Application Security Architecture Authentication
CertificationsCorporate ComplianceCryptology
Disaster RecoveryEnterprise SecurityExploits
FirewallsIncident HandlingIntrusion Detection
OS SecurityPolicies and ProceduresSecurity Basics
Security ManagementSecurity ToolsServers
StandardsVoIPVulnerability Management
Web SecurityWiFi SecurityWorms and Viruses

Avalanche malware network hit with law enforcement takedown

by Semantec Security Response

The Avalanche malware-hosting network has been dealt a severe blow following the takedown of infrastructure used by at least 17 malware families. The takedown operation, which was a combined effort by multiple international law enforcement agencies, public prosecutors, and security and IT organizations including Symantec, resulted in the seizure of 39 servers and several hundred thousand domains that were being used by the criminal organization behind the Avalanche network.
» Read more

Standards in Desktop Firewall Policies

by Phil Kostenbader, CISSP, and Bob Donnelly, CISM, CISSP

The idea of a common desktop firewall policy in any size organization is a very good thing. It makes responses to external or internal situations such as virus outbreaks or network-oriented propagation of viruses more predictable. In addition to providing a level of protection against port scanning, attacks or software vulnerabilities, it can provide the organizations local security team a baseline or starting point in dealing with such events.

The purpose of this article is to discuss the need for a desktop firewall policy within an organization, determine how it should be formed, and provide an example of one along with the security benefits it provides an organization.
» Read more

Web Application Firewalls: Analysis of Detection Logic

by Vladimir Ivanov

This presentation highlights the core of Web Application Firewall detection logic and accentuates the regular expressions detection mechanism. Other highlights include the use of the Static Application Security Testing (SAST) tool for Regular Expressions analysis, aiming to find security flaws in the syntax of regular expressions. Using the proposed “regex security cheat sheet”, rules from popular WAFs will be examined. Logical flaws in regular expressions will be demonstrated by applying author’s bug hunting experience and best practices.
» Read more

Managing Security Risks in Wireless Networks

WiFiNetwork

by Michelle Sellers

This is 2017 and wireless networks are an important part of the structure in nearly every business. Unfortunately they are also a large vector for attackers to compromise vulnerabilities in a system that hasn’t been secured properly. This whitepaper will discuss the inherent vulnerabilities of a wireless network and ways to manage and mitigate these risks properly.
» Read more

Mobile Device Management

by Michelle Sellers

Mobile device management is an important topic for companies considering the use of a mobile device policy.  There are several vulnerabilities that can be caused from outside sources, not to mention vulnerabilities that come from the inside. McAfee, a leader in antivirus is reporting that the top cyber threats for 2014 are attacks on mobile devices (Gormisky, n.d.). A mobile device that has been attacked can compromise corporate data. Companies need to do the research involved in securing mobile devices before accepting the possibility of “bring your own device” to the workplace.

» Read more

Automated Penetration Testing: Can IT Afford Not To?

In this white paper we provide an overview of penetration testing, discuss security vulnerabilities, and summarize the results and benefits of penetration testing realized by the IT executives interviewed. We also present the features and benefits of Core Security Technologies’ CORE IMPACT, a leading product in the penetration testing space.
» Read more

Ethics of Hacking

by Michelle Sellers

This paper will explore the ethics of hacking. There are two main types of hacking, ethical hacking and unethical hacking. For the purposes of this paper I will attempt to explain the differences between the two and argue my viewpoints on the topic. I will support my arguments with valuable resources, and explain how the typical ethical theories pertain to this topic. I will follow with ways to prevent being a victim of the crime of hacking.
» Read more

Disaster Recovery Best Practices

This paper discusses an approach for creating a good disaster recovery plan for a business enterprise. The guidelines are generic in nature, hence they can be applied to any business subsystem within the enterprise.
In the IT subsystem, disaster recovery is not the same as high availability. Though both concepts are related to business continuity, high availability is about providing undisrupted continuity of operations whereas disaster recovery involves some amount of downtime, typically measured in days. This paper focuses only on disaster recovery.
» Read more

Future Privacy and Security Controls

by Michelle Sellers

Technology is moving so quickly, it’s difficult to keep up with the security features that are needed to keep it secure. As a result; after a tool, device, or software are released, there is usually a security patch or several security patches that follow to secure it. Sometimes this security comes a little too late.

The future of technology is heading more towards mobility and ease of use. Employers want their employees to be able to work from anywhere and at any time. The problem with this is that with mobility and ease of use; also come security issues that need to be considered for better privacy and security controls.

» Read more

1 2