-
When filling out the PCI DSS questionnaire, is it impor
It's time to fill out the PCI DSS questionnaire, but management has said that it's no big deal, there's no need to provide accompanying documentation. But what will happen when an auditor comes kno...
-
What is a 'top-down' IPS sensor search?
If you're a firewall guru, you're probably familiar with the "top-down" signature matching approach. In this expert Q&A, Mike Chapple explains how IPS sensors have a similar method.
-
Are two network firewalls better than one?
Two firewalls from different vendors may not cause processing delays, but if not used and arranged correctly, the devices can become a hassle for IT teams. In this expert Q&A, network security pro ...
-
What courses can improve fundamental knowledge of infra
When looking to brush up on knowledge of systems such as Active Directory, Exchange, LDAP and more, there are many educational opportunities, but which offer the most benefit? In this IAM expert re...
-
How to secure desktops as suites expand, network perime
Learn about desktop security software and policy options, and why deperimeterization may be the best approach for securing desktops.
-
Preparing for a network security audit starts with moni
Security professionals each have their own way of getting ready for their annual network security audit. All too often, IT teams rush around and make last-minute adjustments to their configurations...
-
File format vulnerabilities: Protecting your applicatio
From WMF to the latest Excel file exploits, it's clear that attacks targeting file format vulnerabilities are on the rise. In this tip, network security expert Mike Chapple examines why files have ...
-
IAM best practices for employees with varying degrees o
Protecting access to a single PC with multiple users can be a daunting task, but there are some security best practices to consider.
-
How to ensure the validity of Microsoft Windows updates
Ever wonder if what you've downloaded from Windows Update is a complete scam? Michael Cobb explains how to check that the programs you have installed are actually from Microsoft.
-
Writing an SLA: Points to include in an outsourcing con
Shon Harris outlines the core items to include in a service level agreement (SLA) for an MSSP (managed security services provider).
-
Should data from a corrupted workstation be transferred
If a Windows workstation is compromised, should the infromation be transferred to a forensics laptop? Or is it better to use USB pen drives or a Windows share? In this expert Q&A, Ed Skoudis explai...
-
How to set up a managed unified threat management remot
When it comes to threat management products for remote offices, not all products are created equal. In this tip, part of SearchSecurity.com's special Integration of Networking and Security School, ...
-
Automating the patch installation process
In this Ask the Expert Q&A, our platform security expert discusses how to control patch installations for Microsoft applications. He also explains where to find resources that will help you manage ...
-
Should a firewall ever be placed before the router?
In terms of unit cost, it's generally much cheaper for a router to handle a packet than for a firewall to analyze it. But as network security expert Mike Chapple explains, one does not necessarily ...
-
How can I retrieve and restore a deleted user account i
When working with a directory service like Active Directory, restoring deleted users can be challenging. Identity and access management expert Joel Dubin advises on how to manage users efficiently.
-
Windows Update attacks: Ensuring malware-free downloads
Attackers recently discovered how to exploit the Windows Update service to push malware onto targeted systems. Is the new attack possible because of a flaw in Windows Update itself? Or is it becaus...
-
What are the risks associated with outsourcing security
In this expert Q&A, security management pro Mike Rothman discusses why outsourcing security services could be a bad idea.
-
How should multiple firewall rules be managed?
Even with a change management system, firewall rule bases can become a nightmare for administrators. In this Q&A, network security expert Mike Chapple points out incorrect, overlapping and unused r...
-
How to stop a rogue user from circumventing network sec
Receive peer advice regarding ways to correct damages caused by a rogue user and learn what to do to prevent this from happening again
-
What are ways to measure security risks, threats and vu
In this Q&A, security management expert Mike Rothman offers advice on the most effective ways to manage and access security risks, threats and vulnerabilities within an enterprise.
-
Assessing Windows Phone 7 security features
Windows Phone 7 security features are proving to be a mixed bag. Sam Cattle assesses the enterprise security pros and cons of the latest Windows mobile platform.
-
Which security certifications are best for your career?
Whether starting your career or planning your next step as an IT security professional, this tip will guide you toward the best certifications for your interests and experience.
-
An SMB security risk assessment in five steps
Assessing your organization's security threats and risks takes just five steps, says Robbie Higgins. Check out his quick guide to the SMB security risk assessment process.
-
Nmap, Nessus, Nikto for do-it-yourself pen tests
Nmap, Nessus and Nikto are penetration testing tools that security operators can use to conduct pentests on their networks and applications.