Tutorials

Tutorials

• Mimikatz tutorial: How it hacks Windows passwords, credentials

  In this Mimikatz tutorial, learn about the password and credential dumping program, where you can acquire it and how easy it makes it to compromise system passwords.  Continue Reading

• Firewall security best practices: Get firewall network security advice

  Get to know your firewall inside and out with this compilation of resources on firewall vulnerabilities, configuration and more.  Continue Reading

• Intrusion detection and prevention: IDS/IPS security guide

  This guide is a compilation of SearchSecurity.com's best resources on intrusion detection and prevention. It covers not only the basics of what they are and how they work, but also discusses several other important areas of IDS and IPS security, ...  Continue Reading

• NAC security guide: How to achieve secure network access in the enterprise

  This multi-part network access control (NAC) security guide covers a variety of NAC-related topics, offering tips and expert advice on how to thoroughly secure network access to the enterprise.  Continue Reading

• Managing remote employees: How to secure remote network access

  This SearchSecurity.com mini learning guide is a compilation of tips from our experts on how to secure remote network access. The guide offers best practices for managing remote employees and helping them set up a secure home network, as well as ...  Continue Reading

• NAC protection: Network access control policy, deployment guidelines

  This SearchSecurity.com mini learning guide is composed of a variety of content, all discussing network access protection guidelines, including best practices for creating a network access control policy and NAC deployment.  Continue Reading

• Secure network architecture best practices: DMZ and VLAN security

  This mini learning guide will cover best practices for achieving and maintaining a secure network architecture, discussing several aspects of DMZ security and VLAN security.  Continue Reading

• Endpoint protection advice: Improving NAC with secure endpoints

  This endpoint protection tutorial discuss several aspects of endpoint protection, including how to use endpoint fingerprinting, how to create an endpoint security lifecycle, how to solve problems related to insecure endpoints.  Continue Reading

• IPv6 tutorial: Understanding IPv6 security issues, threats, defenses

  You may not know it, but IPv6 may be the Internet's next superhighway for zero-day attacks. This new guide offers tactics for proactive IPv6 security.  Continue Reading

• XSS cheat sheet: How to prevent XSS attacks and detect exploits

  Cross-site scripting (XSS) attacks are constantly top-of-mind for enterprise security professionals, and for good reason: They can do a great deal of damage. In this XSS cheat sheet guide, security professionals will receive advice on how to prevent...  Continue Reading

• Network security audit guidelines: Inside the importance of audit planning

  In this SearchSecurity.com mini learning guide you will learn the ins and outs of network security audit guidelines, as well as the importance of audit planning, and how to perform and prepare for an audit.  Continue Reading

• Information security tutorials

  SearchSecurity.com's tutorials offer a variety of online information security training courses you can take on your own time at your own pace. They are designed to arm you with the foundational and tactical information you need to deal with the ...  Continue Reading

• XML encryption and WS-Security tutorial: Essential elements of Web services security

  WS-Security and XML encryption are two essential elements of Web services security. In this XML encryption and WS-Security tutorial, which is a part of the SearchSecurity.com XML Web services tutorial, learn more about the security threats and ...  Continue Reading

• XML firewall security guide: Prevent XML vulnerabilities and threats

  This section of the XML Web services Tutorial highlights the functions and capabilities of the XML firewall, how the features of an XML firewall compare to other firewalls, and offers advice on how to prevent XML vulnerabilities and stop XML attacks.  Continue Reading

• Secure VoIP tutorial: Understanding VoIP security best practices

  More organizations are choosing to implement VoIP telephony in the enterprise for its cost savings. However, securing the technology comes with its own price tag. This secure VoIP tutorial is a compilation of resources that review VoIP security best...  Continue Reading

• PCI 2.0 guide: How have PCI compliance requirements changed?

  In this PCI 2.0 learning guide, you will learn how the PCI compliance requirements have changed, if those changes have improved the standard and how the changes will affect your enterprise's complaince programs and processes.  Continue Reading

• Security policy for PDF use: How to secure PDF files for the enterprise

  PDF files are an integral part of many enterprises' business processes, and, as such, they are a prime target for malicious activity. In this learning guide, learn how to secure your organization's PDFs, prevent attacks against them and decide when ...  Continue Reading

• Web browser security tutorial: Safari, IE, Firefox browser protection

  Newly updated: This Web browser security tutorial identifies the inherent flaws of Internet Explorer and Mozilla Firefox, introduces viable Web browser alternatives and provides tools and tactics to maximize your Web browsing security and browser ...  Continue Reading

• Risk-based audit methodology: How to achieve enterprise security

  Discover how using a risk-based audit methodology can achieve better enterprise security. Learn how to develop an internal IT audit program, implement risk mitigation methods and develop controls and ensure they are effective.  Continue Reading

• IT security policy management: Effective polices to mitigate threats

  In this mini guide, you will gain a better understanding of IT security policy management and learn how to create an effective IT security policy, how to ensure security polices are managed appropriately, best practices for policy implementation and...  Continue Reading

• Understanding tokenization amid PCI encryption requirements

  This mini learning guide offers a brief introduction to tokenization technology, as well as PCI DSS encryption requirements. Learn more about the future of tokenization and how the technology may help to ease PCI DSS compliance burdens.  Continue Reading

• Mass 201 CMR 17: Basics for security practitioners

  Massachusetts data protection law 201 CMR 17 went into effect on March 1, 2010. Get an in-depth look at the requirements of this law, and find out what needs to be done to become compliant with the law.  Continue Reading

• Securing your wireless network: Preventing wireless security threats

  This mini learning guide helps enterprise information security managers and executives develop a better understanding of wireless network security and learn why investing time and resources in securing your wireless network can help thwart security ...  Continue Reading

• Web application attacks security guide: Preventing attacks and flaws

  This Web application attacks guide explains how Web application attacks occur, identifies Web application attack types, and provides Web application security tools and tactics to protect against them.  Continue Reading

• PCI DSS compliance help: Using frameworks, technology to aid efforts

  This mini-guide offers a variety of tips and information on how organizations can use several frameworks, technologies and standards, such as tokenization, ISO 27002, Secure Hashing Algorithm and other existing controls to help manage PCI DSS ...  Continue Reading

• Mini guide: How to remove and prevent Trojans, malware and spyware

  Organizations need to learn how to implement proper protections and understand best practices for malware defense in order to keep their network environments secure. In this mini guide you will learn how to prevent, remove and stop types of malware ...  Continue Reading

• Endpoint protection best practices manual: Combating issues, problems

  Learn how to employ effective endpoint security controls, technologies and policies, and well as define methods and techniques for a multilayered endpoint defense system.  Continue Reading

• Buffer overflow tutorial: How to find vulnerabilities, prevent attacks

  Buffer overflow exploits and vulnerabilities can lead to serious harm to corporate Web applications, as well as embarrassing and costly data security breaches and system compromises.  Continue Reading

• SQL injection protection: A guide on how to prevent and stop attacks

  In this SQL injection protection guide get advice on how to prevent and stop SQL injection attacks, also learn best practices on how to detect vulnerabilities.  Continue Reading

• Hacker attack techniques and tactics: Understanding hacking strategies

  This guide provides you with a plethora of tips, expert advice and Web resources that offer more in-depth information about hacker techniques and various tactics you can employ to protect your network.  Continue Reading

• HIPAA compliance manual: Training, audit and requirement checklist

  In this HIPAA compliance manual you will recieve advice on how to prepare for a security audit as well as a checklist for HIPAA training, gudielines and requirements.  Continue Reading

• Spyware Protection and Removal Tutorial

  This free spyware protection and removal tutorial is a compilation of free resources that explain what spyware is, how it attacks and most importantly what you can to do to win the war on spyware.  Continue Reading

• Exploring authentication methods: How to develop secure systems

  Use this guide to discover authentication options and learn how to implement, maintain and secure several methods of authentication, such as biometrics, single sign-on (SSO) and smart cards to avoid security breaches and protect sensitive corporate ...  Continue Reading

• Nessus 3 Tutorial: How to use Nessus to identify network vulnerabilities

  Learn how to use Nessus, an inexpensive vulnerability scanner, with our Nessus Tutorial Guide. It not only examines the benefits of this free open source tool, but also walks you through the processes of using it in the enterprise, from installation...  Continue Reading

• Enterprise Security 2008 Learning Guide

  What's in store for 2008: VoIP vulnerabilities? Bigger, badder malware? A cyberterrorist strike? SearchSecurity.com's panel of experts make predictions about this year's emerging enterprise security threats.  Continue Reading

• Insider's guide to IIS Web server security

  In this primer, learn about IIS Web server hardening procedures, access control, security policies, and backup and recovery strategies.  Continue Reading

• Conclusion: The Risk Mitigation Challenges of the "12 PCI Commandments"

  Understanding which requirements of the "12 commandments" are the most challenging can keep your organization from wasting time, money and effort on the wrong ideas or technical implementations. In this guide, Craig Norris draws some important PCI ...  Continue Reading

• PCI DSS Requirement 10: Track and monitor network access

  Many organizations have disparate networks and must manually track each system's log files in order to comply with PCI DSS. Individually sifting through system logs can be a major drain on IT, especially when the cause of a compromise needs to be ...  Continue Reading

• PCI DSS Requirement 1: Install and maintain a firewall configuration

  Simply installing a firewall on the network perimeter won't necessarily get you past PCI DSS Requirement 1. In this guide, Craig Norris explains the extra work that needs to be done.  Continue Reading

• PCI DSS Requirement 8: Assign unique user IDs to those with access

  To pass a PCI compliance audit, organizations need to be capable of verifying who is attempting access to an asset. They also must control what employees are permitted to see or modify, and do so based on their organizational role. In this PCI ...  Continue Reading

• PCI DSS Requirement 3: Protecting stored data

  One of the biggest problems with PCI DSS requirement 3 is that merchants must accurately know where credit card data flows from its inception, where it traverses the network and resides, and what its "state" is along the way. Craig Norris explains ...  Continue Reading

• PCI DSS Requirement 11: Regularly test security systems and processes

  Craig Norris explains why internal and external network scans are necessary to complete Requirement 11 of the PCI Data Security Standard, one that frequently baffles security professionals.  Continue Reading

• Corporate Mergers and Acquisitions Security Learning Guide

  Mergers and acquisitions are common occurrences in today's information security market. In this SearchSecurity.com Learning Guide, a panel of experts breaks down M&A security priorities and explains the best ways to manage disparate security staffs,...  Continue Reading

• Nmap Technical Manual

  By now, most infosec pros have heard of Nmap, and most would agree that even though the popular freeware tool is invaluable, installing, configuring and running it in the enterprise is no easy task. With that in mind, SearchSecurity.com, in ...  Continue Reading

• Risk management: Implementation of baseline controls

  This fourth article in the Insider Threat Management Guide examines the implementation of baseline controls.  Continue Reading

• Risk management references

  References for our Insider Threat Management Guide.  Continue Reading

• Risk management: Data organization and impact analysis

  This first article of the Insider Threat Management Guide explains how to data organization is the first step in implementing insider threat controls.  Continue Reading

• Risk management audit

  This article explores the audit function in the insider threat management process.  Continue Reading

• Insider Threat Management Guide

  In this Insider Threat Management Guide, contributor Gideon Rasmussen reviews how to fortify your organization's current insider threat controls and keep internal dangers to a minimum.  Continue Reading

• Risk management: Baseline management and control

  Identifying baseline controls is the second step to implementing insider threat controls as described in this article from SearchSecurity's Insider Threat Management Guide.  Continue Reading

• Information Security Governance Guide

  This guide provides an introduction to what information security governance and a security program are, and examines how to deploy security policies within any environment.  Continue Reading

• XML Web services tutorial: How to improve security in Web services

  Securing XML is an essential element in keeping Web services secure. This SearchSecurity.com Learning Guide is a compilation of resources that review different types of XML security standards and approaches for keeping your XML Web services secure.  Continue Reading

• How to use fuzzing to deter VoIP protocol attacks

   Continue Reading

• Understanding VoIP protocols

   Continue Reading

• VoIP protocols: A technical guide

  This guide reviews the two main protocols that power VoIP -- Session Initiation Protocol (SIP) and H.323 -- and their known vulnerabilities, as well as how functional protocol testing ("fuzzing") can help defeat such problems.  Continue Reading

• The Business Model

   Continue Reading

• SearchSecurity.com's Guide to Thwarting Hacker Techniques

  This guide provides you with a plethora of tips, expert advice and Web resources that offer more in-depth information about hacker techniques and various tactics you can employ to protect your network.  Continue Reading

• SOX Compliance for the Security Practitioner

  This collection of resources offers security managers in-depth information to help keep their organization compliant with the Sarbanes-Oxley (SOX) Act. Learn how security practitioners are handling SOX compliance, financial woes, internal controls, ...  Continue Reading

• Life at the edge part 2: Divide and conquer with DMZs

  Learn how a DMZ works and how it can protect Web servers.  Continue Reading

• Snort Intrusion Detection and Prevention Guide

  Answers to frequently asked questions related to the open source Snort intrusion detection and prevention system.  Continue Reading

• Step 2: Disable Bluetooth whenever possible

   Continue Reading

• Step 1: Know Bluetooth vulnerability lingo

   Continue Reading

• Learning guide: The five steps of baseline Bluetooth security

  In this five step Learning Guide, you will learn the Bluetooth security basics, including how to protect against a Bluetooth hack or virus, how to disable Bluetooth and how to secure Bluetooth devices in the enterprise.  Continue Reading

• Learning Path: Malware

  Freshen up on malware terminology.  Continue Reading