IT Security
Security bloggers help keep you up to date on how to protect your network through news, updates, advice, and opinions on how you can stay ahead of hackers.
-
How to successfully implement the principle of least privilege
Least privilege is a core security principle, but it's one that often meets with resistance by users. Here are tips for how to implement it and get the point across to others.
-
Virtualizing apps could be the bridge over the BYOD security gap
Allowing BYOD has unfavorable implications for both the company and employees. Michael P. Kassner explores what businesses are doing to mitigate the risk.
-
Keeping your corporate social media accounts secure
Does your company have official social media accounts like Twitter or Facebook? How do you protect them from unauthorized access? Get a few tips here and take our poll on security measures.
-
Aaron Swartz legacy lives on with New Yorker's Strongbox: How it works
Strongbox was Aaron Swartz's final project. Michael P. Kassner explains why The New Yorker requested a way to keep sources and their information secret.
-
Mission impossible: Data identification and prioritization
Protecting your organization's most precious data is the goal, but not all data needs the same degree of care. Thinking strategically about what is most valuable can help you focus attention and funds where it's most needed.
-
Security lessons from the 2013 Verizon Data Breach Report
Verizon's latest report on data breach statistics offers security pros a guide to the most persistent threats and where attention should be focused to defend against them.
-
Cloud-service contracts and data protection: Unintended consequences
There are things your cloud-service (Facebook, Amazon, Google, Dropbox, etc.) contracts aren't telling you. Michael P. Kassner interviews an attorney concerned about what's not being said.
-
Google's Inactive Account Manager heightens enterprise awareness for securing data
Preventing the commingling of company and personal data means focusing on securing the company data.
-
Hackers: From innocent curiosity to illegal activity
Researchers asked why talented youth skilled in "computerese" evolve into criminal hackers. Michael P. Kassner explains their unexpected results.
-
New McAfee patent hints at a more walled-off online world
A McAfee patent hints at content filtering at the user level in order to block sites that offer pirated content.
-
The future of IT security compliance: 201 CMR 17.00
Why should you be concerned about a security rule that is part of the State law of Massachusetts -- especially if you aren't in business there? Donovan Colbert explains how compliance regulations have far-reaching effects in IT.
-
BoxCryptor vs. DropSmack: The battle to secure Dropbox
Can DropSmack malware be stopped? Michael P. Kassner asks the creators of BoxCryptor if it is up to the task of securing the Dropbox file-synchronization service.
-
Surveys: Aid security research by sharing your experience
These two security surveys are aimed at IT pros who can contribute their experience and opinions to research topics focused on security effectiveness in their organizations.
-
Running the gauntlet: Tips for achieving your CISSP
One of the most highly regarded security certifications is the CISSP. Dominic Vogel offers these nine tips for becoming certified based on his own experience.
-
Understanding what motivates Chinese hackers
Michael P. Kassner, with the help of a noted academic and author, looks at what motivates Chinese hackers. It may not be what you think.
-
Running the gauntlet: Tips for achieving your CISSP
One of the most highly regarded security certifications is the CISSP. Dominic Vogel offers these nine tips for becoming certified based on his own experience.
-
Ensure basic Web site security with this checklist
While I normally advocate a principles-based approach to maintaining system security, and deplore the typical "best practices" checklist approach, that does not mean that security checklists are without value. Employing a security procedures checklist is only the first step toward securing a resource, a means of aiding your memory before you apply your critical thinking skills and imagination to the problem of improving on the checklist in each individual case. Sometimes, a checklist can be useful in affecting workplace security policies as well.
-
Unix vs. Microsoft Windows: How system designs reflect security philosophy
There are distinct differences between Unix and MS Windows security philosophies. Two design policies serve as apt examples of those differences.
-
The truth about copier hard drives: Tips for securing your data
After watching the recent CBS News report on the data security risks of office copiers, I decided to learn more about these multi-function peripherals for myself. Here are some tips for securing MFPs in your organization.
-
Use sSMTP to send e-mail simply and securely
Computer users like me, who prefer daily e-mail dealings to be quick, simple, and devoid of distractions, tend to use a collection of small, separate tools to fulfill each of the critical functions of dealing with e-mail. This article addresses sending e-mail with a simple SMTP client called sSMTP on Unix and Linux systems, including how to use it for secure encrypted connections to your outgoing mail server.
-
How to escape SSH sessions without ending them
A simple task on the local machine in the middle of using SSH to work on a remote machine does not have to mean ending the SSH session.
-
Hiring hackers: The good, the bad and the ugly
Deb Shinder looks at the practice of hiring former hackers to work as security professionals. When is it a good idea? Is it ever? Here are the risks.
-
Android apps and SSL: Where's the padlock?
Are we making dangerous assumptions about Android apps and SSL connections? It seems like it, but Michael Kassner asks the experts to be sure.
-
New strain of ransomware evades detection by AV apps
Learn about a new type of ransomware that has the potential to snare many victims - and it's not even malware.
-
Search engine bias: What search results are telling you (and what they're not)
Search-engine bias affects our perception of what online information is available, is that a good thing or not? Are there risks?
-
What’s better than creating your own DDoS? Renting one
Thanks to the cloud, anyone can now initiate a DDoS attack. Find out how booter services work.
-
Managing default Unix file permissions with adduser and umask
Chad Perrin follow up his post on configuring Unix file permissions with instructions for automating permissions defaults for new files.
-
What is cross-site scripting?
Cross-site scripting, also known as "XSS", is a class of security exploit that has gotten a fair bit of attention in the last few years. Many users, and even Web developers, aren't entirely clear on what the term means, however. I'll explain cross-site scripting for you, so you will know where the dangers lie.
-
The mystical world of data center fire suppression
Data center fire suppression is more than a few sprinkler heads and a cool-sounding alarm. Rather it is about risk, budget, and a little common sense coming together to meet business continuity outcomes.
-
Prevent recurring problems with root cause analysis
In this series, we'll step through an easy root cause analysis process that requires no special training -- just a little effort and a lot of common sense.