Security

722 Items

Sort by Date | Title

The Role of Architectural Risk Analysis in Software Security: Mar 3, 2006; Design flaws account for 50% of security problems. You can’t find design defects by staring at code—a higher-level understanding is required. That’s why architectural risk analysis plays an essential role in any solid software security program. Find out more about architectural risk analysis in this sample chapter.

Preventing State-Based Attacks of Web Applications: Feb 24, 2006; The concept of state, or the ability to remember information as a user travels from page to page within a site, is an important one for Web testers. Developers of Web applications must take it upon themselves to code state information so they can enforce rules about page access and session management. This chapter contains a series of attacks that will help determine if your Web application does this important task correctly and securely.

Pane Relief: Rooting Around for Rootkits: Jan 27, 2006; As if your computer didn't give you enough cause for concern, now there's rootkits, nasty programs designed to hide away on your system and conceal software that takes control invisibly. Rick Cook explains what you need to know about these electronic cockroaches, how to find them, and what to do when you discover that you've been infested.

Measuring the Effectiveness of Application Security Policies: Jan 13, 2006; Just because a package has few REPORTED vulnerabilities, that doesn't mean that it actually HAS few vulnerabilities, or address the severity of the holes that are reported. In this article Chisnall argues the true measure of security is what happens once a vulnerability is found.

Cisco ASA Security Contexts: Dec 16, 2005; The virtual firewall methodology enables a physical firewall to be partitioned into multiple standalone firewalls. Each standalone firewall acts and behaves as an independent entity with its own configuration, interfaces, security policies, routing table, and administrators. In Cisco ASA, these virtual firewalls are known as security contexts. This chapter covers security contexts in detail.

Why You Need to Conduct Risk Assessment: Dec 16, 2005; With industry compliancy and information security laws and mandates being introduced in the past four years, the need for conducting a vulnerability and risk assessment is now paramount. This chapter helps you understand the need for risk assessment, and why stopping security problems before they start is vital to your business.

Microsoft Security Assessment Tool: Can It Make Your Organization More Secure?: Dec 9, 2005; The Microsoft Security Assessment Tool (MSAT) claims to analyze whether your existing network security architecture meets some of the common industry best practices. Zubair Alexander assesses the assessor, reporting on the strengths and weaknesses in this free utility.

The Changing Face of Data Protection: Dec 9, 2005; The explosion of corporate data in the 1990s, coupled with new data storage technology such as networked storage, has made the accumulation and management of large amounts of data a corporate priority. The ability to protect this data is paramount, and this chapter will give you an idea of how data protection has changed and grown in the past few years.

Corporate Governance, Business Continuity Planning, and Disaster Recovery: Dec 1, 2005; To protect business stakeholders, corporate governance focuses a sharp eye on all measures and systems within the organization to ensure compliance with laws, regulations, and standards. Michelle Johnston Sollicito points out the many required aspects of a proper business continuity plan and shows you where to look for holes in your process.

How the iPod Will Change the Face of Computer Security: Dec 1, 2005; Apple probably didn't intend it, but the iPod will likely prove to be an important stepping stone into solving a problem that has faced computer scientists for more than 30 years. Bruce Potter explains.

Methods of Computer System Attacks: Dec 1, 2005; The methods of attack that are available are broad-ranging and insidious, yet many of them are available to even amateur hackers through the use of tools widely available on the Internet. For this reason, securing applications today is no small challenge. This chapter discussed the various kinds of attack, including categories and examples of social engineering attacks.

Secure Coding in C and C++: Strings: Dec 1, 2005; Strings—such as command-line arguments, environment variables, and console input—are of special concern in secure programming because they comprise most of the data exchanged between an end user and a software system. This chapter covers the security issues with strings and how you can sidestep them.

iptables: The Linux Firewall Administration Program: Nov 23, 2005; This chapter covers the iptables firewall administration program used to build a Netfilter firewall. For those of you who are familiar with or accustomed to the older ipfwadm and ipchains programs used with the IPFW technology, iptables will look very similar to those programs. However, it is much more feature-rich and flexible, and it is very different on subtle levels.

Securing Databases with Cryptography: Nov 23, 2005; This chapter discusses how cryptography can fit into your security profile. After explaining what cryptography is and providing a general idea of how it works, we dig into the various types of cryptographic algorithms and see where the strengths and weaknesses of each lie.

Protecting Your Network from Security Risks and Threats: Nov 18, 2005; The second your network connects to the greater world of the internet, you expose yourself to attack. For a large corporation, malware can cause plenty of problems, but for a small business, attacks can spell total disaster. This chapter explains the types of attacks and how to protect your network with a focus on security for small businesses.

Windows Live Response for Collecting and Analyzing Forensically Sound Evidence: Nov 11, 2005; Sometimes your victim cannot afford to remove the system or the only evidence of the incident may currently be in memory. Either way, a standard forensic duplication is impossible. This chapter will address a technique for collecting and analyzing forensically sound evidence from what is known as the Live Incident Response Process.

Cisco ASA and PIX Firewall Logging: By David Hucaby; Nov 4, 2005; Cisco firewalls and security appliances can be configured to generate an audit trail of messages describing their activities. Firewall logs can be collected and analyzed to determine what types of traffic have been permitted or denied, what users have accessed various resources, and so on. This chapter presents the tasks that are necessary to begin generating and collecting logging messages.

IPSec Authentication and Authorization Models: Oct 21, 2005; This chapter covers IPSec features and mechanisms that are primarily targeted at the authentication of remote access users. You'll learn about XAUTH, which provides extended authentication for IPSec telecommuters by using authentication schemes such as RADIUS. MODECFG uses a push model to push attributes to the IPSec client.

Living the "Least Privilege" Lifestyle, Part 4: Is Developing Secure Software as an Administrator an Impossible Dream?: Oct 21, 2005; Now that Don Kiely has convinced us of the need to run as mere users whenever possible, he focuses on how software developers can (and should) live the least privilege lifestyle to ensure that applications they write are secure.