Tips

Tips

• Practical biometrics

  A look at the different flavors of biometrics and how they are becoming more common as a physical security precaution.  Continue Reading

• SQL Server Security: Chapter 2, Under Siege: How SQL Server is Hacked

  This excerpt is from Chapter 2, Under Siege: How SQL Server is Hacked from SQL Server Security by David Litchfield.  Continue Reading

• Are P2P applications worth the risk?

  There are inherent security dangers in P2P applications. Kevin Beaver helps you determine if they're worth the risk.  Continue Reading

• The Effective Incident Response Team: Chapter 8, The Puzzle in Action

  This chapter excerpt addresses the role of security policies in the formation of a CIRT.  Continue Reading

• The Effective Incident Response Team: Chapter 2, What's Your Mission?

  The following excerpt is from Chapter 2, What's Your Mission? of The Effective Incident Response Team by Julie Lucas and Brian Moeller.  Continue Reading

• Laptop security policy: Key to avoiding infection

  Some tips for keeping remote laptop users virus free.  Continue Reading

• Define your needs before buying a security policy tool

  Security policy enforcement tools vary in capability, so know what you need from the outset.  Continue Reading

• Trend to ponder: Our fragile smart phones

  Jim Reavis takes a look at the current trends in mobile phone insecurity.  Continue Reading

• The X Factor: 802.1X keeps intruders off your network

  Learn how 802.1X can benefit your LAN as well as your wireless network.  Continue Reading

• Network security monitoring -- Going beyond intrusion detection

  Richard Bejtlich answers frequently asked questions about network security monitoring.  Continue Reading

• The security policy document library: Firewall policy

  The next topic in Ed Tittel's ongoing security policy document library is firewall policy.  Continue Reading

• Addressing the people problem: Human performance technology

  Human performance technology may help you educate your end-users.  Continue Reading

• The battle over security vs. convenience

  Expert Kevin Beaver helps infosec managers draw the line between security and convenience.  Continue Reading

• Identity Management and Security

  This excerpt is from Chapter 2 of The Definitive Guide to Identity Management.  Continue Reading

• XSS - Are you aware you may be vulnerable?

  Beware of cross-site scripting.  Continue Reading

• Intrusion detection basics

  A look at the basics of intrusion detection.  Continue Reading

• Managing Active Directory Security

  This excerpt is from the free e-book, The Definitive Guide to Windows 2000 Security.  Continue Reading

• Free network security toolkit

  A look at a few essential components of that toolkit and examples of free tools that are available on the Internet.  Continue Reading

• How to remove the Blaster registry key through scripting

  SearchSecurity.com expert Joel Johnson explains how to remove the Blaster registry key through scripting.  Continue Reading

• Wireless networking security policy

  Here are some of the necessary elements of a wireless security policy.  Continue Reading

• VPN fast facts: True or false?

  Lisa Phifer separates the truth from fiction about VPNs.  Continue Reading

• The security policy document library: Site Security Handbook

  A closer look at RFC 2196, guidelines for what goes into to a security policy.  Continue Reading

• Evaluating and tuning an intrusion-detection system

  A good way to evaluate the quality of competing IDSs.  Continue Reading

• Secure IM with AIM Enterprise Gateway V.2.0

  The brave new world of IM is upon us. The technology that has been adopted as the defacto teenage communications media is now firmly entrenched in corporate America.  Continue Reading

• Keeping the Alligators Out of the Sewer

  This excerpt is from The Backup Book: Disaster Recovery from Desktop to Data Center, written by Dorian J. Cougias and published by Schaser-Vartan Books  Continue Reading

• Security Models and Architecture

  This excerpt is from CISSP All-in-One Exam Guide, Second Edition by Shon Harris.  Continue Reading

• E-Commerce Security Needs

  This excerpt is from Network Security: A Beginner's Guide, written by Eric Maiwald.  Continue Reading

• It's not what you know; it's who you... are:The identity management challenge

  While somewhat of a hot topic lately, identity management is not new and is deeply engrained in our computing operations.  Continue Reading

• Security in the software development life cycle

  Small changes in the software development life cycle can substantially improve security without breaking the bank or the project schedule.  Continue Reading

• Virus protection: Prevention, detection, response

  How to prevent, detect and respond.  Continue Reading

• Writing a security policy

  An attempt to distill the often overwhelming amount of security policy information into a few concise ideas.  Continue Reading

• Application firewalls good enough -- for now -- for Web services security

  The few customers who are adopting Web services are relying on a new version of a tried-and-true security toll: the firewall.  Continue Reading

• Windows 2000's SP4 can be a mine field

  Some warnings about installing Win2k SP4 and where to find more information.  Continue Reading

• Securing Apache: Keeping patches current

  A look at some resources for keeping up with Apache security patches.  Continue Reading

• Securing the Enterprise

  The following excerpt is from Chapter 2 of the free eBook From Chaos to Control: The CIO's Executive Guide to Managing and Securing the Enterprise written by Don Jones.  Continue Reading

• Getting IIS patched fast!

  Do you need Microsoft's latest IIS hotfix?  Continue Reading

• Getting Started with HIPAA Security Compliance

  Here's an overview of the HIPAA security rule.  Continue Reading

• 10 Common questions (and answers) on WLAN security

  Networking guru Lisa Phifer answers ten commonly asked questions about securing wireless LANs.  Continue Reading

• First steps in locking down Windows Server 2003

  Some thoughts on securing the new operating system.  Continue Reading

• The security policy document library: E-mail policy

  A look at the e-mail portion of an organization's security policy documents.  Continue Reading

• Secure IIS/Enterprise Web Protector safeguards your Web server

  David Strom takes a closer look at Eeye Digital Security's Secure IIS/Enterprise Web Protector.  Continue Reading

• The Security Frontier

  Read chapter one of Defending the Digital Frontier.  Continue Reading

• Policy-driven WLAN security

  To reap the benefits of wireless, like anytime/anywhere access to enterprise systems, companies must take steps to reduce associated risks to acceptable levels.  Continue Reading

• Considerations for biometric use

  Biometrics are a fine way to do authentication, but they need to handled carefully.  Continue Reading

• Voice mail security

  Here are sample policies and proceedures to help secure your organization's PBX.  Continue Reading

• Secure LAN Switching

  This chapter focuses on the Cisco Catalyst 5000/5500 series switches. We will discuss private VLANs in the context of the 6000 series switches.  Continue Reading

• Hacking Windows 95/98 and Me

  Read Chapter 4 of Hacking Exposed: Network Security Secrets & Solutions, Fourth Edition.  Continue Reading

• The Security Review Process

  This excerpt is from Chapter 2, The Security Review Process, of Internet Security: A Jumpstart for Systems Managers and IT Managers.  Continue Reading

• Operating Systems and Cisco Security Applications

  This chapter reviews two of today's most common end user applications, Unix and Windows NT systems. Cisco security applications are also covered.  Continue Reading

• The 'Swiss Army Knife' security tool

  The LiSt Open Files command is like a Swiss Army Knife: It has a variety of uses -- for security or utility -- and fits easily in your pocket.  Continue Reading

• Enable 802.1x security in Windows 2000

  Microsoft has produced a support package that adds 802.1x support to Windows 2000.  Continue Reading

• Brush up on personnel security

  Personnel security is one of the most critical (and most often overlooked!) areas of information security.  Continue Reading

• Use those Windows security templates

  Learn about the Windows Server 2003 security template settings.  Continue Reading

• Customizing the Security Architecture

  This chapter demonstrates ways to augment the security architecture, including how to develop custom implementations of the various security classes.  Continue Reading

• Establishing a Metrics Management System

  This chapter is designed to provide basic guidance necessary for the development of a metrics methodology to understand what, why, when and how infosec can be measured.  Continue Reading

• Tutorial test: Identifying WLAN threats

  Test your knowledge of wireless LAN threats.  Continue Reading

• Securing your home network for $100 or less

  How to secure your home network for $100 or less.  Continue Reading

• Identify malicious users

  You will soon notice the ever-present malicious user. What we are referring to is an individual or group who has the knowledge, skills or access to compromise a system's security.  Continue Reading

• Protecting wireless LANs

  The WEP standard has some pretty big security flaws and while it's better than nothing, you should still consider any traffic that crosses this link to be compromised.  Continue Reading

• Maximize certificate use in your enterprise

  Here are tips for taking full advantage of the security provided by digital certificates.  Continue Reading

• POF fingerprint scanning tools mitigate OS fingerprinting vulnerabilities

  Nmap's silent parnter, POF is an OS fingerprinting tool for the good guys.  Continue Reading

• News from the field: Reader responses and recommendations on security policy by example

  Reader responses and recommendations on security policy by example.  Continue Reading

• Infosec analysis and recommendations: Webcast Q&A with Jon Oltsik

  Consultant Jon Oltsik shares his research findings on the state of the security industry.  Continue Reading

• Beware of Web dialers

  They can be installed on your computer like a virus and can run up your telephone bill by making calls over your modem.  Continue Reading

• Which key is which?

  A look at the differences between symmetric and asymmetric keys.  Continue Reading

• Time to stop inventing virus wheels

  SearchSecurity.com expert Robert Vibert offers an alternative to our current approach to viruses.  Continue Reading

• Compliance with California's new mandatory disclosure law

  Learn everything you need to know about California's new disclosure law.  Continue Reading

• Compliance with California's new mandatory disclosure law, part two: Strategies for compliance

  Tips for complying with California's disclosure law.  Continue Reading

• Developing an antivirus policy

  Some things to take into account when developing an antivirus policy.  Continue Reading

• Handling a security policy -- literally

  Learn why you need to protect your security policy document.  Continue Reading

• Vendor-neutral certification update, spring 2003

  Ed Tittel updates his vendor-neutral certification tip that reviews the various certifications available for info sec professionals.  Continue Reading

• Encryption and electronic mail

  Here is a brief overview of encryption techniques for electronic mail.  Continue Reading

• What's the prognosis on HIPAA?

  New rules regulating the electronic transfer of health care data take effect in October. They'll limit access to confidential patient information and streamline health care costs.  Continue Reading

• Keeping up with security policies

  Ed examines the importance of updating your security policy.  Continue Reading

• Identifying which type of firewall is right for you

  Packet filters, proxies, stateful inspection--which type of firewall is right for your enterprise? Here's how to decide.  Continue Reading

• Windows-based file encryption may corrupt data

  Windows-based file encryption may corrupt data depending on the platform you are using. Read about the workaround in this tip.  Continue Reading

• How to secure DNS servers

  Some advice on how to secure your DNS servers.  Continue Reading

• Anatomy of a hack

  This tip explains how to test your Web application for a vulnerability called cross-site scripting.  Continue Reading

• Make your systems "crunchy" on the inside, not just the outside

  These days, you need some "crunch" all the way through, and not just on the perimeter of your network.  Continue Reading

• PKI still tricky to implement, but showing up in new forms

  PKI still tricky to implement, but showing up in new forms.  Continue Reading

• More about physical security

  Discussion about physical security and resources for more information.  Continue Reading

• What is spam good for?

  Your suggestions for eliminating and responding to spam.  Continue Reading

• Webcast Q&A: Hal Amens answers your HIPAA questions

  Hal Amens answers user questions submitted during his SearchSecurity.com webcast.  Continue Reading

• Checklist for secure wireless LAN deployment

  Lisa Phifer outlines a checklist for secure wireless LAN deployment in the areas of policy, integration planning, and deployment and beyond.  Continue Reading

• Policy for the real world: Physical security

  A look at a security policy for the real world.  Continue Reading

• The five A's of functional SAN security

  Keeping a SAN secure is complex because SANs are complex.  Continue Reading

• Storage security: Enforcing policies and procedures that work

  Improve your data security with these policy tips.  Continue Reading

• HIPAA - Points to consider

  A look at some of the HIPAA requirements.  Continue Reading

• Snort -- The poor man's intrusion-detection system

  A look at the free, open-source IDS, Snort.  Continue Reading

• Protect IIS with System Scanner

  A look at System Scanner from the Windows 2000 Server Resource Kit.  Continue Reading

• Preventing SQL Injections

  How to guard your Web apps against SQL injection attacks.  Continue Reading

• Egress filtering

  A look at some policies for egress filtering that can help limit your liability in DDoS attacks.  Continue Reading

• Keeping wireless intruders away

  Don't let security worries keep your company from implementing a WLAN. Here are precautions you can take.  Continue Reading

• Web services security vendors focus on access control, XML firewalls

  Robert Scheier takes a look at the Web services security industry in this edition of Scheier's Security Product Roundup.  Continue Reading

• More security policy by example

  With the help of some users, Ed chimes in with a few more resources for developing solid security policies.  Continue Reading

• Track the shell history of specific users

  Keep track of the shell history of specific users.  Continue Reading

• Know your vulnerabilities

  One of the most pressing needs for any security admin is to understand the greatest threats facing his organization.  Continue Reading

• Physically secure your backups

  Help in preventing theft of data or identity.  Continue Reading

• Security policy by example

  A thorough list of policy making resources.  Continue Reading

• No clear winner in .NET/J2EE security race

  There's no clear winner in the .NET/J2EE security race, just different sets of challenges.  Continue Reading