Tips

Tips

• Six essential security policies for outsourcing

  Kevin Beaver outlines six essential security policies for dealing with external service providers.  Continue Reading

• Four ways to measure security success

  Improve your ability to assess the effectiveness of security programs using these four measures.  Continue Reading

• How to set up DNS for Linux VPNs

  This tip explains how to set up DNS for Linux VPNs so you can access machines that are not available on the Internet at large.  Continue Reading

• How to tell if you've been hacked: Signs of a compromised system

  In this final section in our hacker techniques and tactics series, you will learn how to determine if a hacker has breached your system.  Continue Reading

• Five steps for beating back the bots

  Learn how to identify bots on your network, and get tactics to tune security devices, lock down hosts and preserve evidence for law enforcement.  Continue Reading

• Sample e-mail policy template and checklist of concerns

  Kevin Beaver provides a simple template approach for writing e-mail security policies and a checklist of concerns.  Continue Reading

• Wireless security basics: Authentication, encryption for access points

  This section of our hacker techniques and tactics series focuses on implementing wireless security basics to prevent hacker compromise.  Continue Reading

• Effectively enforcing e-mail policies

  In this tip, our policy expert explains how to establish effective e-mail policy enforcement without having to rule with an iron first.  Continue Reading

• Outsourcing IT services: Is it worth the security risk?

  Kevin Beaver examines the risks to consider when contemplating outsourcing your IT services.  Continue Reading

• Roberta Bragg's 10 Windows hardening tips in 10 minutes

  A Windows security expert helps you harden your systems in ten simple steps.  Continue Reading

• Three techniques for measuring information systems risk

  Improve your ability to measure information systems risk with these three techniques.  Continue Reading

• Improving your access request process with system authorization

  This installment in our series on hacker techniques and tactics focuses on streamlining inefficient application and data access requests with system authorization.  Continue Reading

• An introduction to SSH2

  Learn about the differences between SSH1 and SSH2 and why you should consider upgrading.  Continue Reading

• Routing protocol security

  Here are some of the most common attacks directed at routing infrastructures and the steps you can take to mitigate risk.  Continue Reading

• Defining authentication system security weaknesses to combat hackers

  This installment in our primer series focuses on hardening network access and authentication system security to combat hacker attacks.  Continue Reading

• Improving network security: How to avoid physical security threats

  In this part of our Hacker Tactics and Techniques tutorial learn how to improve network security and prevent physical security threats.  Continue Reading

• Hacker techniques and exploits: Prevent system fingerprinting, probing

  As part of our series on hacker tactics and techniques, in this tip you will learn how to identify and avoid certain hacker strategies, such as probing and fingerprinting.  Continue Reading

• Quiz: Vulnerability management

  Test your knowledge of vulnerability management process and methodology with this quiz by Shon Harris, CISSP.  Continue Reading

• Protecting the network from Web-based service attacks with defense-in-depth

  In this week's tip, Mike Chapple explains how to build a multilayered defense to protect the network from Web-based service attacks.  Continue Reading

• Letting telecommuters in -- Your VPN alternatives

  There are other options to give telecommuters access to your network and its applications than a traditional VPN.  Continue Reading

• Using security policy templates

  Charles Cresson Wood explains the value of and approach to modifying information security policy templates to meet an organization's specific needs.  Continue Reading

• Two-factor authentication with RSA SecurID 6.0 for Windows

  RSA SecurID provides the kind of authentication that networks and mobile-users need to secure today's enterprise environments.  Continue Reading

• Best practices: Making vendor pitches work for you

  Get the most out of vendor calls with these best practices.  Continue Reading

• Hot Pick: SQL Guard

  Learn how Guardium's SQL Guard defends the underlying database code and engines from external attacks and internal misuse by monitoring traffic for illegal and malicious activity.  Continue Reading

• How to select the best security assessment tool for the job

  Here are four factors to take into account when choosing a security assessment tool.  Continue Reading

• Hot Pick: Sentivist IPS

  Learn how NFR Security's Sentivist IPS detects attacks with few false positives and automated response features that won't break mission-critical apps.  Continue Reading

• How to patch vulnerabilities and keep them sealed

  Learn how to simplify the patch deployment process and employ methods that will reduce vulnerabilities.  Continue Reading

• Week 47: Switch security tips

  When your organization's networks are connected to the Internet without adequate security measures, you are vulnerable to attacks.  Continue Reading

• Week 46: Router security tips

  Routers are used to control access, help resist attacks, shield other network components, and help protect the integrity and confidentiality of network traffic.  Continue Reading

• Week 43: Permissions -- How world-writeable are you?

  Files, directories and devices that can be modified by any user are known as "world–writable" and are dangerous security holes.  Continue Reading

• Top six steps for a secure Web server

  Looking for a secure Web server checklist? You're in luck. In this tip, Mike Chapple provides six simple actions you can take to make your Web server more secure.  Continue Reading

• 302 and 404: Key SOX requirements for security managers.

  SOX is mandatory for most public corporations and focuses on regulating corporate behavior to protect financial audit records. Read about the three main areas of SOX that affect IT: Sections 302, 404 and 802.  Continue Reading

• Key security policy elements

  CISSP Thomas Peltier provides seven essential elements for defining sound language to outline a security policy's topic, scope, responsibilities and compliance requirements.  Continue Reading

• Best practices for choosing an outside IT auditor

  Learn six points for choosing the right outside auditor.  Continue Reading

• Math phobia

  Reports of breakthroughs that may endanger encryption security are widespread, but how practical are these mathematical solutions?  Continue Reading

• Be prepared: How to prevent and detect botnets

  Sooner or later, enterprises have to deal with a remote-controlled compromise. By treating botnets as a disaster preparedness problem, they'll be on the right track.  Continue Reading

• Best practices for writing an information classification policy

  When developing your organization's information classification policy, there are three best practices that you should keep in mind.  Continue Reading

• Standardizing information classification

  Learn more about standardizing information classification.  Continue Reading

• Expert advice: Does two-factor authentication protect you from hackers?

  Expert Jonathan Callas explains the weaknesses and strengths of two-factor authentication.  Continue Reading

• NAC best practices and technologies to meet corporate security policy

  New solutions help you secure endpoints  Continue Reading

• Week 28: New technical manager challenges and pitfalls

  In this column, Shelley Bard offers up some tips for the new technical manager.  Continue Reading

• Battling worms with network-based IPS

  Although network-based IPSes have dealt with thwarting DoS floods and preventing system compromise for a few years, their use in thwarting worms has only recently come into vogue.  Continue Reading

• Prevent data loss, theft by securing outputs

  Outputs are where lots of unchecked security leaks occur.  Continue Reading

• Six key practices for a successful interdepartmental security committee

  Best practices for implementing an interdepartmental security committee.  Continue Reading

• Week 23: Risk assessment steps five and six: Identify threats and determine vulnerabilities

  In this week's column, Shelley Bard continues her advice on risk assessment.  Continue Reading

• Hacking For Dummies: Chapter 7 -- Passwords

  In his latest book, "Hacking For Dummies," Kevin Beaver takes the reader into the mindset of a hacker in order to help admins fend off vulnerabilities and attacks.  Continue Reading

• Week 22: Risk assessment steps three and four: Identifying methodology and assets; assigning value

  Shelley Bard continues her series on risk assessment guiding us through identifying methodology and assests, and assigning value.  Continue Reading

• Five tips for secure database development

  A look at some of the specific security issues that impact the application development process.  Continue Reading

• Week 21: Risk assessment steps 1 and 2: Establishing boundaries/team building

  In this week's column Shelley Bard takes the user through steps one and two of risk assessment -- establishing boundaries and building the team.  Continue Reading

• Tier-1 policy overview: Procurement and contracts, records management

  In the fourth and last installment of this tier-1 policy overview series, Thomas Peltier looks at Procurement and Contracts, Records Management and Asset Classification Policies.  Continue Reading

• Information Security Protection Matrix

  Information Security has four tenets designed to ensure the total integrity of a system: Confidentiality and integrity of data, availability of service, and accountability (CIA2).  Continue Reading

• Tier-1 policy overview: Corporate communications, work place security

  In this third installment of a four-part series on tier-1 policies, you will learn about corporate communications, work place security.  Continue Reading

• Understanding digital-certificate infrastructure

  In this tip, we take a look under the hood of the digital-certificate infrastructure and provide you with the knowledge you need to assess the adequacy of the technology.  Continue Reading

• SSL: A quick primer

  A look under the hood of SSL.  Continue Reading

• Managing change in information security policies

  In this tip, security expert Mike Chapple will highlight a five-step process designed to help your organization approach necessary changes to its IT security policies in a formal, yet flexible fashion. He will also provide several questions that ...  Continue Reading

• Top 10 don'ts for smart card deployment

  Here you'll find tips on smart card deployment for your organization.  Continue Reading

• ASP.NET authentication: Three new options for Web services

  Web developers migrating to ASP.NET find themselves faced with additional authentication options available for use in Web services.  Continue Reading

• OS Hardening and Other Essential Linux Skills for Maintaining Security

  Jay Beales outlines must-have Linux skills for administrators.  Continue Reading

• Tier-1 policies overview, part one: Employment and Standards of Conduct Policies

  Learn more about how information security fits in with organization-wide policies.  Continue Reading

• 52 weeks of security: A security practitioner's guide

  Here you'll find Shelley Bard's outline for a year's worth of security-related activities.  Continue Reading

• Secure coding essential to risk mitigation planning

  Information Security magazine's editorial director Andrew Briney talks about the lack of incentive for making code more secure.  Continue Reading

• Keys to an effective virus incident-response team

  How you recover from a malicious code attack depends on how quickly you respond. Learn how to coordinate a virus incident-response team to help minimize malware damage.  Continue Reading

• Web application isolation

  Mike Chapple expains how to isolate Web applications.  Continue Reading

• Target-based IDS muffles the noise to take aim on the alerts that count

  Learn how target-based IDS is making IDS a more accurate and efficient network scanning tool.  Continue Reading

• PDA Security: Chapter 4, When a Handheld Becomes Information Security's Problem

  This book covers the security aspects of handhelds in the enterprise.  Continue Reading

• WEP vulnerabilities -- wired equivalent privacy?

  A brief look at some of the security issues related to WEP usage and a link to a more detailed examination of these issues.  Continue Reading

• Understanding malware: A lesson in vocabulary

  You are better able to secure your network if you understand what you're securing it from.  Continue Reading

• The ethical hacker debate

  Ira Winkler advises against hiring hackers for penetration tests.  Continue Reading

• Vulnerability scanning with Nessus

  Nessus is a free vulnerability scanning tool that works differently than other scanners.  Continue Reading

• Choosing the right vendor-specific security cert

  SearchSecurity.com expert Ed Tittel sorts out the vendor-specific security certification landscape.  Continue Reading

• Trend to ponder: Passive vulnerability assessment

  Jim Reavis examines the pros and cons of passive vulnerability assessment.  Continue Reading

• Week 1: The security manager's daily checklist

  Here's a daily checklist for security managers.  Continue Reading

• Taking a closer look at a Homeland Security certification

  Ed Tittel sheds some light on the Certified in Homeland Security cert from the American College of Forensic Examiners International.  Continue Reading

• Wireless LAN intrusion detection

  How to protect your wireless network.  Continue Reading

• Designing Network Security: Chapter 5, Threats in an Enterprise Network

  This excerpt is from Chapter 5, Threats in an Enterprise Network of Designing Network Security written by Merike Kaeo and published by Cisco Press.  Continue Reading

• Security certification landscape: Vendor-neutral certs abound

  With the help of Kim Lindros, Ed Tittle updates SearchSecurity's semi-annual vendor-neutral certification survey.  Continue Reading

• Set up 802.1x authentication

  Step by step setup.  Continue Reading

• IDS and IPS: Information security technology working together

  This article explains why organizations need both an IDS and IPS.  Continue Reading

• Security policy and employee access

  A look at employee access documentation.  Continue Reading

• It doesn't take rocket science to prevent Web site defacement

  Here are some tools and strategies for protecting a Web site against defacement.  Continue Reading

• Are P2P applications worth the risk?

  There are inherent security dangers in P2P applications. Kevin Beaver helps you determine if they're worth the risk.  Continue Reading

• Laptop security policy: Key to avoiding infection

  Some tips for keeping remote laptop users virus free.  Continue Reading

• Network security monitoring -- Going beyond intrusion detection

  Richard Bejtlich answers frequently asked questions about network security monitoring.  Continue Reading

• The security policy document library: Firewall policy

  The next topic in Ed Tittel's ongoing security policy document library is firewall policy.  Continue Reading

• The battle over security vs. convenience

  Expert Kevin Beaver helps infosec managers draw the line between security and convenience.  Continue Reading

• Intrusion detection basics

  A look at the basics of intrusion detection.  Continue Reading

• Wireless networking security policy

  Here are some of the necessary elements of a wireless security policy.  Continue Reading

• VPN fast facts: True or false?

  Lisa Phifer separates the truth from fiction about VPNs.  Continue Reading

• Evaluating and tuning an intrusion-detection system

  A good way to evaluate the quality of competing IDSs.  Continue Reading

• E-Commerce Security Needs

  This excerpt is from Network Security: A Beginner's Guide, written by Eric Maiwald.  Continue Reading

• Security Models and Architecture

  This excerpt is from CISSP All-in-One Exam Guide, Second Edition by Shon Harris.  Continue Reading

• Security in the software development life cycle

  Small changes in the software development life cycle can substantially improve security without breaking the bank or the project schedule.  Continue Reading

• Virus protection: Prevention, detection, response

  How to prevent, detect and respond.  Continue Reading

• Writing a security policy

  An attempt to distill the often overwhelming amount of security policy information into a few concise ideas.  Continue Reading

• Securing Apache: Keeping patches current

  A look at some resources for keeping up with Apache security patches.  Continue Reading

• 10 Common questions (and answers) on WLAN security

  Networking guru Lisa Phifer answers ten commonly asked questions about securing wireless LANs.  Continue Reading

• Voice mail security

  Here are sample policies and proceedures to help secure your organization's PBX.  Continue Reading

• Secure LAN Switching

  This chapter focuses on the Cisco Catalyst 5000/5500 series switches. We will discuss private VLANs in the context of the 6000 series switches.  Continue Reading

• The Security Review Process

  This excerpt is from Chapter 2, The Security Review Process, of Internet Security: A Jumpstart for Systems Managers and IT Managers.  Continue Reading

• The 'Swiss Army Knife' security tool

  The LiSt Open Files command is like a Swiss Army Knife: It has a variety of uses -- for security or utility -- and fits easily in your pocket.  Continue Reading