Tips

Tips

• Security awareness training: Stay in, or go out?

  So you've decided you need security awareness training. Now what? In this tip, Joel Dubin offers a primer on in-house vs. outsourced security awareness training, and guidelines to help an organization decide which choice is best for its needs.  Continue Reading

• Your physical security budget: Who pays and how much?

  In many organizations, the cost of data center security is a shared expense -- or at least it should be. How much then should you be spending on security and how much of that should be picked up by other business units?  Continue Reading

• Ten hacker tricks to exploit SQL Server systems

  SQL Server hackers have a medley of tricks and tools to gain access to your database systems. Learn their techniques and test SQL Server security before they do.  Continue Reading

• Firewall redundancy: Deployment scenarios and benefits

  There are, however, several good reasons to deploy multiple firewalls in your organization. Let's take a look at a few scenarios.  Continue Reading

• Types of confidential information

  CISSP Thomas Peltier offers guidance on what your information classification policy should address.  Continue Reading

• Data leakage detection and prevention

  While corporate data loss is not a new concern, newer technologies are emerging to help combat the threat. In this tip, Joel Dubin advises how to reduce data leaks, reviews products that can identify network vulnerabilities and keep mobile device ...  Continue Reading

• Five steps to building information risk management frameworks

  Implementing a successful enterprise risk management plan can be an overwhelming and harrowing process. In order to make the process work, many aspects need to examined, and all business areas need to be hands on. In this tip, contributor Khalid ...  Continue Reading

• Developing a patch management policy for third-party applications

  Enterprises may push the latest critical Windows patches once a month, but here's a dirty little secret: Most organizations don't bother patching their third-party applications. The diversity of client-side software -- including everything from ...  Continue Reading

• Phone phishing: The role of VoIP in phishing attacks

  Learn how attackers are using the widespread deployment of low-cost VoIP to leverage phishing attacks and how to protect the enterprise.  Continue Reading

• Storage vulnerabilities you can't afford to miss

  In this tip, Keavin Beaver identifies eight common storage security vulnerabilites that are often overlooked and examines why network admins should develop a layered security strategy to protect sensitive data.  Continue Reading

• Cleansing an infected mail server

  Learn five measures you can take to when cleaning up a massive email virus infection  Continue Reading

• Information protection: Using Windows Rights Management Services to secure data

  Keeping confidential information under wraps is paramount in any business, but finding the right mix of tools or techniques is a common challenge. In this tip, contributor Tony Bradley explains how Windows Rights Management Services (WRMS) can help ...  Continue Reading

• Thinking fast-flux: New bait for advanced phishing tactics

  Bot herders haven't made millions of dollars by relying on yesterday's botnet techniques. In fact, the bad guys have found an innovative new way to leverage thousands of drone machines; it's called fast flux, and it makes even the largest botnets ...  Continue Reading

• Lessons learned from TJX: Best practices for enterprise wireless encryption

  The TJX data breach revealed all too well the weaknesses of the Wired Equivalent Privacy security model. The retailer's well-documented compromise of more than 94 million credit card numbers proved that intruders can easily take advantage of ...  Continue Reading

• Partner access: Balancing security and availability

  Granting business partners access to corporate systems and data is essential to keep business processes on track, but doing so insecurely could mean exposing your enterprise to a plethora of insider threats. In this tip, contributor Joel Dubin ...  Continue Reading

• Preventing spam bots from hijacking an enterprise network

  According to security expert Michael Cobb, the likelihood of your enterprise being compromised by a botnet is not a question of if, but when. In this Messaging Security School tip, Cobb discusses how spammers use botnets to corrupt enterprise ...  Continue Reading

• Applying PCI DSS to Web application security

  With millions of online credit card transactions taking place each day, Web application security is a critical issue for any enterprise. In this tip, contributor Diana Kelley reviews the key PCI DSS sub-requirements for Web applications, and ...  Continue Reading

• Email authentication showdown: IP-based vs. signature-based

  Email has long been a favorite method for malicious hackers looking to launch attacks, and one of the first steps in defending against vicious email threats lies in developing a strong email authentication strategy. In this tip, contributor Noah ...  Continue Reading

• Getting the best bargain on network vulnerability scanning

  When it comes to enterprise network analysis, is it best to use a costly commercial vulnerability scanner or a less expensive open source product? In this week's tip, Mike Chapple explains which enterprise assets require the expensive stuff and ...  Continue Reading

• Making the case for Web application vulnerability scanners

  If a Web application scanner can find common SQL injection flaws, cross-site scripting vulnerabilities, buffer overflows and dangerous backdoors, then why aren't more enterprises using them? In this tip, Michael Cobb not only examines where the ...  Continue Reading

• iPhone security in the enterprise: Mitigating the risks

  Since its flashy launch in June 2007, the Apple iPhone has certainly garnered a great deal of buzz. Almost immediately, hackers searched for exploitable flaws in the product, and they weren't disappointed. In this tip, Ed Skoudis examines ...  Continue Reading

• Screencast: Snort -- Tactics for basic network analysis

  In this exclusive screencast step-by-step demo, Tom Bowers explains how the Snort open source IDS tool works and illustrates how it can help security pros assess network security.  Continue Reading

• Preparing for uniform resource identifier (URI) exploits

  URIs have always been a user-friendly way to recognize and access Web resources. By crafting malicious URLs and manipulating protocol handlers, however, attackers have devised new attacks that take advantage of the URI's locator functionality. Web ...  Continue Reading

• IT discussion: Is malware the cause of a DNS server error?

  DNS connectivity problems are quite common, but an increasing number of DNS issues are being caused by surreptitious attacks. In this Q&A thread from SearchSecurity.com's redesigned IT Knowledge Exchange, learn how an innocent query about a finicky ...  Continue Reading

• Complex password compliance requirements made simple

  In order to comply with a number of well-known industry regulations, it's necessary for enterprises to have stringent password management requirements in place. In this tip, expert Joel Dubin reviews the password requirements put forth by key ...  Continue Reading

• Guide to passing PCI's five toughest requirements

  As data security breach threats increase and the Payment Card Industry (PCI) Data Security Standard's authority continues to expand, credit card-processing companies have little choice but to implement PCI's dozen requirements. Some best practices, ...  Continue Reading

• How to avoid dangling pointers: Tiny programming errors leave serious security vulnerabilities

  For years, many have said that there is no practical way to exploit a dangling pointer, a common application programming error. But these software bugs should no longer be thought of as simple quality-assurance problems. Michael Cobb explains how ...  Continue Reading

• Building malware defenses: From rootkits to bootkits

  There's an evolving form of malware on the scene that can silently and maliciously wreak havoc on operating systems. Meet the "bootkit" -- a rootkit variant reminiscent of the old-school boot sector virus. While software exists for rootkit detection...  Continue Reading

• Enterprise risk management frameworks: Controls for people, processes, technology

  Once responsibilities and requirements are defined, the next stage in developing a successful risk management framework involves developing controls. As Khalid Kark explains, that includes developing a culture of security, using technology in the ...  Continue Reading

• Finding malware on your Windows box (using the command line)

  Security professionals typically overlook the Windows command line, instead spending their time with more complex GUI-based forensics tools. In this tip, Ed Skoudis explains how just a few command-line tricks can help users closely examine the ...  Continue Reading

• PCI Data Security Standard compliance: Setting the record straight

  Helping executives understand what PCI Data Security Standard compliance is all about can be a challenge, especially when it comes to debunking the many myths that have been perpetuated over the years. Read this tip by contributor John Kindervag as ...  Continue Reading

• COSO and COBIT: The value of compliance frameworks for SOX

  In an attempt to blaze a path through the myriad of compliance regulations and requirements, organizations are looking to frameworks like COSO and COBIT. In this tip, contributor Mike Rothman examines these compliance paradigms and offers insights ...  Continue Reading

• Using an XML security gateway in a service-oriented architecture

  Enabling security for enterprise Web services and service-oriented architectures (SOA) requires an approach that differs from traditional security practices. In this tip, Gunnar Peterson explains how XML security gateways can help keep network ...  Continue Reading

• Compliance benefits of tokenization

  If your organization handles credit card data, then it's probably already heard about the benefits of tokenization. However, as Joel Dubin explains, tokenization not only keeps confidential data out of the hands of malicious hackers, but also offers...  Continue Reading

• Troubleshooting proxy firewall connections

  Investigating the TCP 'handshake' between clients and servers has always been a useful way to diagnose Web server and application problems. Firewalls, however, can interfere with the normal transmission control protocol process. In this tip, network...  Continue Reading

• Investigating logic bomb attacks and their explosive effects

  A logic bomb is a dangerous piece of software designed to damage a computer or network and cause massive data destruction. In this tip from SearchSecurity.com's Ask the Expert section, Ed Skoudis explains how an enterprise can prepare for a hacker's...  Continue Reading

• The dangers of granting system access to a third-party provider

  Granting system access to a third-party provider is a risk that can introduce security threats and technical and business dangers into your enterprise. In this tip, security expert Joel Dubin discusses the potential threats involved with granting ...  Continue Reading

• M&A: Merging network security policies

  Company mergers often call for the consolidation of two different network policies. But before making any final decisions on technology, the staff members of both organizations need to be on the same page. In this tip, contributor Mike Chapple ...  Continue Reading

• Screencast: How to configure a UTM device

  Unified threat management technologies provide protection against various network attacks, but properly configuring UTM boxes can be a whole other battle. In this exclusive screencast, expert David Strom gives an easy-to-follow, on-screen ...  Continue Reading

• Mergers and acquisitions: Building up security after an M&A

  Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed ...  Continue Reading

• Understanding PCI DSS compensating controls

  By-the-book PCI DSS compliance scores big points with auditors, but abiding by all the regulations and requirements is a tall order in many organizations. Security management expert Mike Rothman discusses how compensating controls play a role in ...  Continue Reading

• Unified communications infrastructure threats and defense strategies

  Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the threats facing unified communications and how to ...  Continue Reading

• Best practices for compliance during a merger

  Company mergers involve more than just aligning two different security infrastructures. When one vendor acquires another, it's the handling of compliance issues that can be an IT security staff's toughest task. In this tip, security expert Joel ...  Continue Reading

• Using VMware for malware analysis

  Virtualization software like VMware helps ease the challenges of malware analysis. Malware expert Lenny Zeltser explains the steps enterprises must take to ensure malicious software doesn't leak out of their VMware-based labs and endanger production...  Continue Reading

• CISSP certification can serve as introduction to regulatory compliance

  The CISSP is widely considered a valuable baseline certification for information security professionals, but its coursework can also be a valuable introduction to the complex world of regulatory compliance. As certification expert Peter H. Gregory ...  Continue Reading

• How to choose the right smart card

  The ISO 7816 form factor is the most commonly deployed smart card in the enterprise, but it's not always the best option. As Burton Group's Mark Diodati explains, those looking for desktop simplicity and lower costs may want to consider an ...  Continue Reading

• Employee profiling: A proactive defense against insider threats

  Employee profiling is one technique to combat malicious insiders, but organizations should tread carefully. As identity and access management expert Joel Dubin writes, protecting data and systems against insiders with criminal intentions requires a ...  Continue Reading

• How to conduct a data classification assessment

  Before businesses safeguard mission-critical data, they must know how to conduct data classification processes. Even though it is time-consuming and involves many steps, as Tom Bowers writes, data classification makes it easier to figure out where ...  Continue Reading

• Digital forensics tool Helix 'does no harm'

  Forensics isn't just for the scientists. This month, contributor Scott Sidel recommends Helix, a digital forensics tool that can do some important detective work on your system.  Continue Reading

• Building application firewall rule bases

  Security professionals have worked hard in recent years to tighten up their security controls, but they often neglected one area: the application layer. In this tip, Mike Chapple explains how a carefully deployed application firewall can plug a ...  Continue Reading

• Network isolation as a PCI Data Security Standard compliance strategy

  One way to minimize your exposure to the 12 PCI Data Security Standard requirements is to use a stand-alone network to isolate payment card data. As Mike Chapple explains, while the approach is not without its drawbacks, it can not only eliminate a ...  Continue Reading

• Essential elements of a network access control (NAC) endpoint security strategy

  Don't make the mistake in believing that network access control is simply about endpoint security. In fact, it's about much more. As contributor Joel Snyder writes, understanding the NAC security lifecycle is the first step toward a successful NAC ...  Continue Reading

• Defending layer 7: A look inside application-layer firewalls

  Run-of-the-mill network firewalls can't properly defend applications. As Michael Cobb explains, application-layer firewalls offer Layer 7 security on a more granular level, and may even help organizations to get more out of existing network devices.  Continue Reading

• Wireshark: Taking a bite out of packet analysis

  If you need to sniff out problem packets, you don't have to spend thousands of dollars on network data analysis. Scott sidel recommends a free tool that's right under your nose: Wireshark.  Continue Reading

• Dynamic code obfuscation: New threat requires innovative defenses

  Dynamic code obfuscation used to be a taxing effort, but now even the most junior-level malicious hackers have learned how to effectively hide their code. In this tip, Michael Cobb examines how dynamic code obfuscation works, why it's on the rise ...  Continue Reading

• Windows Vista: Security issues to consider

  Windows Vista is now in the wild. With its myriad new security features, are enterprises foolish not to adopt right away? In this tip, contributor Michael Cobb examines the security-related pros and cons of Microsoft's latest operating system and ...  Continue Reading

• How compliance control frameworks ease risk assessment burdens

  Control and governance frameworks like COBIT and ISO17799 can make compliance goals easier to achieve. In this tip, part of SearchSecurity.com's Compliance School, expert Richard E. Mackey explains how to approach these frameworks and why they're ...  Continue Reading

• Snort: A capable network intrusion prevention tool

  Most security practitioners have heard of the open source network intrusion detection system, Snort. For those who haven't, however, contributor Scott Sidel highlights the tool's ability to monitor traffic, log packets and analyze protocols. See how...  Continue Reading

• Cyberwar: A threat to business

  In the dark crevices of the virtual world, malicious individuals and groups are at the ready, waiting for the perfect opportunity to target U.S. businesses where and when they least expect it. In this tip, contributor Gideon T. Rasmussen profiles ...  Continue Reading

• Using role management in provisioning and compliance

  Role management provides the necessary framework for enterprises to efficiently govern access to sensitive data based on workers' jobs. However, many organizations fail to rescind unnecessary access privileges when employees change roles. In this ...  Continue Reading

• Reasons why enterprise networking and security roles must stay separate

  Enterprise network managers are responsible for configuring and managing network devices, but should they be accountable for tasks that are typically handled by the information security team? Contributor Shon Harris examines why networking and ...  Continue Reading

• How Juniper and F5 SSL VPNs can handle endpoint security

  It's not easy setting up an endpoint security system, especially when using an existing SSL VPN architecture. In this tip, expert David Strom uses words and pictures to illustrate the steps needed to enable endpoint security using the SSL VPNs from ...  Continue Reading

• Using steganography for securing data, not concealing it

  Steganography is a useful technique for securely storing sensitive data, but the difficulty in detecting its usage can create an opportunity for digital miscreants. Michael Cobb explains how to ensure the practice isn't used maliciously.  Continue Reading

• Who should manage the firewall?

  Maintaining a firewall is not an easy task, especially when business rules narrowly define which tasks should be performed by network administrators and which should be handled by information security practitioners. To make life easier, some ...  Continue Reading

• Database compliance demystified

  As security professionals grapple with both federal mandates and industry-specific guidance, many wonder how best to approach these issues in terms of data protection and security. In this tip, James C. Foster looks at specific regulations such as ...  Continue Reading

• RFID security issues endanger companies and consumers

  As the holiday season approaches, credit card purchases will undoubtedly increase. However, before waving your RFID-enabled credit card at the checkout of your favorite store, research suggests you may want to think twice. In this tip, Joel Dubin ...  Continue Reading

• Developing an information security program using SABSA, ISO 17799

  In this final article of our information security governance series, Shon Harris explains how to develop an information security program with SABSA and ISO 17799.  Continue Reading

• How simple steps ensure database security

  An enterprise database stores an organization's most valuable assets, and just one small mistake can lead to a data security disaster. In this tip, Michael Cobb looks at five common database vulnerabilities and the simple steps that can eradicate ...  Continue Reading

• VPN or RPC/HTTPS? Both have their place

  Some security practitioners may debate which access method is best for ensuring secure, remote access to Exchange, but as Lee Benjamin explains, both VPNs and RPC over HTTPS can be effective strategies, depending on an organization's needs.  Continue Reading

• Steps in the information security program life cycle

  This article from our series on information security governance describes the essential steps to take when developing a security program life cycle.  Continue Reading

• Privacy and your offshore operations

  Most companies are used to considering the implications of Sarbanes-Oxley and Gramm-Leach-Bliley on their domestic operations, but thinking about security and privacy offshore is just as important. Contributor Joel Dubin explains how to ensure ...  Continue Reading

• Nmap and the open source debate

  Upper management may be hesitant to approve the use of an open source tool, but Nmap has many benefits. This tip offers selling points to present to upper management when proposing the use of Nmap.  Continue Reading

• Key elements when building an information security program

  Discover how to achieve information security governance by learning the essential elements behind a sucessful security program.  Continue Reading

• Nmap parsers and interfaces

  SearchSecurity expert contributor Michael Cobb continues his series on Nmap with a detailed look at Nmap parsers and interfaces.  Continue Reading

• Logwatch: Taking the pain out of log analysis

  This column reviews the benefits of Logwatch, an open source security log analysis tool.  Continue Reading

• One-time password tokens: Best practices for two-factor authentication

  In this tip, Joel Dubin examines how to physically secure one-time password tokens and how to properly implement them to provide effective two-factor authentication.  Continue Reading

• Ajax security: How to prevent exploits in five steps

  While Ajax can make your Web pages feel faster and more responsive, this Internet-based service, like many Web development tools, has its security concerns. In this tip, SearchSecurity.com expert Michael Cobb examines how Ajax works, how hackers can...  Continue Reading

• Interpreting and acting on Nmap scan results

  As we continue our series on Nmap in the enterprise, SearchSecurity expert contributor Michael Cobb explains how to run some of the more regular Nmap scans.  Continue Reading

• Mitigate botnets in five steps

  Don't let bots provide back door access to your computing environment. In this tip, Tony Bradley reveals the evolution of bot code, and strategies to mitigate the botnet threat.  Continue Reading

• Four ways to isolate sensitive servers

  When the security issue arises, a discussion of isolating a sensitive server usually follows. While often impractical, learn four ways to isolate sensitive servers if the need becomes a necessity.  Continue Reading

• Network access control: Compliance enabler or detractor?

  No one technology is a regulatory compliance cure-all, but network access control (NAC) does have its benefits. In this article from Identity and Access Management Security School, guest instructor Mike Rothman outlines the pros and cons of ...  Continue Reading

• Techniques for improving Nmap port scan times

  As we continue our series on using Nmap in the enterprise, SearchSecurity expert Michael Cobb provides commands that will help you adjust your Nmap scan times appropriately -- whether you want Nmap to run slow and quietly, fast and furious, or ...  Continue Reading

• Telecommuting security: Protecting sensitive data inside and out

  The rash of laptop thefts in recent months has brought telecommuting and remote access security to the forefront of many information security professionals' minds. In this tip, Joel Dubin examines the mistakes made in the VA data theft case and ...  Continue Reading

• CRLF injection attacks: How they work and what to do about them

  CRLF injection attacks may not be as popular as other application attacks, but they can be just as devastating. Learn how CRLF injection attacks are executed and how to defend your organization against these attacks.  Continue Reading

• Nmap: Firewall configuration testing

  This tip, in our Nmap manual series, explains how Nmap can be used to test the effectiveness of a firewall configuration. Learn how to use the open source network mapper to better understand how your firewall handles uninvited traffic and to test ...  Continue Reading

• Email filtering tools and techniques

  Email filtering tools help organizations enforce acceptable use policies, filtering office email and blocking personal email traveling over the corporate network. This tip introduces the two classes of email filtering tools and how to choose the one...  Continue Reading

• Utilizing Active Directory to automate provisioning

  This article focuses on utilizing Active Directory and Group Policy to automate provisioning.  Continue Reading

• Five freeware tools for mitigating network vulnerabilities

  From Nmap to Snort, there are a variety of viable freeware tools available for information security professionals. In this tip, Michael Cobb reviews five freeware tools and explains why he believes they are the best tools in their space.  Continue Reading

• Nmap: More port scanning techniques

  In this fifth tip in our Nmap manual, SearchSecurity.com expert Michael Cobb looks at some of the Nmap port scanning techniques that exploit certain idiosyncrasies of specific platforms or protocols in order to better differentiate between open and ...  Continue Reading

• How to configure a server to prevent unauthorized network access

  Learn from other security practitioners as they share ways to configure a network so unauthorized users cannot access files, folders and other sensitive information.  Continue Reading

• PIX firewall configuration from scratch

  Learn how to configure passwords, IP addresses, network address translation (NAT) and basic firewall rules in this tip.  Continue Reading

• Nmap: How to scan ports and services

  Nmap is the ideal tool for performing a simple network inventory or vulnerability assessment. This article offers tips on how to use a Nmap  Continue Reading

• FISMA essentials for information security practitioners

  This tip provides an overview of the Federal Information Security Management Act (FISMA) and what information security professionals need to do in order to comply.  Continue Reading

• Blocking Web anonymizers in the enterprise

  As Internet privacy concerns continue to proliferate, so does the use of Web anonymizers. While these tools can help you block employee access to certain Web sites, they are also beneficial in helping employees evade your efforts. In this tip, ...  Continue Reading

• Security concerns of extended schema in Active Directory

  The Active Directory default schema can be changed if needed. The presence of third-party products that do this can complicate the issue, especially when security is concerned.  Continue Reading

• An introduction to Active Directory Federation Services

  Brien M. Posey discusses key features of Microsofts's Active Directory Federation Services and how it works.  Continue Reading

• How to install and configure Nmap on Linux

  Get tips on how to install and configure Nmap on Linux in an enterprise network environment.  Continue Reading

• Preventing blind SQL injection attacks

  Most security professionals know what SQL injection attacks are and how to protect their Web applications against them. But, they may not know that their preventative measures may be leaving their applications open to blind SQL injection attacks. ...  Continue Reading

• Out-of-office messages: A security hazard?

  Automatically generated out-of-office messages, like the kind created by Microsoft Outlook, have come under scrutiny as a possible security hazard for a number of reasons. Should organizations prohibit the use of out-of-office messages? Serdar ...  Continue Reading

• Extranet security strategy considerations

  Extranets can be beneficial for conducting e-commerce, but if they aren't properly secured, they can pose serious risks to you, your business partners and customers. In this tip, our network security expert, Mike Chapple, provides four tactics for ...  Continue Reading