Tips

Tips

• Information Security Protection Matrix

  Information Security has four tenets designed to ensure the total integrity of a system: Confidentiality and integrity of data, availability of service, and accountability (CIA2).  Continue Reading

• Tier-1 policy overview: Corporate communications, work place security

  In this third installment of a four-part series on tier-1 policies, you will learn about corporate communications, work place security.  Continue Reading

• Understanding digital-certificate infrastructure

  In this tip, we take a look under the hood of the digital-certificate infrastructure and provide you with the knowledge you need to assess the adequacy of the technology.  Continue Reading

• SSL: A quick primer

  A look under the hood of SSL.  Continue Reading

• Managing change in information security policies

  In this tip, security expert Mike Chapple will highlight a five-step process designed to help your organization approach necessary changes to its IT security policies in a formal, yet flexible fashion. He will also provide several questions that ...  Continue Reading

• Top 10 don'ts for smart card deployment

  Here you'll find tips on smart card deployment for your organization.  Continue Reading

• ASP.NET authentication: Three new options for Web services

  Web developers migrating to ASP.NET find themselves faced with additional authentication options available for use in Web services.  Continue Reading

• OS Hardening and Other Essential Linux Skills for Maintaining Security

  Jay Beales outlines must-have Linux skills for administrators.  Continue Reading

• Tier-1 policies overview, part one: Employment and Standards of Conduct Policies

  Learn more about how information security fits in with organization-wide policies.  Continue Reading

• 52 weeks of security: A security practitioner's guide

  Here you'll find Shelley Bard's outline for a year's worth of security-related activities.  Continue Reading

• Secure coding essential to risk mitigation planning

  Information Security magazine's editorial director Andrew Briney talks about the lack of incentive for making code more secure.  Continue Reading

• Keys to an effective virus incident-response team

  How you recover from a malicious code attack depends on how quickly you respond. Learn how to coordinate a virus incident-response team to help minimize malware damage.  Continue Reading

• Web application isolation

  Mike Chapple expains how to isolate Web applications.  Continue Reading

• Target-based IDS muffles the noise to take aim on the alerts that count

  Learn how target-based IDS is making IDS a more accurate and efficient network scanning tool.  Continue Reading

• PDA Security: Chapter 4, When a Handheld Becomes Information Security's Problem

  This book covers the security aspects of handhelds in the enterprise.  Continue Reading

• WEP vulnerabilities -- wired equivalent privacy?

  A brief look at some of the security issues related to WEP usage and a link to a more detailed examination of these issues.  Continue Reading

• Understanding malware: A lesson in vocabulary

  You are better able to secure your network if you understand what you're securing it from.  Continue Reading

• The ethical hacker debate

  Ira Winkler advises against hiring hackers for penetration tests.  Continue Reading

• Vulnerability scanning with Nessus

  Nessus is a free vulnerability scanning tool that works differently than other scanners.  Continue Reading

• Choosing the right vendor-specific security cert

  SearchSecurity.com expert Ed Tittel sorts out the vendor-specific security certification landscape.  Continue Reading

• Trend to ponder: Passive vulnerability assessment

  Jim Reavis examines the pros and cons of passive vulnerability assessment.  Continue Reading

• Week 1: The security manager's daily checklist

  Here's a daily checklist for security managers.  Continue Reading

• Taking a closer look at a Homeland Security certification

  Ed Tittel sheds some light on the Certified in Homeland Security cert from the American College of Forensic Examiners International.  Continue Reading

• Wireless LAN intrusion detection

  How to protect your wireless network.  Continue Reading

• Designing Network Security: Chapter 5, Threats in an Enterprise Network

  This excerpt is from Chapter 5, Threats in an Enterprise Network of Designing Network Security written by Merike Kaeo and published by Cisco Press.  Continue Reading

• Security certification landscape: Vendor-neutral certs abound

  With the help of Kim Lindros, Ed Tittle updates SearchSecurity's semi-annual vendor-neutral certification survey.  Continue Reading

• Set up 802.1x authentication

  Step by step setup.  Continue Reading

• IDS and IPS: Information security technology working together

  This article explains why organizations need both an IDS and IPS.  Continue Reading

• Security policy and employee access

  A look at employee access documentation.  Continue Reading

• It doesn't take rocket science to prevent Web site defacement

  Here are some tools and strategies for protecting a Web site against defacement.  Continue Reading

• Are P2P applications worth the risk?

  There are inherent security dangers in P2P applications. Kevin Beaver helps you determine if they're worth the risk.  Continue Reading

• Laptop security policy: Key to avoiding infection

  Some tips for keeping remote laptop users virus free.  Continue Reading

• Network security monitoring -- Going beyond intrusion detection

  Richard Bejtlich answers frequently asked questions about network security monitoring.  Continue Reading

• The security policy document library: Firewall policy

  The next topic in Ed Tittel's ongoing security policy document library is firewall policy.  Continue Reading

• The battle over security vs. convenience

  Expert Kevin Beaver helps infosec managers draw the line between security and convenience.  Continue Reading

• Intrusion detection basics

  A look at the basics of intrusion detection.  Continue Reading

• Wireless networking security policy

  Here are some of the necessary elements of a wireless security policy.  Continue Reading

• VPN fast facts: True or false?

  Lisa Phifer separates the truth from fiction about VPNs.  Continue Reading

• Evaluating and tuning an intrusion-detection system

  A good way to evaluate the quality of competing IDSs.  Continue Reading

• E-Commerce Security Needs

  This excerpt is from Network Security: A Beginner's Guide, written by Eric Maiwald.  Continue Reading

• Security Models and Architecture

  This excerpt is from CISSP All-in-One Exam Guide, Second Edition by Shon Harris.  Continue Reading

• Security in the software development life cycle

  Small changes in the software development life cycle can substantially improve security without breaking the bank or the project schedule.  Continue Reading

• Virus protection: Prevention, detection, response

  How to prevent, detect and respond.  Continue Reading

• Writing a security policy

  An attempt to distill the often overwhelming amount of security policy information into a few concise ideas.  Continue Reading

• Securing Apache: Keeping patches current

  A look at some resources for keeping up with Apache security patches.  Continue Reading

• 10 Common questions (and answers) on WLAN security

  Networking guru Lisa Phifer answers ten commonly asked questions about securing wireless LANs.  Continue Reading

• Voice mail security

  Here are sample policies and proceedures to help secure your organization's PBX.  Continue Reading

• Secure LAN Switching

  This chapter focuses on the Cisco Catalyst 5000/5500 series switches. We will discuss private VLANs in the context of the 6000 series switches.  Continue Reading

• The Security Review Process

  This excerpt is from Chapter 2, The Security Review Process, of Internet Security: A Jumpstart for Systems Managers and IT Managers.  Continue Reading

• The 'Swiss Army Knife' security tool

  The LiSt Open Files command is like a Swiss Army Knife: It has a variety of uses -- for security or utility -- and fits easily in your pocket.  Continue Reading

• Tutorial test: Identifying WLAN threats

  Test your knowledge of wireless LAN threats.  Continue Reading

• Establishing a Metrics Management System

  This chapter is designed to provide basic guidance necessary for the development of a metrics methodology to understand what, why, when and how infosec can be measured.  Continue Reading

• Identify malicious users

  You will soon notice the ever-present malicious user. What we are referring to is an individual or group who has the knowledge, skills or access to compromise a system's security.  Continue Reading

• POF fingerprint scanning tools mitigate OS fingerprinting vulnerabilities

  Nmap's silent parnter, POF is an OS fingerprinting tool for the good guys.  Continue Reading

• Which key is which?

  A look at the differences between symmetric and asymmetric keys.  Continue Reading

• Developing an antivirus policy

  Some things to take into account when developing an antivirus policy.  Continue Reading

• Windows-based file encryption may corrupt data

  Windows-based file encryption may corrupt data depending on the platform you are using. Read about the workaround in this tip.  Continue Reading

• How to secure DNS servers

  Some advice on how to secure your DNS servers.  Continue Reading

• Checklist for secure wireless LAN deployment

  Lisa Phifer outlines a checklist for secure wireless LAN deployment in the areas of policy, integration planning, and deployment and beyond.  Continue Reading

• Snort -- The poor man's intrusion-detection system

  A look at the free, open-source IDS, Snort.  Continue Reading

• Egress filtering

  A look at some policies for egress filtering that can help limit your liability in DDoS attacks.  Continue Reading

• Security policy by example

  A thorough list of policy making resources.  Continue Reading

• Use callback for remote access

  Using callback for remote access has two advantages.  Continue Reading

• Top 10 network security tips

  Strengthen your organization's network security with these best practices.  Continue Reading

• Improving performance and security by disabling unneeded services

  How disabling unneeded services can help improve performance and security.  Continue Reading

• Separation of duties

  A look at the simplest way to secure your Web server.  Continue Reading

• Detecting failed su to root attempts

  This one-liner will list all failed "su" attempts to the superuser account.  Continue Reading

• ARP spoofing detection

  This tip addresses how to detect ARP spoofing.  Continue Reading

• Solaris Web services security: Disabling and removing unnecessary accounts

  Lock these accounts or assign an invalid shell to prevent hackers from using them to log in to your system.  Continue Reading

• Certification path for future CSO

  Certification expert Ed Tittel outlines a certification path for future CSOs.  Continue Reading

• Termination procedures and the exit interview

  Some important security procedures for terminating an employee.  Continue Reading

• Securing backup media

  Treat your backup media like it is a pocket-sized server.  Continue Reading

• Security issues with Web services

  This article presents a nice summary of the security issues involved with Web services.  Continue Reading

• The many forms of executable code

  This tip explains how to identify and avoid malicious executable code.  Continue Reading

• Firewall best practices

  Kevin Beaver lists suggested best practices for managing your firewall in this Network Security Tip.  Continue Reading

• To chroot or not to chroot

  Security experts discuss what chroot is and why it's important to the security of your systems.  Continue Reading

• Restoring SQL Server databases from .mdf files

  Learn how to restore SQL Server databases from .mdf files and vaild backups tp prevent loosing your data by reinstalling and restarting your SQL server or updating system tables.  Continue Reading

• Issues to cover in a security policy

  A short look at the ten areas of concern for an organization's security policy.  Continue Reading

• CRM privacy management: How you can help

  In this edition of Scheier's Security Roundup, Robert Scheier explains the security admin's role in customer privacy.  Continue Reading

• Hacker tool helps identify network weaknesses

  David Strom analyzes hacker tool Nmap for enterprise use.  Continue Reading

• Automating access management

  Robert Scheier takes a look at access management applications.  Continue Reading

• Firewall Builder - The easy way out of IPTables

  Firewall Builder - The easy way out of IPTables  Continue Reading

• Breaking unwanted TCP connections by modifying your route table

  This tip will tell you how to inexpensively block unwanted TCP connections.  Continue Reading

• Sample security policy for end users, part one

  Here is the first part of a sample security policy for end users, which can be customized to fit your needs.  Continue Reading

• The PATRIOT Act and Carnivore: Reasons for concern?

  Stephen Mencik introduces the controversial PATRIOT Act and FBI surveillance tool, Carnivore.  Continue Reading

• Sample security policy for end users, part six

  This is the sixth part of a sample security policy for end users that can be customized to fit your needs.  Continue Reading

• Introduction: How to strengthen authentication procedures

  A discussion of strong authentication procedures.  Continue Reading

• Scripture-based passwords

  Learn how you can use the Bible as a source for passwords in this tip.  Continue Reading

• Non-dictionary passwords users can remember

  Here's a tip for generating creative passwords.  Continue Reading

• Passwords with symbols and numbers

  This simple tip allows users to secure the password of their choice.  Continue Reading

• Theme-related passwords

  User Mark Waugh offers this tip for encouraging safe passwords.  Continue Reading

• Password variations for multiple accounts

  Learn to create password variations for multiple accounts with this tip.  Continue Reading

• Acronym-based passwords

  SearchSecurity user Keith Langmead offers this tip for creating secure passwords using acronyms.  Continue Reading

• User-friendly and secure passwords

  This tip offers two methods for creating secure and user-friendly passwords.  Continue Reading

• Mnemonic-based passwords

  SearchSecurity member Mark Farrar offers an alternative method for creating passwords.  Continue Reading

• E-mail security issues

  Here are some basic precautions to take to keep e-mail secure.  Continue Reading

• Firewalls: How to choose what's right for you

  A Forrester analyst outlines types of firewalls on the market and deployment strategies for large and small organizations.  Continue Reading

• Pattern-based passwords: Easy to remember non-dictionary-based passwords

  Here is a tip on how to generate passwords that are not found in the dictionary and are easy to remember.  Continue Reading

• Bucket Brigade

  This week's Word of the Week is bucket brigade.  Continue Reading

• Preventative measures for improving data security

  When it comes to security, a network administrator's job is never done.  Continue Reading