Tips

Tips

• Passwords: Complexity equals easy to forget

  Complexity equals easy to forget; try this policy to get your users to create better passwords.  Continue Reading

• Solaris filesystem security: Protecting the family jewels

  Protect your Solaris system's filesystems with these tools and utilities.  Continue Reading

• Hacker tool helps identify network weaknesses

  David Strom analyzes hacker tool Nmap for enterprise use.  Continue Reading

• A survey of vendor-specific security certifications

  Ed Tittel analyzes vendor-specific security certs in this edition of Executive Security Briefing.  Continue Reading

• Automating access management

  Robert Scheier takes a look at access management applications.  Continue Reading

• Revisiting the vendor-neutral security certification landscape -- again!

  Certifications expert Ed Tittel outlines security certifications available.  Continue Reading

• What your Apache Web server is telling the bad guys

  Protect your Apache Web server with this tip from SearchSecurity member John Bunker.  Continue Reading

• Firewall Builder - The easy way out of IPTables

  Firewall Builder - The easy way out of IPTables  Continue Reading

• Watch out for hotel broadband vulnerabilities

  Here are some factors you should consider before allowing your users to use hotel broadband.  Continue Reading

• The best way to secure the administrator account

  User Kevin Rose offers this suggesting for securing the administrator account.  Continue Reading

• Intrusion-detection systems sniff out security breaches

  Sales of IDS software licenses are expected to soar as users adopt the technology; however, pitfalls remain.  Continue Reading

• Scan and clean viruses via the Web

  Check out this tip for identifying and removing viruses on your Windows systems.  Continue Reading

• Securing unclaimed printouts

  SearchSecurity member Ching Quek explains why unclaimed printouts are a security risk and what you can do about it.  Continue Reading

• Create secure passphrases with Diceware

  David Strom analyzes passphrase creation software Diceware, in this edition of David Strom's Security Tool Shed.  Continue Reading

• The first .NET virus

  Even though it's brand-new, someone has a virus for .NET.  Continue Reading

• Biometrics gaining more identity as security option

  Here's an introduction to biometrics.  Continue Reading

• Security -- The Common Criteria

  Learn about two documents that can serve as guidelines when developing a security policy.  Continue Reading

• Protecting your web server against anonymous access

  Here?s a sure-fire method to protect any kind of server that supports anonymous user access.  Continue Reading

• Cleaning out a virus infection

  David Strom recounts his experience removing the Badtrans virus from an infected machine.  Continue Reading

• Close the FTP open door

  This tip explains the security problem with FTP and ways to solve it.  Continue Reading

• Buffer overflows

  Learn what buffer overflows are and how to test your systems to see if you have this vulnerability.  Continue Reading

• Breaking unwanted TCP connections by modifying your route table

  This tip will tell you how to inexpensively block unwanted TCP connections.  Continue Reading

• Firewalls still lack multivendor management

  Robert Scheier takes a look at the state of multivendor firewall management.  Continue Reading

• PKI investment measurable?

  Learn how to calculate the return on investment for a public-key infrastructure.  Continue Reading

• Creating an information security policy

  This tip about security policies touches upon some of the legal issues associated with such policies.  Continue Reading

• Sample security policy for end users, part four

  Here is the fourth part of a sample security policy for end users that can be customized to fit your needs.  Continue Reading

• Sample security policy for end users, part one

  Here is the first part of a sample security policy for end users, which can be customized to fit your needs.  Continue Reading

• Sample security policy for end users, part three

  Here is the third part of a sample security policy for end users that can be customized to fit your needs.  Continue Reading

• Sample security policy for end users, part eight

  This is the final part of a sample security policy for end users that you can customize to fit your needs.  Continue Reading

• Sample security policy for end users, part two

  Here is the second part of a sample security policy for end users, which can be customized to fit your needs.  Continue Reading

• Sample security policy for end users, part five

  This is the fifth part of a sample security policy for end users that can be customized to fit your needs.  Continue Reading

• The PATRIOT Act and Carnivore: Reasons for concern?

  Stephen Mencik introduces the controversial PATRIOT Act and FBI surveillance tool, Carnivore.  Continue Reading

• Sample security policy for end users, part seven

  This is the seventh part of a sample security policy for end users that you can customize to fit your needs.  Continue Reading

• Sample security policy for end users, part six

  This is the sixth part of a sample security policy for end users that can be customized to fit your needs.  Continue Reading

• Introduction: How to strengthen authentication procedures

  A discussion of strong authentication procedures.  Continue Reading

• Keep hands off your wireless network with this hands-on advice

  Secure your wireless network to keep authorized users in and the bad guys out.  Continue Reading

• Stop password farming

  A searchSecurity user offers two tips for putting an end to password farming.  Continue Reading

• Security awareness training

  Because your users are as important to security as your firewall.  Continue Reading

• Passport security issues

  What are the security risks of the single signon mechanism called Passport?  Continue Reading

• Antivirus tools: Unify and conquer

  Take a peek at up and coming antivirus tools.  Continue Reading

• Dropping the vowels in passwords

  This user submitted tip offers an easy alternative for creating simple passwords.  Continue Reading

• Scripture-based passwords

  Learn how you can use the Bible as a source for passwords in this tip.  Continue Reading

• Beating Anthrax and other malware

  Here are some tips for keeping your system safe from malware.  Continue Reading

• Security questions to ask an ASP

  Here are concrete questions you should have answers to before agreeing to work with an ASP.  Continue Reading

• Non-dictionary passwords users can remember

  Here's a tip for generating creative passwords.  Continue Reading

• Guidelines for creating secure passwords

  Consider these guidelines for strengthening the security provided by your users' passwords.  Continue Reading

• Beating malware: Beyond antivirus software

  A holistic approach to malware protection includes much more than antivirus software.  Continue Reading

• Passwords with symbols and numbers

  This simple tip allows users to secure the password of their choice.  Continue Reading

• HIPAA extends healthcare providers' scope of accountability

  This is part two of the Service Provider Insider's focus on healthcare ASPs. This edition covers security and HIPAA.  Continue Reading

• Theme-related passwords

  User Mark Waugh offers this tip for encouraging safe passwords.  Continue Reading

• Remove applications not needed

  Stephen Mencik offers this tip for securing your systems.  Continue Reading

• Password variations for multiple accounts

  Learn to create password variations for multiple accounts with this tip.  Continue Reading

• Acronym-based passwords

  SearchSecurity user Keith Langmead offers this tip for creating secure passwords using acronyms.  Continue Reading

• Get back at CodeRed and Nimbus worms

  This tip addresses LaBrea, a GNU Free License utility.  Continue Reading

• User-friendly and secure passwords

  This tip offers two methods for creating secure and user-friendly passwords.  Continue Reading

• Smart card smarts

  Fred Avolio helps you decide whether smart cards have a place in your organization.  Continue Reading

• A different password pattern

  SearchSecurity user Ralph Schaefer offers this tip for creating secure passwords.  Continue Reading

• Protecting the Web server

  SearchSecurity's expert Stephen Mencik helps you protect your Web servers in this Web Security Tip  Continue Reading

• Granting access to an outsider

  This tip offers advice for times when you need to let someone outside of your company onto your network.  Continue Reading

• Mnemonic-based passwords

  SearchSecurity member Mark Farrar offers an alternative method for creating passwords.  Continue Reading

• E-mail security issues

  Here are some basic precautions to take to keep e-mail secure.  Continue Reading

• Quickbase database server allows secure Web-based sharing

  In this edition of David Strom's Security Tool Shed, Strom evaluates Quickbase, a managed database service.  Continue Reading

• Firewalls: How to choose what's right for you

  A Forrester analyst outlines types of firewalls on the market and deployment strategies for large and small organizations.  Continue Reading

• Server privileges

  This tip was excerpted from searchSolaris.com's ASK THE EXPERT feature.  Continue Reading

• Pattern-based passwords: Easy to remember non-dictionary-based passwords

  Here is a tip on how to generate passwords that are not found in the dictionary and are easy to remember.  Continue Reading

• Critical authorizations

  This tip will help you determine who has critical authorizations in your system.  Continue Reading

• Bucket Brigade

  This week's Word of the Week is bucket brigade.  Continue Reading

• Preventative measures for improving data security

  When it comes to security, a network administrator's job is never done.  Continue Reading

• Acrobat adds security and flexibility to paperless office

  In this edition of David Strom's Security Tool Shed, David analyzes Acrobat 5.0.  Continue Reading

• Creative user education

  Educate your users with these creative tips provided by searchSecurity member Michelle Levine.  Continue Reading

• SonicWall: Solid as a rock

  In this edition of David Strom's Security Tool Shed, David analyzes firewall appliance SonicWall.  Continue Reading

• Performing a self-audit

  Before contacting an outside company to test your security, here are some things you can check on your own.  Continue Reading

• Giving root your shell

  Give rood your shell  Continue Reading

• Protecting the NIS Maps Directory

  The /var/yp directory should only be accessible by root.  Continue Reading

• Disabling the VPN on AOL 6.0

  SearchSecurity member Hani Sayegh offers this tip for securing your system from hackers.  Continue Reading

• Listing Kerberos tickets

  Use the klist utility to list all tickets in a user's ticket file.  Continue Reading

• Public Key Cryptography: Q&As from your peers

  In this edition of Executive Security Briefing, Fred Avolio answers your questions on public key cryptography.  Continue Reading

• Stop reinventing the security wheel

  Robert Scheier discusses security policies and standards in this edition of Executive Security Briefing.  Continue Reading

• Outsourcing network security

  Find useful advice in this tip on how to effectively manage your SLA when working with a Security Service Provider.  Continue Reading

• Enabling the Basic Security Module (BSM)

  This tip illustrates how and why you should enable the Basic Security Module (BSM).  Continue Reading

• The personal firewall

  Learn what you need your personal firewall to do and why you should have one on your PC.  Continue Reading

• Getting rid of the Ctrl-Alt-Delete screen in Windows 2000

  SearchSecurity member Angel M. Torres offers this tip on logging into Windows 2000.  Continue Reading

• Employees: Your best defense, or your greatest vulnerability

  SearchSecurity advisor Neal O'Farrell addresses employee education in this edition of the Executive Security Briefing.  Continue Reading

• Third party security tools

  If security features in Solaris alone aren't enough, try some of these 3rd party tools to secure your systems.  Continue Reading

• Partition to harden Unix servers

  Partitioning can help secure Unix servers. This tip discusses the process.  Continue Reading

• Executable e-mail attachments -- Educate the end user

  SearchSecurity member Jim Huddleston explains how to educate end users to help secure systems against viruses.  Continue Reading

• Netcat: A security jack of all trades?

  In this edition of Strom's Security Tool Shed, David Strom evaluates Netcat.  Continue Reading

• Securing the intranet

  Think an internal intranet is secure? This tip details some security issues of intranets.  Continue Reading

• Simple intrusion detection

   Continue Reading

• Eliminate all VBS worms and viruses

  SearchSecurity advisor tells Windows users how to eliminate the threat of executing a VBS attachment to an email.  Continue Reading

• Role based access control (RBAC)

  This tip is excerpted from John P. Mulligan's Solaris 8 Essential Reference published by New Riders.

   Continue Reading

• Is Encrypt-o-matic MoJo (powerful magic) or snake oil?

  This is for the "Big Iron" folks out there. No, not Heavy Metal. Big Iron!  Continue Reading

• Parasite: The word for malware in the new millennium

  Read about how one user finds malware to be more parasitic in its behavior than it is under any previous descriptor.  Continue Reading

• Why you shouldn't use FAT as your boot partition

   Continue Reading

• Why not to bother renaming the administrator account

   Continue Reading

• Vulnerabilities in network systems

   Continue Reading

• Application servers feed successful e-commerce

   Continue Reading

• Security architecture for e-business

  This tip explores the infrastructure you must put in place for safe e-business.  Continue Reading

• In search of performance, efficiency and security

  Here is the tale of ASP-One's quest for a robust storage solution.  Continue Reading

• How secure is your managed service provider?

  This tip tells you about managed service providers in general terms.  Continue Reading