WindowSecurity.com Articles & Tutorials Archive

Articles & Tutorials by date (Click here to sort Articles & Tutorials by topic)

2008
[	8	]	January, 2008	[	6	]	February, 2008	[	6	]	March, 2008
[	11	]	April, 2008	[	1	]	May, 2008
2007
[	10	]	January, 2007	[	9	]	February, 2007	[	8	]	March, 2007
[	6	]	April, 2007	[	8	]	May, 2007	[	6	]	June, 2007
[	7	]	July, 2007	[	11	]	August, 2007	[	7	]	September, 2007
[	12	]	October, 2007	[	11	]	November, 2007	[	7	]	December, 2007
2006
[	13	]	January, 2006	[	9	]	February, 2006	[	11	]	March, 2006
[	9	]	April, 2006	[	12	]	May, 2006	[	10	]	June, 2006
[	9	]	July, 2006	[	11	]	August, 2006	[	9	]	September, 2006
[	10	]	October, 2006	[	11	]	November, 2006	[	9	]	December, 2006
2005
[	9	]	January, 2005	[	11	]	February, 2005	[	12	]	March, 2005
[	12	]	April, 2005	[	11	]	May, 2005	[	14	]	June, 2005
[	12	]	July, 2005	[	14	]	August, 2005	[	10	]	September, 2005
[	10	]	October, 2005	[	8	]	November, 2005	[	9	]	December, 2005
2004
[	4	]	January, 2004	[	3	]	February, 2004	[	5	]	March, 2004
[	3	]	April, 2004	[	6	]	May, 2004	[	9	]	June, 2004
[	9	]	July, 2004	[	8	]	August, 2004	[	8	]	September, 2004
[	7	]	October, 2004	[	9	]	November, 2004	[	9	]	December, 2004
2003
[	6	]	January, 2003	[	5	]	February, 2003	[	10	]	March, 2003
[	8	]	April, 2003	[	15	]	May, 2003	[	8	]	June, 2003
[	11	]	July, 2003	[	5	]	August, 2003	[	6	]	September, 2003
[	13	]	October, 2003	[	5	]	November, 2003	[	4	]	December, 2003
2002
[	1	]	March, 2002	[	9	]	April, 2002	[	7	]	June, 2002
[	29	]	July, 2002	[	7	]	August, 2002	[	4	]	September, 2002
[	537	]	October, 2002	[	10	]	November, 2002	[	8	]	December, 2002
2001
[	6	]	February, 2001	[	1	]	May, 2001	[	1	]	October, 2001
2000
[	129	]	February, 2000	[	188	]	April, 2000	[	5	]	September, 2000
[	2	]	December, 2000

Articles & Tutorials for 2003 year

How spyware & adware programs threaten network security & performance: Date - Dec 17, 2003; Author - Ricky M. Magalhaes; Section - Articles / Viruses, trojans and other malware; This article will focus on the applications that are installed on your network and home computers, which many security professionals and organizations do not know exist. These applications run in a discrete background operation and function as a spy reporting on user activity and habits that are recorded in day to day use of the computer system.
Email Compliance: Date - Dec 17, 2003; Author - Singlefin; Section - Network Security Library / Anti Spam; As if the business needs surrounding email aren’t enough for organizations to manage, there has been a recent surge of government regulations that affect this form of communication. These laws, which affect large and small companies alike in practically every industry, include protecting confidential customer information, corporate governance, law enforcement investigations, and the overall need to ensure that email is being used and managed properly from an employee perspective. This paper provides an overview of some of the highly visible U.S. laws affecting email security.
Secure Architecture for an SQL / Web Server: Date - Dec 10, 2003; Author - Krzysztof Rózanski; Section - Articles / Web Server Security; There are many ways to hack a Web server. One cannot assume that database servers are unassailable fortresses. So what should one do if a Web server which derives data from a database needs to be made accessible? The most obvious answer to this question is to run like hell to a calmer job. Luckily there are other, more rational answers. This article attempts to show the reader how to find the answers.
Hacking an SQL Server: Date - Dec 04, 2003; Author - Przemyslaw Kazienko & Piotr Dorosz; Section - Articles / Misc Network Security; Microsoft SQL Server is a popular and robust environment for many applications that use databases – it features excellent multi-access capabilities, comprehensive security coverage and can easily be transported to other database platforms. This article aims to identify certain types of risks that might result from inappropriate management of the Microsoft SQL Server.
Attacking the DNS Protocol: Date - Nov 28, 2003; Author - Security Associates Institute; Section - Network Security Library / Web Security; DNS is the most widely used protocol on the Internet yet many security professionals do not have a full understanding of the many weaknesses which surround it which are needed for Penetration Testing and day to day security. In this paper we highlight basic and advanced DNS attacks.
Microsoft SQL Server 2000 Authentication Mechanisms: Date - Nov 26, 2003; Author - Przemyslaw Kazienko & Piotr Dorosz; Section - Articles / Authentication, Access Control & Encryption; Your primary goal as an administrator is to ensure secure access to the database on the server. Access to databases can be controlled by “pure” access mechanisms incorporated in the Database Management System itself, or also enhanced by mechanisms that are external to the database server.
IPv6: Windows Server 2003 Supports a More Secure IP – Sort of: Date - Nov 19, 2003; Author - Deb Shinder; Section - Articles / Windows 2003 Security; When you think of version 6, the “next generation” of the Internet Protocol, your first thought is probably more available addresses. Indeed, the primary reason for developing a new version of IP was the anticipated critical shortage of addresses under the 32 bit addressing scheme of version 4. However, IPv6 provides for more than just an increase in the number of available addresses. It is also designed to provide for better performance and, even more important in today’s business world, better security of IP communications.
Installing and Securing IIS Servers (Part 3): Date - Nov 11, 2003; Author - Bronek Kozicki; Section - Articles / Web Server Security; In Part I of the series we dealt with the installation of the IIS service whilst Part II covered issues related to configuring an IIS Server to handle encrypted connections. Until now, we used Internet Services Manager, a standard administration tool, to introduce changes in the IIS configuration settings. Part III is concerned with some new administration methods allowing one to modify IIS configuration settings that were previously unavailable.
Installing and Securing IIS Servers (Part 2): Date - Nov 05, 2003; Author - Bronek Kozicki; Section - Articles / Web Server Security; The previous article showed you how to install, configure and, finally, how to connect your new Web Server to the Internet. Now you may be sure that the server runs securely. You have subscribed to Microsoft security bulletins not to omit any important patches. All you have to do now is to rest on your laurels. Are you sure about that?
Installing and Securing IIS Servers (Part 1): Date - Oct 28, 2003; Author - Bronek Kozicki; Section - Articles / Web Server Security; IIS, an acronym for Internet Information Services is a web application server program that handles HTTP requests, ranking second in popularity (after Apache). Its popularity is mainly due to the fact that IIS sites are so easy to implement - just a few mouse-clicks away - from a total disaster.
Changes to Default Settings Make Windows Server 2003 More Secure (Part 2): Date - Oct 23, 2003; Author - Deb Shinder; Section - Articles / Windows 2003 Security; Microsoft has made a number of changes to the default settings in Windows 2003 to make it more secure “out of the box.” In Part 2, we’ll examine the changes that have been made to the default settings for common services and changes in the authentication process, and we’ll discuss some areas in which some believe that Server 2003’s defaults are still too open.
Using passwords as a defense mechanism to improve Windows security (Part 2): Date - Oct 21, 2003; Author - Ricky M. Magalhaes; Section - Articles / Authentication, Access Control & Encryption; In this article I will focus more on the global settings of password policies and where to change them to incorporate the 20 Golden rules of good password management in Part 1. This article will describe the possibilities of these policies and will run though real world reasons where these global settings should be applied. Different ways of generating passwords will also be described to make it easier for your users to come up with new passwords in a quick trouble free way.
Windows Server 2003 Disaster Recovery Planning (Part 2): Date - Oct 17, 2003; Author - Robert J. Shimonski; Section - Articles / Windows 2003 Security; In this article, we will discuss what every Microsoft Windows Administrator and Engineer should think about when trying to manage their environments in the scope of planning for Disaster Recovery and Business Continuity. This is Part II in a 4 part article series where we will cover many of the details administrators and engineers need to know about planning Disaster Recovery for Windows Systems, as well as for their networks in general.
Reducing Corporate Liability With Filtering and Policy Tools: Date - Oct 16, 2003; Author - Postini; Section - Network Security Library / Anti Spam; The overwhelming majority of corporate email addresses today receive unsolicited commercial email, or spam. For a growing number of recipients, this includes spam with adult content or pornography known as unsolicited pornographic email (UPE). UPE poses serious legal risks to corporations, wastes valuable corporate computing resources, and reduces employee productivity.
A Glance at the Windows Server 2003 Security Guide: Date - Oct 15, 2003; Author - Robert J. Shimonski; Section - Articles / Windows 2003 Security; Not only is Microsoft Boasting that Windows Server 2003 is very secure... they have also released prior to the selling of the actual operating system, the ‘free’ (yes you heard this right), security guide for the base operating system as well as many of the services that come with it, like IIS, File and Print services and more.
Changes to Default Settings Make Windows Server 2003 More Secure (Part 1): Date - Oct 10, 2003; Author - Deb Shinder; Section - Articles / Windows 2003 Security; One big change, very noticeable in Windows Server 2003, is the difference in default settings. In this two-part article, we’ll look at how the out-of-the-box server differs in its defaults from previous versions and how the new defaults make the OS more secure (while at the same time causing frustration for some admins and users who find themselves unable to gain access that was available without any reconfiguration in earlier operating systems). In Part 1, we’ll focus on how the default permissions have changed, changes to the membership of the Everyone group, and ownership of objects.
Blocking over 98% of spam using Bayesian filtering technology: Date - Oct 08, 2003; Author - GFI Software; Section - Network Security Library / Anti Spam; This white paper describes how Bayesian mathematics can be applied to the spam problem, resulting in an adaptive, ‘statistical intelligence’ technique that is much harder to circumvent by spammers. It also explains why the Bayesian approach is the best way to tackle spam once and for all, as it overcomes the obstacles faced by more static technologies such as blacklist checking, databases of known spam and keyword checking. This is not to say that these technologies are obsolete, but they cannot be used as effectively as needed if not combined with a Bayesian filter.
Securing the Windows 2000 Registry: Date - Oct 07, 2003; Author - Ray Zadjmool; Section - Articles / Windows OS Security; One key security practice that is often overlooked by admins is the Windows registry. In addition to configuration information, the registry contains security contexts that can be used to elevate a user’s privilege. If left unsecured, it is a good platform from which a hacker can use to gain access to administrative functions of the computer, and even possibly the domain as well.
Beating Hackers to the Patch: Date - Oct 06, 2003; Author - NetSupport Solutions, Inc; Section - Network Security Library / Patch Management; It’s a good thing the Blaster worm and its variations weren’t really insidious. Had it devastated hard drives, it could have inflicted billions of dollars in lost productivity and other damages globally rather than just significantly annoying Microsoft and IT managers. But Blaster and the Sobig variations are a wake-up call. Cyber attacks are growing rapidly and the potential for them to quickly exploit security holes and wreak havoc is mounting.
Different Methods of Stopping Spam: Date - Oct 03, 2003; Author - Paul Graham; Section - Network Security Library / Anti Spam; There are many ways to fight spam. Which works best? So far the best single solution is probably Bayesian filtering. But you don't have to choose just one. Many of the following solutions could be used in combination.
Windows Server 2003 Disaster Recovery Planning (Part 1): Date - Oct 03, 2003; Author - Robert J. Shimonski; Section - Articles / Windows 2003 Security; In this article, we will discuss what every Microsoft Windows Administrator and Engineer should think about when trying to manage their environments in the scope of planning for Disaster Recovery and Business Continuity. This is Part I in a 4 part article series where we will cover many of the details administrators and engineers need to know about planning Disaster Recovery for Windows Systems, as well as for their networks in general. In part I, we will look at Windows 2000 & Windows Server 2003 Clustering & Load Balancing for high availability, as well as general planning information.
Windows 2000 DMZ Design.: Date - Oct 03, 2003; Author - Robert J. Shimonski; Section - Network Security Library / Windows Security; In this chapter you learn about Windows 2000 security but only as it relates to this subject matter. In other words, this chapter is not a general Windows 2000 security chapter, but rather is one customized to fit the needs of designing security within the DMZ. Of course, the chapter covers many security topics revolving around Windows 2000, but all the content will be tailored for the most part to security administrators working within a DMZ environment.
Using passwords as a defense mechanism to improve Windows security (Part 1): Date - Sep 30, 2003; Author - Ricky M. Magalhaes; Section - Articles / Authentication, Access Control & Encryption; This two-piece article highlights the need for strong passwords. Passwords are an essential means in achieving maximum security; passwords truly serve as a first layer of defense complimenting any security strategy. Once the decision has been made to enforce the usage of passwords as part of ones goal to security achievement a further decision must be made on the type of password policy one would prefer to use. The password policy should be strict and no exemptions should be allowed.
How New Delegation of Authentication Options Improve Security: Date - Sep 25, 2003; Author - Deb Shinder; Section - Articles / Windows 2003 Security; Delegation is the act of giving power, responsibility or authority to someone (or something). When we talk about delegation in the context of administering our Windows Server 2003 computers and networks, we can be talking about either the Delegation of administrative authority (also called delegation of control); or the Delegation of authentication (allowing a service to use a user or computer account for access to resources). It is this second type of delegation that we will discuss in this article. Windows Server 2003 has provided some enhancements to this feature that will make your administrative life a little easier.
Fighting Spam: Date - Sep 25, 2003; Author - RAV AntiVirus; Section - Network Security Library / Anti Spam; Spam is costing $8.9 billion to U.S. corporations, $2.5 billion for European businesses and another $500 million for U.S. and European service providers. Figuring it takes 4.4 seconds on average to deal with a message, the messages add up to $4 billion in lost productivity for U.S. businesses each year. This white paper will show you why you receive spam in the first place, how spammers operate and measures that can be taken to limit and reduce the volume of spam that is received.
How the Windows Rights Management Service can Enhance the Security of your Documents: Date - Sep 23, 2003; Author - Deb Shinder; Section - Articles / Windows 2003 Security; Security has many facets when it comes to computers. We often focus on securing the network and our systems from outside intruders and from malicious code such as viruses, worms and Trojans. Because the damage from these can be so immediate and so drastic, we sometimes overlook the need to secure the data contained in our documents from others within the organization, and even to control the extent of access for those with whom we do need to share our information.
The Science of Host Based Security: Date - Sep 17, 2003; Author - Ray Zadjmool; Section - Articles / Intrusion Detection; Just a few years ago, the focus of enterprise security was primarily split between perimeter security and authentication controls. Security engineers spent their time mulling over firewall implementations, access rights, and the occasional implementation of encryption technologies. A new movement though has overtaken the industry as security breaches have become more and more common despite perimeter defenses, thus forcing enterprises to start reassessing security again from a host based perspective.
Trojan Horse Primer: Date - Sep 03, 2003; Author - Robert J. Shimonski; Section - Articles / Viruses, trojans and other malware; A Trojan horse is a program in which malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can gain control and do its chosen form of damage, such as erasing the data on your hard drive. A Trojan can cause massive harm to you and your systems and worse yet, may turn your system into a killing machine as well! Lets look at Back Orifice specifically so we can highlight why a tool like this can get ugly if installed on your systems.
Add an extra antivirus engine to your mail server for free! - GFI releases GFI MailSecurity Freeware: Date - Aug 28, 2003; Author - The Editor; Section - Site News; In a bid to help administrators preempt a possible wave of new virus outbreaks, GFI today released a freeware version of GFI MailSecurity. The freeware version scans inbound and outbound email using a single anti-virus engine and can also check message bodies and subjects for keywords; this feature can be used to detect inappropriate mail.
Auditing for Increased Security (Part 1): Date - Aug 26, 2003; Author - Robert J. Shimonski; Section - Articles / Windows OS Security; You will need to Audit your systems for enhanced and increased security. When Microsoft laid out this objective, they were most likely thinking about building your security strategy up with Defense in Depth. This strategy is outlined as a way to avoid depending on one single protective measure deployed on your network. In other words, to eliminate the feeling of being secured because you implemented a firewall on your Internet connection you should implement other security measures like an IDS (Intrusion Detection) system, Auditing and Biometrics for Access Control.
What’s New with Windows Server 2003 Certificate Services?: Date - Aug 20, 2003; Author - Deb Shinder; Section - Articles / Windows 2003 Security; Now, with the release of Windows Server 2003, Microsoft has provided a number of enhancements and improvements to this popular feature. In this article, we will look at the new certificate services features included in the Standard, Enterprise and Datacenter editions of Server 2003.
Analysis of Remote Active Operating System Fingerprinting Tools: Date - Aug 06, 2003; Author - Ryan Spangler; Section - Network Security Library / Auditing; There are many tools today that are used for remote active operating system fingerprinting. They all have their own fingerprinting techniques. This paper gives an in-depth analysis of three such tools: Nmap, RINGv2, and Xprobe2. The purpose of the paper is to show how these tools work, and to understand the advantages and disadvantages they each offer.
What’s New in Windows Server 2003 IPSec (Part 2): Date - Aug 05, 2003; Author - Deb Shinder; Section - Articles / Windows 2003 Security; In Part 1 of this two-part article, we took a look at one of the most important new additions to Windows Server 2003’s implementation of IPSec: the new and improved IP Security Monitor. You learned about its new look (MMC console) and increased functionality. In Part 2, we’ll discuss the other improvements that Microsoft has made to IPSec in Windows Server 2003. Many of these are small things, but taken together, they make IPSec more secure and easier for administrators to manage than ever before.
Hardening Windows NT/2000/XP Information Systems: Date - Jul 31, 2003; Author - Ricky M. Magalhaes; Section - Articles / Windows OS Security; This article is written as a security guideline to help administrators and security professionals to be able to configure windows in a more robust way. The recommendations in this whitepaper assume that the computer is physically secure.
What’s New in Windows Server 2003 IPSec (Part 1): Date - Jul 29, 2003; Author - Deb Shinder; Section - Articles / Windows 2003 Security; With the release of Windows Server 2003, Microsoft has made improvements to a number of their operating system security features, including several new features for IPSec. In this two part article, we’ll focus on what’s new for IPSec in Windows Server 2003, and show you how to use its new features to make it even easier for you to ensure secure communications across your network. Part One covers the IP Security Monitor, which has a brand new look and added functionality.
Windows Server 2003 System Security Analysis 'Quick and Easy': Date - Jul 25, 2003; Author - Robert J. Shimonski; Section - Articles / Windows 2003 Security; In this article we will look at demystifying the simple analysis of a Windows Server 2003's security posture. Too many times, administrators seem confused about how to do an initial security analysis test on a newly minted Windows Server 2003. (Or 2000 for that matter) In this article we will look at how to perform this very quickly, very easily with Windows Server 2003. This article will cover the steps needed to create the Security Database and perform the analysis on your Windows Server 2003 system.
Reducing "Human Factor" Mistakes: Date - Jul 23, 2003; Author - Dancho Danchev; Section - Articles / Misc Network Security; Nowadays companies and organizations face the problem where massive attempts at illegal intrusions hit their network on a daily basis. In spite of the latest technological improvements in security, it's still the network users who are often unknowingly inviting security breaches through carelesnes and a lack of awareness. This paper will try to summarize various mistakes done by system administrators, company executives and of course the end users, and will also provide you with useful strategies that will definitely help you reduce or completely eliminate the mistakes.
Host-Based IDS vs Network-Based IDS (Part 2 - Comparative Analysis): Date - Jul 17, 2003; Author - Ricky M. Magalhaes; Section - Articles / Intrusion Detection; The second paper in this two part series, this white paper will focus on HIDS (Host Based Intrusion Detection System)and the benefit of a HIDS within a corporate environment. A comparative analysis will also be done representing the industry leaders and will conclude by deriving at a calculated recommendation. This will aid organizations when deciding on a comprehensive HIDS or NIDS solution.
What’s New in Windows 2003 Server: IIS Security Enhancements: Date - Jul 15, 2003; Author - Deb Shinder; Section - Articles / Windows 2003 Security; Microsoft’s Internet Information Services (IIS), while one of the most popularly deployed web servers, has long been considered to be a weak point on any server on which it is installed, when it comes to security. Web servers, by their very nature, are generally open to the Internet (unless they are used only for intranet access) and this makes them a natural target for hackers and attackers. In this article, we’ll cover some of the changes to the new version of IIS that are intended to make it less vulnerable to attackers.
Stop Spam Now!: Date - Jul 11, 2003; Author - Lyris MailShield; Section - Network Security Library / Anti Spam; Junk e-mail or spam is a growing problem for Internet users, whether you are an individual or a large corporation. According to varying studies, the cost of spam ranges from millions to billions of dollars worldwide. John Buckman, developer of the MailShield anti-spam/antirelay program discusses the impact of spam, and describes 5 strategies for stopping spammers in their tracks.
Host-Based IDS vs Network-Based IDS (Part 1): Date - Jul 10, 2003; Author - Ricky M. Magalhaes; Section - Articles / Intrusion Detection; This white paper will highlight the association between Network Based and Host based intrusion detection. A product comparison will be incorporated in a following white paper part 2 to assist in the selection of the appropriate IDS for your organization. Important facts and consideration will be highlighted to assist when selecting a sound intrusion detection system. This white paper will give you a better understanding of the differences between NID and HIDS and will highlight the strengths and weaknesses of both concurrently extending your knowledge and increasing your understanding of the IDS systems.
Trojans - and how to protect your network against them: Date - Jul 09, 2003; Author - GFI Software; Section - Network Security Library / Trojans; This white paper outlines what Trojans are and why they pose a danger to corporate networks. As early as 2001, an eWeek article reported that tens of thousands of machines are infected with Trojans. This is still the case today - and the use of more sophisticated technology makes them all the more alarming: Trojans can be used to steal credit card information, passwords, and other sensitive information, or to launch an electronic attack against your organization. The white paper discusses the need for a Trojan and executable scanner at mail server level in addition to a virus scanner, to combat this threat.
10 Steps to a Secure FTP Server: Date - Jul 08, 2003; Author - Ray Zadjmool; Section - Articles / Misc Network Security; With his first article for WindowSecurity.com, we are pleased to welcome Ray Zadjmool (MCSE, CISSP, CCNA) to our team of authors. FTP [File Transfer Protocol] is one of the oldest and most popular services found on the on the internet today. Serving as an easy and effective method by which to transfer files over a network, FTP has become a standard that is both accepted and widely accessible to users across almost every network and operating system in use today. In this article we will examine 10 options available native in Windows 2000 that can be used to secure an FTP site.
The Ins and Outs of Network Analyzers (Part 2): Date - Jul 02, 2003; Author - Ricky M. Magalhaes; Section - Articles / Misc Network Security; The second installment in this two part series, in this article I have focused on the ideas and workings of most well known industry sniffers. The article is written to assist you in making a more educated decision when picking the sniffer of your choice and will definately aid you when it comes to hunting for value features.
The Nigerian Spam Scam Exposed: Date - Jun 30, 2003; Author - Zone-H; Section - Network Security Library / Anti Spam; Ever wondered what would happen if you ever responded to one of the many Nigerian spam scams? Zone-H have done just that and have chronicled every step in this paper, from the first email exchange to the final phone call where they agreed to meet the scammers in Nigeria.
Trojans FAQ: Date - Jun 26, 2003; Author - The Editor; Section - Articles / Viruses, trojans and other malware; We have all heard alot about trojan horse programs and the threat that they pose to your network's security. This Trojan FAQ sheds some light on what these programs are, what they do, how they can infect your network and suggests measures that could be taken to prevent such infections. You can make sure that you have a good grasp on these malicious programs by browsing through this regularly updated Trojan FAQ which provides the answers to these questions and many others. With thanks to Dancho Danchev for his contributions to this FAQ.
Building and Implementing a Successful Information Security Policy: Date - Jun 25, 2003; Author - Dancho Danchev; Section - Network Security Library / Policy & Standards; Most recognize the necessity of having a security policy, but designing and successfully implementing one throughout your organization can be quite an intimidating task. To take the pain out of this process we are providing you with one of the most comprehensive guides on the design and implementation of an effective security policy for your company. To make this guide available to the entire community we have opened web distribution rights, allowing you to freely host this guide on your website and share it with colleagues.
Building and Implementing a Successful Information Security Policy: Date - Jun 19, 2003; Author - Dancho Danchev; Section - Articles / Misc Network Security; Most recognize the necessity of having a security policy, but designing and successfully implementing one throughout your organization can be quite an intimidating task. To take the pain out of this process we are providing you with one of the most comprehensive guides on the design and implementation of an effective security policy for your company. To make this guide available to the entire community we have opened web distribution rights, allowing you to freely host this guide on your website and share it with colleagues.
The Ins and Outs of Network Analyzers (Part 1): Date - Jun 10, 2003; Author - Ricky M. Magalhaes; Section - Articles / Misc Network Security; In this two part article I will focus on Network analyzers, the different forms they come in. I will also materialize what threat they pose to the corporate network, how they can be used as a vital troubleshooting tool and what to look for when searching for a sniffer.
PKI FAQ's: Date - Jun 06, 2003; Author - ArticSoft Ltd.; Section - Network Security Library / Auth. & Access Control; The Public Key Infrastructure has emerged as a way of providing confidentiality and accountability when communicating over the web. This FAQ describes the role of digital certificates and signatures, which are components of the PKI, and their effectiveness in securing communication.
Protecting your Email from Viruses and Other MalWare: Date - Jun 05, 2003; Author - Deb Shinder; Section - Articles / Content Security (Email & FTP); Virus writers, who used to spread their virtual “diseases” via infected floppies and network shares, have seized the opportunity posed by email programs that support attached files, HTML messages, and embedded scripts to send viruses and other malicious software (called “malware”) to hundreds or thousands of people with just a few keystrokes. In this article, we will look at how email viruses work and what you can do to protect your computer and network from them.
Using Protocol Rules to Block Specific Protocol Access to Sites: Date - Jun 03, 2003; Author - Ricky M. Magalhaes; Section - Articles / Authentication, Access Control & Encryption; In this tutorial I will cover how to block specific user accessing a resource related to a specific protocol on the internet. In most business environments it becomes important to have granular control on your domain users and your IP protocol stack. With this in mind you will find that you can use ISA to reduce specific protocol traffic at various times making more bandwidth available for other more productive activities.
Mask Your Web Server for Enhanced Security: Date - May 30, 2003; Author - Port80 Software; Section - Network Security Library / Web Security; Masking or anonymizing a Web server involves removing identifying details that intruders could use to detect your OS and Web server vendor and version. This information, while providing little or no utility to legitimate users, is often the starting place for crackers, blackhat hackers and "script kiddies". This article explores some ways you can minimize the risk of such detection.
Digital Signatures: Date - May 29, 2003; Author - Ricky M. Magalhaes; Section - Articles / Authentication, Access Control & Encryption; In this article I will clarify what a digital signature is and will demonstrate ways of using this technology to validate the identity of a user. The internet is filled with fraudulent villains that can take you or your organization to the cleaners, without you even knowing about it till it’s too late.
ServerFiles.com - New Network Software Directory Launched: Date - May 23, 2003; Author - The Editor; Section - Site News; We're pleased to announce the launch of ServerFiles.com, a directory of server based software for your Windows 2000/NT & .NET network. A no frills site that gives administrators and decision makers just what they need - reliable software listings in over 75 categories including "Patch Management", "Database Server Software" and "Network Monitoring". You'll be able to read about other user's experiences with the software listed or you can post your own comments. The site will be continuously updated with new listings so make ServerFiles.com your first stop when you need to find a software solution that's right for your network.
A Secure SQL Server: Date - May 22, 2003; Author - Bronek Kozicki; Section - Articles / Misc Network Security; Microsoft SQL servers are one of the favorite targets for Internet hackers, primarily because of the activity of worms (e.g. SQL Spida, Slammer) spreading through this service, secondly because the access to unsecured, however Internet-connected SQL servers is quite easy. In this article I would like to describe the rules for safeguarding the Microsoft SQL Server service to help you, dear readers, prevent yourselves from the consequences of possible attacks.
Key Iterations & Cryptographic Salts: Date - May 21, 2003; Author - ABI- Software Development; Section - Network Security Library / Cryptography; The following document discusses the use of key iterations and cryptographic salts to stop dictionary attacks in password based encryption (symmetric cryptography).
Your Quick Guide to Common Attacks: Date - May 20, 2003; Author - Robert J. Shimonski; Section - Articles / Misc Network Security; In this guide we'll go over many of the common attacks by providing a brief description of the attack and it's unique characteristics.
Combating SPAM Problems in a Corporate Environment: Date - May 20, 2003; Author - Brien Posey; Section - Network Security Library / Anti Spam; Perhaps no problem plagues the Internet as deeply as that of unsolicited junk E-mail, or SPAM. While there’s no doubt that SPAM can be annoying to the end users, SPAM can cause problems for both the network administrators and for those who own or manage a company. The reason for this is that SPAM robs your company of productivity and of system resources.
Email Harvesting Techniques FAQ: Date - May 19, 2003; Author - Uri Raz; Section - Network Security Library / Anti Spam; The main purpose of this FAQ is to make people aware of spammers' harvesting techniques as a first step toward protecting themselves.
Dealing Effectively with Spam: Date - May 19, 2003; Author - GFI Software; Section - Network Security Library / Anti Spam; This paper gives information on spam - what it is, its cost, and how to deal with it. Analyses a server based approach versus a client based approach to handling spam.
Data Protection in the European Union: Date - May 16, 2003; Author - European Communities; Section - Network Security Library / Anti Spam; Information relating to individuals, called ‘personal data’, is collected and used in many aspects of everyday life. Advancement in computer technology along with new telecommunications networks is allowing personal data to travel across borders with greater ease.. As a result, data concerning the citizens of one Member State are sometimes processed in other Member States of the EU. Therefore, as personal data is collected and exchanged more frequently, regulation on data transfers becomes necessary.
Spam: Date - May 16, 2003; Author - Vicomsoft Ltd.; Section - Network Security Library / Anti Spam; This document is intended to help you understand how to stop spam email with or without the use of an email spam filter or DNS blacklist. We are presenting this information in a Q&A (Questions and Answers) format that we hope will be useful. Our knowledge of this subject relates to Internet connectivity in general, and stems from our own TCP/IP networking technology and experience.
Spamfighting Overview FAQ: Date - May 16, 2003; Author - spamfaq.net; Section - Network Security Library / Anti Spam; The Spamfighting Overview offers a taste of the many techniques people use to fight spam. The objective isn't to teach you how to fight spam (there are many far superior documents that do just this), but rather to introduce some of the techniques you can use and refer you to some more detailed works.
Securing Remote Access Connections: Date - May 15, 2003; Author - Deb Shinder; Section - Articles / Authentication, Access Control & Encryption; Today many companies are enjoying the cost savings inherent in allowing some employees to work from home, while those employees benefit from the convenience of telecommuting. In addition, executives, salespeople and others need to connect to the company network when they go on the road, and/or need to access network resources in the evenings or on the weekends from home. All this adds up to a lot of remote access connections to the organization's network. In this article, we will discuss how to prevent remote connections from creating a security nightmare on your network.
Understanding Windows Logging: Date - May 13, 2003; Author - Ricky M. Magalhaes; Section - Articles / Windows OS Security; This article will focus on the importance of monitoring your windows event logs and will highlight the information that is able to be extracted from typical windows logs that help to secure your critical servers. The importance of monitoring the logs will be stressed and creative ways to do this centrally will also be covered. Logging is a very important factor when attempting to decipher what has taken place on a server.
Passwords: the Weak Link in Network Security: Date - May 07, 2003; Author - Deb Shinder; Section - Articles / Authentication, Access Control & Encryption; In this article, we will discuss how passwords work, why and how passwords are vulnerable, how to create more secure passwords, how to create effective password policies, and some alternatives to password-only authentication for high security environments.
How Windows Server 2003’s Software Restriction Policies Improve Security: Date - Apr 30, 2003; Author - Deb Shinder; Section - Articles / Windows 2003 Security; Allowing any unauthorized software to run on company computers, especially those connected to the network, poses many dangers. Even if the program isn’t infested with malicious code, incompatibility problems can result in operating system crashes, or interfere with the operation of other programs, and complicate tech support and troubleshooting – not to mention licensing issues. For this reason, Microsoft includes a new feature with Windows Server 2003 and Windows XP: software restriction policies.
Patch management with GFI LANguard N.S.S. & Microsoft SUS: Date - Apr 29, 2003; Author - GFI Software; Section - Network Security Library / Patch Management; Patch management is an essential network administration task and consists of scanning machines on the network for missing patches and deploying those patches as soon as they become available. This white paper provides an overview of how to use GFI LANguard Network Security Scanner (N.S.S.) and Microsoft Software Update Services (SUS) to keep your network updated.
Violating Database - Enforced Security Mechanisms: Date - Apr 24, 2003; Author - Next Generation Security Software Ltd.; Section - Network Security Library / Auth. & Access Control; This paper discusses the feasibility of violating the access control, authentication and audit mechanisms of a running process in the Windows server operating systems. Specifically, it discusses the feasibility of totally disabling application - enforced access control in a running service, taking SQL Server 2000 as a sizeable and meaningful example. Topics relating to "runtime patching" exploits are discussed.
Wireless Security Primer (Part II): Date - Apr 23, 2003; Author - Robert J. Shimonski; Section - Articles / Wireless Security; In this article, we will discuss what every Wireless Administrator should do (or think about) to keep their Wireless LANs (WLANs) safe and secure. Every time you deploy a Wireless network, you should always ask yourself the following questions outlined within this article. Much has been done to secure wireless transmissions, but there are still items missed that can help your security posture, that many administrators are still not doing and are very important.
Security Scanner & Patch Management Tools Review: Date - Apr 15, 2003; Author - William Henderson; Section - Articles / Product Reviews; Security scanning & patch management is essential to prevent vulnerabilities on your network. Patch management in particular has become a hot topic and I review some of the leading security scanning & patch management tools available today. This review gives you a ‘birds eye’ view of each tool, to give you an idea how they work and what they they’re meant for. I also compare tools so you can decide which would be best for your network.
Defining a Security Policy: Date - Apr 10, 2003; Author - Robert J. Shimonski; Section - Articles / Misc Network Security; Security Polices are a necessary evil in today’s enterprise networks. Without a Security Policy, you leave yourself open and vulnerable to a lot of political attacks. In this article, we will begin to look at all the measures you will need to deploy to successfully define a security policy.
Windows 2000 allows unauthorized users to get administrator rights on computer: Date - Apr 07, 2003; Author - Dmytro Bolotov; Section - Network Security Library / Windows Security; This article describes a security flaw which allows unauthorized users to get administrator rights on computers that are running Microsoft Windows 2000 operating system.
Intrusion Detection Systems (IDS) Part I - (network intrusions; attack symptoms; IDS tasks; and IDS architecture): Date - Apr 07, 2003; Author - Przemyslaw Kazienko & Piotr Dorosz; Section - Articles / Intrusion Detection; Due to a growing number of intrusions and since the Internet and local networks have become so ubiquitous, organizations increasingly implementing various systems that monitor IT security breaches. Intrusion Detection Systems (IDS) are those that have recently gained a considerable amount of interest. This is an introductory article to this topic. It gives an overview of several types of detectable attacks, symptoms that help in intrusion detection, describes IDS tasks, different architectures and concepts in this field.
Minimizing the effect of DOS attacks and overflows on your DNS servers: Date - Mar 27, 2003; Author - Ricky M. Magalhaes; Section - Articles / Misc Network Security; This whitepaper will focus on strategies used when minimizing downtime caused by DOS attacks, aimed at DNS servers. To achieve high potency intruders focus their efforts on machines that have a high impact on the network, Windows 2000 networks rely a great deal on DNS. Intruders know this, and your focus should be turned to securing the organizations DNS server.
Where Does EFS Fit into your Security Plan?: Date - Mar 25, 2003; Author - Deb Shinder; Section - Articles / Authentication, Access Control & Encryption; The ability to encrypt data – both data in transit (using IPSec) and data stored on the disk (using the Encrypting File System) without a need for third party software is one of the biggest advantages of Windows 2000 and XP/2003 over earlier Microsoft operating systems. Unfortunately, many Windows users don’t take advantage of these new security features or, if they do use them, don’t fully understand what they do, how they work, and what the best practices are to make the most of them. In this article I'll discuss EFS: its use, its vulnerabilities, and how it can fit into your overall network security plan.
Guide to Sybase Security: Date - Mar 20, 2003; Author - Network Intelligence India Pvt. Ltd.; Section - Network Security Library / Auditing; This article provides a detailed explanation of security for a Sybase database. The article has been written from the perspective of both security auditing and implementation. The queries and details given have been tested on Sybase Adaptive Server Enterprise 12.5 but will be valid for other versions as well.
Securing Windows 2000 DNS by using configuration (Part 2): Date - Mar 20, 2003; Author - Ricky M. Magalhaes; Section - Articles / Windows OS Security; Several configuration methods and a quick configuration guide have been devised to assist organizations in the secure configuration of their DNS servers. This document is intended to provide clarification when enabling the operational configuration requirements of the organizations configuration of secure DNS.
Understanding the Role of the PKI: Date - Mar 18, 2003; Author - Deb Shinder; Section - Articles / Authentication, Access Control & Encryption; The Public Key Infrastructure is a concept that is discussed frequently in the IT security world, but is not always well understood. Most of us know that the PKI is used for authentication and has something to do with public key pairs, but many only vaguely understand how the components of a PKI work together and the differences between private and commercial PKIs. In this article, we’ll provide a brief overview of what a PKI is and does, and where it can fit into your organization’s security plan.
Securing Windows 2000 DNS by design (Part 1): Date - Mar 13, 2003; Author - Ricky M. Magalhaes; Section - Articles / Windows OS Security; This white paper will focus on the importance of securing your Windows network’s DNS service and the features, functionality and security of the DNS server by using design. Several deployment methods for DNS in a Windows 2000 environment will be covered and defined. This document is intended to provide clarification when enabling the operational requirements of the organizations designing secure DNS.
Minimizing Security Incidents: Date - Mar 11, 2003; Author - Robert J. Shimonski; Section - Articles / Misc Network Security; One of the most pertinent strategies you can implement is one of minimizing the number and of course the severity of Security incidents. One of the biggest issues that I see when looking at security infrastructure is the fact that there is not a great deal of effort put into the possibility that there may even be a problem. In fact, most times when I come to an organization, security is not even something anyone really gave a lot of thought to. Because of this, many security problems linger in the darkness of the networks in questions.
Understanding Virtual Honeynets: Date - Mar 06, 2003; Author - Ricky M. Magalhaes; Section - Articles / Intrusion Detection; This white paper serves as a reference and knowledge repository on Honeynets and their function within modern interconnected organizations. Honeynets are used as a counter intrusion strategy when learning about intruder’s trends and tactics. Honeynets give you the ability to identify the tools and attack strategies that intruders use against you. Significant information like the information provided by honeynets proves to be vital and should be studied and incorporated into your counter intruder strategy.
Security in Converged Networks: Date - Mar 06, 2003; Author - Avaya Inc.; Section - Network Security Library / Managed Security Solutions; This paper describes converged networking security considerations and guidelines for IT managers and architects who are addressing converged infrastructure and application security.
SMBDie: Crashing Windows Servers with Ease: Date - Mar 04, 2003; Author - Robert J. Shimonski; Section - Articles / Windows OS Security; In this article, we will look at Windows based Security tools, and in this article, we will look at how to easily crash a Windows server in about 5 seconds. What is SMBDie? SMBDie is a tool (proof of concept) that was created to exploit a problem with the Windows operating system and when activated, will crash and Blue Screen the server immediately.
Wireless Attacks Primer: Date - Feb 24, 2003; Author - Robert J. Shimonski; Section - Articles / Wireless Security; In general, attacks on wireless networks fall into four basic categories: passive attacks, active attacks, man-in-the middle attacks, and jamming attacks. Let's review what these attacks mean on a wireless network.
Securing Data in Transit with IPSec: Date - Feb 17, 2003; Author - Deb Shinder; Section - Articles / Windows OS Security; With her first article for WindowSecurity.com, we are pleased to welcome Debra Littlejohn Shinder to our team of authors. Network security has many facets, and much emphasis is placed (rightly) on keeping intruders and attackers out of the network via firewalls. However, in today’s business environment, there are also many instances in which sensitive data needs to be protected within the local network from users who have legitimate access to the network – but do not need to have access to the data in question. The answer in that case is encryption.
Why anti-virus software is not enough: The urgent need for server-based email content checking: Date - Feb 15, 2003; Author - GFI Software; Section - Network Security Library / Anti Virus; This white paper explains why anti-virus software alone is not enough to protect your organization against the current and future onslaught of computer viruses. Examining the different kinds of email attacks that threaten today’s organizations, this paper describes the need for a solid server-based content-checking solution to safeguard your business against email viruses and attacks.
Make an Incident Response Plan: Date - Feb 12, 2003; Author - Robert J. Shimonski; Section - Articles / Misc Network Security; Incident Response is when a problem occurs, it is identified and then you need to respond to it. Responding to such an incident would be deemed “Incident Response” and you need to know the underlying concepts to Incident Response for be able to run your network efficiently. In this article, we will look at all the underpinnings of Incident Response, Chain of Custody and how to deal with a problem that occurs on a Microsoft based network.
Denial of Service 101: Date - Feb 05, 2003; Author - Robert J. Shimonski; Section - Articles / Misc Network Security; A denial of service (DoS) attack is an incident in which a user or organization is deprived of the services of a resource they would normally expect to have. Typically, the loss of service is the inability of a particular network service, such as e-mail, to be available or the temporary loss of all network connectivity and services. In this article we will look at a DoS and a DDoS which is a “Distributed Denial of Service” attack where the attack comes from multiple hosts, not just one host, to maximize the resulting devastation.
DBCC SHOWTABLEAFFINITY Buffer Overrun: Date - Jan 29, 2003; Author - Application Security, Inc.; Section - Network Security Library / Windows Security; This article documents the process of finding and exploiting buffer overrun bugs in many versions of Microsoft's SQL server.
Securing Windows 2000 Active Directory (Part 4) - Restoration: Date - Jan 29, 2003; Author - Ricky M. Magalhaes; Section - Articles / Windows OS Security; In this article I will focus on how important restoring the active directory is compared to running it securely. Having an un-restorable backup is disastrous especially if your AD has been corrupted by an attacker or a new AD targeting virus. There is no point in backing up and having thousands of dollars invested in a backup strategy if you can not restore.
The Complete Windows Trojans Paper: Date - Jan 24, 2003; Author - Dancho Danchev; Section - Network Security Library / Trojans; The Complete Trojans Text is a paper about Windows Trojans, how they work, their variations and, of course, strategies to minimise the risk of infection.
Hidden Backdoors, Trojan Horses and Rootkit Tools in a Windows Environment: Date - Jan 23, 2003; Author - Bartosz Bobkiewicz; Section - Articles / Windows OS Security; Not every case of a successful intrusion is “crowned” with a replaced Web site on the server, data theft or damage. Often electronic intruders do not wish to create a spectacle but prefer to avoid fame by hiding their presence on compromised systems, sometimes leaving certain unexpected things. They use sophisticated techniques to install specific “malware” (backdoors) to let them in again later with full control and in secret.
Federal Government Incident Response Team (IRT): Date - Jan 20, 2003; Author - SecurityUnit; Section - Network Security Library / Misc; This document examines the basic questions that must be addressed, when implementing an Incident Response Team (IRT), within an organization. It does not attempt to undertake an in-depth analysis of the requirements of an IRT, but provides a basic outline for such a team’s organization and functions. This document can be used to better understand the duties and responsibilities of an IRT, and some of the pitfalls to avoid when creating one.
Securing Windows 2000 Active Directory (Part 3) - Backup and Restoration: Date - Jan 06, 2003; Author - Ricky M. Magalhaes; Section - Articles / Windows OS Security; In this article I will focus on the active directory process. As part of securing your active directory you need to ensure that as a contingency plan you are able to restore your active directory in event of disaster.