Tips

Tips

Security Threats and Vulnerabilities Management

• Defending against Firesheep: How to prevent a session hijacking attack

  A new exploit tool called Firesheep revealed just how vulnerable applications like Facebook and Twitter are to session hijacking attacks. Mike Chapple lists four steps you can take to protect your midsized business.  Continue Reading

• Buffer overflow prevention: Add apps to Microsoft EMET with command line configuration

  Adding vulnerable applications to the Microsoft Enhanced Mitigation Experience Toolkit is simple once you've mastered the command line configuration tool.  Continue Reading

• Windows 7 backup tool: Three Windows 7 Backup and Restore use cases

  Windows 7's built-in backup tool is a reliable options for smaller organizations wanting to preserve the confidentiality and availability of stored data.  Continue Reading

• Enhanced Mitigation Experience Toolkit reduces buffer overflow attacks

  Microsoft Windows Enhanced Mititgation Experience Toolkit version 2 introduces six mitigations that reduce the risks posed by malware trying to cause an application buffer overflow attack.  Continue Reading

• Social engineering attack: How to remove rogue security software

  Social engineering attacks trick users into installing rogue security software. Users need to be educated to avoid falling prey, and IT needs the tools to remove the fake security software.  Continue Reading

• SEO security: How to stop search engine optimization security attacks

  When attackers can place malicious sites high in Google rankings, you may be at risk. Learn how to defend against SEO poisoning.  Continue Reading

• How to remove rootkits from your organization

  Through their control of the underlying operating system, rootkits are often able to mask their presence from traditional antivirus software. What's a midsized business to do?  Continue Reading

• Windows patch deployment tools: WSUS 3.0 or third-party software?

  Gregg Braunton discusses Windows patch deployment tools and reviews when you should (and should not) use WSUS to send updates to your employees' workstations.  Continue Reading

• Laptop full disk encryption: Debunking myths

  Mike Chapple reviews laptop full disk encryption and separates fact from fiction.  Continue Reading

• Windows rootkit detection tools and tactics

  A reader asks Tom Chmielarski how to find and remove a rootkit on his Windows machine.  Continue Reading

• Whitelisting applications vs. other antimalware defenses

  Tom Chmielarski once tracked a worm infection down to a lab system oscilloscope that was running Windows. See why it was the perfect candidate for application whitelisting.  Continue Reading

• What Windows protection is available to control USB devices?

  USB storage media is practically unavoidable but also a huge risk. Using Windows to control USB devices may not be the best option, but Tom Chmielarski reviews products that can help.  Continue Reading

• What is the best Windows patch management procedure?

  There's no one-size-fits-all approach for deciding when a patch needs testing. Tom Chmielarski shares his thoughts on an ideal patch management process.  Continue Reading

• PCI DSS requirement: Building and maintaining a secure network

  The first PCI focus area requires a set of documented configuration standards, perimeter and endpoint protection.  Continue Reading

• Three portable data storage encryption methods

  Mike Chapple looks at three ways to encrypt sensitive data while it's stored on portable media.  Continue Reading

• Considering two-factor authentication? Do cost, risk analysis

  One-time passwords and other technologies are effective protection, but midmarket companies have to consider the expense and management overhead.  Continue Reading

• The security value of a hosted data center

  Have you begun converting your office space to a data center? There's a more secure option, says security analyst Joe Malec.  Continue Reading

• The value of booting from a VHD in Windows 7

  Booting a system from a virtual hard drive is one of the perks of Windows 7. After reviewing the security benefits, Tony Bradley offers a step-by-step plan for creating a VHD.  Continue Reading

• How to set your baseline with host integrity monitoring software

  Once you have your malware detection, IDS and network firewalls in place, it may be time to turn your attention to another valuable troubleshooting tool: host integrity monitoring software.  Continue Reading

• How to create a bit-image copy of a live server

  Part of your incident response plan should include the creation of a bit image copy of a live server. Free and open source tools are available to simplify this process.  Continue Reading

• How to choose full disk encryption for laptop security, compliance

  Full disk encryption is becoming a priority for laptop security in midmarket companies because of regulatory compliance and fear of data breaches. Consider central management, ease of deployment, user transparency, reporting, platform support and ...  Continue Reading

• PCI DSS requirement: Protect cardholder data

  The second PCI DSS focus area spells out how organizations must secure cardholder data they store and transmit.  Continue Reading

• Best email antivirus policy? Scan everything

  Despite the performance hit, IT shops should adopt a best practice of scanning all email messages. Shortcuts, such as skipping scans of image or audio files, may lead to virus infections.  Continue Reading

• Assess your security state in five steps

  Prioritize your security spending by identifying how data moves and users interact, and what vulnerabilities exist in infrastructure, systems and applications.  Continue Reading

• Determine when to use a workaround rather than patch systems

  Vendor security patches sometimes unintentionally break production applications. Learn how to determine when your midmarket organization should employ a workaround, rather than patch immediately.  Continue Reading

• TrueCrypt brings affordable laptop encryption to midmarket

  TrueCrypt is free, open source laptop encryption software whose cryptographic capabilities and methodology compares to commercial products.  Continue Reading

• Fighting spyware with unified threat management

  Too many organizations make the mistake of not aggressively mitigating spyware at all levels -- the desktop, server and network edge. According to network security expert Lisa Phifer, a unified threat management appliance can strengthen enterprise ...  Continue Reading

• Nipper audits routers, reveals insecure settings

  In this column, contributor Scott Sidel examines Nipper, a network infrastructure parser that helps security professionals keep routers and firewalls properly configured.  Continue Reading

• How to prepare for security patch testing

  Learn what steps organizations can take prior to security patch testing to ensure a successful patch testing phase.  Continue Reading

• The pros and cons of outsourcing antivirus services

  Learn the pros and cons of outsourcing antivirus services in this tip by Ed Skoudis.  Continue Reading

• Effectively using vulnerability management data

  As more organizations turn to outsourcing services for their vulnerability management, certain questions need to be addressed. Is there a way to make use of the collected data? Can information collected from internal scans or assessments be used to ...  Continue Reading

• How to set up a managed unified threat management remote firewall/VPN appliance

  When it comes to threat management products for remote offices, not all products are created equal. In this tip, part of SearchSecurity.com's special Integration of Networking and Security School, expert David Strom uses words and pictures to ...  Continue Reading