Do we really need privileged users anymore?

You’re an admin. Does that mean you always need an admin account for everything? No, and the cloud makes that even more important. The most painful feature in Windows Vista was the User Account Control setting, originally called Limited User Accounts. Initially pitched as a security feature that alerted you when the software you’d just […]

Two-factor authentication: Hackers aren’t dummies, so you shouldn’t be

A perpetually connected world is a great concept – in theory. But the more connected we are, the more passwords we have to remember, and the more risk there is that something critical will become compromised because a user got lazy and used the same password in two places. Hackers aren’t dummies – they know people are, […]

Stateful Firewall Fundamentals: A Better, Easier, More Secure Firewall

One of the most basic firewall types used in modern networks is the stateful inspection firewall. This type of firewall has long been a standard method used by firewalls to offer a more in-depth inspection method over the previous packet inspection firewall methods (think ACL’s). This article takes a look at what a stateful firewall […]

SQL Injection Attacks: The Most Overlooked Hacking Method

In a recent report released by Imperva, Inc., the business security solutions provider revealed that SQL injection is one of the most discussed methods of hacking attacks in a large hacker forum.  It shows that close to one in every five discussions is related to SQL injection.  Imperva laments that less than 5% of the […]

Android Malware on the Rise

It is not just happening to Windows, Research in Motion, iOS and tablet computers, smartphones, and other mobile devices; the Android operating system has also become a target of a massive malware attack. In fact, these attacks have been increasing at a steady rate. According to Kaspersky, in the second quarter of 2012, malware attacks […]

Rogue Access Points: Still Here and Still a Threat

Recently Gartner released their WLAN Magic Quadrant for 2011. Not surprisingly, Cisco, Aruba, and Motorola were all rated as the leaders in this space. Not only do these companies have financial stability and support for R&D, they also have a strong commitment to WLAN security-some more so than others. But still these three organizations take […]

IT Security: Creating a Computer Security Incident Response Plan (CSIRP)

In my last article, we talked about the need for an incident response plan, the risk of not having one in place, and the first step in the process for it’s creation — forming a Computer Security Incident Response Team (CSIRT). In this article, we will explore the core elements in a Computer Security Incident […]

IT Security: Creating a Computer Security Incident Response Team (CSIRT)

One of the lessons learned in any profession that looks to protect or prevent an incident of some kind is that no level of protection or prevention is 100% effective. So the next question that you must ask yourself is “What can be done when a security incident does occur?” Several IT security certifications, including […]

WLAN Authentication and Encryption

When deploying a wireless LAN, it is very important to deploy secure methods for authentication and encryption so that the network can only be used by those individuals and devices that are authorized. This article takes a look at the commonly used methods of wireless LAN authentication as well as the available encryption methods. WLAN […]

Wireless Security Considerations: Common Security Threats to Wireless Networks

With the deployment of wireless LANs in almost any type of environment, the risk of attacks occurring on wireless networks goes up. A number of different reasons are behind this, but it mainly stems from a lack of wireless network knowledge. Unlike a wired network which requires physical access to a device, a wireless network […]