- SSH Security Primer: Server Security Settings
- Feb 23, 2007
- John Tränkenschuh describes the settings and implementation details important to your OpenSSH server installation. Because an OpenSSH server functions as a VPN gateway as much as a means to transfer files and invoke commands remotely, it's important to get this right.
|
- ClickOnce Security
- Feb 16, 2007
- Brian Noyes discusses different aspects of deployment security and gives you a solid understanding of what protections ClickOnce provides and how you can customize those protections to suit the needs of your particular application.
|
- SSH Security Primer: Client Security
- Feb 16, 2007
- John Tränkenschuh provides a quick survey of SSH client security issues and suggested configurations for the reference SSH distribution, OpenSSH.
|
- Stateful Web Application Firewalls with .NET
- Feb 9, 2007
- A Web Application Firewall (WAF), though still evolving, is crucial for strong application layer defense. It is possible to bridge WAF and session objects on the .NET platform to build a stateful WAF (SWAF). Security expert Shreeraj Shah covers the concept, implementation, and deployment of SWAF.
|
- Is There a Security Problem in Computing?
- Dec 29, 2006
- This sample chapter examines what kinds of vulnerabilities computing systems are prone to. It then considers why these vulnerabilities are exploited, who is involved, and how to prevent possible attacks on systems.
|
- Broadband Routers and Firewalls
- Nov 17, 2006
|
- Building a Human Firewall: Raising Awareness to Protect Against Social Engineering
- Oct 27, 2006
- Thierry Wohnlich proposes an alternate view of information security awareness, a view that takes into consideration the reasons behind the need for awareness, and discusses the role of the individuals in relation to information technology.
|
- The Solaris UFS File System
- Oct 27, 2006
- The UFS file system is the general-purpose, disk-based file system that is shipped with Solaris today and has been the default file system since early versions of SunOS 4.x. This sample chapter covers its history, architecture, and some basic administrative concepts.
|
- Java EE and .NET Security Interoperability
- Oct 13, 2006
- This chapter covers the features of Java and .NET security that make interoperability easier. It also discusses different technologies (such as authentication in the Presentation tier) and the open standards (such as Web services security) where Java and .NET applications can interact. Finally, two interoperability strategies are discussed.
|
- Operating and Security Standards for Mainframes, Open Systems, and Telecommunications (Part 2 of 3)
- Oct 6, 2006
- In part 1 of this series, Leo Wrobel examined how to start developing standards to help your business prevent disasters - and recover from them, if necessary. This article explores the physical standards that should be addressed in every business standards document: physical security, theft deterrence, fire prevention, and more.
|
- Operating and Security Standards for Mainframes, Open Systems, and Telecommunications (Part 1 of 3)
- Sep 29, 2006
- Business is messy enough without adding a disaster to the mix. In this three-part series, Leo Wrobel presents suggestions for developing standards to help your business prevent such messes in the first place, and for rapid cleanup and business restoration if something untoward happens despite your preparations.
|
- How to Secure AJAX Requests
- Sep 1, 2006
- It's always important to implement some sort of security model in your database-enabled AJAX applications, says Kris Hadlock. Otherwise, you leave your database completely exposed. In this article, he shows a relatively simple procedure for including password verification in an AJAX/database interaction.
|
- Mitigating the Security Risks of SSH
- Aug 25, 2006
- John Tränkenschuh describes ways to create a solid security plan to lessen the unknown factors of SSH security.
|
- Seven Steps to XML Mastery, Step 7: Ensure XML Security
- Aug 25, 2006
- We’ve come a long way since the beginning of our journey toward XML mastery. In the last article of his series, Frank Coyle examines XML-related security issues. We begin by looking at the family of XML security standards and then move on to the threat of black-hat attacks and what you can do to safeguard your XML-based applications.
|
- Tales from the Crypt: Encrypting Laptops
- Aug 25, 2006
- Chances are that right now you're reading this article on a laptop computer. Whether you're working at your desk or the local Starbucks, your laptop may just "take a walk" while you're not looking. If that happens, is the data on that machine - which is probably confidential, at least, and possibly crucial to your business - protected from the thief? Rick Cook explains some of the handy possibilities for encrypting your laptop and its data.
|
- XSS, Cookies, and Session ID Authentication – Three Ingredients for a Successful Hack
- Aug 11, 2006
- Seth Fogie looks at a real-life XSS attack and how it was used to bypass the authentication scheme of an online web application, leading to "shell" access to the web server.
|
- RFID Interrogation Zone Basics
- Aug 4, 2006
- This chapter will help you prepare for the CompTIA RFID+ Exam, focusing on interrogation zone basics, with sample questions and detailed answers for you to practice.
|
- Imaging for Intel Macs Part 1: Why Intel Macs Increase an Administrator's Workload and How Best to Manage Their Deployment
- Jul 28, 2006
- Deploying Intel Macs can add extra work for administrators because they require completely different Mac OS X releases and system images than Power PC Macs. Although it is possible to cobble a universal Mac OS X image together, is doing so really the best choice? In this first article in a two-part series, Ryan Faas looks at some of the specific challenges that relate to developing deployment strategies for Intel Macs and some of the ongoing issues if you opt to deploy a dual-platform environment using Mac workstations.
|
- NASCAR Tech Habits Stress Data Sharing And Security Best Practices
- Jul 21, 2006
- Have you dreamed of getting behind the wheel of a 750-horsepower stock car and taking charge of the race? If you're responsible for protecting and maintaining the data-sharing capabilities of your organization, you're already in the driver's seat. Erik Eckel explains how we can learn some lessons from the speedy racers of the NASCAR set.
|
- Creating Custom Policies for the Cisco Security Agent
- Jul 14, 2006
- Creating your own policies is a major part of operating a successful CSA deployment. To accomplish this, you must thoroughly understand the components available to you and the methods of research available. Understanding the rule types and the events caused by those rules helps you move forward in your deployment and perform day-to-day support. A solid grasp of the fundamentals and advanced components not only makes you an effective administrator but also an efficient one. This chapter will help you get started with this.
|