Tips

Tips

• Employee profiling: A proactive defense against insider threats

  Employee profiling is one technique to combat malicious insiders, but organizations should tread carefully. As identity and access management expert Joel Dubin writes, protecting data and systems against insiders with criminal intentions requires a ...  Continue Reading

• How to conduct a data classification assessment

  Before businesses safeguard mission-critical data, they must know how to conduct data classification processes. Even though it is time-consuming and involves many steps, as Tom Bowers writes, data classification makes it easier to figure out where ...  Continue Reading

• Digital forensics tool Helix 'does no harm'

  Forensics isn't just for the scientists. This month, contributor Scott Sidel recommends Helix, a digital forensics tool that can do some important detective work on your system.  Continue Reading

• Building application firewall rule bases

  Security professionals have worked hard in recent years to tighten up their security controls, but they often neglected one area: the application layer. In this tip, Mike Chapple explains how a carefully deployed application firewall can plug a ...  Continue Reading

• Network isolation as a PCI Data Security Standard compliance strategy

  One way to minimize your exposure to the 12 PCI Data Security Standard requirements is to use a stand-alone network to isolate payment card data. As Mike Chapple explains, while the approach is not without its drawbacks, it can not only eliminate a ...  Continue Reading

• Essential elements of a network access control (NAC) endpoint security strategy

  Don't make the mistake in believing that network access control is simply about endpoint security. In fact, it's about much more. As contributor Joel Snyder writes, understanding the NAC security lifecycle is the first step toward a successful NAC ...  Continue Reading

• Defending layer 7: A look inside application-layer firewalls

  Run-of-the-mill network firewalls can't properly defend applications. As Michael Cobb explains, application-layer firewalls offer Layer 7 security on a more granular level, and may even help organizations to get more out of existing network devices.  Continue Reading

• Wireshark: Taking a bite out of packet analysis

  If you need to sniff out problem packets, you don't have to spend thousands of dollars on network data analysis. Scott sidel recommends a free tool that's right under your nose: Wireshark.  Continue Reading

• Dynamic code obfuscation: New threat requires innovative defenses

  Dynamic code obfuscation used to be a taxing effort, but now even the most junior-level malicious hackers have learned how to effectively hide their code. In this tip, Michael Cobb examines how dynamic code obfuscation works, why it's on the rise ...  Continue Reading

• Windows Vista: Security issues to consider

  Windows Vista is now in the wild. With its myriad new security features, are enterprises foolish not to adopt right away? In this tip, contributor Michael Cobb examines the security-related pros and cons of Microsoft's latest operating system and ...  Continue Reading

• How compliance control frameworks ease risk assessment burdens

  Control and governance frameworks like COBIT and ISO17799 can make compliance goals easier to achieve. In this tip, part of SearchSecurity.com's Compliance School, expert Richard E. Mackey explains how to approach these frameworks and why they're ...  Continue Reading

• Snort: A capable network intrusion prevention tool

  Most security practitioners have heard of the open source network intrusion detection system, Snort. For those who haven't, however, contributor Scott Sidel highlights the tool's ability to monitor traffic, log packets and analyze protocols. See how...  Continue Reading

• Cyberwar: A threat to business

  In the dark crevices of the virtual world, malicious individuals and groups are at the ready, waiting for the perfect opportunity to target U.S. businesses where and when they least expect it. In this tip, contributor Gideon T. Rasmussen profiles ...  Continue Reading

• Using role management in provisioning and compliance

  Role management provides the necessary framework for enterprises to efficiently govern access to sensitive data based on workers' jobs. However, many organizations fail to rescind unnecessary access privileges when employees change roles. In this ...  Continue Reading

• Reasons why enterprise networking and security roles must stay separate

  Enterprise network managers are responsible for configuring and managing network devices, but should they be accountable for tasks that are typically handled by the information security team? Contributor Shon Harris examines why networking and ...  Continue Reading

• How Juniper and F5 SSL VPNs can handle endpoint security

  It's not easy setting up an endpoint security system, especially when using an existing SSL VPN architecture. In this tip, expert David Strom uses words and pictures to illustrate the steps needed to enable endpoint security using the SSL VPNs from ...  Continue Reading

• Using steganography for securing data, not concealing it

  Steganography is a useful technique for securely storing sensitive data, but the difficulty in detecting its usage can create an opportunity for digital miscreants. Michael Cobb explains how to ensure the practice isn't used maliciously.  Continue Reading

• Who should manage the firewall?

  Maintaining a firewall is not an easy task, especially when business rules narrowly define which tasks should be performed by network administrators and which should be handled by information security practitioners. To make life easier, some ...  Continue Reading

• Database compliance demystified

  As security professionals grapple with both federal mandates and industry-specific guidance, many wonder how best to approach these issues in terms of data protection and security. In this tip, James C. Foster looks at specific regulations such as ...  Continue Reading

• RFID security issues endanger companies and consumers

  As the holiday season approaches, credit card purchases will undoubtedly increase. However, before waving your RFID-enabled credit card at the checkout of your favorite store, research suggests you may want to think twice. In this tip, Joel Dubin ...  Continue Reading

• Developing an information security program using SABSA, ISO 17799

  In this final article of our information security governance series, Shon Harris explains how to develop an information security program with SABSA and ISO 17799.  Continue Reading

• How simple steps ensure database security

  An enterprise database stores an organization's most valuable assets, and just one small mistake can lead to a data security disaster. In this tip, Michael Cobb looks at five common database vulnerabilities and the simple steps that can eradicate ...  Continue Reading

• VPN or RPC/HTTPS? Both have their place

  Some security practitioners may debate which access method is best for ensuring secure, remote access to Exchange, but as Lee Benjamin explains, both VPNs and RPC over HTTPS can be effective strategies, depending on an organization's needs.  Continue Reading

• Steps in the information security program life cycle

  This article from our series on information security governance describes the essential steps to take when developing a security program life cycle.  Continue Reading

• Privacy and your offshore operations

  Most companies are used to considering the implications of Sarbanes-Oxley and Gramm-Leach-Bliley on their domestic operations, but thinking about security and privacy offshore is just as important. Contributor Joel Dubin explains how to ensure ...  Continue Reading

• Nmap and the open source debate

  Upper management may be hesitant to approve the use of an open source tool, but Nmap has many benefits. This tip offers selling points to present to upper management when proposing the use of Nmap.  Continue Reading

• Key elements when building an information security program

  Discover how to achieve information security governance by learning the essential elements behind a sucessful security program.  Continue Reading

• Nmap parsers and interfaces

  SearchSecurity expert contributor Michael Cobb continues his series on Nmap with a detailed look at Nmap parsers and interfaces.  Continue Reading

• Logwatch: Taking the pain out of log analysis

  This column reviews the benefits of Logwatch, an open source security log analysis tool.  Continue Reading

• One-time password tokens: Best practices for two-factor authentication

  In this tip, Joel Dubin examines how to physically secure one-time password tokens and how to properly implement them to provide effective two-factor authentication.  Continue Reading

• Ajax security: How to prevent exploits in five steps

  While Ajax can make your Web pages feel faster and more responsive, this Internet-based service, like many Web development tools, has its security concerns. In this tip, SearchSecurity.com expert Michael Cobb examines how Ajax works, how hackers can...  Continue Reading

• Interpreting and acting on Nmap scan results

  As we continue our series on Nmap in the enterprise, SearchSecurity expert contributor Michael Cobb explains how to run some of the more regular Nmap scans.  Continue Reading

• Mitigate botnets in five steps

  Don't let bots provide back door access to your computing environment. In this tip, Tony Bradley reveals the evolution of bot code, and strategies to mitigate the botnet threat.  Continue Reading

• Four ways to isolate sensitive servers

  When the security issue arises, a discussion of isolating a sensitive server usually follows. While often impractical, learn four ways to isolate sensitive servers if the need becomes a necessity.  Continue Reading

• Network access control: Compliance enabler or detractor?

  No one technology is a regulatory compliance cure-all, but network access control (NAC) does have its benefits. In this article from Identity and Access Management Security School, guest instructor Mike Rothman outlines the pros and cons of ...  Continue Reading

• Techniques for improving Nmap port scan times

  As we continue our series on using Nmap in the enterprise, SearchSecurity expert Michael Cobb provides commands that will help you adjust your Nmap scan times appropriately -- whether you want Nmap to run slow and quietly, fast and furious, or ...  Continue Reading

• Telecommuting security: Protecting sensitive data inside and out

  The rash of laptop thefts in recent months has brought telecommuting and remote access security to the forefront of many information security professionals' minds. In this tip, Joel Dubin examines the mistakes made in the VA data theft case and ...  Continue Reading

• CRLF injection attacks: How they work and what to do about them

  CRLF injection attacks may not be as popular as other application attacks, but they can be just as devastating. Learn how CRLF injection attacks are executed and how to defend your organization against these attacks.  Continue Reading

• Nmap: Firewall configuration testing

  This tip, in our Nmap manual series, explains how Nmap can be used to test the effectiveness of a firewall configuration. Learn how to use the open source network mapper to better understand how your firewall handles uninvited traffic and to test ...  Continue Reading

• Email filtering tools and techniques

  Email filtering tools help organizations enforce acceptable use policies, filtering office email and blocking personal email traveling over the corporate network. This tip introduces the two classes of email filtering tools and how to choose the one...  Continue Reading

• Utilizing Active Directory to automate provisioning

  This article focuses on utilizing Active Directory and Group Policy to automate provisioning.  Continue Reading

• Five freeware tools for mitigating network vulnerabilities

  From Nmap to Snort, there are a variety of viable freeware tools available for information security professionals. In this tip, Michael Cobb reviews five freeware tools and explains why he believes they are the best tools in their space.  Continue Reading

• Nmap: More port scanning techniques

  In this fifth tip in our Nmap manual, SearchSecurity.com expert Michael Cobb looks at some of the Nmap port scanning techniques that exploit certain idiosyncrasies of specific platforms or protocols in order to better differentiate between open and ...  Continue Reading

• How to configure a server to prevent unauthorized network access

  Learn from other security practitioners as they share ways to configure a network so unauthorized users cannot access files, folders and other sensitive information.  Continue Reading

• PIX firewall configuration from scratch

  Learn how to configure passwords, IP addresses, network address translation (NAT) and basic firewall rules in this tip.  Continue Reading

• Nmap: How to scan ports and services

  Nmap is the ideal tool for performing a simple network inventory or vulnerability assessment. This article offers tips on how to use a Nmap  Continue Reading

• FISMA essentials for information security practitioners

  This tip provides an overview of the Federal Information Security Management Act (FISMA) and what information security professionals need to do in order to comply.  Continue Reading

• Blocking Web anonymizers in the enterprise

  As Internet privacy concerns continue to proliferate, so does the use of Web anonymizers. While these tools can help you block employee access to certain Web sites, they are also beneficial in helping employees evade your efforts. In this tip, ...  Continue Reading

• Security concerns of extended schema in Active Directory

  The Active Directory default schema can be changed if needed. The presence of third-party products that do this can complicate the issue, especially when security is concerned.  Continue Reading

• An introduction to Active Directory Federation Services

  Brien M. Posey discusses key features of Microsofts's Active Directory Federation Services and how it works.  Continue Reading

• How to install and configure Nmap on Linux

  Get tips on how to install and configure Nmap on Linux in an enterprise network environment.  Continue Reading

• Preventing blind SQL injection attacks

  Most security professionals know what SQL injection attacks are and how to protect their Web applications against them. But, they may not know that their preventative measures may be leaving their applications open to blind SQL injection attacks. ...  Continue Reading

• Out-of-office messages: A security hazard?

  Automatically generated out-of-office messages, like the kind created by Microsoft Outlook, have come under scrutiny as a possible security hazard for a number of reasons. Should organizations prohibit the use of out-of-office messages? Serdar ...  Continue Reading

• Extranet security strategy considerations

  Extranets can be beneficial for conducting e-commerce, but if they aren't properly secured, they can pose serious risks to you, your business partners and customers. In this tip, our network security expert, Mike Chapple, provides four tactics for ...  Continue Reading

• IIS security: Configure Web server permissions for better access control

  Updating user access controls as business portfolios expand can help protect confidential data. Learn how to secure user access controls and keep your greatest asset under lock and key by configuring IIS Web server permissions, in this tip by ...  Continue Reading

• How to install and configure Nmap for Windows

  In this second installment of our Nmap Technical Manual, SearchSecurity expert Michael Cobb offers pointers on how to install and configure Nmap for Windows.  Continue Reading

• Skype: Its dangers and how to protect against them

  Skype may be free for end users but it could be costing your enterprise its security. This tip outlines the free VoIP solution's security risks and offers tips for keeping Skype off of the network.  Continue Reading

• Nmap: A valuable open source tool for network security

  Open source tool Nmap is a popular choice amongst hackers and security pros alike for network mapping, port-scanning and testing for network vulnerabilities.  Continue Reading

• NetChk Protect 5.5

  Information Security magazine's contributing editor, Wayne Rash , reviews Shavlik Technologies NetChk Protect 5.5  Continue Reading

• HTTP attacks: Strategies for prevention

  Examine how hackers manipulate HTTP requests to solicit an attack, and learn various guidelines developers should follow to mitigate this threat.  Continue Reading

• Achieving network security with tomorrow's antivirus tools

  Learn about antivirus from an intelligence/technology perspective and offers best practices for simple file-type blocking, and the implementation of heuristic- and reputation-based antivirus tools.  Continue Reading

• The key technologies in a network perimeter intrusion defense strategy

  This article lays the groundwork for future discussions of intrusion defense. Joel Snyder introduces technologies that act as strong network perimeter defenses.  Continue Reading

• Pen testing your VPN

  Your VPN is a vital gateway into your network for your company's road warriors, telecommuters and other remote users. Unfortunately, it's also a gateway for the less-than-scrupulous predators prowling the Internet for access to your network. This ...  Continue Reading

• How to implement an effective risk management team

  In this installment of the Risk Management Guide, Shon Harris describes the roles and responsibilities of an information risk management team.  Continue Reading

• Information risk management: Defining the scope, methodology and tools

  In this installment of the Risk Management Guide, Shon Harris explains the importance of defining the scope of the IRM team's responsibilities, the difference between qualitative and quantitative risk analysis and the tools used to carry out risk ...  Continue Reading

• How to deal with risk

  In this installment of the Risk Management Guide, Shon Harris explains the four ways to deal with identified risk: transfer it, avoid it, reduce it or accept it.  Continue Reading

• How to conduct a risk analysis

  In this installment of the Risk Management Guide, Shon Harris provides step-by-step instructions on conducting a risk analysis.  Continue Reading

• How to define an acceptable level of risk

  Even though management is responsible for defining an organization's acceptable level of risk, the security practitioner should understand the process and be able to illustrate to management how underlining security threats can negatively affect ...  Continue Reading

• Understanding risk

  In this installment of the Risk Management Guide, contributor Shon Harris explains what risk is and clarifies the differences between risk and vulnerability management.  Continue Reading

• Biometrics: Best practices, future trends

  Biometrics products are improving, but they still require careful consideration and planning before implementation. In this tip, ID and access management expert Joel Dubin reviews some best practices and pitfalls to watch out for.  Continue Reading

• How to write an information risk management policy

  In this installment of the Risk Management Guide, Shon Harris describes the contents of a risk management policy and provides a sample policy template.  Continue Reading

• Defining adequate security controls

  Because of the changing nature of technology, the language in the Sarbanes-Oxley Act is purposefully vague. This article explores the meaning of adequate security controls and what is required for SOX compliance.  Continue Reading

• Designing a DMZ using iptables

  In this tip, excerpted from ITKnowledge Exchange, security practitioners share strategies used to design a demilitarized zone using iptables.  Continue Reading

• Ten dos and don'ts for secure coding

  Security practitioners should understand how developers introduce security vulnerabilities into applications and work to support the developers in improving code quality and security. Encouragement and support for improvement must be a fundamental ...  Continue Reading

• Best practices for pen testing Web applications

  Performing a Web application penetration test can gauge how well your Web application can withstand an attack. In this tip, platform security expert Michael Cobb provides best practices for performing Web application pen test.  Continue Reading

• Protect your business from a Google hack

  Learn how to use advanced operators, special searching techniques offered by Google that enable advanced queries, to discover if your company's sensitive security information is exposed on the Internet before a black hat does. This tip offers a ...  Continue Reading

• What's new in the revision of ISO 17799

  SearchSecurity expert Michael Cobb outlines the latest changes to the ISO 17799 standard.  Continue Reading

• Automate SQL injection testing

  Manual testing for SQL injection requires much effort with little guarantee that you'll find every vulnerability. Instead, run automated SQL injection tests. In this tip, security guru Kevin Beaver shows you how.  Continue Reading

• Checklist: 11 things to do after a hack

  Your network's been cracked, what do you do next? Contributor Jonathan Hassell recommends following these eleven steps to limit damage and preserve evidence.  Continue Reading

• Cheat sheet: Access management solutions and their pros and cons

  A cheat sheet of the most common access solutions with a brief description, and their risks and pros and cons to help you choose the solution that is right for your organization.  Continue Reading

• Simplifying Nessus security scans with a spreadsheet model

  In this tip, expert George Wrenn explains how to divide networks into small, manageable IP spaces and maintain Nessus data with a spreadsheet model.  Continue Reading

• Nessus vulnerability assessment with the SANS Top 20

  Using the SANS Top 20 in conjunction with Nessus can help you eliminate exposures that give unauthorized privileged access to vulnerable hosts.  Continue Reading

• An overview of the risk management process

  In this installment of the Risk Management Guide, Shon Harris provides a 10,000-foot view of the risk management process.  Continue Reading

• How to use IPsec filtering rules to filter network traffic

  Learn how to control what enters and exits your PCs by using IPsec filtering rules to filter particular protocol and port combinations for both inbound and outbound network traffic.  Continue Reading

• RSS: The next malware target?

  A recent report from Trend Micro names RSS as the next likely target for bot worm attacks and predicts feed hijackings will be prevalent with the release of IE 7. In this tip, security expert Mike Chapple explains how RSS could be exploited, and ...  Continue Reading

• Why form fields aren't a good place to hide sensitive information

  Web security guru Michael Cobb, takes an in-depth look at the dangers of HIDDEN form fields, how attackers use them to gain unauthorized entry or hijack sessions, and most importantly, how to secure the information sent in these fields.  Continue Reading

• The 5 A's of functional SAN security

  This tip examines why admins should follow the 5 A's of SAN security: Authentication, access, audits, alarms and availability, to keep their SAN secure.  Continue Reading

• Service-level agreement advantages and disadvantages

  Learn about the advantages and disadvantages of service-level agreements.  Continue Reading

• How to prevent phishing scams and protect customers

  In this tip, Web security guru, Nalneesh Gaur examines how hackers are using phishing scams to exploit financial sectors of the industry, why you should care and what you can do to prevent these attacks.  Continue Reading

• Best practices for managing secure Web server configurations

  In this tip, Michael Cobb, our Web security guru takes an in-depth look at ways to manage securing configurations of multiple Web servers. He explains the process from frequency to documentation and replication.  Continue Reading

• The pros and cons of migrating to Firefox

  Making the switch from Internet Explorer to Firefox isn't a security cure-all. Here are some factors to consider before you change Web browsers.  Continue Reading

• Educate users about security awareness

  User education is one of the hardest security layers for administrators to implement. This article by contributor Tony Bradley provides the top ten things users should know about information security.  Continue Reading

• Using attack responses to improve intrusion detection

  IPSes must detect an attack as it comes into the network; however, IDSes have the advantage of identifying an intrusion based on incoming our outgoing network traffic.  Continue Reading

• Block and reroute denial-of-service attacks

  Prevent denial-of-service and distributed denial-of-service attacks from taking down your network by blocking and rerouting DDoS and DoS traffic using honeypots, subnets and intrusion detection and prevention systems.  Continue Reading

• Securing Web apps against authenticated users

  Improve Web site security by securing Web applications from authenticated users and avoiding client-side authentication.  Continue Reading

• IPsec and SSL VPNs: Solving remote access problems

  Learn how to solve remote access problems in this Information Security Decisions presentation by security expert Joel Snyder.  Continue Reading

• How to secure session tokens

  Dos and don'ts for protecting session IDs for users of e-commerce Web sites.  Continue Reading

• How to build a secure network from the ground up

  Receive peer advice on what steps are crucial when building a secure network from the ground up. Also learn what resources are available to guide you through this process.  Continue Reading

• Protect your Web site against path traversal attacks

  How to protect your Web site against path traversal attacks.  Continue Reading

• Auditing firewall activity

  This Firewall Architecture Tutorial tip shows how completing a firewall audit of activity can help in the management of valuable firewall data.  Continue Reading