- Information Security Bookshelf: Part 2 (2011 Edition)
- Dec 13, 2010
- In this second part of a two-part series on information security books, Ed Tittel compiles a collection of pointers to useful and informative books on information security.
|
- Information Security Bookshelf: Part 1 (2011 Edition)
- Dec 6, 2010
- In this first part of a two-part series on information security books, Ed Tittel compiles a collection of pointers to useful and informative books on information security.
|
- Cisco Unified Wireless LAN Security Fundamentals
- Dec 3, 2010
- This chapter discusses the fundamentals of wireless LAN security in the context of the Cisco Unified Wireless Network (CUWN).
|
- Software [In]security: Cyber Warmongering and Influence Peddling
- Nov 24, 2010
- Gary McGraw & Ivan Arce explain how the current climate of exaggeration and FUD surrounding cyber attacks does not ultimately serve the best interests of computer security research — or our country.
|
- Software [In]security: Technology Transfer
- Oct 26, 2010
- Gary McGraw discusses the evolution of a source code scanning tool from research project to commercial project and details the transfer of technology that made it all happen.
|
- The Evolution of Evil: Changes in the Use of USB Devices as Delivery Mechanisms for Malicious Code
- Oct 7, 2010
- USB microcontrollers are small, capable of circumventing most malware detection software, and can deliver devastating payloads. Brad Bowers takes a closer look at this new attack vector and reveals some of the challenges IT security professionals face as the use of microcontrollers as an attack platform matures.
|
- Getting Owned: The USB Keystroke Injection Attack
- Oct 6, 2010
- What do you call a USB-based device that can bypass all AV and autorun policies? Although most would consider it a perfect mischievous attack vector, Hyundai has used it as a tool to build customer loyalty. This leaves Seth Fogie wondering: Are people planning to use this technology maliciously?
|
- Developing Network Security Strategies
- Oct 4, 2010
- To help you handle the difficulties inherent in designing network security for complex networks, this chapter teaches a systematic, top-down approach that focuses on planning and policy development before the selection of security products.
|
- Software [In]security: How to p0wn a Control System with Stuxnet
- Sep 23, 2010
- Gary McGraw describes the Stuxnet worm and explains some of its potentially dangerous implications.
|
- Software [In]security: Software Security Crosses the Threshold
- Aug 16, 2010
- The software security space exceeded the $500 million mark in 2009. Software security expert Gary McGraw examines the sales of security tools providers and services firms to find out how quickly the market is growing, and which parts of the market are driving growth.
|
- Software [In]security: Obama Highlights Cyber Security Progress
- Jul 16, 2010
- Software security expert Gary McGraw went to a White House meeting on cyber security attended by 100 public and private sector security experts. McGraw shares the details of the meeting, including an unannounced visit by President Obama.
|
- Network Security Auditing Tools and Techniques
- Jun 29, 2010
- This chapter discusses software tools and techniques auditors can use to test network security controls. Security testing as a process is covered, but the focus is on gathering the evidence useful for an audit.
|
- Software [In]security: Cyber War - Hype or Consequences?
- Jun 17, 2010
- Is the threat of cyber war real or imagined? In this article Gary McGraw first defines cyber war and then describes some very real possibilities.
|
- Tips, Tricks and Reminders for Putting a Home or Small Business Windows 7 Network Together
- Jun 8, 2010
- J. Peter Bruzzese and Nick Saccomanno provide four tips for setting up any small Windows 7 network.
|
- Recovering and Securing Your Wi-Fi Encryption Keys
- Jun 4, 2010
- Have you forgotten the WEP or WPA key or passphrase for your Wi-Fi? Eric Geier helps you discover how to recover or reset and secure your network password.
|
- CCDC and the Tale of the Insider Threat
- May 24, 2010
- Brad Bowers discusses the value of including the threat of insider attacks in Collegiate Cyber Defense Competition (CCDC) events.
|
- Five Applications to Secure Your Wi-Fi Hotspot Connections
- May 13, 2010
- Don't risk eavesdroppers capturing your email, passwords, and other sensitive info! Eric Geier reviews five helpful apps that encrypt your wireless traffic.
|
- Software [In]security: BSIMM2
- May 12, 2010
- Gary McGraw and colleagues discuss the latest iteration of the Building Security In Maturity Model, BSIMM2.
|
- Software [In]security: Assume Nothing
- Apr 30, 2010
- Software security expert Gary McGraw thinks Microsoft may be forgetting the old mantra of thinking like an attacker by deciding not to patch a vulnerability in the Virtual PC Hypervisor.
|
- The Bad Guys from Outside: Malware
- Apr 29, 2010
- In this chapter, you'll learn how malware works and why it presents such a threat to the enterprise.
|