Tips
Tips
-
Built-in Windows commands to determine if a system has been hacked
In this tip, contributor Ed Skoudis identifies five of the most useful Windows command-line tools for machine analysis and discusses how they can assist administrators in determining if a machine has been hacked. Continue Reading
-
Your physical security budget: Who pays and how much?
In many organizations, the cost of data center security is a shared expense -- or at least it should be. How much then should you be spending on security and how much of that should be picked up by other business units? Continue Reading
-
Ten hacker tricks to exploit SQL Server systems
SQL Server hackers have a medley of tricks and tools to gain access to your database systems. Learn their techniques and test SQL Server security before they do. Continue Reading
-
Cleansing an infected mail server
Learn five measures you can take to when cleaning up a massive email virus infection Continue Reading
-
Developing a patch management policy for third-party applications
Enterprises may push the latest critical Windows patches once a month, but here's a dirty little secret: Most organizations don't bother patching their third-party applications. The diversity of client-side software -- including everything from ... Continue Reading
-
Firewall redundancy: Deployment scenarios and benefits
There are, however, several good reasons to deploy multiple firewalls in your organization. Let's take a look at a few scenarios. Continue Reading
-
PCI compliance after the TJX data breach
The massive TJX data breach reinforced the need for stricter controls when handling credit card information. In this tip, Joel Dubin reexamines the need for the PCI Data Security Standard and advises how to ease the PCI compliance burden. Continue Reading
-
Preparing for uniform resource identifier (URI) exploits
URIs have always been a user-friendly way to recognize and access Web resources. By crafting malicious URLs and manipulating protocol handlers, however, attackers have devised new attacks that take advantage of the URI's locator functionality. Web ... Continue Reading
-
How to avoid dangling pointers: Tiny programming errors leave serious security vulnerabilities
For years, many have said that there is no practical way to exploit a dangling pointer, a common application programming error. But these software bugs should no longer be thought of as simple quality-assurance problems. Michael Cobb explains how ... Continue Reading
-
Enterprise risk management frameworks: Controls for people, processes, technology
Once responsibilities and requirements are defined, the next stage in developing a successful risk management framework involves developing controls. As Khalid Kark explains, that includes developing a culture of security, using technology in the ... Continue Reading
-
Digital forensics tool Helix 'does no harm'
Forensics isn't just for the scientists. This month, contributor Scott Sidel recommends Helix, a digital forensics tool that can do some important detective work on your system. Continue Reading
-
Steps in the information security program life cycle
This article from our series on information security governance describes the essential steps to take when developing a security program life cycle. Continue Reading
-
Where to place IDS network sensors
JP Vossen explains where to place IDS sensors. Continue Reading
-
How to patch vulnerabilities and keep them sealed
Learn how to simplify the patch deployment process and employ methods that will reduce vulnerabilities. Continue Reading