In Depth
In Depth
IT security
-
Storage Decisions Downloads: Executives' storage guide
Ideas of where firms' storage should be and where it's headed. Also key ways to integrate new technologies, processes and ideas without going over budget. Continue Reading
-
Prevent network hacks with secure Web browsing
Hackers can penetrate your network in almost unlimited ways these days, and that includes through your Web browser. Learn how to improve Web browser security and keep these hackers out of your network. Continue Reading
-
Big Microsoft Vista concerns for Big Pharma
The second installment of an ongoing series examining the challenges of deploying Windows Vista and the considerations that go into the decision to roll out the new OS. Continue Reading
-
Is a merger or acquisition in Sourcefire's future?
Sourcefire founder and Chief Technology Officer Martin Roesch, talks about how Sourcefire fits into Security 3.0 theme and how the firm may be involved in a future merger or acquisition. Continue Reading
-
Why hacking contests, 'month-of' projects don't help
Ivan Arce, chief technology officer of Core Security Technologies explains why he thinks hacking contests and public vulnerability disclosure projects do little to improve IT security. Continue Reading
-
The Art of Software Security Testing
Identifying software security flaws including the proper methods for examining file formats. Continue Reading
-
Data retrieval strategies: Document management software overview
The role of document management software in data storage and how it can mitigate risk for the enterprise. Continue Reading
-
The man behind the Month of Search Engine Bugs speaks
Ukrainian security researcher Eugene Dokukin, more widely known by his online name MustLive, is about to launch a new "Month-of" flaw disclosure project focusing on search engine bugs, at a time when many security professionals are dismissing such ... Continue Reading
-
When Microsoft Vista and VPNs don't mix
Papa Gino's is ahead of many companies in deploying Windows Vista, thanks to its involvement in the Microsoft TAP program. But VPN compatibility has been a sticking point. Continue Reading
-
Admins run into trouble with Microsoft updates
A DNS service failure and an ongoing WSUS glitch are among this month's frustrations as IT administrators try to deploy the latest security patches from Microsoft. Continue Reading
-
Network access control learning guide
From PDAs to insecure wireless modems, users have myriad options for connecting to -- and infecting -- the network. Created in partnership with our sister site SearchSecurity.com, this guide offers tips and expert advice on network access control. ... Continue Reading
-
PayPal security measures help stamp out fraud
PayPal's 133 million online customers are the biggest ocean phishers have to plunder. CISO Michael Barrett wants to make it safe to be in the water; and he's not going at it alone. Continue Reading
-
ISCSI TCP/IP TOE card specifications
Key specifications for a cross-section of popular iSCSI TOE cards. Continue Reading
-
The trouble with Google hacking techniques
Some IT security professionals say the threat posed by Google hacking techniques is overblown and that companies can easily avoid it with a layered security program. One skeptical expert is Ira Winkler, founder of the Internet Security Advisors ... Continue Reading
-
Storage consolidation: WAN acceleration and WAFS technology overview
One important avenue of storage consolidation is the consolidation of remote office storage; this is where WAN acceleration and WAFS technology comes into play. Continue Reading
-
IP storage switch and router specifications
Key specifications for a cross section of popular IP storage switch and router products. Continue Reading
-
Inside MSRC: Windows Vista security update explained
Microsoft's Christopher Budd details the first Windows Vista security updates. Continue Reading
-
When disaster recovery and data classification collide
Attendees at a disaster recovery seminar discussed the complex application dependencies when disaster recovery and data classification combine. Continue Reading
-
Will data breach be the end of TJX?
This week in Security Blog Log: Industry experts say companies can learn from a data breach and even prosper from it. But is TJX following the right example? Continue Reading
-
IT pros eye Windows Server 2003 SP2 with caution
Despite its security and stability enhancements, IT pros say they are in no rush to deploy Windows Server 2003 SP2 Continue Reading
-
Symantec threat report under the microscope
This week in Security Blog Log: Infosec professionals dissect Symantec's latest threat report and express a range of views in the blogosphere. Continue Reading
-
Measuring Vista's true security muscle will take time
Researchers are digging through the Windows Vista code right now, and when they find flaws we'll hear about it. But it's the ones we don't hear about that should keep us up at night. Continue Reading
-
LexisNexis fights crime with storage
The document search company is offering a new data forensics service staffed by former federal agents and powered by commodity NAS. Continue Reading
-
PING with Mark Odiorne
Mark Odiorne, CISO at Scottish Re, provides insights on pen testing procedures, prioritising security for senior management and keeping compliant. Continue Reading
-
RFID dispute: Vendors still hostile toward full disclosure
Many vendors still believe that security by obscurity is still the best policy and make it a priority to silence vulnerability researchers. Continue Reading
-
RFID privacy, security should start with design
Companies planning to deploy radio frequency identification technology (RFID) must demand that privacy and security issues are addressed early. Continue Reading
-
Microsoft takes a blogosphere beating over Vista UAC
This week in Security Blog Log: Industry experts take Microsoft to task over a "very severe hole" in the design of Vista's User Account Controls (UAC) feature. Continue Reading
-
Flaws haunt Symantec, IBM, Cisco and IE
Bug Briefs: Security holes plague Symantec Norton products, IBM DB2; Mozilla Firefox; Trend Micro ServerProtect; Cisco IP phones; Google Desktop; IE and Snort. Continue Reading
-
Data breach: If customers don't act, data will remain at risk
To make enterprises take data security seriously, customers must take control of their personally identifiable information and stop handing it out to businesses. Continue Reading
-
New security vendors take on sophisticated attackers
IT Security vendors are developing technologies that show promise in preventing unknown attacks and protecting machines with zero-day vulnerabilities. Continue Reading
-
Quiz: Using IAM tools to improve compliance
A five-question multiple-choice quiz to test your understanding of the content presented by expert Tom Bowers in this lesson of SearchSecurity.com's Identity and Access Management Security School. Continue Reading
-
Storm Trojan was worse than it should have been
The "Storm" attack made a big splash because people keep falling for social engineering and there was simply little else in the news, experts say. Continue Reading
-
Quiz: Defending mobile devices from viruses, spyware and malware
A five-question multiple-choice quiz to test your understanding of the content presented in Defending mobile devices from viruses and malware lesson of SearchSecurity.com's Messaging Security School. Continue Reading
-
Vendors: Cut the hype, truth is what sells
Storage virtualisation technologies have been purchased and implemented successfully for years. The rest of the IT infrastructure must try to catch up and, ultimately, the only thing not virtualised within the datacentre will be the last guy ... Continue Reading
-
TJX breach: There's no excuse to skip data encryption
Companies complain that database encryption products are too expensive and difficult to manage, but customer loss and breach notification costs outweigh encryption expenses. Continue Reading
-
TJX gets little sympathy from blogosphere
TJX is taken to task by security bloggers for waiting until after a massive data breach to take steps to bolster its security. Continue Reading
-
PatchLink offers solid flaw management
PatchLink Update 6.3 is a solid solution to the enterprise patch management problem and demonstrates its true power in a Windows environment. Continue Reading
-
Federal government pushes full-disk encryption
Businesses need to follow the federal government's lead in reducing data breaches by holding employees responsible and examining full-disk encryption (FDE) products. Continue Reading
-
Inside MSRC: Microsoft updates WSUSSCAN issue
Christopher Budd of the Microsoft Security Response Center is urging customers to deploy the latest versions of the Systems Management Server Inventory Tool for Microsoft Updates or Microsoft Baseline Security Analyzer to receive all the current ... Continue Reading
-
Why don't we have clustered FC block storage?
Is it odd that the industry has made such serious strides toward incorporating clustering concepts in both file-based storage and IP -based storage, but not Fibre Channel storage? Continue Reading
-
Adobe Reader flaws spook security experts
Security experts sound the alarm over Adobe Reader flaws that could be exploited for cross-site scripting attacks and other mayhem. Continue Reading
-
Top Windows server hardening tips of 2006
Check out the top Windows server hardening tips of 2006 for helpful advice on domain controller penetration testing, security tips for the Windows Server 2003 OS and more. Continue Reading
-
Security pros glean insight from '06
Corporate acquisitions, an abundance of spam, and the White House's take on cybersecurity mark 2006. Continue Reading
-
Storage Outlook '07: Seeking better backups and archives
Tom Becchetti, senior infrastructure engineer for a major national financial services company, says compliance, backup and archiving will be top priorities in 2007. Continue Reading
-
Top client security tips of 2006
A network user without the proper know-how is a ticking time bomb when it comes to security. Check out our top five client hardening tips of 2006 to get a head start on protecting yourself from potentially dangerous users. Continue Reading
-
Top network security tips of 2006
The top Windows networking security tips of 2006 cover a range of topics, including network isolation, open source Windows security tools, VPN security and more. Continue Reading
-
Review: Reconnex's iGuard needs improvements
Reconnex's iGuard is maturing, though it still needs some usability improvements such as wizards, customisable reports and the ability to drill down on the graphs. Continue Reading
-
Review: Deep Security is a solid IPS
Third Brigade's Deep Security is a well-designed, effective product with strong configuration and policy control capabilities. Continue Reading
-
Microsoft Vista could improve Internet security
Two new Microsoft Vista features -- Kernel Patch Protection and User Account Control -- could prove especially useful in preventing serious malware infections. Continue Reading
-
Review: Lancope StealthWatch 5.5 offers more than IDS
Hot Pick: StealthWatch goes far beyond traditional intrusion detection, with powerful network-monitoring features. The optional IDentity-1000 is an essential addition. Continue Reading
-
Hot technologies for 2007
"Storage" magazine's editors reviewed technology developments, product introductions and storage standards to come up with this short list of must-have technologies for 2007. Continue Reading
-
Storage Decisions Session Downloads: Smart Shopper Track (LV 2006)
Very few storage managers have carte blanche when it comes to storage spending. Sessions in our "Smart Shopper track" help managers get the most bang for their storage buck. Continue Reading
-
Storage IPOs, brilliant or brainless
Just when we thought the fast and loose spending of the dot-com bubble was well behind us, a few recent storage company IPOs remind us that we really haven't gotten a lot smarter. Continue Reading
-
Inside MSRC: Visual Studio flaw, tool extensions explained
Christopher Budd of the Microsoft Security Response Center sheds detail about a flaw in Visual Studio 2005 and explains that support for Software Update Services 1.0 will be extended. Continue Reading
-
Infrastructure security: Remote access DMZ
An excerpt from Chapter 7: Infrastructure security from "How to Cheat at Managing Information Security," by Mark Osborne. Continue Reading
-
Zero-day tracker a hit, but IT shops need better strategy
This week in Security Blog Log: Reaction to eEye's new zero-day tracker is positive, but some experts say it won't help unless IT shops have a layered defense to start with. Continue Reading
-
Active Directory security school: Set up and configuration
An Active Directory security lesson. Continue Reading
-
Active Directory security school: Maintenance and testing
This is lesson three of our Active Directory security school. Continue Reading
-
Active Directory security school: Management
Lesson two of the Active Directory security school. Continue Reading
-
Active Directory Security School
An improperly configured Active Directory can render the rest of your security measures useless. So how can you protect yourself from a hacker with their eyes on your AD? How can you recover from such an attack? Find the answers to all of your AD ... Continue Reading
-
Recordless email: magical or menacing?
A new startup promises recordless email. Is this a stroke of genius that will reward the company with billions of Internet bucks, or is it the end of the world as we know it? Continue Reading
-
Security Blog Log: Sailing a sea of spam
This week, bloggers struggle to purge their bloated inboxes. Their experiences lend weight to recent studies showing a breathtaking spike in spam. Continue Reading
-
Security Blog Log: Dissecting Firefox 2.0
This week, bloggers examine the security features of Firefox 2.0 and come away with mixed reviews. Does it fare better than Internet Explorer 7? Continue Reading
-
Review: Arbor Networks' Peakflow X 3.6
Hot Pick: Peakflow isn't cheap and requires an intimate understanding of data flows, applications and network infrastructure. But the investment will pay dividends. Continue Reading
-
Review: Network Intelligence's enVision
enVision offers excellent value and is highly configurable, though typically that means you have to put a lot into it to get the most out of it. Continue Reading
-
Download Advanced Storage Guide Chapter 2: Backup/Data protection (PDF)
A printable version of our Advanced Storage All-In-One Guide. Download Chapter 2: Backup/Data protection in .pdf format now. Continue Reading
-
Nmap Technical Manual
By now, most infosec pros have heard of Nmap, and most would agree that even though the popular freeware tool is invaluable, installing, configuring and running it in the enterprise is no easy task. With that in mind, SearchSecurity.com, in ... Continue Reading
-
Security Blog Log: Taking Google Code Search for a spin
This week, the blogosphere is buzzing about Google Code Search. Despite concerns that the tool will aid attackers, some see it as a boost for security. Continue Reading
-
Inside MSRC: Public vulnerability disclosures on the rise
Even though irresponsible publicly disclosed vulnerabilities seem to be on the rise, Microsoft's Christopher Budd discusses how the software giant was able to quickly release a fix for the recent VML flaw, plus offers best practices on how to make ... Continue Reading
-
School district expels outsourced backup, enrolls CDP
Revere School District dumps tape and outsourced backup, and deploys SonicWall's continuous data protection product. Continue Reading
-
Test your IQ: Business continuity -- ANSWER
This type of plan specifies a means of maintaining essential services at the crisis location. Continue Reading
-
DPM's Diary: 3 October 2006
Monday Continue Reading
-
ZERT rekindles third-party patching debate
This week in Security Blog Log: IT security pros express more reservations about third-party patching, including the CEO of a company that released one a few months ago. Continue Reading
-
PING with Suzanne Hall
In this exclusive interview with Information Security magazine, Suzanne Hall, AARP director of IT operations and security, examines how security professionals can enable telecommuters and mobile workers while keeping their data secure. Continue Reading
-
More from SearchSecurity September 2006
This month's round up weighs the pros and cons of security information management systems (SIMs) plus four case studies illustrating the different roadblocks security managers can encounter Continue Reading
-
On privacy laws, every state is one of confusion
It's getting increasingly difficult for US firms to comply with regulations . David A. Meunier feels that it's time to develop safeguards and processes for this ever-changing regulatory environment. Continue Reading
-
Top 5 free Windows security downloads
The place where you can find free tools that help you crack passwords, remove troublesome spyware and enhance network security. Check out our five most popular tools and find out what you've been missing. Continue Reading
-
Symantec Dark Vision app monitors underground IRC servers
New research project keeps tabs on the hacker underground, providing new insight on activities like credit card theft and spamming. Continue Reading
-
NetApp operations chief talks growth
Tom Georgens, executive vice president and general manager at NetApp -- also rumoured to be in the running as next CEO -- discusses what's driving its growth. Continue Reading
-
Storage upstarts are tipping the vendor scales
The big storage vendors are always trying to steal a piece of each other's pie. But some small tech upstarts might play big parts in determining who comes out on top. Continue Reading
-
Security Blog Log: Word doc scam evades spam filters
Also this week: A researcher gets a harsh reward after flagging a University of Southern California Web site flaw, and more blogs are keeping an eye on the latest security breaches. Continue Reading
-
Protecting wireless networks: Step 3
Security testing expert Kevin Beaver covers the tools and techniques needed to find and exploit insecure wireless networks. Continue Reading
-
Protecting wireless networks: Step 2
Security testing expert Kevin Beaver covers the tools and techniques you'll need to find and exploit insecure wireless networks. Continue Reading
-
Wireless network security testing
Attack your own wireless networks to find vulnerabilities before malicious hackers do. Continue Reading
-
Identity and Access Management Security School
This Security School explores critical topics related to helping security practitioners establish and maintain an effective identity and access management plan. Continue Reading
-
Risk management: Data organization and impact analysis
This first article of the Insider Risk Management Guide explains how to data organization is the first step in implementing insider threat controls. Continue Reading
-
Risk management: Implementation of baseline controls
This fourth article in the Insider Risk Management Guide examines the implementation of baseline controls. Continue Reading
-
Risk management: Baseline management and control
Identifying baseline controls is the second step to implementing insider threat controls as described in this article from SearchSecurity's Insider Risk Management Guide. Continue Reading
-
Risk management references
References for our Insider Risk Management Guide. Continue Reading
-
Risk management audit
This article explores the audit function in the insider risk management process. Continue Reading
-
Look through the over-hyped storage terms; find the value
Storage expert Marc Staimer discusses the storage vendor trend of using over-hyped terms to sell their products, and how you can find the true value in what they're selling. Continue Reading
-
Security blog log: Fear and loathing in MS06-040's wake
This week, security bloggers wonder if some of the MS06-040 warnings have gone too far. Meanwhile, Symantec uses its blog to warn about the timed release of exploits. Continue Reading
-
Inside MSRC: Time to rethink security workarounds
Christopher Budd of the Microsoft Security Response Center recommends implementing one of several security workarounds to ensure a secure infrastructure until this month's most important Windows update can be installed. Continue Reading
-
Countering attackers with NAC, IPS
Product review: Information Security magazine's Wayne Rash says ForeScout Technologies' flexible CounterACT appliance combines NAC with IPS and is worth the investment. Continue Reading
-
Akonix A-Series offers complex, best-of-breed IM security
Product review: Information Security magazine's Sandra Kay Miller says The Akonix A-Series instant messaging security appliances works well but needs better documentation. Continue Reading
-
Thwarting IM management challenges
Product review: Information Security magazine's Sandra Kay Miller says Symantec's IM Manager 8.0 has limited public network features, but offers excellent reporting Continue Reading
-
Security event management, no strings attached
Product review: Information Security magazine's Joel Snyder says Check Point's vendor-agnostic Eventia Analyzer 2.0/Eventia Reporter is worth consideration despite limited BI options. Continue Reading
-
Endpoint security quiz answers
The answers to the Endpoint quiz Continue Reading
-
PING with Heidi Kujawa
Heidi Kujawa, director of enterprise architecture services for Sony Pictures Entertainment, explains how combatting piracy takes more than just keeping bootleggers out of the theatres Continue Reading
-
Beyond HIPAA and GLBA
Most firms are familiar with HIPAA, Gramm-Leach-Bliley and Sarbanes-Oxley, but newer regulations are pushing certain industry sectors to adopt strong authentication Continue Reading