Security Zone

Security Training Falling Through the Education Cracks

an Francisco, Calif.?”Ninety-nine percent of the people want to write secure code,” said panelist Ira Winkler, at the Secure Software Forum last week, “they just don’t know how.” Winkler, Global Security Strategist for CSC Consulting, was one of 12 panelists at the SPI Dynamics-hosted event, and his comment was at

No-cost System Lockdown, Part 2: Open Source IDS in Use

art 1 of this article explained IDS and examined the most popular open source IDS solutions. Part 2 demonstrates some common, practical uses for these solutions. The first example is application-based IDS, which addresses the problems involved with securing Web sites. Web sites commonly run on the Apache Web server

Open Source Intrusion Detection: No-cost System Lockdown

owadays, basic information security at any level should include an intrusion detection system (IDS) that gathers and later analyzes intrusion data. The primary goal of IDS software is monitoring hostile operations of all types, whether human (hackers and crackers) or programmatic (viruses, Trojan horses). An IDS can function on a

Enforce Custom Password Policies in Windows

icrosoft Windows allows you to define various password policy rules. Specifically, it allows you to enable the “Password must meet complexity requirements” setting using the Policy Editor. This validates user passwords against password filter(s) (system DLL(s)). Usually, people use the default filter. However, many admins say they’d prefer a Linux-style

Ensure Network Safety with Centralized Logging

ver the past few years, the number of Windows-based worm attacks has grown dramatically. Companies have implemented full-scale virus scanning and Windows update facilities to help stop the worm attacks. But, what do you do when you aren’t entirely certain that your virus definitions are up to date, or some

ASP.NET Security: 8 Ways to Avoid Attack

uilding ASP.NET Web applications has never been easier. Visual Studio.NET hides so many technical details behind the scenes that developers need only concentrate on the core business logic. However, hackers are on the lookout for any opportunity to hack into your application. Which means the pressure is on you to

Put a 24-hour Lockdown on Your .NET UIs

o you really think user interface security comprises slapping a login screen in front your application the way you’d slap cheese on a turkey sandwich? For some of you it will suffice, after all, all things are relative. What one considers to be secure another may find woefully inadequate. Thus,

Banish Security Blunders with an Error-prevention Process

ecurity can be a complex and often overwhelming issue. To ensure application security, not only must you prevent hackers from entering the system, but you need code in place that safeguards security should those preventive measures fail. There is no room for error. You can anticipate and prevent hundreds of

Perimeter Security Ain’t What It Used to Be, Experts Say

f complexity truly breeds insecurity, your perimeter security can’t be trusted to only the traditional defenses of firewalls and intrusion detection systems (IDS) anymore. Web services, network interconnectedness, wireless connectivity, and VPNs have made the perimeter a much more complicated concept than it used to be. To sort out where

No more posts to show