WindowSecurity.com Articles & Tutorials Archive

Articles & Tutorials by date (Click here to sort Articles & Tutorials by topic)

2008
[	8	]	January, 2008	[	6	]	February, 2008	[	6	]	March, 2008
[	11	]	April, 2008	[	1	]	May, 2008
2007
[	10	]	January, 2007	[	9	]	February, 2007	[	8	]	March, 2007
[	6	]	April, 2007	[	8	]	May, 2007	[	6	]	June, 2007
[	7	]	July, 2007	[	11	]	August, 2007	[	7	]	September, 2007
[	12	]	October, 2007	[	11	]	November, 2007	[	7	]	December, 2007
2006
[	13	]	January, 2006	[	9	]	February, 2006	[	11	]	March, 2006
[	9	]	April, 2006	[	12	]	May, 2006	[	10	]	June, 2006
[	9	]	July, 2006	[	11	]	August, 2006	[	9	]	September, 2006
[	10	]	October, 2006	[	11	]	November, 2006	[	9	]	December, 2006
2005
[	9	]	January, 2005	[	11	]	February, 2005	[	12	]	March, 2005
[	12	]	April, 2005	[	11	]	May, 2005	[	14	]	June, 2005
[	12	]	July, 2005	[	14	]	August, 2005	[	10	]	September, 2005
[	10	]	October, 2005	[	8	]	November, 2005	[	9	]	December, 2005
2004
[	4	]	January, 2004	[	3	]	February, 2004	[	5	]	March, 2004
[	3	]	April, 2004	[	6	]	May, 2004	[	9	]	June, 2004
[	9	]	July, 2004	[	8	]	August, 2004	[	8	]	September, 2004
[	7	]	October, 2004	[	9	]	November, 2004	[	9	]	December, 2004
2003
[	6	]	January, 2003	[	5	]	February, 2003	[	10	]	March, 2003
[	8	]	April, 2003	[	15	]	May, 2003	[	8	]	June, 2003
[	11	]	July, 2003	[	5	]	August, 2003	[	6	]	September, 2003
[	13	]	October, 2003	[	5	]	November, 2003	[	4	]	December, 2003
2002
[	1	]	March, 2002	[	9	]	April, 2002	[	7	]	June, 2002
[	29	]	July, 2002	[	7	]	August, 2002	[	4	]	September, 2002
[	537	]	October, 2002	[	10	]	November, 2002	[	8	]	December, 2002
2001
[	6	]	February, 2001	[	1	]	May, 2001	[	1	]	October, 2001
2000
[	129	]	February, 2000	[	188	]	April, 2000	[	5	]	September, 2000
[	2	]	December, 2000

Articles & Tutorials for June, 2005

Share Permissions: Date - Jun 30, 2005; Author - Derek Melber; Section - Articles / Authentication, Access Control & Encryption; All production Windows networks need to have resources (folders, files, documents, spreadsheets, etc) made available from servers so users on the network can access them. The way this is done is through the use of shared folders configured on the servers which house the resources. The concept of shared folders has not changed over the generations of Windows operating systems and versions, but the protection of the resources has slightly changed. Whether you are new to the concept of shared folders or an expert, this article will take an in-depth look at the pitfalls and suggested methods on how to protect the resources that are shared from servers to users on the network.
Denial of Service Attacks: "Smurfing": Date - Jun 28, 2005; Author - Craig A. Huegen; Section - Network Security Library / Network Security; This article provides good information on what a Denial of Service (DoS) attack is and why they can be so harmful to networks and sites on the Internet. The information here provides in-depth information regarding "smurf" and "fraggle" attacks with a focus on Cisco routers and how to reduce the effects of the attack. Some information is general and not related to an organization or particular vendor of choice, however the article does include information regarding other vendor products. Although DoS is not a new threat, the information contained here is comprehensive and timeless.
The Student, the Teacher, and Optix Pro (Part 1): Date - Jun 28, 2005; Author - Don Parker; Section - Articles / Viruses, trojans and other malware; In this article series we will learn about a Trojan called Optix Pro. This is an especially lethal Trojan. With the first Part we will cover a little of Trojan history, see our fictional college’s network, and round out with our fictional student physically infecting his professor’s computer.
NAT Traversal (NAT-T) Security Issues: Date - Jun 23, 2005; Author - Deb Shinder; Section - Articles / Windows Networking; In this article, we’ll look at how NAT-T (Network Address Translation-Traversal) works and what the security issues are, help you decide whether to take the risk, and show you how to restore XP’s ability to connect to servers behind a NAT if you choose to do so.
Phishing: An Interesting Twist On A Common Scam: Date - Jun 22, 2005; Author - Darren Miller; Section - Network Security Library / Phishing; Imagine you are the CIO of a national financial institution and you've recently deployed a state of the art online transaction service for your customers. To make sure your company's network perimeter is secure, you executed two external security assessments and penetration tests. When the final report came in, your company was given a clean bill of health. At first, you felt relieved, and confident in your security measures. Shortly thereafter, your relief turned to concern. "Is it really possible that we are completely secure?" Given you're skepticism, you decide to get one more opinion.
Evaluating a New Security Policy: Date - Jun 21, 2005; Author - Brien Posey; Section - Articles / Misc Network Security; There was a time when it wasn’t all that risky to try out new security settings on production servers, but operating systems have become much more complex since then. Today, even changing something as simple as the required password length can have unanticipated side effects elsewhere in the system. In this article, I will explain how to evaluate a new security policy in a safe and responsible manner.
Obfuscated Shellcode, the Wolf in Sheep's Clothing (Part 3): Date - Jun 16, 2005; Author - Don Parker; Section - Articles / Viruses, trojans and other malware; In this last part of the three part series based on shellcode obfuscation, we will actually substitute the well known NOP sled for one of a differing function. We will also see what, if any, changes are noticed by Snort.
Instant Messenger Security: Securing Against the Threat of Instant Messengers: Date - Jun 16, 2005; Author - Gunter Ollmann; Section - Network Security Library / Network Security; It is expected that as many as 300 million people use Instant Messaging (IM) products. Organizations are facing two problems with IM services; adoption has been driven by the end user and not by management, and the client applications were initially built for home users not businesses – consequently they emphasise functionality over security. Thus, almost through the back door IM has entered into the corporate world creating yet another layer of security concern. Unsecured IM client installations are placing enterprise systems at risk to hackers, viruses, worms, Trojans, legal liability and violation of privacy laws.
Hiring Hackers As Security Consultants: Date - Jun 14, 2005; Author - Brien Posey; Section - Articles / Misc Network Security; The subject of whether it is ethical to use former hackers to evaluate a network’s security is a topic that is often hotly debated. In this article, I will explore the pros and cons of using former hackers in such roles.
Code Signing: Is it a Security Feature?: Date - Jun 09, 2005; Author - Deb Shinder; Section - Articles / Authentication, Access Control & Encryption; Code signing is a mechanism whereby publishers of software and content can use a certificate-based digital signature to verify their identities to users of the code, thus allowing users to decide whether or not to install it based on whether they trust the publisher. Code signing has been touted as a major security feature, but it’s important for users to understand its uses and its limitations. In this article, we’ll take a look at how code signing works and where it fits into your organization’s security plan.
The Phishing Guide - Understanding & Preventing Phishing Attacks: Date - Jun 08, 2005; Author - Gunter Ollmann; Section - Network Security Library / Phishing; Phishing is the new 21st Century Crime. Organizations and their customers constantly fall prey to "Phishing Schemes". While Phishers develop evermore sophisticated attacks, network administrators, and their customers grow wary of system security and the official looking requests that mimic official business requests. This paper covers the technologies and security flaws Phishers exploit to conduct their attacks and steal your information. The information contained here should help network and security professionals arm themselves against the exploits of Phishing Scams.
How A Security Specialist Fell Victim To Attack: Date - Jun 08, 2005; Author - Darren Miller; Section - Network Security Library / Web Security; These days, I write several pages for our site plus two to three articles per week. For the most part, articles are re-published without you even knowing. You typically find out when someone visits your site from another where the article has been posted. Other times, the site that plans on posting the article e-mails you and asks you to review it before it goes live. Two weeks ago, I received one of these e-mails. It was all downhill from there.
Obfuscated Shellcode, the Wolf in Sheep's Clothing (Part 2): Date - Jun 07, 2005; Author - Don Parker; Section - Articles / Viruses, trojans and other malware; In this second part we will actually see what a NOP sled is, and looks like. Furthermore, we will use an exploit with an existing NOP sled to see how it shows up on an IDS such as Snort with a default ruleset in place.
WindowSecurity.com relaunches free online Trojan scanning service: Date - Jun 02, 2005; Author - The Editor; Section - Site News; WindowSecurity.com has relaunched its free web-based service enabling users to check their system for any known Trojans. With totally new scanning technology, an updated powerful engine, and an extensive Trojan signature database, the Trojan scanner is the most comprehensive free scanner available.