- Seven Steps to XML Mastery, Step 7: Ensure XML Security
- Aug 25, 2006
- We’ve come a long way since the beginning of our journey toward XML mastery. In the last article of his series, Frank Coyle examines XML-related security issues. We begin by looking at the family of XML security standards and then move on to the threat of black-hat attacks and what you can do to safeguard your XML-based applications.
|
- Tales from the Crypt: Encrypting Laptops
- Aug 25, 2006
- Chances are that right now you're reading this article on a laptop computer. Whether you're working at your desk or the local Starbucks, your laptop may just "take a walk" while you're not looking. If that happens, is the data on that machine - which is probably confidential, at least, and possibly crucial to your business - protected from the thief? Rick Cook explains some of the handy possibilities for encrypting your laptop and its data.
|
- XSS, Cookies, and Session ID Authentication – Three Ingredients for a Successful Hack
- Aug 11, 2006
- Seth Fogie looks at a real-life XSS attack and how it was used to bypass the authentication scheme of an online web application, leading to "shell" access to the web server.
|
- RFID Interrogation Zone Basics
- Aug 4, 2006
- This chapter will help you prepare for the CompTIA RFID+ Exam, focusing on interrogation zone basics, with sample questions and detailed answers for you to practice.
|
- Imaging for Intel Macs Part 1: Why Intel Macs Increase an Administrator's Workload and How Best to Manage Their Deployment
- Jul 28, 2006
- Deploying Intel Macs can add extra work for administrators because they require completely different Mac OS X releases and system images than Power PC Macs. Although it is possible to cobble a universal Mac OS X image together, is doing so really the best choice? In this first article in a two-part series, Ryan Faas looks at some of the specific challenges that relate to developing deployment strategies for Intel Macs and some of the ongoing issues if you opt to deploy a dual-platform environment using Mac workstations.
|
- Security Is a UI Problem
- Jul 28, 2006
- Balancing usability and security isn't an easy task, as evidenced by the number of systems with "security features" that are easy for users to turn off. David Chisnall discusses the issues on both sides of the fence.
|
- NASCAR Tech Habits Stress Data Sharing And Security Best Practices
- Jul 21, 2006
- Have you dreamed of getting behind the wheel of a 750-horsepower stock car and taking charge of the race? If you're responsible for protecting and maintaining the data-sharing capabilities of your organization, you're already in the driver's seat. Erik Eckel explains how we can learn some lessons from the speedy racers of the NASCAR set.
|
- Creating Custom Policies for the Cisco Security Agent
- Jul 14, 2006
- Creating your own policies is a major part of operating a successful CSA deployment. To accomplish this, you must thoroughly understand the components available to you and the methods of research available. Understanding the rule types and the events caused by those rules helps you move forward in your deployment and perform day-to-day support. A solid grasp of the fundamentals and advanced components not only makes you an effective administrator but also an efficient one. This chapter will help you get started with this.
|
- Tracking Avian Flu and Mad Cow: Is RFID Bringing Safer Food to a Store Near You?
- Jun 23, 2006
- With threats of Mad Cow and bird flu rattling our food chain, can Radio Frequency Identification (RFID) ensure a meal without epidemiological regrets? With rather a lot riding on these little transceivers, Laurie Rowell posits that it might be wise to take a good, hard look at this "tech du jour" that's supposed to save our supper.
|
- Keeping Your Data Safe with a RAID 1 Setup
- Jun 16, 2006
- Kulvir Bhogal shows you how you can build a low-cost RAID 1 setup to protect yourself against hard drive data loss.
|
- Troubleshooting Cisco Secure ACS on Windows
- Jun 16, 2006
- Cisco Secure Access Control Server, which is known as CS ACS, fills the server-side requirement of the Authentication, Authorization, and Accounting (AAA) client server equation. For many security administrators, the robust and powerful AAA engine, along with CS ACS's ability to flexibly integrate with a number of external user databases, makes the CS ACS software the first and sometimes only choice for an AAA server-side solution. This chapter explores CS ACS in detail and walks you through troubleshooting steps. The chapter focuses on the approach required to troubleshoot any issue efficiently, either with the CS ACS software itself or with the whole AAA process.
|
- Penetration Testing and Network Defense: Performing Host Reconnaissance
- Jun 2, 2006
- Malicious hackers also value reconnaissance as the first step in an effective attack. For them, seeing what is on the "other side of the hill" is crucial to knowing what type of attack to launch. Although penetration testers might not always have the luxury of time that a malicious hacker might have, they do recognize the value of reconnaissance. This chapter will help you develop network reconnaissance skills to help you protect your network from intrusion.
|
- Intrusion Prevention: Signatures and Actions
- May 26, 2006
- Attack signatures have been around for long enough that the definition should be universally understood, but that's not the case. Simply put, an IPS signature is any distinctive characteristic that identifies something. Using this definition, all IPS products use signatures of some kind, regardless of what the product descriptions claim. To find something and stop it, you must be able to identify it, and for you to identify it, it must display a distinct characteristic. This chapter introduces you to the concept of signatures.
|
- SSH Issues: Does Installing SSH Enable More Exploits Than it Solves?
- May 26, 2006
- SSH, the wonder tool of the security set, is misused by your users more easily and more often than you may think. John Traenkenschuh points out how well-intentioned administrators are using SSH to create gaping holes in their own security, and what you can do about it.
|
- Paid Paranoia: Hiring Security Experts
- May 12, 2006
- Paranoid about your company's level of security? You should be. Professional recruiter Bryan Dilts shows you how to determine what level of security you need and how to find the right security expert for your business.
|
- The Technical Foundations of Hacking
- May 4, 2006
- This chapter helps you prepare for the EC-Council Certified Ethical Hacker (CEH) Exam by covering topics like the Open Systems Interconnect (OSI) system and Transmission Control Protocol/Internet Protocol (TCP/IP). Sample questions with detailed answers from the exam are provided to help you prepare.
|
- Will Cell Phones be Responsible for the Next Internet Worm?
- Apr 28, 2006
- The mobile devices you know and love are great for productivity, but they have completely changed the vulnerability state of our networks. Norm Laudermilch tells you why you should be afraid, very afraid.
|
- Home Network Router Security Secrets
- Apr 7, 2006
- Ever delve inside your home network routers and use the hidden security settings that can lock down a network nice and tight? Most people never do. Andy Walker reveals 10 secrets on how to easily access your router's security settings.
|
- A Student-Hacker Showdown at the Collegiate Cyber Defense Competition
- Mar 31, 2006
- Students-turned-IT managers faced off against experienced hackers at the Mid-Atlantic Regional Collegiate Cyber Defense Competition. Seth Fogie witnessed this real-world competition and reports on its unexpected twists, turns, and even drama.
|
- Analyzing the Crossover Virus: The First PC to Windows Handheld Cross-infector
- Mar 8, 2006
- "Airborne" mobile viruses have been increasing in complexity at a surprising pace. In this article, Cyrus Peikari analyzes the new Crossover Trojan, which is the first malware that simultaneously infects both Windows PCs and Windows Mobile handheld devices.
|