What Next?
We received a notice from NSA saying the specifics on how to handle our encryption program. The public version has been limited to use of a public key and the software has a built in data integrity algorithm such that any modification of the key disables the use of the software for encryption. The software uses [...]
Answer Question
| April 18, 2013 5:18 PM
Encryption Software, FIPS, regulatory compliance, Secure Coding, Web Access Management
We received a notice from NSA saying the specifics on how to handle our encryption program. The public version has been limited to use of a public key and the software has a built in data integrity algorithm such that any modification of the key disables the use of the software for encryption. The software uses [...]
Answer Question
| April 18, 2013 5:18 PM
Encryption Software, FIPS, regulatory compliance, Secure Coding, Web Access Management
Template for creating source code security
Anyone who has a template in creating a source code security policy? Thanks!
Answer Question
| December 6, 2010 5:00 PM
Secure Coding, Security in 2010, Source code, Source code management
Anyone who has a template in creating a source code security policy? Thanks!
Answer Question
| December 6, 2010 5:00 PM
Secure Coding, Security in 2010, Source code, Source code management
managing authorization list
a long time ago, I retrieved a CL from this site to manage authorization list. It displayed all the list to an output file and the CL uses the input file to properly balance the users and objects authority. Does anyone have something similar?
Answer Question
| September 8, 2009 5:01 PM
CL Input File, CL programming, Secure Coding
a long time ago, I retrieved a CL from this site to manage authorization list. It displayed all the list to an output file and the CL uses the input file to properly balance the users and objects authority. Does anyone have something similar?
Answer Question
| September 8, 2009 5:01 PM
CL Input File, CL programming, Secure Coding
Unknown Threats
Apart from honeypots, what are the different methods to find unknown threats which are prevalent? and how to find methods to mitigate them. PS: all the vulnerabilities are known to all the n/w administrators and then can take measures to mitigate attacks but this doesnt happen..Hackers are at least 10 steps ahead..So how to find [...]
Answer Question
| November 2, 2011 2:24 PM
Application security, backdoors, configuration, Current threats, Database, Encryption, Exchange, Firewalls, Forensics, Hacking, human factors, Incident response, Instant Messaging, Intrusion management, Network security, Networking, patching, PEN testing, Platform Security, Secure Coding, Security, Software, Spyware, Tech support, Trojans, Viruses, VPN, vulnerability management, Wireless, worms
Apart from honeypots, what are the different methods to find unknown threats which are prevalent? and how to find methods to mitigate them. PS: all the vulnerabilities are known to all the n/w administrators and then can take measures to mitigate attacks but this doesnt happen..Hackers are at least 10 steps ahead..So how to find [...]
Answer Question
| November 2, 2011 2:24 PM
Application security, backdoors, configuration, Current threats, Database, Encryption, Exchange, Firewalls, Forensics, Hacking, human factors, Incident response, Instant Messaging, Intrusion management, Network security, Networking, patching, PEN testing, Platform Security, Secure Coding, Security, Software, Spyware, Tech support, Trojans, Viruses, VPN, vulnerability management, Wireless, worms
Selecting an area within security to start
Hi, I’m studying for an MSc in Information Security from Royal Holloway University of London, I have a B.Engg. degree in computers and a PG Diploma in Networking and Communication as well as the CCSA and CCNA. I’m also studying for the CISSP. Now, with all these qualifications, could you please tell me which would [...]
Answer Question
| June 25, 2008 4:06 PM
Access control, Application security, Biometrics, Browsers, Career development, CCNA, CCSA, Certifications, CISSP, Compliance, configuration, CRM, Current threats, Database, Digital certificates, Disaster Recovery, Encryption, Exchange, Firewalls, Forensics, Hacking, Identity & Access Management, Incident response, Intrusion management, MCSE, Network security, Networking, patching, PEN testing, Platform Security, Policies, Risk management, Secure Coding, Security, Security Program Management, Spyware, SSL/TLS, Trojans, Viruses, VPN, vulnerability management, Web security, Wireless, worms
Hi, I’m studying for an MSc in Information Security from Royal Holloway University of London, I have a B.Engg. degree in computers and a PG Diploma in Networking and Communication as well as the CCSA and CCNA. I’m also studying for the CISSP. Now, with all these qualifications, could you please tell me which would [...]
Answer Question
| June 25, 2008 4:06 PM
Access control, Application security, Biometrics, Browsers, Career development, CCNA, CCSA, Certifications, CISSP, Compliance, configuration, CRM, Current threats, Database, Digital certificates, Disaster Recovery, Encryption, Exchange, Firewalls, Forensics, Hacking, Identity & Access Management, Incident response, Intrusion management, MCSE, Network security, Networking, patching, PEN testing, Platform Security, Policies, Risk management, Secure Coding, Security, Security Program Management, Spyware, SSL/TLS, Trojans, Viruses, VPN, vulnerability management, Web security, Wireless, worms
Looking for Antivirus for Win Storage 2003 x64 server
Hi, We are looking for an antivirus software that proven to work well with windows storage 2003 x64 server. Our current product works just fine on all other 2003 servers, but it brings down this one from time to time. Thanks, Oksana
Answer Question
| February 3, 2009 6:33 PM
Antivirus, Application security, Database, Encryption, Microsoft Systems Management Server, Secure Coding, Servers, Storage, Storage management, Storage products and equipment, Storage servers, Viruses
Hi, We are looking for an antivirus software that proven to work well with windows storage 2003 x64 server. Our current product works just fine on all other 2003 servers, but it brings down this one from time to time. Thanks, Oksana
Answer Question
| February 3, 2009 6:33 PM
Antivirus, Application security, Database, Encryption, Microsoft Systems Management Server, Secure Coding, Servers, Storage, Storage management, Storage products and equipment, Storage servers, Viruses
Procedures for a new area.
We are a company where we have expirience on network remote administration and now we have open a new area, The area of security. Now I need to start to make new procedures like when a new customer come to us and ask if we can handle the security for his network… I need to [...]
Answer Question
| May 28, 2008 10:13 PM
Access control, Application security, backdoors, Biometrics, Browsers, Cabling, Compliance, configuration, CRM, Current threats, Database, DataCenter, Digital certificates, Disaster Recovery, Encryption, Exchange, filtering, Firewalls, Forensics, Hacking, Hardware, Hubs, human factors, Identity & Access Management, Incident response, Instant Messaging, Intrusion management, Network management software, Network security, Networking, Outsourcing, patching, PEN testing, Platform Security, Policies, Project management, provisioning, Remote management, Risk management, Routers, Secure Coding, Security, Security Program Management, Security tokens, Servers, Single sign-on, Spyware, SSL/TLS, Switches, Trojans, Viruses, VPN, vulnerability management, Web security, Wireless, worms
We are a company where we have expirience on network remote administration and now we have open a new area, The area of security. Now I need to start to make new procedures like when a new customer come to us and ask if we can handle the security for his network… I need to [...]
Answer Question
| May 28, 2008 10:13 PM
Access control, Application security, backdoors, Biometrics, Browsers, Cabling, Compliance, configuration, CRM, Current threats, Database, DataCenter, Digital certificates, Disaster Recovery, Encryption, Exchange, filtering, Firewalls, Forensics, Hacking, Hardware, Hubs, human factors, Identity & Access Management, Incident response, Instant Messaging, Intrusion management, Network management software, Network security, Networking, Outsourcing, patching, PEN testing, Platform Security, Policies, Project management, provisioning, Remote management, Risk management, Routers, Secure Coding, Security, Security Program Management, Security tokens, Servers, Single sign-on, Spyware, SSL/TLS, Switches, Trojans, Viruses, VPN, vulnerability management, Web security, Wireless, worms
computer protection with revert
I am looking for a solution wich will allow me to revert computers setting back to original each time computer reboots. Basically on reboot computer will earse all files and configurations made in previous session.
Answer Question
| May 21, 2007 10:19 AM
Application security, configuration, Database, Development, Encryption, Exchange, Instant Messaging, patching, PEN testing, Platform Security, Secure Coding, Security, vulnerability management
I am looking for a solution wich will allow me to revert computers setting back to original each time computer reboots. Basically on reboot computer will earse all files and configurations made in previous session.
Answer Question
| May 21, 2007 10:19 AM
Application security, configuration, Database, Development, Encryption, Exchange, Instant Messaging, patching, PEN testing, Platform Security, Secure Coding, Security, vulnerability management
Assessing Security Appliances
We have several appliances performing specialized tasks in our environment. I’ve been asked to perform an audit of these appliances. Since most of these appliances run a version of Linux/Unix I’ve decided to audit in a two phase process. First looking at the OS/Kernel and then the application. My question is there an auditing framework [...]
Answer Question
| February 25, 2007 4:36 PM
Application security, Database, Encryption, Exchange, Instant Messaging, Secure Coding
We have several appliances performing specialized tasks in our environment. I’ve been asked to perform an audit of these appliances. Since most of these appliances run a version of Linux/Unix I’ve decided to audit in a two phase process. First looking at the OS/Kernel and then the application. My question is there an auditing framework [...]
Answer Question
| February 25, 2007 4:36 PM
Application security, Database, Encryption, Exchange, Instant Messaging, Secure Coding
Email Delivery Errors
Hello All, Someone is having problems sending emails to us which did not exist before. Our email server (Unix based) did not list his domain as spam according to our email technician. Also for troubleshooting purposes i’ve asked him to send to my hotmail account which resulted in the same manor not receiving. After several [...]
Answer Question
| January 31, 2007 4:47 AM
Application security, backdoors, Brightmail, CipherTrust, ClearSwift, Current threats, Database, Encryption, Exchange, Hacking, human factors, Instant Messaging, McAfee, MessageLabs, Postini, Rockliffe, Secure Coding, Security, Spam, SpamAssassin, Spyware, SurfControl, Symantec, TrendMicro, Trojans, Viruses, worms
Hello All, Someone is having problems sending emails to us which did not exist before. Our email server (Unix based) did not list his domain as spam according to our email technician. Also for troubleshooting purposes i’ve asked him to send to my hotmail account which resulted in the same manor not receiving. After several [...]
Answer Question
| January 31, 2007 4:47 AM
Application security, backdoors, Brightmail, CipherTrust, ClearSwift, Current threats, Database, Encryption, Exchange, Hacking, human factors, Instant Messaging, McAfee, MessageLabs, Postini, Rockliffe, Secure Coding, Security, Spam, SpamAssassin, Spyware, SurfControl, Symantec, TrendMicro, Trojans, Viruses, worms
malformed packet alert
I get this message from my router every 2 minuets or so. I tried blocking to ports that it attacks and the IP but the major issue is that, that IP is a broadcast IP, so i don’t know where it is coming from. What my question is, is how do is stop these alerts [...]
Answer Question
| January 10, 2007 1:28 AM
Application security, configuration, Database, Encryption, Exchange, Firewalls, Forensics, Incident response, Instant Messaging, Intrusion management, Network security, patching, PEN testing, Platform Security, Secure Coding, Security, VPN, vulnerability management, Wireless
I get this message from my router every 2 minuets or so. I tried blocking to ports that it attacks and the IP but the major issue is that, that IP is a broadcast IP, so i don’t know where it is coming from. What my question is, is how do is stop these alerts [...]
Answer Question
| January 10, 2007 1:28 AM
Application security, configuration, Database, Encryption, Exchange, Firewalls, Forensics, Incident response, Instant Messaging, Intrusion management, Network security, patching, PEN testing, Platform Security, Secure Coding, Security, VPN, vulnerability management, Wireless
Moving into the InfoSec role
I work at a company that currently does not have a position dedicated to information security. I come from a background in networking with a good portion of my focus on firewalls and other security related technologies. I am interested in positioning myself into the role of InfoSec Admin at my compnay and was hoping [...]
Answer Question
| December 22, 2006 1:36 PM
Access control, Application security, backdoors, Biometrics, Browsers, Compliance, configuration, CRM, Current threats, Database, Digital certificates, Disaster Recovery, Encryption, Exchange, filtering, Firewalls, Forensics, Hacking, human factors, Identity & Access Management, Incident response, Instant Messaging, Intrusion management, Network security, patching, PEN testing, Platform Security, Policies, provisioning, Risk management, Secure Coding, Security, Security Program Management, Security tokens, Servers, Single sign-on, Spyware, SSL/TLS, Trojans, Viruses, VPN, vulnerability management, Web security, Wireless, worms
I work at a company that currently does not have a position dedicated to information security. I come from a background in networking with a good portion of my focus on firewalls and other security related technologies. I am interested in positioning myself into the role of InfoSec Admin at my compnay and was hoping [...]
Answer Question
| December 22, 2006 1:36 PM
Access control, Application security, backdoors, Biometrics, Browsers, Compliance, configuration, CRM, Current threats, Database, Digital certificates, Disaster Recovery, Encryption, Exchange, filtering, Firewalls, Forensics, Hacking, human factors, Identity & Access Management, Incident response, Instant Messaging, Intrusion management, Network security, patching, PEN testing, Platform Security, Policies, provisioning, Risk management, Secure Coding, Security, Security Program Management, Security tokens, Servers, Single sign-on, Spyware, SSL/TLS, Trojans, Viruses, VPN, vulnerability management, Web security, Wireless, worms
Authenticating a Domino application using LDAP
Hello, I have an online training application that allows users to connect anonymously but then requires them to authenticate with their Notes username and password after completing required courses. About 8% bomb because they enter their network username and password instead of the Notes username and password. Is there a way I could authenticate to [...]
Answer Question
| December 15, 2006 10:52 AM
Application security, Database, Encryption, Exchange, Instant Messaging, Lotus Domino, Secure Coding
Hello, I have an online training application that allows users to connect anonymously but then requires them to authenticate with their Notes username and password after completing required courses. About 8% bomb because they enter their network username and password instead of the Notes username and password. Is there a way I could authenticate to [...]
Answer Question
| December 15, 2006 10:52 AM
Application security, Database, Encryption, Exchange, Instant Messaging, Lotus Domino, Secure Coding
convert public folder IPM.POST to IPM.NOTE
i have an sbs 2003 with exchange runing on it and gut a public folder that i’ve created for general mail to the employee’s. i’ve routed all mail to that folder from specific account, the problem is that the mail’s arrived as a IPM.POST format mails and not like the traditional mails that is more [...]
Answer Question
| December 4, 2006 6:56 PM
Application security, Availability, Bandwidth, Biometrics, Business/IT alignment, Database, DataCenter, Desktops, Digital certificates, E-business, Encryption, Exchange, Exchange security, Identity & Access Management, Instant Messaging, Management, Microsoft Windows, Networking, OS, provisioning, Secure Coding, Security, Security tokens, Servers, Single sign-on, Spam, SQL Server
i have an sbs 2003 with exchange runing on it and gut a public folder that i’ve created for general mail to the employee’s. i’ve routed all mail to that folder from specific account, the problem is that the mail’s arrived as a IPM.POST format mails and not like the traditional mails that is more [...]
Answer Question
| December 4, 2006 6:56 PM
Application security, Availability, Bandwidth, Biometrics, Business/IT alignment, Database, DataCenter, Desktops, Digital certificates, E-business, Encryption, Exchange, Exchange security, Identity & Access Management, Instant Messaging, Management, Microsoft Windows, Networking, OS, provisioning, Secure Coding, Security, Security tokens, Servers, Single sign-on, Spam, SQL Server
Blue Socket Gateway and Certificates
We are currently attempting to implement a Blue Socket Gateway in order to authenticate our wireless clients. I have been instructed by Blue Socket that the certificate used by them will not work through a NAT translation and that I should put this device on the outside of my ASA firewall. Apparently, when the Blue [...]
Answer Question
| November 8, 2006 5:05 PM
Access control, Active Directory, Application security, Browsers, Compliance, CRM, Database, Desktops, Disaster Recovery, Encryption, Exchange, filtering, Firewalls, Forensics, Incident response, Instant Messaging, Intrusion management, Management, Microsoft Windows, Network security, Networking, OS, Policies, Risk management, Secure Coding, Security, Security Program Management, Servers, SQL Server, SSL/TLS, VPN, Web security, Wireless
We are currently attempting to implement a Blue Socket Gateway in order to authenticate our wireless clients. I have been instructed by Blue Socket that the certificate used by them will not work through a NAT translation and that I should put this device on the outside of my ASA firewall. Apparently, when the Blue [...]
Answer Question
| November 8, 2006 5:05 PM
Access control, Active Directory, Application security, Browsers, Compliance, CRM, Database, Desktops, Disaster Recovery, Encryption, Exchange, filtering, Firewalls, Forensics, Incident response, Instant Messaging, Intrusion management, Management, Microsoft Windows, Network security, Networking, OS, Policies, Risk management, Secure Coding, Security, Security Program Management, Servers, SQL Server, SSL/TLS, VPN, Web security, Wireless
How to prevent XSRF attacks
I’ve been hearing more about XSRF (cross-site request forgery) attacks. (Netflix most recently had to fix a flaw related to this.) I’m wondering how you can prevent this type of attack. Do Web application firewalls work?
Answer Question
| November 6, 2006 3:10 PM
Access control, Application security, Browsers, Database, Encryption, Exchange, filtering, Instant Messaging, Secure Coding, Servers, SSL/TLS, Web security
I’ve been hearing more about XSRF (cross-site request forgery) attacks. (Netflix most recently had to fix a flaw related to this.) I’m wondering how you can prevent this type of attack. Do Web application firewalls work?
Answer Question
| November 6, 2006 3:10 PM
Access control, Application security, Browsers, Database, Encryption, Exchange, filtering, Instant Messaging, Secure Coding, Servers, SSL/TLS, Web security
security problem
Hello, I have small workgroup having 10 computers in my office. I do some personal work in office like using yahoo messenger, checking personal e-mails and some online banking site. But how does one of my senior knows it? I do everything lonely and securely so that nobody in the office knows it. But he [...]
Answer Question
| February 19, 2008 3:44 AM
Access control, Application security, backdoors, Backup & recovery, Biometrics, Browsers, Career development, Compliance, configuration, CRM, Current threats, Data analysis, Database, DataCenter, DataManagement, DB2, Desktop management applications, Development, DHCP, Digital certificates, Disaster Recovery, DNS, Ecommerce applications, Encryption, Enterprise Desktop, Exchange, Exchange security, filtering, Firewalls, Forensics, Hacking, human factors, Identity & Access Management, Incident response, Instant Messaging, Intel, Interoperability, Intrusion management, LANDesk, Lotus Domino, McAfee, Microsoft Systems Management Server, Microsoft Windows, Mobile security, Network security, Networking, Networking services, Oracle, patching, PC/Windows Connectivity, PEN testing, Platform Security, Policies, Postini, provisioning, Risk management, Secure Coding, Security, Security Program Management, Security tokens, Servers, Single sign-on, Software, Spam, Spyware, SSL/TLS, Symantec, Systems management software, Tech support, Trojans, Vector Networks, Viruses, VPN, vulnerability management, Web security, Wireless, worms
Hello, I have small workgroup having 10 computers in my office. I do some personal work in office like using yahoo messenger, checking personal e-mails and some online banking site. But how does one of my senior knows it? I do everything lonely and securely so that nobody in the office knows it. But he [...]
Answer Question
| February 19, 2008 3:44 AM
Access control, Application security, backdoors, Backup & recovery, Biometrics, Browsers, Career development, Compliance, configuration, CRM, Current threats, Data analysis, Database, DataCenter, DataManagement, DB2, Desktop management applications, Development, DHCP, Digital certificates, Disaster Recovery, DNS, Ecommerce applications, Encryption, Enterprise Desktop, Exchange, Exchange security, filtering, Firewalls, Forensics, Hacking, human factors, Identity & Access Management, Incident response, Instant Messaging, Intel, Interoperability, Intrusion management, LANDesk, Lotus Domino, McAfee, Microsoft Systems Management Server, Microsoft Windows, Mobile security, Network security, Networking, Networking services, Oracle, patching, PC/Windows Connectivity, PEN testing, Platform Security, Policies, Postini, provisioning, Risk management, Secure Coding, Security, Security Program Management, Security tokens, Servers, Single sign-on, Software, Spam, Spyware, SSL/TLS, Symantec, Systems management software, Tech support, Trojans, Vector Networks, Viruses, VPN, vulnerability management, Web security, Wireless, worms
accessing password protected hd
Hello everyone. Computer A crashed unexpectly. It turned out to be the motherboard but what im concerned with is the hard drive. I put the hard drive from computer A into a spare IDE slot on computer B. I booted computer B with computer B’s own hard drive and attempted to grab the files i [...]
Answer Question
| October 27, 2006 7:09 PM
Application security, Biometrics, Database, Digital certificates, Encryption, Exchange, Identity & Access Management, Instant Messaging, Microsoft Windows, provisioning, Secure Coding, Security, Security tokens, Single sign-on, Software
Hello everyone. Computer A crashed unexpectly. It turned out to be the motherboard but what im concerned with is the hard drive. I put the hard drive from computer A into a spare IDE slot on computer B. I booted computer B with computer B’s own hard drive and attempted to grab the files i [...]
Answer Question
| October 27, 2006 7:09 PM
Application security, Biometrics, Database, Digital certificates, Encryption, Exchange, Identity & Access Management, Instant Messaging, Microsoft Windows, provisioning, Secure Coding, Security, Security tokens, Single sign-on, Software
accessing a password-protected hd
Hello everyone. My brother sent me his hard drive becuase his motherboard crapped out and he needs the data from his hard drive. I plugged it into my computer through an IDE connection and i can see most of the files on the computer. However, the data he needs resides within his “documents and settings” [...]
Answer Question
| May 24, 2010 7:03 PM
Application security, Biometrics, Database, Digital certificates, Encryption, Exchange, Identity & Access Management, Instant Messaging, Microsoft Windows, provisioning, Secure Coding, Security, Security tokens, Single sign-on, Software
Hello everyone. My brother sent me his hard drive becuase his motherboard crapped out and he needs the data from his hard drive. I plugged it into my computer through an IDE connection and i can see most of the files on the computer. However, the data he needs resides within his “documents and settings” [...]
Answer Question
| May 24, 2010 7:03 PM
Application security, Biometrics, Database, Digital certificates, Encryption, Exchange, Identity & Access Management, Instant Messaging, Microsoft Windows, provisioning, Secure Coding, Security, Security tokens, Single sign-on, Software
R2
does anyone know if windows server R2 is compatible with exchange 2003?
Answer Question
| November 24, 2007 3:51 PM
Application security, Backup & recovery, Billing and customer care, Billing Support Systems, BlackBerry, Cabling, Database, DataCenter, DB2, Desktops, Development, Encryption, Exchange, Handheld, Hardware, Hewlett-Packard Application Server, Instant Messaging, Linux, Management, Microprocessors, Microsoft Windows, Networking, NIC, Oracle, OS, Palm OS, Power management, Printers, Remote management, Routers, Secure Coding, Security, Servers, Software, SQL Server, Storage, Tech support, Veritas, Windows Mobile, Wireless
does anyone know if windows server R2 is compatible with exchange 2003?
Answer Question
| November 24, 2007 3:51 PM
Application security, Backup & recovery, Billing and customer care, Billing Support Systems, BlackBerry, Cabling, Database, DataCenter, DB2, Desktops, Development, Encryption, Exchange, Handheld, Hardware, Hewlett-Packard Application Server, Instant Messaging, Linux, Management, Microprocessors, Microsoft Windows, Networking, NIC, Oracle, OS, Palm OS, Power management, Printers, Remote management, Routers, Secure Coding, Security, Servers, Software, SQL Server, Storage, Tech support, Veritas, Windows Mobile, Wireless
