July 2006
Understanding SSL VPN
by Bhaven Haria, CISA
What if you are sitting in a hotel room, hundreds of miles away from your office and you need to access the intranet portal of your company? One of the solutions is to publish this portal on the web, so that all employees can access it from anywhere. Publishing all these applications directly on the web can expose the company to multiple security risks as they become accessible to everyone on the Internet. The most common practice adopted by enterprises in such a scenario is to use a VPN. In this article, we will discuss the working of SSL VPN, its key advantages and few concerns about it.… more →
Securing Apache Web Servers
by Siddharth Anbalahan
According to Dr. Johannes Ullrich, CTO of the SANS Institute’s Internet Storm Center, "web application attacks account for a significant portion of hacking activities across the Internet." Securing web servers is an important step towards preventing some of the most common application layer attacks. Netcraft Web Server Survey, June 2006 recorded that Apache is the leading web server in the market with a market share of 61.25%. In this first part of the two part series, we will look at some of the general secure configuration settings of Apache web server.… more →
More on dodging spiders
by Shalini Gupta
In the first part of this article series, we discussed malicious use of spiders and some means to defend against them. In this article, we’ll explore other defenses such as use of onetime links, special links, turing tests and URL tokenization. We will also try to identify the most suitable solution to defend against crawling spiders.… more →
Quiz: Protecting passwords against stealing
Which of these techniques helps in preventing passwords being stolen from the browser?
- Using SSL for the authentication pages
- Using salted hashing for transmitting passwords
- Using an intermediate page after login
- All of the above