Tips

Tips

• Tutorial test: Identifying WLAN threats

  Test your knowledge of wireless LAN threats.  Continue Reading

• Establishing a Metrics Management System

  This chapter is designed to provide basic guidance necessary for the development of a metrics methodology to understand what, why, when and how infosec can be measured.  Continue Reading

• Identify malicious users

  You will soon notice the ever-present malicious user. What we are referring to is an individual or group who has the knowledge, skills or access to compromise a system's security.  Continue Reading

• POF fingerprint scanning tools mitigate OS fingerprinting vulnerabilities

  Nmap's silent parnter, POF is an OS fingerprinting tool for the good guys.  Continue Reading

• Which key is which?

  A look at the differences between symmetric and asymmetric keys.  Continue Reading

• Developing an antivirus policy

  Some things to take into account when developing an antivirus policy.  Continue Reading

• Windows-based file encryption may corrupt data

  Windows-based file encryption may corrupt data depending on the platform you are using. Read about the workaround in this tip.  Continue Reading

• How to secure DNS servers

  Some advice on how to secure your DNS servers.  Continue Reading

• Checklist for secure wireless LAN deployment

  Lisa Phifer outlines a checklist for secure wireless LAN deployment in the areas of policy, integration planning, and deployment and beyond.  Continue Reading

• Snort -- The poor man's intrusion-detection system

  A look at the free, open-source IDS, Snort.  Continue Reading

• Egress filtering

  A look at some policies for egress filtering that can help limit your liability in DDoS attacks.  Continue Reading

• Security policy by example

  A thorough list of policy making resources.  Continue Reading

• Use callback for remote access

  Using callback for remote access has two advantages.  Continue Reading

• Top 10 network security tips

  Strengthen your organization's network security with these best practices.  Continue Reading

• Improving performance and security by disabling unneeded services

  How disabling unneeded services can help improve performance and security.  Continue Reading

• Separation of duties

  A look at the simplest way to secure your Web server.  Continue Reading

• Detecting failed su to root attempts

  This one-liner will list all failed "su" attempts to the superuser account.  Continue Reading

• ARP spoofing detection

  This tip addresses how to detect ARP spoofing.  Continue Reading

• Solaris Web services security: Disabling and removing unnecessary accounts

  Lock these accounts or assign an invalid shell to prevent hackers from using them to log in to your system.  Continue Reading

• Certification path for future CSO

  Certification expert Ed Tittel outlines a certification path for future CSOs.  Continue Reading

• Termination procedures and the exit interview

  Some important security procedures for terminating an employee.  Continue Reading

• Securing backup media

  Treat your backup media like it is a pocket-sized server.  Continue Reading

• Security issues with Web services

  This article presents a nice summary of the security issues involved with Web services.  Continue Reading

• The many forms of executable code

  This tip explains how to identify and avoid malicious executable code.  Continue Reading

• Firewall best practices

  Kevin Beaver lists suggested best practices for managing your firewall in this Network Security Tip.  Continue Reading

• To chroot or not to chroot

  Security experts discuss what chroot is and why it's important to the security of your systems.  Continue Reading

• Restoring SQL Server databases from .mdf files

  Learn how to restore SQL Server databases from .mdf files and vaild backups tp prevent loosing your data by reinstalling and restarting your SQL server or updating system tables.  Continue Reading

• Issues to cover in a security policy

  A short look at the ten areas of concern for an organization's security policy.  Continue Reading

• CRM privacy management: How you can help

  In this edition of Scheier's Security Roundup, Robert Scheier explains the security admin's role in customer privacy.  Continue Reading

• Hacker tool helps identify network weaknesses

  David Strom analyzes hacker tool Nmap for enterprise use.  Continue Reading

• Automating access management

  Robert Scheier takes a look at access management applications.  Continue Reading

• Firewall Builder - The easy way out of IPTables

  Firewall Builder - The easy way out of IPTables  Continue Reading

• Breaking unwanted TCP connections by modifying your route table

  This tip will tell you how to inexpensively block unwanted TCP connections.  Continue Reading

• Sample security policy for end users, part one

  Here is the first part of a sample security policy for end users, which can be customized to fit your needs.  Continue Reading

• The PATRIOT Act and Carnivore: Reasons for concern?

  Stephen Mencik introduces the controversial PATRIOT Act and FBI surveillance tool, Carnivore.  Continue Reading

• Sample security policy for end users, part six

  This is the sixth part of a sample security policy for end users that can be customized to fit your needs.  Continue Reading

• Introduction: How to strengthen authentication procedures

  A discussion of strong authentication procedures.  Continue Reading

• Scripture-based passwords

  Learn how you can use the Bible as a source for passwords in this tip.  Continue Reading

• Non-dictionary passwords users can remember

  Here's a tip for generating creative passwords.  Continue Reading

• Passwords with symbols and numbers

  This simple tip allows users to secure the password of their choice.  Continue Reading

• Theme-related passwords

  User Mark Waugh offers this tip for encouraging safe passwords.  Continue Reading

• Password variations for multiple accounts

  Learn to create password variations for multiple accounts with this tip.  Continue Reading

• Acronym-based passwords

  SearchSecurity user Keith Langmead offers this tip for creating secure passwords using acronyms.  Continue Reading

• User-friendly and secure passwords

  This tip offers two methods for creating secure and user-friendly passwords.  Continue Reading

• Mnemonic-based passwords

  SearchSecurity member Mark Farrar offers an alternative method for creating passwords.  Continue Reading

• E-mail security issues

  Here are some basic precautions to take to keep e-mail secure.  Continue Reading

• Firewalls: How to choose what's right for you

  A Forrester analyst outlines types of firewalls on the market and deployment strategies for large and small organizations.  Continue Reading

• Pattern-based passwords: Easy to remember non-dictionary-based passwords

  Here is a tip on how to generate passwords that are not found in the dictionary and are easy to remember.  Continue Reading

• Bucket Brigade

  This week's Word of the Week is bucket brigade.  Continue Reading

• Preventative measures for improving data security

  When it comes to security, a network administrator's job is never done.  Continue Reading

• SonicWall: Solid as a rock

  In this edition of David Strom's Security Tool Shed, David analyzes firewall appliance SonicWall.  Continue Reading

• Listing Kerberos tickets

  Use the klist utility to list all tickets in a user's ticket file.  Continue Reading

• Employees: Your best defense, or your greatest vulnerability

  SearchSecurity advisor Neal O'Farrell addresses employee education in this edition of the Executive Security Briefing.  Continue Reading

• Third party security tools

  If security features in Solaris alone aren't enough, try some of these 3rd party tools to secure your systems.  Continue Reading

• Partition to harden Unix servers

  Partitioning can help secure Unix servers. This tip discusses the process.  Continue Reading

• Netcat: A security jack of all trades?

  In this edition of Strom's Security Tool Shed, David Strom evaluates Netcat.  Continue Reading

• Securing the intranet

  Think an internal intranet is secure? This tip details some security issues of intranets.  Continue Reading

• Eliminate all VBS worms and viruses

  SearchSecurity advisor tells Windows users how to eliminate the threat of executing a VBS attachment to an email.  Continue Reading

• Is Encrypt-o-matic MoJo (powerful magic) or snake oil?

  This is for the "Big Iron" folks out there. No, not Heavy Metal. Big Iron!  Continue Reading

• Parasite: The word for malware in the new millennium

  Read about how one user finds malware to be more parasitic in its behavior than it is under any previous descriptor.  Continue Reading

• Why not to bother renaming the administrator account

   Continue Reading

• Vulnerabilities in network systems

   Continue Reading

• Application servers feed successful e-commerce

   Continue Reading

• Security architecture for e-business

  This tip explores the infrastructure you must put in place for safe e-business.  Continue Reading

• SAP Security: Authentication and single sign-on

  Learn about authenticating users for SAP applications in this tip.  Continue Reading

• Developing a network security policy

   Continue Reading

• Chief Privacy Officer: High profile, but limited demand

  This is a job snapshot of a Chief Privacy Officer.  Continue Reading

• Securing your e-business

  This tip is excerpted from an online event that took place this year with Tony Spinelli from esecurityonline.com.  Continue Reading

• E-business security basics

  Author Daniel Amor discusses the components of electronic business security.  Continue Reading

• Security considerations when creating a new user account

   Continue Reading

• Data integrity and PKI

  Sharpen up on your knowledge of data integrity and PKI.  Continue Reading

• Windows NT security tools

  This article explains how to use NT's included resources to protect your network from malicious damage.  Continue Reading

• Procedures in preventing threats to information security

   Continue Reading

• Notarization and PKI

  This tip, excerpted from InformIT, discusses the PKI function of notarization.  Continue Reading

• Implementing database security and integrity

  Most database applications are network-capable. This increases the need for the implementation of security.  Continue Reading

• Securing your peer-to-peer networks

  P2P networks have their benefits, but watch out for the security roadblocks.  Continue Reading

• The worse of two evils -- Internal vs. external security threats

  This tip compares internal and external security problems.  Continue Reading

• Planning considerations for an effective security policy

  This tips lists what to ask when you're developing a security policy.  Continue Reading

• Who writes viruses?

  Sophos expert tells just what he thinks about virus writers  Continue Reading

• Managing network security vulnerabilities

  Here's some advice for managing network vulnerabilities.  Continue Reading

• Tales From The Crypto - Part I

   Continue Reading

• Macro Security

   Continue Reading