IT Security

Security bloggers help keep you up to date on how to protect your network through news, updates, advice, and opinions on how you can stay ahead of hackers.

  • Chad Perrin // February 3, 2009, 8:23 AM PST

    Is this what they call a feature?

    We've probably all heard the old joke that at Microsoft, "It's not a bug, it's a feature." Microsoft is at it again.


  • Tom Olzak // February 1, 2009, 8:00 PM PST

    The opportunities and risks of DECT, CAT-iq

    Before you install a wireless monitoring and control system, check to see if it uses DECT/CAT-iq technology. If it does, make sure you're not filling the local 1.9 GHz airwaves with information you'd rather not release to an attacker.


  • Chad Perrin // January 29, 2009, 5:16 PM PST

    Filesystem fragmentation: Security threat

    It may not be immediately apparent, but filesystem fragmentation is more than just a minor annoyance; it can also slightly increase the level of risk to your system and data security.


  • Tom Olzak // January 27, 2009, 8:00 PM PST

    When planning a trip, it helps to have a destination

    Arriving at the right destination all in one piece is determined in large part by knowing where you're going and how you plan to get there. Planning security for a new technology project is not very different.


  • Chad Perrin // January 27, 2009, 2:56 AM PST

    Don't try to control what you don't understand

    A new bill in consideration by the US House of Representatives illustrates three reasons people who don't understand security should not dictate security policy.


  • Tom Olzak // January 25, 2009, 8:00 PM PST

    There are three control elements in role-based access design

    Each access control element plays an important role. Each must be assessed when evaluating multi-factor authentication and SSO solutions. Don’t let your organization rush to implement streamlined login methods while ignoring one or more important test.


  • Chad Perrin // January 22, 2009, 7:20 AM PST

    Options for OpenPGP

    For quality open source OpenPGP-compliant public key encryption tools, GnuPG isn't the only game in town.


  • Tom Olzak // January 20, 2009, 8:00 PM PST

    Has the time arrived for all holdouts to adopt strong passwords?

    Are strong passwords still the best defense, or is a layered controls framework, including intrusion or extrusion response, sufficient to effect strong access control?


  • Chad Perrin // January 20, 2009, 2:28 AM PST

    How should you handle software updates?

    Whether you're talking about computers in a well-secured enterprise network or those plugged directly into a DSL modem at home affects how software patching should be handled.


  • Tom Olzak // January 18, 2009, 8:00 PM PST

    Hosts file pharming and other botnet recruiting methods

    Fighting spam and other botnet recruitment efforts requires constant vigilance. We might not be able to eliminate the bad guys, but we can certainly raise the level of effort necessary for them to use our networks for financial gain.


  • Chad Perrin // January 15, 2009, 5:22 AM PST

    Managers and technologists live in different worlds

    There is a fundamental disconnect in the way the typical manager and the typical technologist each approach the world.


  • Tom Olzak // January 13, 2009, 8:00 PM PST

    Social networking risk: Managing the inevitable

    We are all familiar with the attacks against sites like Facebook. However, focus on these breaches of privacy tends to move our attention from a more insidious potential use of these sites--social engineering activities.


  • Chad Perrin // January 13, 2009, 8:13 AM PST

    25 most dangerous programming errors

    Computer security organizations the world over have come together to produce a list of the 25 "most dangerous" programming errors. If you do any programming, it's time to sit up and take notice.


  • Tom Olzak // January 11, 2009, 8:00 PM PST

    It's all about the basics

    When something as fundamental as an agency-wide security program is missing, it's easy to understand why basic security controls are also absent and why employees don't understand the difference between safe and risky behavior.


  • Chad Perrin // January 8, 2009, 6:23 AM PST

    REAL ID in a nutshell

    The REAL ID Act has sparked a lot of controversy -- but what is it? Chad Perrin looks at the opposition to REAL ID and discusses some of the primary issues with its adoption.