Tips

Tips

• How to write an RFP

  The principles of Six Sigma can be applied to the process of writing a request for proposal.  Continue Reading

• Sizing up e-mail appliances

  Information Security magazine tests four e-mail appliances designed to clear the way for safe messaging. Here's how they measured up.  Continue Reading

• Hercules 4.0 Enterprise Vulnerability Management Suite

  Information Security magazine's contributing editor, James C. Foster , reviews Hercules 4.0 Enterprise Vulnerability Management Suite from Citadel Security Software.  Continue Reading

• SMTP policies help reduce the risk of unauthorized mail servers

  SMTP policies can help protect systems from rogue e-mail servers that clog the network with viruses, malware and spam.  Continue Reading

• Using secure MIME (S/MIME) for securing email

  Secure MIME (S/MIME) and digital certificates offer channel professionals a low-cost way to improve their customers' email security. This tip explains how to implement S/MIME and digital certificates for email encryption.  Continue Reading

• Step-by-Step Guide: Best practices for security patch management

  This step-by-step guide offers best practices on how to deploy a security patch and provides the tools you will need to mitigate the risk of a compromised computer.  Continue Reading

• Security patch testing and deployment phase

  Learn what conditions should be met in the security patch testing phase prior to deployment. Also learn how to deploy a security patch and what methods, tools to use to ensure a predicable rollout.  Continue Reading

• Security patch validation and verification

  Learn about the verification and review phase of the security patch deployment cycle. Learn how these phases help ensure the organizations security patch management procedure is proactive.  Continue Reading

• Web security benchmarks

  Learn how to increase your security posture and what resources are available to security admininstrators who want to quickly ramp up their posture of their protected systems.  Continue Reading

• Security awareness training: How to educate employees about spyware

  Educated end users are a valuable defense in the fight against spyware. Learn how to conduct effective security awareness training and create spyware policies.  Continue Reading

• Acceptable use policies will minimize email risks

  Learn why setting comprehensive email acceptable use policies can help minimize email risks and secure your email applications.  Continue Reading

• Improper error handling

  This tip explains what improper error handling is, how it leads to a variety of application attacks, and what programmers can do to secure their Web applications.  Continue Reading

• Avoid the hazards of unvalidated Web application input

  Learn how unvalidate Web application input works and what programmers can do to secure their Web applications.  Continue Reading

• Phishing: The business risks and strategies for mitigating them

  Understand the business risks posed by phishing attacks and strategies for mitigating them.  Continue Reading

• How to perform a bug sweep

  Learn why many corporations have started to perform bug sweeps or Technical Security Counter Measure (TSCM) operations, and five basic technologies used by TSCM operators.  Continue Reading

• IIS vs. Apache: Which is the right security choice?

  From vulnerabilities to administrator and developer skills, this tip analyzes the risks and benefits to weigh when selecting the right Web server for your organization.  Continue Reading

• Technical college vs. university

  Get peer advice on the pros and cons of attending a technical college vs. a university.  Continue Reading

• Using TLS encryption

  Learn how the TLS protocol can help add an extra layer of security to your e-mail infrastructure, and five steps to implementing TLS on your server.  Continue Reading

• A five-point strategy for secure remote access

  Systems with remote access are not only more difficult to secure, they pose a greater risk to the network than systems that sit behind the corporate firewall. Here are best practices for securing remote access endpoints.  Continue Reading

• How to detect and prevent keylogger attacks

  Learn five tactics for protecting your systems against keylogger attacks.  Continue Reading

• How to limit false positives in IPSes

  Learn five tactics for reducing false positives in intrusion-prevention systems.  Continue Reading

• How to reduce spim

  Learn three tips for reducing unsolicited instant messages.  Continue Reading

• Get ready for IPv6: Five security issues to consider

  Learn about the potential hazards of migrating to IPv6 and how to ensure a smooth transition without jeopardizing your company's security.  Continue Reading

• SOX 404 compliance: Efficiency is key

  Gain a better understanding of SOX Section 404 and learn how to improve your compliance efficiency.  Continue Reading

• How to reduce risks with URL filtering

  Learn how to protect your network from threats by controlling the URLs that enter and leave it.  Continue Reading

• Five essentials of a patch management solution

  Learn the key criteria you need to consider when purchasing a patch management solution to ensure it is effective.  Continue Reading

• Demand good proposals: Tips for writing an RFP

  Learn five guidelines that will improve prospects for proposals that actually respond directly to your requirements.  Continue Reading

• Limiting the risk and liability of federated identities

  You'll learn the legal issues involved in federated identity and how to best manage them.  Continue Reading

• How to automatically update Snort rules

  Learn how Oinkmaster can help you automatically update your Snort rules.  Continue Reading

• Popular VLAN attacks and how to avoid them

  Learn how to secure a VLAN from popular attacks such as the VLAN hopping attack.  Continue Reading

• Top five risks of Web-based e-mail

  Learn five specific Web-based e-mail risks and a design strategy for coping with them  Continue Reading

• Layered access control: Six top defenses that work

  Six top strategies and best practices for building layered security in networks.  Continue Reading

• Who's responsible for security? Everyone!

  Learn how to decentralize security responsibility in your organization.  Continue Reading

• Finding an OS for Snort IDS sensors

  JP Vossen offers his advice on choosing an OS for Snort sensors.  Continue Reading

• Where to place IDS network sensors

  JP Vossen explains where to place IDS sensors.  Continue Reading

• How to determine network interface cards for IDS sensors

  In this tip, JP Vossen offers advice about choosing and configuring interfaces for an IDS sensor.  Continue Reading

• Where to find Snort IDS rules

  In this tip, JP Vossen points out the four best places to find Snort rules.  Continue Reading

• How to configure Snort variables

  Learn how to define Snort's configuration variables.  Continue Reading

• Using IDS rules to test Snort

  Here are several methods for testing Snort over the wire to ensure it's working properly in your environment.  Continue Reading

• How to handle network design with switches and segments

  Expert JP Vossen explains how to handle switches and segments in conjunction with network-based IDS.  Continue Reading

• Why Snort makes IDS worth the time and effort

  Open source Snort is a free and powerful alternative to commercial intrusion-detection systems.  Continue Reading

• Modifying and writing custom Snort IDS rules

  Learn more about altering Snort rules.  Continue Reading

• How to identify and monitor network ports after intrusion detection

  What should your next step be after finding an unfamiliar source or destination port on an IDS alert or firewall log? JP Vossen takes you through the process of port analysis.  Continue Reading

• Adware, rootkits and worms: Translating malware speak

  Learn basic translations for common malware terms, including adware, rootkits and worms.  Continue Reading

• How to decipher the Oinkcode for Snort's VRT rules

  Learn how Snort end users can register and download free Snort rules using Oinkcode.  Continue Reading

• Segmenting a LAN to isolate malware

  The disadvantages of segmenting a LAN to isolate a worm or virus, and alternatives for keeping malware off a network.  Continue Reading

• Ten steps to a successful business impact analysis

  What is a business impact analysis, what are the benefits of a BIA and how to conduct one.  Continue Reading

• Beware of DNS blacklisting perils

  The pros and cons of using DNS blacklists for spam mitigation.  Continue Reading

• Introduction to SNMPv3's security functionality

  While SNMP is well established, inherent security gaps were only closed in the latest version of the network protocol, as explained here.  Continue Reading

• How to remove a Trojan downloader

  In this thread from the ITKnowledge Exchange, get tips and learn how to remove a Trojan downloader, how they install themselves, how they spread and how to avoid infecting other machines on a network.  Continue Reading

• Six essential security policies for outsourcing

  Kevin Beaver outlines six essential security policies for dealing with external service providers.  Continue Reading

• Four ways to measure security success

  Improve your ability to assess the effectiveness of security programs using these four measures.  Continue Reading

• How to set up DNS for Linux VPNs

  This tip explains how to set up DNS for Linux VPNs so you can access machines that are not available on the Internet at large.  Continue Reading

• How to tell if you've been hacked: Signs of a compromised system

  In this final section in our hacker techniques and tactics series, you will learn how to determine if a hacker has breached your system.  Continue Reading

• Five steps for beating back the bots

  Learn how to identify bots on your network, and get tactics to tune security devices, lock down hosts and preserve evidence for law enforcement.  Continue Reading

• Sample e-mail policy template and checklist of concerns

  Kevin Beaver provides a simple template approach for writing e-mail security policies and a checklist of concerns.  Continue Reading

• Wireless security basics: Authentication, encryption for access points

  This section of our hacker techniques and tactics series focuses on implementing wireless security basics to prevent hacker compromise.  Continue Reading

• Effectively enforcing e-mail policies

  In this tip, our policy expert explains how to establish effective e-mail policy enforcement without having to rule with an iron first.  Continue Reading

• Outsourcing IT services: Is it worth the security risk?

  Kevin Beaver examines the risks to consider when contemplating outsourcing your IT services.  Continue Reading

• Roberta Bragg's 10 Windows hardening tips in 10 minutes

  A Windows security expert helps you harden your systems in ten simple steps.  Continue Reading

• Three techniques for measuring information systems risk

  Improve your ability to measure information systems risk with these three techniques.  Continue Reading

• Improving your access request process with system authorization

  This installment in our series on hacker techniques and tactics focuses on streamlining inefficient application and data access requests with system authorization.  Continue Reading

• An introduction to SSH2

  Learn about the differences between SSH1 and SSH2 and why you should consider upgrading.  Continue Reading

• Routing protocol security

  Here are some of the most common attacks directed at routing infrastructures and the steps you can take to mitigate risk.  Continue Reading

• Defining authentication system security weaknesses to combat hackers

  This installment in our primer series focuses on hardening network access and authentication system security to combat hacker attacks.  Continue Reading

• Improving network security: How to avoid physical security threats

  In this part of our Hacker Tactics and Techniques tutorial learn how to improve network security and prevent physical security threats.  Continue Reading

• Hacker techniques and exploits: Prevent system fingerprinting, probing

  As part of our series on hacker tactics and techniques, in this tip you will learn how to identify and avoid certain hacker strategies, such as probing and fingerprinting.  Continue Reading

• Quiz: Vulnerability management

  Test your knowledge of vulnerability management process and methodology with this quiz by Shon Harris, CISSP.  Continue Reading

• Protecting the network from Web-based service attacks with defense-in-depth

  In this week's tip, Mike Chapple explains how to build a multilayered defense to protect the network from Web-based service attacks.  Continue Reading

• Letting telecommuters in -- Your VPN alternatives

  There are other options to give telecommuters access to your network and its applications than a traditional VPN.  Continue Reading

• Using security policy templates

  Charles Cresson Wood explains the value of and approach to modifying information security policy templates to meet an organization's specific needs.  Continue Reading

• Two-factor authentication with RSA SecurID 6.0 for Windows

  RSA SecurID provides the kind of authentication that networks and mobile-users need to secure today's enterprise environments.  Continue Reading

• Best practices: Making vendor pitches work for you

  Get the most out of vendor calls with these best practices.  Continue Reading

• Hot Pick: SQL Guard

  Learn how Guardium's SQL Guard defends the underlying database code and engines from external attacks and internal misuse by monitoring traffic for illegal and malicious activity.  Continue Reading

• How to select the best security assessment tool for the job

  Here are four factors to take into account when choosing a security assessment tool.  Continue Reading

• Hot Pick: Sentivist IPS

  Learn how NFR Security's Sentivist IPS detects attacks with few false positives and automated response features that won't break mission-critical apps.  Continue Reading

• How to patch vulnerabilities and keep them sealed

  Learn how to simplify the patch deployment process and employ methods that will reduce vulnerabilities.  Continue Reading

• Week 47: Switch security tips

  When your organization's networks are connected to the Internet without adequate security measures, you are vulnerable to attacks.  Continue Reading

• Week 46: Router security tips

  Routers are used to control access, help resist attacks, shield other network components, and help protect the integrity and confidentiality of network traffic.  Continue Reading

• Week 43: Permissions -- How world-writeable are you?

  Files, directories and devices that can be modified by any user are known as "world–writable" and are dangerous security holes.  Continue Reading

• Top six steps for a secure Web server

  Looking for a secure Web server checklist? You're in luck. In this tip, Mike Chapple provides six simple actions you can take to make your Web server more secure.  Continue Reading

• 302 and 404: Key SOX requirements for security managers.

  SOX is mandatory for most public corporations and focuses on regulating corporate behavior to protect financial audit records. Read about the three main areas of SOX that affect IT: Sections 302, 404 and 802.  Continue Reading

• Key security policy elements

  CISSP Thomas Peltier provides seven essential elements for defining sound language to outline a security policy's topic, scope, responsibilities and compliance requirements.  Continue Reading

• Best practices for choosing an outside IT auditor

  Learn six points for choosing the right outside auditor.  Continue Reading

• Math phobia

  Reports of breakthroughs that may endanger encryption security are widespread, but how practical are these mathematical solutions?  Continue Reading

• Be prepared: How to prevent and detect botnets

  Sooner or later, enterprises have to deal with a remote-controlled compromise. By treating botnets as a disaster preparedness problem, they'll be on the right track.  Continue Reading

• Best practices for writing an information classification policy

  When developing your organization's information classification policy, there are three best practices that you should keep in mind.  Continue Reading

• Standardizing information classification

  Learn more about standardizing information classification.  Continue Reading

• Expert advice: Does two-factor authentication protect you from hackers?

  Expert Jonathan Callas explains the weaknesses and strengths of two-factor authentication.  Continue Reading

• NAC best practices and technologies to meet corporate security policy

  New solutions help you secure endpoints  Continue Reading

• Week 28: New technical manager challenges and pitfalls

  In this column, Shelley Bard offers up some tips for the new technical manager.  Continue Reading

• Battling worms with network-based IPS

  Although network-based IPSes have dealt with thwarting DoS floods and preventing system compromise for a few years, their use in thwarting worms has only recently come into vogue.  Continue Reading

• Prevent data loss, theft by securing outputs

  Outputs are where lots of unchecked security leaks occur.  Continue Reading

• Six key practices for a successful interdepartmental security committee

  Best practices for implementing an interdepartmental security committee.  Continue Reading

• Week 23: Risk assessment steps five and six: Identify threats and determine vulnerabilities

  In this week's column, Shelley Bard continues her advice on risk assessment.  Continue Reading

• Hacking For Dummies: Chapter 7 -- Passwords

  In his latest book, "Hacking For Dummies," Kevin Beaver takes the reader into the mindset of a hacker in order to help admins fend off vulnerabilities and attacks.  Continue Reading

• Week 22: Risk assessment steps three and four: Identifying methodology and assets; assigning value

  Shelley Bard continues her series on risk assessment guiding us through identifying methodology and assests, and assigning value.  Continue Reading

• Five tips for secure database development

  A look at some of the specific security issues that impact the application development process.  Continue Reading

• Week 21: Risk assessment steps 1 and 2: Establishing boundaries/team building

  In this week's column Shelley Bard takes the user through steps one and two of risk assessment -- establishing boundaries and building the team.  Continue Reading

• Tier-1 policy overview: Procurement and contracts, records management

  In the fourth and last installment of this tier-1 policy overview series, Thomas Peltier looks at Procurement and Contracts, Records Management and Asset Classification Policies.  Continue Reading