- Software [In]security: Software Security Demand Rising
- Aug 11, 2008
- Gary McGraw breaks down the numbers from 2007, showing that software security is making headway in the enterprise even against economic headwinds.
|
- Perception of Security Risk: Fear, Uncertainty, and Doubt
- Jul 28, 2008
- Why do so many security product vendors use it as part of the sales pitch? As Randy Nash explains, because it works.
|
- A Brief History of (Internet) Time: From the Beginnings of Malicious Code to Their Likely Future
- Jul 21, 2008
- Randy Nash looks at the complex relationship between computing power, the growth of the Internet, and the changes in malicious code over time.
|
- Software [In]security: Application Assessment as a Factory
- Jul 17, 2008
- Gary McGraw explains how creating an application assessment factory can salvage the power of the cost per defect metric while mitigating the potential for its misuse.
|
- The Building Blocks in a Cisco NAC Appliance Design
- Jul 8, 2008
- This chapter focuses on the building blocks available with the Cisco NAC Appliance solution.
|
- Security Features on Switches
- Jul 4, 2008
- This chapter describes Layer 2 security basics and security features on switches available to combat network security threats.
|
- Securing the Cisco Security Monitoring, Analysis, and Response System
- Jul 3, 2008
- This chapter describes recommendations for securing MARS appliances, both physically and electronically.
|
- Introduction to Mainframe Basics for Security Professionals
- Jul 2, 2008
- This chapter describes the evolution of the mainframe and the reasons it is the leading platform for reliable computing. It also explains how to use the key elements of z/OS.
|
- Securing Wireless Networks
- Jul 2, 2008
- This chapter discusses wireless security, including a checklist for securing Wi-Fi.
|
- Data Theft: How Big a Problem?
- Jun 30, 2008
- Michael Miller discusses how data theft happens, where the data goes, and to what extent it is a problem.
|
- Identifying and Classifying Network Security Threats
- Jun 26, 2008
- This chapter presents several best practices and methodologies you can use to successfully and quickly identify and classify security threats and anomalies in the network.
|
- A Practical Guide to Trusted Computing: Writing a TPM Device Driver
- Jun 25, 2008
- In this chapter, the authors demonstrate how to talk to a TPM (both 1.1 and 1.2) at the lowest level. This will be useful for programmers who want to talk to the TPM directly, either in BIOS or a device driver.
|
- IP Network Traffic Plane Security Concepts
- Jun 18, 2008
- This chapter introduces the concepts of defense in depth and breadth as applied to IP traffic plane security.
|
- Software [In]security: DMCA Rent-a-cops Accept Fake IDs
- Jun 12, 2008
- Gary McGraw explains how the enforcement of copyright law is leading to the improper application of the Digital Millennium Copyright Law.
|
- SSL VPN Design Considerations
- Jun 10, 2008
- This chapter discusses design issues you should consider when you build a Secure Socket Layer (SSL) Virtual Private Network (VPN) solution.
|
- Attacking the Spanning Tree Protocol
- Jun 4, 2008
- Conducting STP attacks is now within the reach of a wide population, thanks to the availability of point-and-shoot attacks tools. Fortunately, simple features widely available on a range of switches, such as BPDU-guard, provide effective measures against spanning-tree–based exploits.
|
- Secret Bits: How Codes Became Unbreakable
- Jun 3, 2008
- As encryption becomes pervasive, will the benefits to personal privacy outweigh the costs to national intelligence?
|
- Why Is Security a Software Issue?
- Jun 2, 2008
- This chapter discusses why security is increasingly a software problem.
|
- Data Loss and Full Disk Encryption
- May 30, 2008
- Randy Nash discusses the patterns of data loss, security policy, full disk vs. folder encryption, and vulnerabilities related to volatile memory.
|
- Turning the OLPC Into a Hacker’s Toolkit - Give One, Get Owned, Part 2
- May 26, 2008
- Seth Fogie steers beyond mere enhancements and shows how to turn the OLPC XO into a hacker’s toolkit.
|