What is a Password Hash and Salt?
Never store a user's password as plain-text. A Hashing algorithm is similar to encryption. To increase the security of a hashed password, a random value called salt is added to the hash. More ...
Are You Meeting ISO 27000 Standards for Information Security Management?
The ISO 27000 standard developed by The (IEC) and (ISO) is an internationally accepted industry standard for Information Security Management (ISM). More ...
Handling Rogue Access Points
A Rogue access point is any wireless access points that exist on your network without the consent of the business. If an insider were to use a laptop to act as an access point, regardless of the intent, it poses a security risk. More ...
Difference Between Rule and Role Based Access Control
Access control is the method used to block or allow access to a network or network resources. Two types of access control are rule-based and role-based. The difference between rule-based and role-based access control is explained here. More ...
What Is Penetration Testing?
Penetration testing is one of the hottest up and coming skills any IT professional needs to have. Companies are actively looking for penetration testers and professionals with a background in IT security and the ability to do penetration testing. More ...
How SSL (Secure Sockets Layer) Works
SSL is a security protocol standard that encrypts communication between a web browser and a web server. Any organization that uses their website to transmit, receive, store, or display confidential or sensitive information such as passwords, credit card or bank account numbers, social security numbers, and so on, needs to use an SSL Connection. More ...
Public Key Infrastructure
PKI (Public Key Infrastructure) uses a public and private key pair obtained and shared through a trusted authority. Public and private keys are used to lock (encrypt) and unlock (decrypt) data. Certificates are the cornerstones of the PKI. More ...
Understanding the Dangers Your Systems Face
It's one thing to know generally that your systems are under fire from hackers around the world and malicious users around the office; it's another to understand specific attacks against your systems. This section discusses some well-known attacks but is by no means a comprehensive listing. More ...
Network Security
Network security starts with physical security. Network components such as servers, hubs, and routers should be located in a secure equipment room. Part of physical security is protecting your cable plant from damage and electronic eavesdropping. More ...
Difference Between Network Firewall and Web Application Firewall
A Network Firewall acts as a security barrier between a trusted network, such as the local network (LAN), and an untrusted network, such as the Internet. A >Web Application Firewall (WAF) monitors and allows or blocks data packets as they travel to and from a Web application. More ...
ARP, MAC, Poisoning, and WiFi Security
In this article we cover the basics on Address Resolution Protocol (ARP), Media Access Control Addresses (MAC), Wireless (WiFi), and layer 2 communications. I explain how a 'Man in the Middle Attack' works. The common name for this is ARP poisoning, MAC poisoning, or Spoofing. More ...
Firewall Rules
The purpose of a network firewall is to protect computer and IT resources from malicious sources while allowing internal network users to access the Internet. For this purpose it uses an Access Control List (ACL). More ...
What's the Difference Between Sniffing, Snooping, and Spoofing?
Network sniffing and snooping involve tapping into network traffic for the purpose extracting usernames, passwords, account numbers, and other information. Spoofing is when a hacker creates an email or a website that appears to genuine but is designed for the purpose extracting usernames, passwords, account numbers. More ...
