This article considers getting started in computer and network security (physical or facilities security is out of the scope of this writing). This is an introduction; you may want to consider our introductory course that covers information security basics if you find you are interested in learning more about security, intro to Information Security.

Paul Henry is truly a Security Hero, he is most well known for his expertise and leadership in digital forensics, but he is actually well grounded. We are thankful he is willing to invest the time to participate in the Security Hero project.

As the commercialization of the Internet enters its third decade, the Web itself has evolved from sharing static information to driving dynamically connected mission-critical applications. While web applications and efficiencies of Web 2.0 are universally adopted, network security practices often still rely too heavily on the basic network firewall to block access to static information. Too many enterprises today believe their firewalls deliver "good enough" security to mitigate Internet-related threats and attacks. However, enterprises that do not currently have advanced network protection deployed face significant risk and are likely already compromised.

Ivan Arce, Chief Technology Officer of Core Security Technologies, sets the technical direction for the company and is responsible for overseeing the development, testing and deployment of all Core products. He talks with us here about the recent update to their product to include web application testing, the latest web attack techniques, and his security philosophy.

While a variety of attacks could cause significant economic harm to a target, an attack specifically designed to destabilize a currency would likely be unsuccessful unless sponsored by a party with significant economic power (i.e., a major country).

Understanding how networks work will empower a manager to make informed decisions that affect the security posture of the business. Because our organizations depend on networks to accomplish work, they can be used to attack us and yet, we are all too willing to treat them as something beneath the manager's responsibility and beyond our understanding. At a minimum, security leaders are responsible for ensuring that metrics are in place to monitor the health of this resource and oversee the development of a secure architecture.

Jeremiah Grossman, founder and CTO of WhiteHat Security, talks with Stephen Northcutt about the state of web application security as well as WhiteHat's approach to website vulnerability assessment and management.

With the Security Thought Leader project Stephen hopes to introduce you to some really great men and women. A security thought leader can be defined by certain criteria: a person who is recognized by their peers as a thought leader, who passes their information on to help others, who has innovative ideas, and who shares ideas as actionable distilled insights.

Most of the interviews that we have done in this series have been focused on technical people, but we believe Mike Yaffe is a game changer.

Chris gives us his vision on the current state of log and event management as well as some specifics about LogRhythm.

Anthony Giandomenico weighs in on Data Loss/Data Leakage Protection (DLP).

John Pirc from IBM's Network Security Solutions has agreed to be interviewed by the Securitylab; we certainly thank him for giving us his time to discuss security and the Intelligent Network.

Stephen Northcutt and friends offer their predictions for the important trends in network, information and computer security for 2009 and beyond.

We asked Leigh Purdie if he would give us an update on Snare and log analysis, as a follow to our interview with him in March, 2008, and we certainly thank him for his time.

This paper investigates sound practices in intrusion detection and prevention, from IDS and IPS deployment considerations, to pushing the boundaries of IPS (with examples of advanced prevention techniques, specifically blocking the Kaminsky DNS cache poisoning exploit), and business applications.

At larger conferences, the SANS Institute has a vendor show, and I like to attend to find out about new companies and new technology. There was a vendor at our last show in Las Vegas, Secure64. I had never heard of them, so I wandered over and we had a great chat. They are a DNSSEC vendor who sells a product based on the HP Itanium architecture. The more they talked, the more I learned about an incredible guy, a security thought leader named Bill Worley, so please let me introduce you to Bill.

Can we fully secure our computer systems from attackers? This presentation reviews the key features in endpoint security that really matter, how to shop for the best products, and why implementing defense in depth on your organization's endpoint is a best practice. (This presentation originated as a June 2008 webcast, in conjunction with CoreTrace, and we continue to expand the research.)

Dr. Ullrich examines the reasons why critical web application security flaws remain so common, even though most web developers are aware of them and do consider them in writing new applications. He sees 5 common mistakes: inconsistent input validation, not understanding the technology, not understanding the business, underestimating the threat, and underestimating the user.

Summary report of the Integrated Cyber Exercise (ICE) II, October 1st -3rd 2008 Las Vegas

There are two free, powerful and effective tools designed with the sole purpose of helping you secure your computer from software vulnerabilities. Microsoft's scanner does a good job of checking out your system, but it doesn't evaluate whether the third party software like Real Audio or Adobe Acrobat Reader are up to date - but Secunia does exactly that.

Amrit Williams, Chief Technology Officer at BigFix, was formerly a research director in the Information Security and Risk Research Practice at Gartner, Inc. He is certainly a security thought leader and if you have not been introduced to him before, we are sure you will find he has some interesting out of the box opinions.

Though it is certainly true that malware has evolved a lot in this decade, the tools in use today are more similar than different from the attacker tools of ten years ago. The command and control is better, they are better able to evade detection, but still they are very similar. Here we take a look at hybrid threats: in the early days of malware, it was fairly easy to classify malware as a virus, worm, or Trojan, but these days many attacks use features of each other.

Andrew Hay, one of the authors of the popular OSSEC Host-Based Intrusion Detection Guide and upcoming Nagios 3 Enterprise Network Monitoring book has agreed to be interviewed for the SANS Security Thought Leader series.