-
DNS security best practices to prevent DNS poisoning attacks
DNS cache poisoning is a threat to any Internet-connected enterprise. Learn how the attack method works and potential mitigation strategies in this thesis from Richard Agar of Royal Holloway University London. Royal Holloway eBook Seri
-
RSA Conference Europe 2010 coverage
Get updates on the latest happenings at the RSA Conference Europe 2010 with breaking news stories, and exclusive video and podcasts. Conference Coverage
-
Financial information security: How to survive the banking crisis
In this financial information security mini guide, you'll learn exactly what challenges are facing the financial sector today, and how to combat banking-specific threats. Learning Guide
-
Financial services sector faces continued information security challenges
The financial services sector faces some sobering information security challenges. Find out what the state of security is in the financial services sector, as well as what banks are doing to combat information security threats. Feature
-
Face-off: Is antivirus dead?
Security experts Bruce Schneier and Marcus Ranum debate the longterm viability of antivirus software. Face-off
-
Deperimeterization changing today's security practices
Royal Holloway authors explain how basic deperimeterization principles can ensure that security does not suffer when traditional boundaries are eroded. Royal Holloway eBook Seri
-
Unified threat management (UTM) integration challenges
The Border Gateway Protocol (BGP) is the most important protocol on the Internet, and is used to link the multiple networks that makes up the Internet. Although it performs well, it suffers from many security weaknesses. Royal Holloway eBook Seri
-
Computer misuse cases: Get there before the bad guys
By defining the scenarios in which computer systems could be misused, security professionals can test more thoroughly and assess risk more quickly. Royal Holloway eBook Seri
-
2009 Royal Holloway University of London MSc thesis series
Read a group of information security articles -- from the highly technical to the basic -- authored by recent MSc graduates of Royal Holloway University of London (RHUL). Royal Holloway eBook Seri
-
Infosecurity Europe 2009: News, interviews and updates
Infosecurity Europe 2009 has begun. SearchSecurity.co.uk is on the conference floor, providing the latest news and updates from London. Special News Coverage
- See More: Essential Knowledge on Threat and Vulnerability Management
-
Study finds attacks slip past spotty patch management policies
A study finds attackers targeting firms with poor patch management policies, exploiting vulnerabilities that should have been patched years ago. News | 10 Feb 2012
-
Survey: Types of DDoS attacks on the rise due to hacktivist groups
New DDoS statistics suggest hactivist groups are to blame for an increase in the number and types of DDoS attacks across the Internet. News | 09 Feb 2012
-
UK IT security survey reveals changing priorities
TechTarget surveyed UK IT professionals regarding their 2012 security priorities. The findings show changing security priorities. News | 16 Jan 2012
-
Is it the end of the line for antivirus signatures?
Traditional antimalware can't keep up with the threat landscape. Are antivirus signatures destined for the rubbish bin? News | 29 Dec 2011
-
Emerging 2012 security trends demand information security policy changes
2012 security trends involving cookies, fines, devices and threats will demand more skills -- and a little finesse -- from security professionals. News | 29 Dec 2011
-
Report on UK cybercrime statistics reveals culprits and responders
PwC’s cybercrime statistics reveal who is most likely to commit cybercrime, and who is the best choice to respond in any organisation. News | 06 Dec 2011
-
Government publishes UK Cyber Security Strategy to protect public
The government’s UK cyberscurity strategy includes a new crime unit, more certifications, increased public education, and the creation of kitemarks. News | 28 Nov 2011
-
London firm offers fixed-price cloud DDoS protection
One company has launched a fixed-price cloud DDoS-protection service for mitigating the ever-present threat of DDoS attacks. News | 16 Nov 2011
-
University IT security pros thwart content piracy with traffic shaping
A traffic-shaping system installed at the University of Exeter quickly yielded huge dividends by blocking illegal piracy of music and films. News | 27 Oct 2011
-
Preparing for latest security attacks means planning for failure
Any security defence may, at some point, fail. Experts at RSA Europe said security pros must be agile to dodge the latest security attacks. News | 19 Oct 2011
- See More: News on Threat and Vulnerability Management
-
Stop phone tracking and GPS data leakage
GPS-enabled smartphones and other GPS devices may leak confidential or sensitive data, making it easy for attackers to target your employees. Tip
-
How to prevent unauthorised personnel from hacking voicemail
Keeping attackers out of sensitive corporate voicemails can be as easy as updating PIN policies. Tip
-
Add threat modelling to your Web application security best practices
Among any list of enterprise Web application security best practices, threat modelling is essential. Michael Cobb explains why in this expert article. Tip
-
Cross-site request forgery: Lessons from a CSRF attack example
Cross-site request forgery attacks can lead to serious damage to websites. See how lessons from a CSRF attack example can help prevent these attacks. Tip
-
OpenVAS how-to: Creating a vulnerability assessment report
In this OpenVAS how-to, learn how to use the free scanner to create a vulnerability assessment report and assess threat levels. Tip
-
Nmap tutorial: Nmap scan examples for vulnerability discovery
Learn how to use Nmap, the free network scanner tool, to identify various network devices and interpret network data to uncover possible vulnerabilities. Tip
-
How to stop SQL injection and prevent data compromises
While they're some of the easiest attacks to prevent, SQL injections are also some of the least protected against forms of attack. Learn how to stop them with this advice. Tip
-
Secure public Wi-Fi: Locking down employees' Wi-Fi security settings
When it comes to public Wi-Fi, it's safest to assume all hotspots are hostile. In this tip, Michael Cobb gives security strategies for preventing data leakage via public wireless networks. Tip
-
Secure USB best practices: Choosing USB hardware encryption
Learn why USB hardware encryption may be the best way to secure mobile data. Tip
-
Free Windows security tools: Using Microsoft EMET
Microsoft recently introduced a free set of tools known as the Enhanced Mitigation Experience Toolkit (EMET), which can retrofit older Windows systems with recently developed security technologies. Learn more about how you can use EMET in this expert... Tip
- See More: Tips on Threat and Vulnerability Management
-
Open source software security issues: How to review OSS for security
A reader asks how to judge the security of open source software products. Expert Michael Cobb lists three areas to check. Ask the Expert
-
Pwn2Own results: The most secure Internet browser for enterprises
Which browsers are secure enough for enterprise use, and which should be avoided at all costs? In this expert response, Richard Brain examines the results of the 2010 CanSecWest Pwn2Own competition to give browser advice. Ask the Expert
-
How to protect a laptop from spam, viruses
Q&A: Expert Richard Brain explains how to protect your laptop from malware by preventing it from installing in the first place. Ask the Expert
-
What to look for in a network security audit
What to look for in a network security audit? That's a short question with a big answer, says expert Peter Wood. Ask the Expert
-
How to address a spike in TCP and UDP flows
Have an unusual spike in TCP and UDP flows? Expert Peter Wood explains how to zero in on the problem. Ask the Expert
-
How secure are extended validation SSL certificates?
Expert Peter Wood responds to exaggerations about the security of extended validation SSL certificates. Ask the Expert
-
How does search engine malware spread?
Expert Richard Brain explains how malware can take advantage of Web crawlers and spread malicious code to a number of vulnerable websites. Ask the Expert
-
How to detect and remove Sinowal and repair a master boot record
Expert Richard Brain reviews how to repair an operating system after malware has damaged a master boot record. Ask the Expert
-
When to use a unified threat management system
Network security expert Peter Wood explains why a unified threat management product may be only one of many tools that an organization should use to fight off malware threats. Ask the Expert
-
Should a worm patch or push security updates?
In this expert response, Richard Brain explains why "offensive" worms should not be used to propogate patches. Ask the Expert
- See More: Expert Advice on Threat and Vulnerability Management
-
metamorphic malware
Metamorphic malware is malicious software that is capable of changing its code and signature patterns with each iteration. Definition
-
Serious Organized Crime Agency (SOCA)
The Serious Organized Crime Agency (SOCA) is a policing agency dedicated to the identification of criminal activity related to drug trafficking, money laundering, identity theft and immigration. SOCA is based in the United Kingdom. (Continued...) Word
-
Centre for the Protection of National Infrastructure (CPNI)
The Centre for the Protection of National Infrastructure (CPNI) is the agency charged with providing advice to any entity within the United Kingdom that owns or operates services or property critical to commerce, public health or security. (Continued... Word
-
USB gadgets and gizmos present data-theft risks
In this video, learn how new USB gadgets and gizmos could be used to siphon off your sensitive data. Video
-
Unified threat management (UTM) integration challenges
In this video, Joel Snyder of Opus One reviews how unified threat management products integrate with host-based protection and network access control devices. Video
-
The trade-offs of unified threat management
Opus One's Joel Snyder reveals a key drawback of UTM. Video
-
Unified threat management vs. intrusion prevention systems
In this video, Joel Snyder of Opus One talks about how unified threat management stacks up against an intrusion prevention system. Snyder reveals the best options for both midmarket organizations and larger enterprises. Video
-
The value of an intrusion prevention system against a Web attack
Yes, an IPS only protects against known attacks, but a little protection goes a long way. Joel Snyder of Opus One takes a few minutes to talk about the true value of intrusion prevention systems. Video
-
CISSP Essentials training: Domain 5, Telecommunications and networking
Prepare for Domain 5 of the CISSP exam by learning about telecommunications and networking. Video
-
The future of exploit vulnerability research
At Information Security Decisions 2008, security researchers discuss the most vulnerable network points and the future of the SDLC. Video
-
NAC and endpoint security: The hard questions
Joel Snyder covers challenging endpoint security questions and explains how NAC technology can address them. Video
-
Video: Scanning with Nmap
Peter Giannoulis takes a look at everybody's favorite, freely available port scanner and OS identifier: Nmap. Video
-
Open source software security issues: How to review OSS for security
A reader asks how to judge the security of open source software products. Expert Michael Cobb lists three areas to check. Ask the Expert
-
Study finds attacks slip past spotty patch management policies
A study finds attackers targeting firms with poor patch management policies, exploiting vulnerabilities that should have been patched years ago. News
-
Survey: Types of DDoS attacks on the rise due to hacktivist groups
New DDoS statistics suggest hactivist groups are to blame for an increase in the number and types of DDoS attacks across the Internet. News
-
UK IT security survey reveals changing priorities
TechTarget surveyed UK IT professionals regarding their 2012 security priorities. The findings show changing security priorities. News
-
Stop phone tracking and GPS data leakage
GPS-enabled smartphones and other GPS devices may leak confidential or sensitive data, making it easy for attackers to target your employees. Tip
-
Is it the end of the line for antivirus signatures?
Traditional antimalware can't keep up with the threat landscape. Are antivirus signatures destined for the rubbish bin? News
-
Emerging 2012 security trends demand information security policy changes
2012 security trends involving cookies, fines, devices and threats will demand more skills -- and a little finesse -- from security professionals. News
-
Opinion: Firms can’t or won’t address social networking security risks
It's a common refrain: Even companies that are aware of social networking security risks don't do anything about them. Opinion
-
How to prevent unauthorised personnel from hacking voicemail
Keeping attackers out of sensitive corporate voicemails can be as easy as updating PIN policies. Tip
-
IT in Europe: Information Security Edition e-zine
e-zine
- See More: All on Threat and Vulnerability Management
About Threat and Vulnerability Management
Vulnerability and threat management are important aspects of an enterprise security solution. Get the latest information about managing threats, how to conduct a vulnerability assessment, vulnerability scanning, testing and assessment tools.