IT Security

Security bloggers help keep you up to date on how to protect your network through news, updates, advice, and opinions on how you can stay ahead of hackers.

  • Mike Mullins // June 17, 2008, 12:24 AM PST

    Craft your own Internet usage policy with this sample

    Mike Mullins provides a general guideline for Internet and intranet usage in your organization and encourages you to educate users by distributing a formal Internet usage policy.


  • Chad Perrin // June 17, 2008, 10:07 AM PST

    Is Linux the most secure OS?

    Linux-based systems get a lot of press in IT trade publications. A lot of that press relates to its security characteristics. In fact, some claim "Linux is the most secure operating system (OS) of them all." How much truth is there in a statement like that?


  • Chad Perrin // May 22, 2008, 8:42 AM PST

    Not Invented Here has no place in open source development

    Last week, many Debian users got something of a shock when they realized that encryption keys for OpenSSH, OpenSSL, and OpenVPN have all been vulnerable to relatively easy compromise for a while. Previously, I discussed how you can detect and replace vulnerable SSH keys on Debian, and Vincent Danen explained another means to find and fix crypto key vulnerabilities that arose as a result of this snafu. So much for the technical matters -- read on for a quick overview of the rest of the story.


  • Paul Mah // May 25, 2008, 2:34 PM PST

    Close to half of government laptops encrypted, 1.2 million more to go

    Over 800,000 licenses for encryption software have been purchased through the Data at Rest (DAR) Encryption program last year. The DAR program is run jointly by the General Services Administration and the Department of Defense.


  • Chad Perrin // May 26, 2008, 6:16 AM PST

    Making encryption popular

    We've already discussed the importance of being encrypted. Now it's time to discuss the very real problem of encryption system adoption. How do we get people to actually use encryption?


  • Selena Frye // August 5, 2008, 1:10 AM PST

    CNN Top 10 e-mail leading users to malware

    Attention news junkies: The Belgian MX virus and spam blog is reporting that today's CNN Top 10 e-mail links are sending unwitting users to sites hosting malware.


  • Selena Frye // August 12, 2008, 4:55 AM PST

    Defcon brings together security pros and hackers

    Check out what's going on at the 16th annual Defcon security conference in Las Vegas. It brings together mainstream security professionals and underground hackers for a unique perspective on security.


  • Tom Olzak // January 11, 2009, 8:00 PM PST

    It's all about the basics

    When something as fundamental as an agency-wide security program is missing, it's easy to understand why basic security controls are also absent and why employees don't understand the difference between safe and risky behavior.


  • Chad Perrin // March 24, 2008, 8:55 AM PST

    Using GnuPG encryption tools with Gpg4win

    Last month, I wrote about using GnuPG on Unix and Linux systems. You can get OpenPGP functionality on your Microsoft Windows system with GnuPG as well, and I aim to explain how.


  • Michael Kassner // August 3, 2009, 6:06 AM PST

    Automated updates: Why they may not be such a good idea

    It's the time of year that software developers dread. Black Hat and Defcon security conferences just finished, the fallout is starting to be digested, and everyone is figuring out who got hit the worst. Micahel Kassner addresses the potential of a new threat involving automatic updates.


  • Selena Frye // March 2, 2009, 5:48 AM PST

    Protect your organization from disgruntled workers

    As the layoff wave continues, a large pool of stressed, angry, and possibly vindictive ex-employees is accumulating, putting security practices to the test. These resources will help you customize your own security policies.


  • Chad Perrin // March 3, 2009, 9:51 AM PST

    More about what my grandmother taught me

    In November 2007, I wrote about the Identity Theft Enforcement and Restitution Act of 2007, its stated intent, and some possible results of the passage of such an Act. At the time, it had only passed the Senate, and was still being debated in the House. It has since been passed -- and it's a disappointment.


  • Chad Perrin // July 7, 2009, 7:19 AM PST

    Understanding risk, threat, and vulnerability

    IT security, like any other technical field, has its own specialized language developed to make it easier for experts to discuss the subject. It pays to understand this jargon when researching security.


  • Selena Frye // July 8, 2009, 6:31 AM PST

    Security tips and checklists for re-evaluating your infrastructure

    Use the sultry summer days to catch up on the latest security tips from Global Knowledge experts. You might find a few new ideas to shore up your network.


  • Michael Kassner // November 28, 2010, 11:09 PM PST

    Mobile banking apps may be vulnerable: Testing and results

    Mobile-banking applications are a nice convenience, but are they secure as they need to be? If you use your bank's app, you need to learn what I found out.