month's Security Career Advisor tip, Lee Kushner and Mike Murray describe how to ascertain the value of...  Continue Reading

• Netsparker: Free Web app security testing tool

  Testing Web applications is critical for maintaining a secure enterprise network. Learn how to use the community version of Netsparker for free Web app security testing capabilities.  Continue Reading

• How to manage compliance as Chief Information Security Officer (CISO)

  When it comes to IT compliance management, creating an effective compliance program is one of many jobs of a Chief Information Security Officer (CISO). In this tip from security management expert Ernie Hayden, learn how to create such a program.  Continue Reading

• Ease credit card risks: POS encryption and data tokenization for PCI

  Data tokenization and transaction encryption technologies for PCI DSS, though still mostly new and untested, are already in hot demand. In this tip, John Kindervag of Forrester Research explains what to consider before using tokenization and ...  Continue Reading

• Analyzing MSSP providers' log files for IT security events

  Analyzing firewall, Windows server and antivirus log files can seem like an endless and tedious task, especially for an understaffed security team, but it's extremely important for detecting IT security events. Read more in this network security ...  Continue Reading

• Conducting a user access review with a small information security staff

  Has there been cutbacks on your company's information security staff? It would be easy for certain security tasks to fall through the cracks. Learn how to keep access controls tight without spending a lot of time or energy.  Continue Reading

• McAfee update problem: Dealing with bad antivirus DAT files

  While buggy antivirus DAT files are the exception rather than the rule, downloading them can cause just as much turmoil as a potential DDoS attack. In this tip from expert Ernie Hayden, learn how to prepare your enterprise network for any sort of ...  Continue Reading

• Create a data breach response plan in 10 easy steps

  Having a solid data breach response plan in place can make the threat of a security breach less intimidating. In this tip, learn 10 steps to take that will lead to an effective data breach response plan.  Continue Reading

• Employee compliance: Creating a compliance-focused workforce

  If your security team is low on time and money, one of the best things you can do is recruit more people: an entire enterprise worth's. In this tip, learn how to engage corporate employees to be secure themselves and to help enforce compliance best ...  Continue Reading

• Use virtual patching to ease short-staffed patch management procedures

  Virtual patching can serve as a quick way to deal with patch management procedures when short staffed. But how effective is virtual patching? Michael Cobb explains the pros and cons of virtual patching in this technical tip.  Continue Reading

• Defining an incident response process when short staffed

  The incident response process can be difficult when short staffed. In this tip, learn how to put together a computer security incident response team by leveraging other departments in your organization.  Continue Reading

• Detect rootkit alternate data streams (ADS) with StreamArmor

  In this month's screencast, Peter Giannoulis of TheAcademyPro.com explains how to use StreamArmor, a new tool that can detect alternate data streams that may be hiding rootkit data.  Continue Reading

• How to change from WEP to WPA for PCI DSS compliance

  The deadline to change from WEP to WPA wireless encryption standard for PCI DSS compliance is quickly approaching. Learn how to change from WEP to WPA and how to ensure that WEP is completely eradicated from your network.  Continue Reading

• Performing a security risk analysis to assess acceptable level of risk

  No organization is ever completely without risk, but there are steps that can be taken to establish an acceptable level of risk that can be appropriately mitigated. In this tip, Michael Cobb explains how to perform a security risk analysis to help ...  Continue Reading

• Career survival tips: Steps to a recession-resistant infosec career

  The information security market has not been immune to the recession. For this reason, it's vital to take steps to ensure that your company understands what value you bring to the table. In this tip, Mike Murray and Lee Kushner provide some career ...  Continue Reading

• SMS two-factor authentication for electronic identity verification

  Tokens are no longer the only choice when it comes to OTPs and electronic identity verification. Learn about new two-factor authentication options involving SMS and mobile phones.  Continue Reading

• Portable USB thumb drive encryption: Software and security policy

  If you allow USB flash drives at your enterprise, encryption software and policy are a must. In this tip, learn about the best USB encryption options and how to choose one for your organization.  Continue Reading