Tips

Tips

• Metamorphic malware sets new standard in antivirus evasion

  Mutating computer viruses have been around for some time, but one type of malware possesses the ability to constantly rewrite its own code to successfully evade the most sophisticated antivirus systems. Noah Schiffman explains how metamorphic ...  Continue Reading

• COSO and COBIT: The value of compliance frameworks for SOX

  In an attempt to blaze a path through the myriad of compliance regulations and requirements, organizations are looking to frameworks like COSO and COBIT. In this tip, contributor Mike Rothman examines these compliance paradigms and offers insights ...  Continue Reading

• Closing the case on network firewall security with IPCop

  With new threats constantly evolving, the basic network firewall is in dire need of a serious makeover. But finding a firewall that includes a plethora of security features without breaking the budget isn't always easy. In this tip, contributor ...  Continue Reading

• Using an XML security gateway in a service-oriented architecture

  Enabling security for enterprise Web services and service-oriented architectures (SOA) requires an approach that differs from traditional security practices. In this tip, Gunnar Peterson explains how XML security gateways can help keep network ...  Continue Reading

• Compliance benefits of tokenization

  If your organization handles credit card data, then it's probably already heard about the benefits of tokenization. However, as Joel Dubin explains, tokenization not only keeps confidential data out of the hands of malicious hackers, but also offers...  Continue Reading

• Java security: Is it getting worse?

  Some say that Java security is no longer up to snuff, suggesting that the development language is a magnet for harmful threats such as cross-site scripting and SQL injections. In this tip, security expert Joel Dubin examines the current factors ...  Continue Reading

• Troubleshooting proxy firewall connections

  Investigating the TCP 'handshake' between clients and servers has always been a useful way to diagnose Web server and application problems. Firewalls, however, can interfere with the normal transmission control protocol process. In this tip, network...  Continue Reading

• Investigating logic bomb attacks and their explosive effects

  A logic bomb is a dangerous piece of software designed to damage a computer or network and cause massive data destruction. In this tip from SearchSecurity.com's Ask the Expert section, Ed Skoudis explains how an enterprise can prepare for a hacker's...  Continue Reading

• Outbound content filtering requires products and processes

  Expensive and damaging corporate data breaches often happen because sensitive information silently leaks out the door with unknowing employees or malicious hackers. But as Mike Rothman explains, those cracks can be patched with an outbound content ...  Continue Reading

• The dangers of granting system access to a third-party provider

  Granting system access to a third-party provider is a risk that can introduce security threats and technical and business dangers into your enterprise. In this tip, security expert Joel Dubin discusses the potential threats involved with granting ...  Continue Reading

• M&A: Merging network security policies

  Company mergers often call for the consolidation of two different network policies. But before making any final decisions on technology, the staff members of both organizations need to be on the same page. In this tip, contributor Mike Chapple ...  Continue Reading

• Screencast: How to configure a UTM device

  Unified threat management technologies provide protection against various network attacks, but properly configuring UTM boxes can be a whole other battle. In this exclusive screencast, expert David Strom gives an easy-to-follow, on-screen ...  Continue Reading

• Mergers and acquisitions: Building up security after an M&A

  Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed ...  Continue Reading

• Understanding PCI DSS compensating controls

  By-the-book PCI DSS compliance scores big points with auditors, but abiding by all the regulations and requirements is a tall order in many organizations. Security management expert Mike Rothman discusses how compensating controls play a role in ...  Continue Reading

• ISO 17799: A methodical approach to partner and service provider security management

  Outsourcing may relieve some of a company's burdens, but handing off business functions doesn't necessarily mean less work for security teams when sensitive information or critical infrastructure hang in the balance. In this tip, Richard Mackey ...  Continue Reading

• Eliminating the threat of spam email attacks

  Spam emails cluttering your inbox aren't just a minor inconvenience; these annoying messages can infect your systems with harmful code, viruses and Trojans. Contributor Scott Sidel examines SpamAssassin, an open source software tool designed to keep...  Continue Reading

• How to get the most out of a SIM

  A security information management product is perhaps one of the least exciting types of information security products available today, but it can be one of the most beneficial. According to expert Joel Snyder, an organization should look beyond the ...  Continue Reading

• Ensuring Web application security during a company merger

  When companies merge, so must their Web application infrastructures. Securing and integrating applications, however, can be a struggle without cooperation from all sides. In this tip, Michael Cobb explains how a merged organization can avoid turf ...  Continue Reading

• Unified communications infrastructure threats and defense strategies

  Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the threats facing unified communications and how to ...  Continue Reading

• Finding and blocking Web application server attack vectors

  Web application server attacks are nothing new, but attackers are coming up with creative new ways to penetrate them. Information security expert Peter Giannoulis examines how data-hungry attackers are using Web application servers to crack into ...  Continue Reading

• Best practices for compliance during a merger

  Company mergers involve more than just aligning two different security infrastructures. When one vendor acquires another, it's the handling of compliance issues that can be an IT security staff's toughest task. In this tip, security expert Joel ...  Continue Reading

• Using VMware for malware analysis

  Virtualization software like VMware helps ease the challenges of malware analysis. Malware expert Lenny Zeltser explains the steps enterprises must take to ensure malicious software doesn't leak out of their VMware-based labs and endanger production...  Continue Reading

• ClamAV clamps down on e-mail security

  In this monthly Downloads column, contributing editor Scott Sidel examines Clam AntiVirus, an open source antivirus toolkit for Unix, specializing in email scanning on mail gateways.  Continue Reading

• Windows Vista security flaws show progress, not perfection

  Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security ...  Continue Reading

• CISSP certification can serve as introduction to regulatory compliance

  The CISSP is widely considered a valuable baseline certification for information security professionals, but its coursework can also be a valuable introduction to the complex world of regulatory compliance. As certification expert Peter H. Gregory ...  Continue Reading

• How to choose the right smart card

  The ISO 7816 form factor is the most commonly deployed smart card in the enterprise, but it's not always the best option. As Burton Group's Mark Diodati explains, those looking for desktop simplicity and lower costs may want to consider an ...  Continue Reading

• ANI cursor flaw offers lessons in Vista security

  Microsoft's recent animated cursor (ANI) vulnerability, as well as the software giant's response to it, caused some in the security industry to question the software giant's strategy. But there are two sides to every story. In this tip, Michael Cobb...  Continue Reading

• Preparing for virtualization security unknowns

  Server virtualization technology is revolutionizing enterprise data centers, but nobody knows just how it will affect enterprise information security. As security expert Mike Rothman writes, there are a number of potential dangers involved with ...  Continue Reading

• Digital forensics tool Helix 'does no harm'

  Forensics isn't just for the scientists. This month, contributor Scott Sidel recommends Helix, a digital forensics tool that can do some important detective work on your system.  Continue Reading

• Employee profiling: A proactive defense against insider threats

  Employee profiling is one technique to combat malicious insiders, but organizations should tread carefully. As identity and access management expert Joel Dubin writes, protecting data and systems against insiders with criminal intentions requires a ...  Continue Reading

• Discovering e-discovery services: How information security pros should prepare

  Recent changes to the federal regulations governing the disclosure of electronic information during litigation have changed e-discovery rules and the role that information security professionals play in the e-discovery process. But there's no need ...  Continue Reading

• How to conduct a data classification assessment

  Before businesses safeguard mission-critical data, they must know how to conduct data classification processes. Even though it is time-consuming and involves many steps, as Tom Bowers writes, data classification makes it easier to figure out where ...  Continue Reading

• Preparing for extrusion detection with a network traffic analysis

  Extrusion detection and prevention products can help companies proactively thwart internal data security breaches, but preparation is required before making a purchase. In this Data Protection Security School tip, Richard Bejtilch discusses the ...  Continue Reading

• Building application firewall rule bases

  Security professionals have worked hard in recent years to tighten up their security controls, but they often neglected one area: the application layer. In this tip, Mike Chapple explains how a carefully deployed application firewall can plug a ...  Continue Reading

• BackTrack is one forward-thinking penetration testing tool

  In this SearchSecurity.com expert commentary, security expert Scott Sidel discusses the mechanics behind BackTrack 2.0, an extensive collaboration of security and forensics tools designed to assist security professionals.  Continue Reading

• Embarking on the ISO 17799 certification trail

  ISO 17799 has proven to be a helpful set of guidelines for CISOs looking to improve their security strategies. The framework can't work by itself though, and security officers must actively prepare an organization for an ISO 17799 project. In this ...  Continue Reading

• Reputation systems gaining credibility in fight against spam

  Now that nearly all organizations are employing some sort of anti-spam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is ...  Continue Reading

• Scaling back Web browser security expectations

  Some say the state of Web browser security is in peril because browsers often fail to act as a first line of defense against malware. Does that mean there's a browser architecture crisis? Web security expert Michael Cobb says Web browser security ...  Continue Reading

• Polymorphic viruses call for new antimalware defenses

  Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the ...  Continue Reading

• Network isolation as a PCI Data Security Standard compliance strategy

  One way to minimize your exposure to the 12 PCI Data Security Standard requirements is to use a stand-alone network to isolate payment card data. As Mike Chapple explains, while the approach is not without its drawbacks, it can not only eliminate a ...  Continue Reading

• Combining NetFlow analysis with security information management systems

  NetFlow, Tom Bowers writes, when used in conjunction with SIMs and correlated with data from other devices and layers, can be an indispensable combination.  Continue Reading

• The cost of data breaches: Looking at the hard numbers

  In this tip, Khalid Kark explains the many different factors that should be part of the data breach cost calculation -- and it's more than just losing money.  Continue Reading

• Essential elements of a network access control (NAC) endpoint security strategy

  Don't make the mistake in believing that network access control is simply about endpoint security. In fact, it's about much more. As contributor Joel Snyder writes, understanding the NAC security lifecycle is the first step toward a successful NAC ...  Continue Reading

• Defending layer 7: A look inside application-layer firewalls

  Run-of-the-mill network firewalls can't properly defend applications. As Michael Cobb explains, application-layer firewalls offer Layer 7 security on a more granular level, and may even help organizations to get more out of existing network devices.  Continue Reading

• Security information management finally arrives, thanks to enhanced features

  Integrating all varieties of security information onto one dashboard is a compelling idea, but SIM products have often missed the mark. That, however, may be changing. In this tip, Mike Rothman reveals how network-behavior analysis and log ...  Continue Reading

• Dynamic code obfuscation: New threat requires innovative defenses

  Dynamic code obfuscation used to be a taxing effort, but now even the most junior-level malicious hackers have learned how to effectively hide their code. In this tip, Michael Cobb examines how dynamic code obfuscation works, why it's on the rise ...  Continue Reading

• Wireshark: Taking a bite out of packet analysis

  If you need to sniff out problem packets, you don't have to spend thousands of dollars on network data analysis. Scott sidel recommends a free tool that's right under your nose: Wireshark.  Continue Reading

• Public wireless networks present a raft of dangers

  A company's end-users don't always have the luxury of a protected network, as many often leave the comfort of their guarded corporate environment and access the Internet from coffee shops, hotels, airports and other public areas. In this tip, Mike ...  Continue Reading

• Forget ROI; Use Six Sigma to prove business value

  The classic ROI equation doesn't apply to information security, but that doesn't stop management from asking for metrics. Learn how Six Sigma can be used to prove the business value of security.  Continue Reading

• Windows Vista: Security issues to consider

  Windows Vista is now in the wild. With its myriad new security features, are enterprises foolish not to adopt right away? In this tip, contributor Michael Cobb examines the security-related pros and cons of Microsoft's latest operating system and ...  Continue Reading

• Unlocking best practices for successful encryption key management

  The importance of encryption has long been obvious to security professionals, but the complexity of encryption key management can be almost as daunting as the cryptography algorithms themselves. In this tip, W. Curtis Preston examines today's ...  Continue Reading

• How compliance control frameworks ease risk assessment burdens

  Control and governance frameworks like COBIT and ISO17799 can make compliance goals easier to achieve. In this tip, part of SearchSecurity.com's Compliance School, expert Richard E. Mackey explains how to approach these frameworks and why they're ...  Continue Reading

• Snort: A capable network intrusion prevention tool

  Most security practitioners have heard of the open source network intrusion detection system, Snort. For those who haven't, however, contributor Scott Sidel highlights the tool's ability to monitor traffic, log packets and analyze protocols. See how...  Continue Reading

• The dangers of application logic attacks

  Do you know how to prevent an application logic attack? In this tip, Web application security expert Michael Cobb explains how application logic attacks occur and offers tactics for protecting your Web applications.  Continue Reading

• Cyberwar: A threat to business

  In the dark crevices of the virtual world, malicious individuals and groups are at the ready, waiting for the perfect opportunity to target U.S. businesses where and when they least expect it. In this tip, contributor Gideon T. Rasmussen profiles ...  Continue Reading

• Is the CAN-SPAM Act a help or a hindrance?

  Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin examines if the law has effectively cracked down on spamming activities and examines how ...  Continue Reading

• Using role management in provisioning and compliance

  Role management provides the necessary framework for enterprises to efficiently govern access to sensitive data based on workers' jobs. However, many organizations fail to rescind unnecessary access privileges when employees change roles. In this ...  Continue Reading

• Expanding antivirus to include the mobile enterprise

  If your organization has yet to add mobile devices to its antivirus management strategy, it may be overlooking a tempting attack vector. As Sandra Kay Miller explains, it's not only necessary that PDAs, smartphones and other mobile devices have ...  Continue Reading

• Mapping the path toward information security program maturity

  Amid tight information security budgets, it can be hard to recommend the best ways to invest new dollars or focus new resources. In this tip, Ed Moyle explains why creating a security program maturity map is a sensible way to not only track a ...  Continue Reading

• Reasons why enterprise networking and security roles must stay separate

  Enterprise network managers are responsible for configuring and managing network devices, but should they be accountable for tasks that are typically handled by the information security team? Contributor Shon Harris examines why networking and ...  Continue Reading

• How Juniper and F5 SSL VPNs can handle endpoint security

  It's not easy setting up an endpoint security system, especially when using an existing SSL VPN architecture. In this tip, expert David Strom uses words and pictures to illustrate the steps needed to enable endpoint security using the SSL VPNs from ...  Continue Reading

• IT compliance success doesn't equal security success

  While compliance needs may help boost an information security department's budget, using the compliance card to receive more funding can cause more harm than good. In this tip, contributor Khalid Kark, Senior Analyst at Forrester Research explains ...  Continue Reading

• Comodo Firewall: An intelligent way to protect against application attacks

  Looking for a solid firewall replacement? Contributing editor, Scott Sidel, recommends Comodo Firewall, an open source tool that can prevent application attacks.  Continue Reading

• Using steganography for securing data, not concealing it

  Steganography is a useful technique for securely storing sensitive data, but the difficulty in detecting its usage can create an opportunity for digital miscreants. Michael Cobb explains how to ensure the practice isn't used maliciously.  Continue Reading

• Who should manage the firewall?

  Maintaining a firewall is not an easy task, especially when business rules narrowly define which tasks should be performed by network administrators and which should be handled by information security practitioners. To make life easier, some ...  Continue Reading

• Database compliance demystified

  As security professionals grapple with both federal mandates and industry-specific guidance, many wonder how best to approach these issues in terms of data protection and security. In this tip, James C. Foster looks at specific regulations such as ...  Continue Reading

• Firefox 2.0 vs. Internet Explorer 7

  Tired of sifting through articles on IE7 and Firefox 2.0 in an attempt to determine which one best meets your Web browser security needs? In this tip, SearchSecurity.com Web security expert Michael Cobb highlights what has been added and updated to ...  Continue Reading

• Google Code Search -- Finding security flaws has never been easier

  While Google Code Search may offer a number of benefits that will help improve application security, hackers have learned how to use the search giant's code-finding engine to exploit security weaknesses. In this tip, Ed Skoudis examines how ...  Continue Reading

• Leveraging database security investments

  Enterprises are now faced with the challenge of supporting multiple database versions on differing platforms, including SQL Server, Oracle Database, IBM DB2 and MySQL. While securing a diverse database architecture is crucial, the dollars needed to ...  Continue Reading

• KeePass -- Keeping passwords under lock and key

  Can't remember all of your passwords? Contributing Editor, Scott Sidel, recommends KeePass, an easy-to-use open source password manager.  Continue Reading

• Nessus can spot some monster security problems

  If given the choice of only one vulnerability scanner, Contributing Editor Scott Sidel would use Nessus. Find out why in this Guest Commentary Tip.  Continue Reading

• Hashing for fun and profit: Demystifying encryption for PCI DSS

  These days there's no excuse for failing to encrypt sensitive data like credit card information, but the numerous types of cryptography, such as hashing, available can make implementation confusing. Learn how merchants are affected by the encryption...  Continue Reading

• Information security freeware has its benefits

  Before committing a significant portion of your 2007 budget to expensive new security tools, it might be wise to consider freeware tools instead. Ed Skoudis reveals how using information security freeware tools can not only help an organization cope...  Continue Reading

• RFID security issues endanger companies and consumers

  As the holiday season approaches, credit card purchases will undoubtedly increase. However, before waving your RFID-enabled credit card at the checkout of your favorite store, research suggests you may want to think twice. In this tip, Joel Dubin ...  Continue Reading

• Developing an information security program using SABSA, ISO 17799

  In this final article of our information security governance series, Shon Harris explains how to develop an information security program with SABSA and ISO 17799.  Continue Reading

• How simple steps ensure database security

  An enterprise database stores an organization's most valuable assets, and just one small mistake can lead to a data security disaster. In this tip, Michael Cobb looks at five common database vulnerabilities and the simple steps that can eradicate ...  Continue Reading

• Software security flaws begin and end with Web application security

  By now, developers are well aware that Web applications are vulnerable to an attack, though recent data indicates that the threat may be growing. In this tip, Michael Cobb offers insight as to why Web application vulnerabilities linger and provides ...  Continue Reading

• VPN or RPC/HTTPS? Both have their place

  Some security practitioners may debate which access method is best for ensuring secure, remote access to Exchange, but as Lee Benjamin explains, both VPNs and RPC over HTTPS can be effective strategies, depending on an organization's needs.  Continue Reading

• Latest IM attacks still rely on social engineering

  In the age of email-borne superworms, email recipients would often become victims without any interaction or warning. However, as Michael Cobb explains, many of today's most dangerous instant messaging attacks require user interaction, meaning wary,...  Continue Reading

• Taking the bite out of Bluetooth

  Bluetooth has become a ubiquitous short-range wireless protocol embedded in many mobile devices, but it has been plagued by security threats. In this tip, Lisa Phifer details those threats and explains how any organization can stay safe by following...  Continue Reading

• Strategic considerations for an integrated malware defense

  Not only does it take several technologies to keep an enterprise malware free, but those pieces must fit together like a well-crafted puzzle. Tom Bowers explains which product categories are must-haves and what to consider when putting your ...  Continue Reading

• Steps in the information security program life cycle

  This article from our series on information security governance describes the essential steps to take when developing a security program life cycle.  Continue Reading

• How 'quadplay' convergence can improve network security

  In an effort to reduce workload and simplify currently complex networking and security systems, many organizations are considering adopting a "quadplay" strategy. In this tip, contributor Mike Chapple explains what quadplay may mean for security ...  Continue Reading

• Defensive measures for evolving phishing tactics

  From image spam to cross-site scripting, hackers certainly have a large arsenal of weapons to choose from. But as AT&T recently learned, hackers are putting a new twist on ever-dependable phishing schemes to gain access to confidential and sensitive...  Continue Reading

• Privacy and your offshore operations

  Most companies are used to considering the implications of Sarbanes-Oxley and Gramm-Leach-Bliley on their domestic operations, but thinking about security and privacy offshore is just as important. Contributor Joel Dubin explains how to ensure ...  Continue Reading

• Why Web services threats require application-level protection

  Now that more organizations are using application-layer firewalls to secure Web applications, what's an attacker to do? Find a more vulnerable victim, of course. In this tip, SearchSecurity.com expert Michael Cobb explains how and why hackers have ...  Continue Reading

• Nmap and the open source debate

  Upper management may be hesitant to approve the use of an open source tool, but Nmap has many benefits. This tip offers selling points to present to upper management when proposing the use of Nmap.  Continue Reading

• Malware: The changing landscape

  Malware is arguably growing faster than ever before, but not in ways the industry has come to expect. Even though the days of the superworm might be numbered, contributor Mike Chapple says it's time for organizations to adapt their defense postures ...  Continue Reading

• Laptop security essentials: Protecting device data, even from admins?

  In this ITKnowledge Exchange thread, information security pros explain how to prevent unauthorized access, but question whether measures should be put in place to protect data from admins.  Continue Reading

• Key elements when building an information security program

  Discover how to achieve information security governance by learning the essential elements behind a sucessful security program.  Continue Reading

• Nmap parsers and interfaces

  SearchSecurity expert contributor Michael Cobb continues his series on Nmap with a detailed look at Nmap parsers and interfaces.  Continue Reading

• IT Infrastructure Library: Regulatory compliance benefits and training options

  The IT Infrastructure Library (ITIL) can assist organizations in their regulatory compliance efforts. This article explains how and outlines training options for security practitioners interested in becoming ITIL certified.  Continue Reading

• Logwatch: Taking the pain out of log analysis

  This column reviews the benefits of Logwatch, an open source security log analysis tool.  Continue Reading

• Establishing a practical routine for reviewing security logs

  In this tip, security expert Lenny Zeltzer shares the joy that comes with correlating seemingly unrelated events, and offers helpful hints to make your log-reviewing efforts a success every time.  Continue Reading

• One-time password tokens: Best practices for two-factor authentication

  In this tip, Joel Dubin examines how to physically secure one-time password tokens and how to properly implement them to provide effective two-factor authentication.  Continue Reading

• Does blogging pose enterprise information security risks?

  Blog popularity has continued to grow, now even reaching the corporate world as an effective communications and marketing tool. Blogs carry enterprise risks, however, and few companies are taking the proper precautions. Expert Mike Chapple raises ...  Continue Reading

• Ajax security: How to prevent exploits in five steps

  While Ajax can make your Web pages feel faster and more responsive, this Internet-based service, like many Web development tools, has its security concerns. In this tip, SearchSecurity.com expert Michael Cobb examines how Ajax works, how hackers can...  Continue Reading

• Interpreting and acting on Nmap scan results

  As we continue our series on Nmap in the enterprise, SearchSecurity expert contributor Michael Cobb explains how to run some of the more regular Nmap scans.  Continue Reading

• Laptop crypto: Do it, but realize it's not a panacea

  Laptop encryption has its pros and cons. Find out how to use laptop crypto to keep your sensitive data secure -- even if it falls in the hands of the enemy.  Continue Reading

• Mitigate botnets in five steps

  Don't let bots provide back door access to your computing environment. In this tip, Tony Bradley reveals the evolution of bot code, and strategies to mitigate the botnet threat.  Continue Reading