-
Integrating biometric authentication with Active Direct
Integrating biometrics with an existing enterprise IAM architecture was once a trying task, but it's much easier today because many biometrics products are designed to work hand in hand with Active...
-
Data threats: Insiders vs. outsiders
According to Verizon's 2008 Data Breach Investigations Report, outsider activity is much more likely to be the cause of a data breach than insider activity. Does that mean security managers are spe...
-
Debian: A niche OS with a not-so-niche security flaw
A recently discovered flaw in the Debian version of Linux meant that any OpenSSL keys generated during the past 20 months could be guessed in a matter of hours. But does the vulnerability suggest b...
-
Warning signs of a P2P botnet
Network security expert Mike Chapple explains two easy ways to detect the presence of a P2P botnet on your system.
-
How to patch Kaminsky's DNS vulnerability
When Dan Kaminsky revealed the details of his recently discovered DNS flaw at this year's Black Hat briefings in Las Vegas, it confirmed what many in the security community already feared: that it ...
-
Microsoft Baseline Security Analyzer: Do updates offer
The Microsoft Baseline Security Analyzer has always been useful at scanning Windows environments for the presence or absence of security updates. Now, see how the latest version adds support for Wi...
-
Web advertising exploits: Protecting Web browsers and s
Web browser exploits are nothing new, but few security managers are consciously aware of the threat that Web advertisement exploits represent. Marcos Christodonte II details how attackers use adver...
-
Standards and guidelines for system hardening
When hardening a system, what specific standards or guidelines should information security pros adhere to? Security management expert Mike Rothman explains.
-
Planning for 'DRAM remanence'
A reader asks contributor Michael Cobb, "How can 'DRAM remanence' compromise encryption keys?"
-
Ransomware: How to deal with advanced encryption algori
It's late in the day, and your CEO reports a strange message on his computer screen: his files have been encrypted, and a payment is required to return all of his data. What do you do? Don't give i...
-
CERT's security incident-response project
Many security professionals lack a management-level understanding of incident response. Expert John Strand gives advice on how CERT security incident-response project can help.
-
DNS rebinding defenses still necessary, thanks to Web 2
The scripted content and plug-ins of today's Web 2.0 websites have opened enterprise networks to an old threat: DNS rebinding. The attacks can create serious problems for your enterprise network, b...
-
Web 2.0 and e-discovery: Risks and countermeasures
Enterprise employees often love Web 2.0 services like wikis and social networking services, but the data employees may create with or provide to those services can put an enterprise at risk, especi...
-
Database patch denial: How 'critical' are Oracle's CPUs
A recent survey found that a considerable number of users are outright rejecting Oracle's Critical Patch Updates, perhaps suggesting database administrators feel comfortable with their security def...
-
Protecting exposed servers from Google hacks (and Googl
Michael Cobb explains how to avoid exposing your important data to 'Google dorks.'
-
Windows registry forensics guide: Investigating hacker
The Windows registry can be used as a helpful tool for professionals looking to investigate employee activity or track the whereabouts of important corporate files. In this tip, contributor Ed Skou...
-
Security breach management: Planning and preparation
All organisations face the risk of an information security breach. While it can be a gut-wrenching ordeal, learning how to manage a breach can make it much easier to contain the damage. In this tip...
-
Sharing information during a data breach
A security manager's nightmare: There's been a data breach, and it's time to pick up the pieces. But to recover as quickly as possible, who needs to know what about the data breach, and when? Secur...
-
How to map business processes to security frameworks
Consolidating effort by mapping security controls to business frameworks is a great way to save time. But how implementable is it?
-
Understanding multifactor authentication features in IA
Enterprises often make the mistake of assuming that IAM suites come with tightly integrated multifactor authentication features, but in reality making sure they work together well can be a challeng...
-
Creating a Java security framework
The number of attacks on Java is steadily increasing, and many enterprises are unprepared for the threat. Get advice on how to lock down Java from expert Nick Lewis.
-
IAM concepts and predictions to watch in 2011
Forrester's Andras Cser discusses the emerging identity and access management concepts and market predictions enterprises should be prepared for in 2011.
-
iPad security policy pointers
As enterprise iPad use increases, companies must make decisions about iPad security policy and how to enforce it. Lisa Phifer offers several tactics for ensuring iPad endpoint integrity.
-
How to successfully 'invest' in your career
Credentials that set you apart from other information security applicants can determine whether you land your dream job. In this tip, Lee Kushner and Mike Murray give advice on how to choose effect...