- Introduction to Network-Based Intrusion Detection Systems
-
By
William Stallings
- Aug 24, 2007
- Bill Stallings examines network intrusion detection systems.
|
- Identity 2.0: How Attackers Break into Identity-centric Services
- Aug 17, 2007
- pdp reveals the dangers of user-centric management systems.
|
- Talk Is Cheap: Why the Security Industry Needs to Improve Its Bedside Manner
- Aug 17, 2007
- Michael Kemp explores an often-overlooked aspect of security practice, namely communicating with clients so that they can be assured of expertise instead of being awed by it.
|
- Computer Security and Statistical Databases
-
By
William Stallings
- Aug 17, 2007
- Bill Stallings looks at the unique security issues that relate to statistical databases.
|
- Role-Based Access Control in Computer Security
-
By
William Stallings
- Aug 10, 2007
- Bill Stallings explains the principles of role-based access control.
|
- Technical Advances Make Your Passwords Practically Worthless
- Jun 1, 2007
- Passwords are supposed to be kept secret, but due to continuing advances in technology, they are becoming weaker every day. Randy Nash outlines the dangers facing passwords and suggests some additional measures needed to protect even ordinary digital assets.
|
- Is Your Agency Failing FISMA?
- May 18, 2007
- Is your agency failing to meet its FISMA requirements? Randy Nash provides an introduction and general overview to the Federal Information Security Management Act (FISMA) and the Certification and Accreditation (C&A) process and examines why many organizations have trouble complying.
|
- SSH Security Primer: Server Security Settings
- Feb 23, 2007
- John Tränkenschuh describes the settings and implementation details important to your OpenSSH server installation. Because an OpenSSH server functions as a VPN gateway as much as a means to transfer files and invoke commands remotely, it's important to get this right.
|
- ClickOnce Security
- Feb 16, 2007
- Brian Noyes discusses different aspects of deployment security and gives you a solid understanding of what protections ClickOnce provides and how you can customize those protections to suit the needs of your particular application.
|
- SSH Security Primer: Client Security
- Feb 16, 2007
- John Tränkenschuh provides a quick survey of SSH client security issues and suggested configurations for the reference SSH distribution, OpenSSH.
|
- Stateful Web Application Firewalls with .NET
- Feb 9, 2007
- A Web Application Firewall (WAF), though still evolving, is crucial for strong application layer defense. It is possible to bridge WAF and session objects on the .NET platform to build a stateful WAF (SWAF). Security expert Shreeraj Shah covers the concept, implementation, and deployment of SWAF.
|
- Is There a Security Problem in Computing?
- Dec 29, 2006
- This sample chapter examines what kinds of vulnerabilities computing systems are prone to. It then considers why these vulnerabilities are exploited, who is involved, and how to prevent possible attacks on systems.
|
- Broadband Routers and Firewalls
- Nov 17, 2006
|
- Building a Human Firewall: Raising Awareness to Protect Against Social Engineering
- Oct 27, 2006
- Thierry Wohnlich proposes an alternate view of information security awareness, a view that takes into consideration the reasons behind the need for awareness, and discusses the role of the individuals in relation to information technology.
|
- The Solaris UFS File System
- Oct 27, 2006
- The UFS file system is the general-purpose, disk-based file system that is shipped with Solaris today and has been the default file system since early versions of SunOS 4.x. This sample chapter covers its history, architecture, and some basic administrative concepts.
|
- Java EE and .NET Security Interoperability
- Oct 13, 2006
- This chapter covers the features of Java and .NET security that make interoperability easier. It also discusses different technologies (such as authentication in the Presentation tier) and the open standards (such as Web services security) where Java and .NET applications can interact. Finally, two interoperability strategies are discussed.
|
- Operating and Security Standards for Mainframes, Open Systems, and Telecommunications (Part 2 of 3)
- Oct 6, 2006
- In part 1 of this series, Leo Wrobel examined how to start developing standards to help your business prevent disasters - and recover from them, if necessary. This article explores the physical standards that should be addressed in every business standards document: physical security, theft deterrence, fire prevention, and more.
|
- Operating and Security Standards for Mainframes, Open Systems, and Telecommunications (Part 1 of 3)
- Sep 29, 2006
- Business is messy enough without adding a disaster to the mix. In this three-part series, Leo Wrobel presents suggestions for developing standards to help your business prevent such messes in the first place, and for rapid cleanup and business restoration if something untoward happens despite your preparations.
|
- How to Secure AJAX Requests
- Sep 1, 2006
- It's always important to implement some sort of security model in your database-enabled AJAX applications, says Kris Hadlock. Otherwise, you leave your database completely exposed. In this article, he shows a relatively simple procedure for including password verification in an AJAX/database interaction.
|
- Mitigating the Security Risks of SSH
- Aug 25, 2006
- John Tränkenschuh describes ways to create a solid security plan to lessen the unknown factors of SSH security.
|