- The Evolution of Evil: Changes in the Use of USB Devices as Delivery Mechanisms for Malicious Code
- Oct 7, 2010
- USB microcontrollers are small, capable of circumventing most malware detection software, and can deliver devastating payloads. Brad Bowers takes a closer look at this new attack vector and reveals some of the challenges IT security professionals face as the use of microcontrollers as an attack platform matures.
|
- Getting Owned: The USB Keystroke Injection Attack
- Oct 6, 2010
- What do you call a USB-based device that can bypass all AV and autorun policies? Although most would consider it a perfect mischievous attack vector, Hyundai has used it as a tool to build customer loyalty. This leaves Seth Fogie wondering: Are people planning to use this technology maliciously?
|
- Developing Network Security Strategies
- Oct 4, 2010
- To help you handle the difficulties inherent in designing network security for complex networks, this chapter teaches a systematic, top-down approach that focuses on planning and policy development before the selection of security products.
|
- Software [In]security: How to p0wn a Control System with Stuxnet
- Sep 23, 2010
- Gary McGraw describes the Stuxnet worm and explains some of its potentially dangerous implications.
|
- Software [In]security: Software Security Crosses the Threshold
- Aug 16, 2010
- The software security space exceeded the $500 million mark in 2009. Software security expert Gary McGraw examines the sales of security tools providers and services firms to find out how quickly the market is growing, and which parts of the market are driving growth.
|
- Software [In]security: Obama Highlights Cyber Security Progress
- Jul 16, 2010
- Software security expert Gary McGraw went to a White House meeting on cyber security attended by 100 public and private sector security experts. McGraw shares the details of the meeting, including an unannounced visit by President Obama.
|
- Network Security Auditing Tools and Techniques
- Jun 29, 2010
- This chapter discusses software tools and techniques auditors can use to test network security controls. Security testing as a process is covered, but the focus is on gathering the evidence useful for an audit.
|
- Software [In]security: Cyber War - Hype or Consequences?
- Jun 17, 2010
- Is the threat of cyber war real or imagined? In this article Gary McGraw first defines cyber war and then describes some very real possibilities.
|
- Tips, Tricks and Reminders for Putting a Home or Small Business Windows 7 Network Together
- Jun 8, 2010
- J. Peter Bruzzese and Nick Saccomanno provide four tips for setting up any small Windows 7 network.
|
- Recovering and Securing Your Wi-Fi Encryption Keys
- Jun 4, 2010
- Have you forgotten the WEP or WPA key or passphrase for your Wi-Fi? Eric Geier helps you discover how to recover or reset and secure your network password.
|
- CCDC and the Tale of the Insider Threat
- May 24, 2010
- Brad Bowers discusses the value of including the threat of insider attacks in Collegiate Cyber Defense Competition (CCDC) events.
|
- Five Applications to Secure Your Wi-Fi Hotspot Connections
- May 13, 2010
- Don't risk eavesdroppers capturing your email, passwords, and other sensitive info! Eric Geier reviews five helpful apps that encrypt your wireless traffic.
|
- Software [In]security: BSIMM2
- May 12, 2010
- Gary McGraw and colleagues discuss the latest iteration of the Building Security In Maturity Model, BSIMM2.
|
- Software [In]security: Assume Nothing
- Apr 30, 2010
- Software security expert Gary McGraw thinks Microsoft may be forgetting the old mantra of thinking like an attacker by deciding not to patch a vulnerability in the Virtual PC Hypervisor.
|
- The Bad Guys from Outside: Malware
- Apr 29, 2010
- In this chapter, you'll learn how malware works and why it presents such a threat to the enterprise.
|
- Moving to WPA/WPA2-Enterprise Wi-Fi Encryption
- Apr 9, 2010
- Wi-Fi networks in businesses should be using the Enterprise mode of WPA or WPA2 encryption. Eric Geier shows you how to move from the Personal (PSK) mode to the Enterprise (RADIUS) mode.
|
- Securing Your Wi-Fi Hotspot Sessions
- Mar 30, 2010
- Eric Geier shares tips to keep your email, documents, and computer safe while using Wi-Fi hotspots.
|
- Software [In]security: The Smart (Electric) Grid and Dumb Cybersecurity
- Mar 26, 2010
- Security expert Gary McGraw explains why the rush to upgrade our power grid may lead to security vulnerabilities in critical infrastructure.
|
- Software [In]security: What Works in Software Security
- Feb 26, 2010
- 15 of the 110 activities in the BSIMM are very commonly observed. Gary McGraw, Brian Chess, and Sammy Migues list and explain these activities.
|
- Cisco ASA Authentication, Authorization, and Accounting Network Security Services
- Jan 28, 2010
- This chapter provides an explanation of the configuration and troubleshooting of Cisco ASA-supported authentication, authorization, and accounting network security services.
|