Tips

Tips

• Five ways to prepare a company board for a cyber breach

  Five key things that boards need to do to stop their businesses leaking like sieves and potentially going to the wall  Continue Reading

• How to implement risk-based security

  Implement a simple process to identify, analyse and prioritise risk without significant investment in time or money  Continue Reading

• Seven secrets of SQL Server Management Studio

  SQL Server Management Studio (SSMS) is the principal interface for working with Microsoft SQL Server. However, many subtleties of this powerful tool evade even the most seasoned professionals  Continue Reading

• Audits and compliance requirements for cloud computing

  Even as India Inc experiments with the cloud, security concerns play spoilsport. These cloud computing audit and compliance tips will make your journey easier.  Continue Reading

• Security business analyst – a role whose time has come

  For effective information security, India Inc requires security business analysts. These should be people who understand security, technology and the business.  Continue Reading

• Using ESAPI to fix XSS in your Java code

  Customized validation routines are the norm in Indian organizations for fixing vulnerabilities. OWASP’s ESAPI framework may prove to be a better option.  Continue Reading

• Identity and access management (IAM) in the cloud: Challenges galore

  Identity and access management (IAM) in the cloud poses never before seen challenges to Indian organizations. Here are some points to keep an eye out for.  Continue Reading

• Leading Indian banking portals contain glaring security lapses

  Even as Internet banking portals transform the way Indians bank, vulnerabilities exist in banking websites like SBI, Citibank India, HDFC Bank and ICICI Bank.  Continue Reading

• Six business continuity audit guidelines for Indian businesses

  In order to be fully prepared to tackle disasters it is important to conduct BCP audits. Use these guidelines for effective business continuity audits.  Continue Reading

• Vulnerabilities in JavaScript: Secure coding insights and tips

  JavaScript vulnerabilities are on the rise in India with the entry of HTML5 and faster JavaScript engines. Here are some key problem areas along with antidotes.  Continue Reading

• BPM-ERP integration in four steps

  Integrating ERP with BPM can improve organizational efficiency and productivity. Follow these steps for easy integration of ERP with BPM.  Continue Reading

• Limitations of two factor authentication (2FA) technology

  The common two factor authentication (2FA) techniques used In India have several shortfalls. We take a look at security risks associated with 2FA solutions.  Continue Reading

• Implement a data integration solution in six easy steps

  This is the first installment of a two-part series expert-advice on data integration solution deployment.  Continue Reading

• How centralised storage and server-based computing help IT face BYOD

  Study shows that UK and EU IT pros are still scared of BYOD. But IT can overcome these BYOD fears. Here's how.  Continue Reading

• Guide to Windows Azure: Part 3 - How to configure local storage resources

  Our Windows Azure tutorial series continues with an explanation of usage of local storage in Azure cloud services. Learn how to best configure local storage.  Continue Reading

• Business continuity strategy: Employees are the vital link!

  No business continuity strategy can ignore the role that employees play in a crisis. Here’s how you can bring employees to the center of your BC plan.  Continue Reading

• Mobile application security issues and threat vectors in enterprises

  As mobile application security threats take on serious proportions, we explore the issues and risks involved for users and enterprises.  Continue Reading

• The benefits of an open source file system for storage

  An open source file system can bring huge scalability, parallel file system capability and advanced features compared to those bundled with commercial operating systems.  Continue Reading

• A free risk assessment template for ISO 27001 certification

  Risk assessment is the first important step towards a robust information security framework. Our simple risk assessment template for ISO 27001 makes it easy.  Continue Reading

• Building a hybrid cloud on SaaS, PaaS and IaaS for IT efficiencies

  IT pros looking to adopt a hybrid cloud based must strategise for security, IT standards and costs to make their cloud project successful.  Continue Reading

• Five things that can make or break your virtual desktop infrastructure

  IT pros looking to implement a virtual desktop infrastructure project must have a strategy for storage, application virtualisation and must understand desktop users to succeed.  Continue Reading

• System administrator guide to the contra-admin approach

  A system administrator can benefit by adopting a contrarian approach to system administration. Learn how to use contra-admin effectively as a sysadmin.  Continue Reading

• BI platform standardization: Step-by-step approach

  BI platform standardization is the key to improved data management and clarity on the cost per report. Follow these steps to standardize your BI with ease.  Continue Reading

• DCIM: what it is and what it does

  Data Centre Infrastructure Management holds unquestionable worth, but with the wealth of DCIM tools in the market, IT managers must choose carefully.  Continue Reading

• Gartner’s fabric computing insights

  According to Gartner, fabric computing has evolved over the past two years, and is here to stay. Read further for fabric computing implementation insights.  Continue Reading

• Risk management for cloud computing deployments

  Cloud risk management involves more than meets the eye. Our expert details risk management for public cloud setups in this multi-part series.  Continue Reading

• Data centre design: Using engineered racks, pods and containers

  IT pros must adopt a new approach to data centre design and consider using engineered racks, pods and containerised systems for better scalability, capacity and efficiency.  Continue Reading

• Information security budgets: Five steps to obtain management buy-in

  Getting management to approve security budgets is difficult. Here are guidelines to help you prepare and present information security budgets effectively.  Continue Reading

• Maltego tutorial - Part 1: Information gathering

  Maltego is a powerful OSINT information gathering tool. Our Maltego tutorial teaches you how to use Maltego for personal reconnaissance of a target.  Continue Reading

• POS terminal security: Best practices for point of sale environments

  Securing point of sale (POS) environments can be tricky. Shobitha Hariharan and Nitin Bhatnagar share comprehensive POS terminal security best practices.  Continue Reading

• Using automation, self-service provisioning to build a private cloud

  IT pros that recognise cloud computing benefits want to build one behind closed doors. But a private cloud requires automation, self-service provisioning and management planning.  Continue Reading

• Prepare for BCP audits with nine best practices

  Business continuity plans are ineffective without proper BCP audits. Our expert has some guidelines on how to prepare for BCP audits.  Continue Reading

• 6 point SIEM solution evaluation checklist

  With SIEM solutions gaining steam in India, Satish Jagu of Genpact shares concise tips based on the lessons from his SIEM implementation experiences.  Continue Reading

• Windows Azure tutorial Part 1: Set up and manage subscriptions

  Wondering how to set up a Windows Azure subscription? This Windows Azure tutorial has all the information to help you create and manage the subscription.  Continue Reading

• Inmon or Kimball: Which approach is suitable for your data warehouse?

  Inmon versus Kimball is one of the biggest data modelling debates among data warehouse architects. Here is some help to select your own approach  Continue Reading

• Information security intelligence demands network traffic visibility

  Use the network and host data at your disposal to create business-focused information security intelligence policies and strategies.  Continue Reading

• Troubleshooting bogus vCenter icons in VMware vSphere 5

  The new vCenter icons that VMware introduced in vSphere 5 are buggy and issue false alarms. Here are some workarounds until the vendor issues a fix.  Continue Reading

• Your 10-step cloud database migration checklist

  Thinking cloud database migration? Use this checklist to migrate your database to the cloud to avoid any issues such as security, latency, or integration.  Continue Reading

• Demystifying VMware Site Recovery Manager and its role in DR

  VMware Site Recovery Manager (SRM) simplifies disaster recovery, but managing it is tricky if users don’t know how it handles VMware snapshots and how it affects backup software.  Continue Reading

• How IT can convince stakeholders of the value of technology projects

  IT professionals must take data centre measures to convince stakeholders of the business value of technology projects. This will help IT emerge as a valuable business resource.  Continue Reading

• Seven NAS backup best practices

  Rapid data growth necessitates optimization of NAS backup procedures. Here’s how you can reduce the NAS backup window and increase NAS backup throughput.  Continue Reading

• 10 Linux security tools for system administrators

  Linux-based tools for security are a boon to system admins for monitoring network security. Here are 10 popular and useful Linux-based security tools.  Continue Reading

• Data center checklist for IT power infrastructure design and setup

  Set up a robust IT power infrastructure with this data center checklist. Besides, achieve a flawless IT power infrastructure design following these tips.  Continue Reading

• Map COBIT framework to your DR plan for better management control

  By mapping the COBIT framework to your DR plan, you can facilitate governance and improve control. Here’s how you can go about doing that.  Continue Reading

• Segregation of duties: Small business best practices

  Segregating duties can be tough in organisations that have few staff members and resources. Get duty segregation best practices for SMBs.  Continue Reading

• Sslstrip tutorial for penetration testers

  Sslstrip is a powerful tool to extract sensitive credentials using HTTPS stripping. This sslstrip tutorial explains the working of sslstrip in-depth.  Continue Reading

• CSRF attack: How hackers use trusted users for their exploits

  A CSRF attack is a serious Web security threat that, combined with XSS, can be lethal. Learn about the CSRF attack’s anatomy, along with mitigation methods.  Continue Reading

• ERP software migration in four easy steps

  An ERP software migration project is not simple to execute. This four-step guide will help you with seamless migration of your ERP software.  Continue Reading

• BackTrack 5 guide 4: How to perform stealth actions

  With BackTrack 5, how to include stealth into attacks is a necessary skill for penetration testers. Our BackTrack 5 how to tutorial shows you the way  Continue Reading

• 3 essential data center network cabling considerations

  Data center network cabling requires meticulous planning and design. Use these tips to determine the best data center network cabling setup.  Continue Reading

• How to manage transient data and replication

  Transient data can be tricky to manage, and best practice tips outlined by vendors may have limitations. But there is an easier way out.  Continue Reading

• Free SAN sizing template and useful guidelines

  With the explosion in data volumes, optimal SAN design and SAN sizing is key. Use these practical SAN sizing tips and SAN sizing template to get there.  Continue Reading

• How to choose a NAS

  Choosing a NAS might be complex but there are a few things you can do to simplify the choice  Continue Reading

• Ways to align ITIL processes with your disaster recovery plan

  Aligning ITIL processes to your DR plan leads to more efficient and effective use of IT infrastructure. Learn more about ITIL processes and DR in this tip.  Continue Reading

• BackTrack 5 Guide II: Exploitation tools and frameworks

  Our BackTrack 5 guide looks at exploitation and privilege escalation techniques. This part of our guide will improve penetration testing skills.  Continue Reading

• Integrate your CRM application with BI for maximum benefit

  Your CRM application need not stop after its growth after rollout. Integration with BI can helps organizations get the most from any CRM application.  Continue Reading

• CRAC unit sizing: Dos and don’ts

  A CRAC unit can consume a lot of power, but using it correctly can save costs and avoid fatalities. Read more about correctly sizing CRAC units in this tip.  Continue Reading

• Big data storage management challenges and how to deal with them

  Big data storage management is becoming an important concern. This tip will help you deal with your big data storage management challenges.  Continue Reading

• ISDN implementation: Part 2 -- Protocols, components and router options

  ISDN provides for digital transmission over ordinary telephone copper wire as well as over other media uses. In this continuation of his tip on ISDN implementation, Chris Partsenidis discusses the OSI Layers, protocols, components and router options...  Continue Reading

• BackTrack 5 tutorial Part I: Information gathering and VA tools

  Our BackTrack 5 tutorial covers information gathering and vulnerability assessment using BackTrack 5.  Continue Reading

• 8 power usage effectiveness (PUE) best practices for your data center

  Power usage effectiveness (PUE) is a measure of power efficiency in data center IT equipment. Use these best practices to learn how to tweak PUE levels.  Continue Reading

• Build an MDM hub with this step by step guide

  Building a master data management (MDM) hub can be baffling. Use this step by step manual to build your own efficient MDM hub.  Continue Reading

• Step-by-step aircrack tutorial for Wi-Fi penetration testing

  Aircrack-ng is a simple tool for cracking WEP keys as part of pen tests. In this aircrack tutorial, we outline the steps involved in cracking WEP keys.  Continue Reading

• Free-air cooling – using natural cooling in the data centre

  If your energy bills are soaring and you want a cost-effective means of maintaining your data centre’s temperature, consider natural cooling or free-air cooling.  Continue Reading

• Map your data classification policy to controls effectively: How-to

  Data classification policy plays an important role in control implementation and effectiveness. We take a look at the involved parameters.  Continue Reading

• Big data analytics made easy with SQL and MapReduce

  With growth in unstructured big data, RDBMS is inadequate for big data analytics. Know how to use SQL and MapReduce for big data analytics, instead.  Continue Reading

• OpenVAS how-to: Creating a vulnerability assessment report

  In this OpenVAS how-to, learn how to use the free scanner to create a vulnerability assessment report and assess threat levels.  Continue Reading

• SLA template and guidelines for DR outsourcing

  Use these guidelines along with our downloadable SLA template to structure, implement and successfully manage SLAs for DR infrastructure outsourcing.  Continue Reading

• Metasploit tutorial 3 – Database configuration & post exploit affairs

  Part three of our Metasploit tutorial covers database configuration in Metasploit and what needs to be done subsequent to exploitation using Metasploit.  Continue Reading

• Application migration to the cloud: Selecting the right apps

  Migrating applications to the cloud depends on many parameters. This tip helps you prioritize and carry out application migration correctly and effectively.  Continue Reading

• Private cloud setup in six easy steps

  Private cloud setup entails a systematic progression from assessment to optimization. This tip helps smooth your private cloud setup adoption journey.  Continue Reading

• Best practices for audit, log review for IT security investigations

  Device logs can be one of the most helpful tools infosec pros have, or they can be a huge waste of space.  Continue Reading

• Water cooling vs. air cooling: The rise of water use in data centres

  When comparing water cooling vs. air cooling techniques in data centres, you will find that air cooling is more popular. But water cooling is making its presence felt again.  Continue Reading

• MDM tools vendor selection criteria

  MDM tools are fast turning into necessities. Start your MDM tools vendor selection process with these helpful tips.  Continue Reading

• NIST SP 800-30 standard for technical risk assessment: An evaluation

  Risk assessment with NIST SP 800-30 focuses on securing IT infrastructure. Find out NIST SP 800-30 strengths, and learn how it differs from other standards.  Continue Reading

• 6 cloud SLA monitoring tips for better service delivery

  Cloud SLA monitoring is essential for better service delivery. These tips on effective cloud SLA monitoring help ensure SLAs from cloud vendors are met.  Continue Reading

• Website secure login: Alternatives to out-of-wallet questions

  Learn about alternatives to static knowledge-based authentication and out-of-wallet questions for secure website logins in this tip.  Continue Reading

• Metasploit tutorial part 2: Using meterpreter

  Part two of our Metasploit tutorial covers usage details of the meterpreter post-exploitation tool in Metasploit to create exploits that evade detection.  Continue Reading

• Nmap tutorial: Nmap scan examples for vulnerability discovery

  Learn how to use Nmap, the free network scanner tool, to identify various network devices and interpret network data to uncover possible vulnerabilities.  Continue Reading

• IT gap analysis template: Download the simplified edition

  Use our simple IT gap analysis template to document gaps between promise and delivery, for foolproof IT gap analysis and recommendations for bridging gaps.  Continue Reading

• OCTAVE risk assessment method examined up close

  The OCTAVE risk assessment method is unique in that it follows a self-directed approach to risk assessment. Leverage its strengths with this expert tip.  Continue Reading

• SAP security tutorial: Top 10 SAP security implementation steps

  Implementing SAP software securely isn't only the job of SAP specialists; the entire IT department has a role to play. Learn the top ten steps to a secure SAP implementation.  Continue Reading

• Metasploit tutorial part 1: Inside the Metasploit framework

  In part one of our Metasploit tutorial, learn the framework’s basics, to use it for vulnerability scans and create a simple exploit on a target system.  Continue Reading

• Building the business case for a server refresh

  As IT managers consider a server refresh, they need to create a solid business case for replacing hardware. Here’s how to garner support for the project.  Continue Reading

• Opex vs Capex: Maintaining the right balance

  A few thumb rules can provide answer to the conundrum that puzzles CIOs, opex vs capex. Read these tips to know what suits you the best: Opex or capex.  Continue Reading

• Build open source business intelligence platform successfully

  A business intelligence tool without a platform is like a body without a skeleton. Here is how you can build an open source business intelligence platform.  Continue Reading

• 13 LUN management tips for VMware environments

  Use these LUN management recommendations to ensure your VMware-based virtualization exercise results in optimal storage utilization and performance.  Continue Reading

• Free IT risk assessment template download and best practices

  Here’s a structured, step-by step IT risk assessment template for effective risk management and foolproof disaster-recovery readiness.  Continue Reading

• Top incident response steps: Incident response team responsibilities

  Do you know the proper incident response steps to handle a breach? Expert Davy Winder covers how to manage incident response team responsibilities.  Continue Reading

• Leveraging ISO 27005 standard’s risk assessment capabilities

  In this first of a series of articles on risk assessment standards, we look at the latest in the ISO stable; ISO 27005’s risk assessment capabilities.  Continue Reading

• Business intelligence center of excellence (BI CoE): A handy reference

  To extract maximum benefit from a BI solution, setting up a BI center of excellence (BI CoE) is essential. Here’s how you should go about it.  Continue Reading

• 5 easy ways to deal with irregular data for improved BI reporting

  Tips on how to make irregular data more consistent, accurate and reliable, in order to improve BI reporting and ensure better-informed business decisions.  Continue Reading

• Design change management procedure in five easy steps

  Clear-cut change management procedure is essential for success of any enterprise-wide IT deployment. Follow these simple steps to get it perfectly right.  Continue Reading

• Four handy botnet detection techniques and tools: A tutorial

  This tutorial will help you determine the right techniques and tools for effective botnet detection.  Continue Reading

• Three automated penetration testing tools for your arsenal

  Automated penetration testing tools provide effective exploit libraries and processes to detect network, as well as application vulnerabilities. Our picks.  Continue Reading

• Cloud applications: Five migration tips from Gartner

  Gartner offers tips on how IT organizations which desire to carry out cloud application migration can do so in an effective manner.  Continue Reading

• VA/PT technical report writing best practices for pen testers

  A good technical report is indispensible to vulnerability analysis/penetration testing (VA/PT) exercises. Guidelines on how to write concise VA/PT reports.  Continue Reading

• 6 data warehouse design mistakes to avoid

  Although difficult, flawless data warehouse design is a must for a successful BI system. Avoid these six mistakes to make your data warehouse perfect.  Continue Reading

• Demystifying wardriving: An overview

  With companies like Google being criticized for wardriving, this tip aims at decoding the concept and the associated legal implications.  Continue Reading

• Your enterprise wireless LAN questions answered

  Got wireless LAN questions? Our expert has solutions to 802.11n migration, wireless LAN troubleshooting and mesh network design.  Continue Reading