Articles & Tutorials

Articles & Tutorials / Authentication, Access Control & Encryption

Event IDs for Windows Server 2008 and Vista Revealed!: Date - Jul 01, 2009; Author - Derek Melber; How to track every event that is logged on a Windows Server 2008 and Windows Vista computer.
Centralized Auditing is here and it's FREE!: Date - Jun 25, 2009; Author - Derek Melber; Discussing Centralized Auditing, focusing on the system requirements and ultimate advantages.
What's new in the Windows 7 Firewall?: Date - Jun 17, 2009; Author - Deb Shinder; Taking a look at the Windows Firewall in Windows 7, showing you how to configure it with multiple active firewall policies.
Windows Passwords: Making them Secure (Part 3): Date - Jun 03, 2009; Author - Derek Melber; How to make a Windows password secure enough to solve all of the issues that were covered in the first two installations of this series.
Infosec Europe: Date - May 27, 2009; Author - Ricky M. Magalhaes; Some of the predictions and the discussions by top Security professionals at Infosec Europe 2009.
Locking Down Windows Server 2008 Terminal Services: Date - May 20, 2009; Author - Chris Sanders; Things you can do to make your Terminal Server environment more secure.
Security in the Cloud: Trustworthy Enough for Your Business?: Date - May 13, 2009; Author - Deb Shinder; Taking a look at “The Cloud”. Is it secure enough for your business?
Windows Passwords: Making them secure (Part 2): Date - May 06, 2009; Author - Derek Melber; What technologies are available to break into a Windows password.
Windows Passwords: Making them Secure (Part 1): Date - Apr 15, 2009; Author - Derek Melber; What you can do to increase security for your passwords.
Troubleshooting Kerberos in a Sharepoint Environment (part 3): Date - Apr 08, 2009; Author - Jesper M. Christensen; What Kerberos delegation is and when we need to configure it.
Windows Server 2008 R2 and Windows 7: More Secure Together: Date - Apr 01, 2009; Author - Deb Shinder; Taking a look at some features that make the Server 2008 R2/Windows 7 combination the best for organizations looking to improve the security of their Windows-based networks.
Secure Data Disposal: Date - Mar 25, 2009; Author - Ricky M. Magalhaes; Secure data disposal methods; how organisations that reuse media may employ countermeasures to prevent exposure.
Exposing Microsoft Windows 7 User Account Control (UAC): Date - Mar 19, 2009; Author - Derek Melber; Taking a look at the old and new UAC technology to determine if you should consider Windows 7 and UAC.
Social Networking: Latest, Greatest Business Tool or Security Nightmare?: Date - Mar 04, 2009; Author - Deb Shinder; The good, the bad and the ugly of using popular social networking tools in the business environment.
Using Group Policy to Negate Conflicker on Windows: Date - Feb 18, 2009; Author - Derek Melber; Different methods you can use to help secure a desktop from being infected with the ConFlicker worm.
What's new on the security front with Windows 7?: Date - Feb 11, 2009; Author - Deb Shinder; Taking a look at Windows 7 security features and whether, from a purely security standpoint, it is worth the upgrade.
Troubleshooting Kerberos in a Sharepoint Environment (part 2): Date - Feb 04, 2009; Author - Jesper M. Christensen; Taking a look at SPN Configuration, Duplicate Service Principal Names and DNS Configuration mismatch.
Using Certificate-Monitoring Tools with Windows Server 2008: Date - Jan 14, 2009; Author - Robert J. Shimonski; How Windows Server 2008 works with Certificate Services as well as which tools you can use to monitor it with.
Troubleshooting Kerberos in a SharePoint environment (Part 1): Date - Jan 07, 2009; Author - Jesper M. Christensen; Creating a test environment to show which error-messages come from configuration problems.
Creating and Managing Local Groups on Servers and Desktops: Date - Oct 01, 2008; Author - Derek Melber; With the new Group Policy Preferences, you can create and manage the members of local groups. Here, learn how to do all of this with the new GPP settings.
Control ALL USB Devices Using Group Policy: Date - Sep 17, 2008; Author - Derek Melber; How to use Device Installation Restrictions to control USB devices on Windows Vista.
Kerberos in a Sharepoint Environment: Date - Jul 30, 2008; Author - Jesper M. Christensen; The basics of using Kerberos in a Sharepoint environment.
Documenting Authenticity of Evidence for the E-Discovery Process: Date - Jul 16, 2008; Author - Deb Shinder; E-discovery is an important part of civil and criminal court processes. Inability to produce material can hinder the legal process and damage your case. Be prepared with a plan by which you can find evidentiary material and prove its authenticity.
Controlling Encrypting File System (EFS) using Group Policy: Date - Apr 23, 2008; Author - Derek Melber; Using Group Policy to control where EFS can be used.
Configuring the Windows Server 2008 Terminal Services Gateway (Part 2): Date - Apr 08, 2008; Author - Thomas Shinder; How to install and configure the TS Gateway and the RDP client; making and testing the connection.
Configuring the Windows Server 2008 Terminal Services Gateway (Part 1): Date - Mar 26, 2008; Author - Thomas Shinder; How to put together a working Terminal Services Gateway solution.
Configuring Windows Server 2008 as a Remote Access SSL VPN Server (Part 3): Date - Feb 14, 2008; Author - Thomas Shinder; We will perform some small configuration changes in the Active Directory and on the CA Web site. Then we will focus on the VPN client configuration and finish up by establishing the SSL VPN connection.
Multifactor authentication in Windows – Part 2: Preparing Devices on XP and Windows 2003: Date - Feb 12, 2008; Author - Martin Kiaer; How to prepare Windows to support multi-authentication devices and give you some best practice advice along the way, when preparing smart cards or USB tokens in your Windows XP and Windows Server 2003 environment.
Configuring Windows Server 2008 as a Remote Access SSL VPN Server (Part 2): Date - Jan 30, 2008; Author - Thomas Shinder; The steps required to get a simple three machine SSTP VPN client/server solution to work.
PCI DSS Compliance (Part 2): Date - Jan 23, 2008; Author - Ricky M. Magalhaes; Maintaining a vulnerability management program, implementing strong access control measures and maintaining an information security policy.
Configuring Windows Server 2008 as a Remote Access SSL VPN Server (Part 1): Date - Jan 08, 2008; Author - Thomas Shinder; A high level overview of VPN networking technologies and a description of Microsoft VPN protocols, highlighting the advantages of the new SSTP VPN protocol.
PCI DSS Compliance (Part 1): Date - Jan 02, 2008; Author - Ricky M. Magalhaes; We will cover PCI DSS compliance and how to form solutions that help your organisation become complaint.
Multifactor authentication in Windows – Part 1: Smart Cards and USB Tokens: Date - Nov 20, 2007; Author - Martin Kiaer; Taking a look at various multifactor authentication technologies that can be used with Windows. In the first article we’ll look at the basics of chip based authentication.
Privacy - Keeping your information confidential: Date - Oct 16, 2007; Author - Ricky M. Magalhaes; Important tips on keeping your information confidential when using the net.
A Microsoft PKI quick guide – Part 4: Troubleshooting: Date - Sep 19, 2007; Author - Martin Kiaer; How to maintain and troubleshoot your PKI using some basic, but very valuable tools.
Authentication: The Next Frontier: Date - Sep 11, 2007; Author - Ricky M. Magalhaes; Understanding Authentication.
Encryption Key Management: Date - Aug 22, 2007; Author - Ricky M. Magalhaes; What needs to be done to effectively store the keys to your encrypted data.
A Microsoft PKI Quick Guide – Part 3: Installation: Date - Aug 15, 2007; Author - Martin Kiaer; How to install a PKI based on Microsoft Certificate Services in Windows Server 2003.
A Microsoft PKI Quick Guide – Part 2: Design: Date - Jul 18, 2007; Author - Martin Kiaer; How to avoid common mistakes during the design phase.
Block Party: A Cryptographic Standard Shindig: Date - Jun 27, 2007; Author - Justin Troutman; The greatest product of modern cryptography is probably the competition for a new cryptographic standard which will, in the near future, give us a new hash function standard.
Default Deny All Applications (Part 2): Date - Jun 05, 2007; Author - Jakob H. Heidelberg; A quick “brush up” on how to configure and implement Software Restriction Policies.
A Microsoft PKI Quick Guide - Part 1: Planning: Date - May 09, 2007; Author - Martin Kiaer; How to design, install and troubleshoot a PKI (Public Key Infrastructure) based on Microsoft Certificate Services in Windows Server 2003.
Default Deny All Applications (Part 1): Date - Apr 26, 2007; Author - Jakob H. Heidelberg; The built-in software control in modern Windows operating systems.
Controlling Privileges of the Administrator Accounts: Date - Jan 30, 2007; Author - Derek Melber; A look at what Administrator accounts are capable of doing and accessing.
A best practice guide on how to configure BitLocker (Part 2): Date - Jan 23, 2007; Author - Martin Kiaer; A look at BitLocker from an Active Directory point of view and a look at BitLocker and TPM configuration using Group Policies and how to perform key recovery.
A best practice guide on how to configure BitLocker (Part 1): Date - Jan 03, 2007; Author - Martin Kiaer; How to configure BitLocker and how to get BitLocker to rock in Windows Vista using best-practice methods.
Managing Windows Vista Group Policy (Part 3): Date - Dec 20, 2006; Author - Jakob H. Heidelberg; Covers basic troubleshooting, improved stability and Network Location Awareness.
Shopping For The Right Ingredients: A Small Grocery List For The Secure Channel: Date - Dec 12, 2006; Author - Justin Troutman; The requirements needed to design a secure channel centering around AES.
Managing Windows Vista Group Policy (Part 2): Date - Nov 29, 2006; Author - Jakob H. Heidelberg; How Multiple Local Group Policy Objects (MLGPO) can make any ‘stand-alone’, or ‘kiosk’, administrator happy.
Managing Windows Vista Group Policy (Part 1): Date - Nov 09, 2006; Author - Jakob H. Heidelberg; This article covers Administrative Templates and the Central Store in Windows Vista Group Policy.
The Layman's Unconventional Guide to the Advanced Encryption Standard (Part 2): Date - Sep 27, 2006; Author - Justin Troutman; This article looks at the core of Rijndael – the round transformation – which will be broken down into its four steps: SubBytes, ShiftRows, MixColumns, and AddRoundKey.
Implementing Active Directory Delegation of Administration: Date - Sep 13, 2006; Author - Derek Melber; In this article I will go into the details you need to know on how to implement delegation of administration, as well as some design ideas to get you started.
Understanding User Account Control in Vista: Date - Aug 23, 2006; Author - Derek Melber; In this article I will explain what User Account Control (UAC) is and what it is not.
Understanding EFS: Date - Jul 27, 2006; Author - Derek Melber; In this article we will take a look at the new and improved EFS.
The Layman's Unconventional Guide to the Advanced Encryption Standard (Part 1): Date - Jun 23, 2006; Author - Justin Troutman; An unconventional, elaborate glance at the mathematics behind the Advanced Encryption Standard, geared towards the non-mathematician.
Calamitous Cryptography: The Extortoise and the Haregretful: Date - May 31, 2006; Author - Justin Troutman; Cryptovirology - cryptography's evil younger sibling. Let's look at how the intensity of this dark science feeds directly from the security of its older, defensive brother.
How to Nest Users and Groups for Permissions: Date - May 18, 2006; Author - Derek Melber; In this article I will show you how to nest users and groups for permissions.
Understanding Windows NTFS Permissions: Date - May 03, 2006; Author - Derek Melber; In this article I will explain the NTFS methods and features that are available with Windows 2000, Windows XP and Windows 2003 Server.
How to use Kerberos Authentication in a Mixed (Windows and UNIX) Environment: Date - Apr 19, 2006; Author - Deb Shinder; Kerberos is the protocol of choice for mixed network environments. This article explains how to use Kerberos authentication in these mixed environments.
Why and how to implement SecurID Authentication: Date - Apr 11, 2006; Author - Deb Shinder; Authenticating users who log onto your network by account name and password only is the simplest and cheapest (and thus still the most popular) means of authentication. However, companies are recognizing the weaknesses of this method. Passwords can be guessed or cracked using dictionary attacks or more sophisticated methods such as rainbow tables, or users can be coerced, charmed or tricked into revealing their passwords to others. These latter techniques, called social engineering, have become a growing problem for companies of all sizes.
Deploying Auditing Settings and Reporting What is Configured: Date - Mar 15, 2006; Author - Derek Melber; Within Windows you might want to track who is performing specific tasks. This might be to meet a regulatory compliance, or to just track when users perform tasks on desktops and servers. The benefits of deploying auditing settings to all computers include better control of the environment, audit trails for security reasons, and tracking of events for forensics. The big question boils down to how should these settings be deployed correctly, efficiently, and with assurance that the settings will be persistent? The answer is simple and efficient: Group Policy. Here, we will look at the settings that need to be deployed, the methods to deploy them, and options to verify that the settings are still in place.
More on Running Windows Under Non-Admin Accounts: Date - Mar 07, 2006; Author - Mitch Tulloch; This article is a follow up to my previous article on WindowsNetworking.com titled "Running Windows Under Non-Admin Accounts" and shares some comments from readers concerning issues they've found and solutions they've tried for limiting desktop computer users to non-admin accounts. The article also provides some additional workarounds for performing admin-level tasks while logged on to a computer using ordinary user credentials.
The Simplistic Trio: Three of the Many Musketeers Fighting in the Name of Simplicity: Date - Feb 22, 2006; Author - Justin Troutman; Simplicity is a pillar of good cryptography. In this article, we'll cover several "acts" of simplicity, ranging from independence in modularity, reduction of complexity, and conservative threat modeling, along with a final spiel on the importance of using message authentication.
Caveat Lector: Authentication, the Forgotten, Should-be Predominant: Date - Feb 02, 2006; Author - Justin Troutman; Using the familiar Alice and Bob model, we'll take a look at the concept of integrity preservation, through the use of a MAC, or Message Authentication Code. This article will define what it is, what it does, and why it's vital in the majority of cases, although often overlooked in most of them.
Applying Certificates to a WSUS Server: Date - Jan 24, 2006; Author - Brien Posey; Many administrators tend to ignore the recommendation that WSUS be configured to use SSL encryption if the WSUS server is only servicing clients within the perimeter network. However, if SSL encryption is not used, a hacker could potentially steal the WSUS server’s identity and use the spoofed server to send malicious versions of patches to your clients. If you don’t like the idea of having a bunch of infected clients on your network, then check out this article on how to encrypt WSUS transactions.
Determining Whether an in House or an External Certificate Authority is More Appropriate for Your Company: Date - Jan 10, 2006; Author - Brien Posey; With security becoming such a huge priority for companies over the last few years, many administrators who might have never thought twice about digital certificates are suddenly finding themselves in situations that require issuing various types of certificates. In this article, I will explain some of the benefits and some of the drawbacks of internal and external certificate authorities, in an effort to help you to make an intelligent decision as to what is right for your network.
Anonymous Connections: Date - Dec 27, 2005; Author - Derek Melber; Is your network safe from intruders? With all of the different methods that intruders use to weasel their way into your network and servers, you can’t be sure. Hackers will use trojan horses, backdoors, compromised user accounts, and the front door. That is right, the front door! Ok, maybe a side door, but unless your Windows environment is protected, an intruder can use a door to your house that was put there when you made the installation. This “door” in a Windows operating system is the anonymous connection.
Remote Authentication: Different Types and Uses: Date - Dec 22, 2005; Author - Don Parker; Computer networks have arguably helped worker efficiency and helped a company’s bottom line. Well with that has come the need for workers to, at times, remotely log into the corporate network. This is ideally done via secure means. Within the confines of this article we will look at several of these methods.
Access Controls: What is it and how can it be undermined?: Date - Dec 15, 2005; Author - Don Parker; We have stoplights on city streets, and locks on the doors of our homes. What these things have in common is that they are access controls. The world of computer security is very much the same in that it employs various ways to limit access. In this article we will cover several ones and discuss their usage.
Biometrics and You: Date - Dec 08, 2005; Author - Don Parker; The world of computer security has spawned yet another way to help secure one’s computer assets. That would be the still maturing area that is biometrics. Just what are biometrics anyway, and are they really being adopted by the mainstream? Read on to find out.
Windows & Active Directory Auditing: Date - Nov 22, 2005; Author - Derek Melber; If you are like most administrators, you want to know who is logging on, to which computer, and accessing resources on your servers. For your Windows computers and Active Directory environment, you have options to help you determine what you want to know.
Backing up and Restoring GPOs using the GPMC: Date - Nov 03, 2005; Author - Derek Melber; Without the Group Policy Management Console (GPMC) administration of Group Policy takes patience, imagination, and thorough understanding of the property sheets within the Active Directory Users and Computers. The GPMC solves these problems by providing a very intuitive interface for managing all aspects of Group Policy. This article will discuss the finer points of how the backup and restore options work within the GPMC.
Delegating Group Policy Privilege using the GPMC: Date - Oct 27, 2005; Author - Derek Melber; If you have an Active Directory domain or enterprise, you are all too familiar with Group Policy. Group Policy is the preferred way to ensure standardized and secure domain controllers, servers, and clients. With standards becoming so highly regarded to reduce the TCO of clients, Group Policy control is essential. This article describes "who" can perform "which" tasks with Group Policy and the proper way to configure them within the GPMC.
Changing Passwords for Key User Accounts: Date - Oct 13, 2005; Author - Derek Melber; I must warn all readers that this article is direct and aimed to make you feel a bit uncomfortable. The goal is to expose a few vulnerabilities in your network, so that they can be fixed. However, my experience and research has proven that most companies fall into the same bucket when it comes to these vulnerabilities.
Windows Vista and Principle of Least Privilege: Date - Sep 22, 2005; Author - Derek Melber; It is not surprising that Microsoft is getting on the bandwagon for implementing the Principle of Least Privilege for their next operating system named Windows Vista. This article will investigate some of the current issues with least privilege and investigate the reality of what Microsoft is proposing with Windows Vista.
How to Use Microsoft’s Shared Computer Toolkit: Date - Sep 06, 2005; Author - Deb Shinder; The Shared Computer Toolkit for Windows was designed to help administrators better manage and secure public computers, such as those in kiosks, libraries, Internet cafes, schools, etc. But the toolkit is useful for any situation in which multiple persons use the same computer, including family computing and small business offices where several employees must use the same machine. This article shows you how to get and use the toolkit, which is in beta testing at the time of this writing.
Ideal-to-Realized Security Assurance In Cryptographic Keys (Part 2): Date - Aug 23, 2005; Author - Justin Troutman; In the final installment of this two-part series, we'll cover two closely related collision attacks - the birthday attack and the meet-in-the-middle attack. We'll conclude by emphasizing the importance of simplicity through conservatism, and establishing a "golden rule" for instantiating the lengths of many cryptographic values.
Implementing Principle of Least Privilege: Date - Aug 18, 2005; Author - Derek Melber; The Principle of Least Privilege is not a new concept, but the push to implement it on production networks has never been so important. This article will go over some of the most common configurations that you can make to implement these principles and reduce the possibility of an attack from a typical end user.
Ideal-to-Realized Security Assurance In Cryptographic Keys (Part 1): Date - Aug 16, 2005; Author - Justin Troutman; In the first installment of this two-part series, we'll cover key length, and relative concerns, such as entropy and how password etiquette affects key space complexity. We'll look at how the length of the key doesn't inherently equate to the security of the key, and why security isn't even just about keys, at all.
Auditing user accounts: Date - Aug 04, 2005; Author - Derek Melber; With Sarbanes Oxley, HIPAA, GLM, and the other auditing compliance programs getting so much attention, all aspects of the network environment are under a microscope. For any operating system environment this includes the auditing of the user accounts and their related properties. Considering that many attacks are accessed through a user account that has one or more incorrect and insecure settings, it makes sense to focus on user account properties during the audit. Within a Windows Active Directory environment there are the standard user properties that must be audited, plus a few that may not fall into too many other network environments. This article will discuss the key user account properties that need to be audited, as well as the tools that can help complete the task.
Share Permissions: Date - Jun 30, 2005; Author - Derek Melber; All production Windows networks need to have resources (folders, files, documents, spreadsheets, etc) made available from servers so users on the network can access them. The way this is done is through the use of shared folders configured on the servers which house the resources. The concept of shared folders has not changed over the generations of Windows operating systems and versions, but the protection of the resources has slightly changed. Whether you are new to the concept of shared folders or an expert, this article will take an in-depth look at the pitfalls and suggested methods on how to protect the resources that are shared from servers to users on the network.
Code Signing: Is it a Security Feature?: Date - Jun 09, 2005; Author - Deb Shinder; Code signing is a mechanism whereby publishers of software and content can use a certificate-based digital signature to verify their identities to users of the code, thus allowing users to decide whether or not to install it based on whether they trust the publisher. Code signing has been touted as a major security feature, but it’s important for users to understand its uses and its limitations. In this article, we’ll take a look at how code signing works and where it fits into your organization’s security plan.
Using Dual Accounts for Administrators: Date - May 19, 2005; Author - Derek Melber; With security on the minds of everyone, including all administrators and executives, every precaution needs to be taken to protect the network devices, servers, clients, Active Directory, and network resources. Historically and even recently administrators and others that have elevated privileges to essential resources have been able to use a single user account for all of their activities, whether the activity is one that a common end user would perform or one that only an administrator can perform. It is time to consider the exposure that this situation creates and take action to protect all resources that are exposed by this activity.
Built-in Groups vs. Delegation: Date - May 10, 2005; Author - Derek Melber; The administration of users, groups, computer accounts, resetting passwords, and group policy objects are some of the most important tasks that need to be done on a typical Active Directory network. When these tasks are assigned, there are two options within Active Directory to provide this access: Built-in groups and Delegation of Administration.
Increasing Security with Limited User Accounts and Restricted Groups: Date - Apr 26, 2005; Author - Deb Shinder; In this article, we’ll talk about the differences between the built-in and default local account types, and the differences between local and domain user accounts. Then we’ll discuss how you can increase security by creating customized limited user accounts and using Restricted Groups.
Passwords - Common Attacks and Possible Solutions: Date - Jan 07, 2005; Author - Dancho Danchev; Making sure authorized users have access to either sensitive company information or their personal e-mail can be a dauntning task, given the fact that an average user has to remember at least 4/5 passwords, a couple of which have to be changed on a monthly basis. The majority of users are frustrated when choosing or remembering a password, and are highly unaware of the consequences of their actions while handling accounting data. This article will provide you with an overview of how important, yet fragile, passwords security really is; you will be acquainted with different techniques for creating and maintaining passwords, and possible alternative methods for authentication, namely Passphrases, Biometrics and Public Key Infrastructure(PKI).
Protect Against Weak Authentication Protocols and Passwords: Date - Oct 28, 2004; Author - Derek Melber; Did you know that your Windows computers store and send weak password hashes which are very easy to crack? Even if you run legacy operating systems, there are methods that you can implement that will protect against these weak authentication protocols and password hashes being generated.
Implementing and Troubleshooting Account Lockout: Date - Aug 31, 2004; Author - Mitch Tulloch; This article examines the advantages and disadvantages from a security standpoint of implementing account lockout on a network running Active Directory. The article also describes some account lockout and management tools you can obtain from the Microsoft Download Center and how to use these tools to troubleshoot account lockout problems.
Using a Split DNS to Support Small Business Remote Access Connections: Date - Jul 13, 2004; Author - Thomas Shinder; Small businesses are getting into the remote access market. No, I don’t mean that small businesses are becoming ISPs. What I do mean is that small businesses want to be able to access information stored on machines located on their small business network no matter where they go, in the same way big businesses do it.
Kerberos Authentication Events Explained: Date - Jul 01, 2004; Author - Randall F. Smith; On Windows 2000 and Windows Server 2003 you can track all the logon activity within your domain by going no futher than your domain controller security logs. But you must interpret Kerberos events correctly in order to to identify suspicious activity. This article explains how Kerberos works in the Windows environment and how to understand the cryptic codes your find in the security log.
Deciphering Authentication Events on Your Domain Controllers: Date - Jun 04, 2004; Author - Randall F. Smith; Beginning with Windows 2000, Microsoft introduced a new audit policy called “Audit account logon events” which solved one of the biggest shortcomings with the Windows security log. Until this new category it was impossible to track logon activity for domain accounts using your domain controllers’ security logs. This article will explain how to decipher authentication event on your domain controllers.
Server 2003’s Network Access Quarantine Control: What is it and How Does it Enhance Security?: Date - May 26, 2004; Author - Deb Shinder; Windows Server 2003 includes many new features designed to make your servers and networks more secure. One of the least understood is the new network access quarantine control feature, even if you’ve heard of it, you might not know what it is or how it can be used to enhance your network’s security. Quarantine control is perhaps Server 2003’s least documented great new feature.
Authorization Manager and Role-Based Administration in Windows Server 2003 (Part 2): Date - May 12, 2004; Author - Deb Shinder; In Part 1 of this article, we discussed Microsoft’s new emphasis on role-based security and provided an overview of the concepts involved in using the Authorization Manager MMC snap-in. In Part 2, we’ll discuss how to configure role and task definitions, how to create role assignments within an application, and how to create and work with scopes. You’ll also learn about authorization rules.
Authorization Manager and Role-Based Administration in Windows Server 2003 (Part 1): Date - Apr 28, 2004; Author - Deb Shinder; Microsoft has placed on emphasis on role-based security in their .NET framework, and one of the new security features in Windows Server 2003 is the ability to implement role-based administration through the Authorization Manager MMC snap-in.
Microsoft SQL Server 2000 Authentication Mechanisms: Date - Nov 26, 2003; Author - Przemyslaw Kazienko & Piotr Dorosz; Your primary goal as an administrator is to ensure secure access to the database on the server. Access to databases can be controlled by “pure” access mechanisms incorporated in the Database Management System itself, or also enhanced by mechanisms that are external to the database server.
Using passwords as a defense mechanism to improve Windows security (Part 2): Date - Oct 21, 2003; Author - Ricky M. Magalhaes; In this article I will focus more on the global settings of password policies and where to change them to incorporate the 20 Golden rules of good password management in Part 1. This article will describe the possibilities of these policies and will run though real world reasons where these global settings should be applied. Different ways of generating passwords will also be described to make it easier for your users to come up with new passwords in a quick trouble free way.
Using passwords as a defense mechanism to improve Windows security (Part 1): Date - Sep 30, 2003; Author - Ricky M. Magalhaes; This two-piece article highlights the need for strong passwords. Passwords are an essential means in achieving maximum security; passwords truly serve as a first layer of defense complimenting any security strategy. Once the decision has been made to enforce the usage of passwords as part of ones goal to security achievement a further decision must be made on the type of password policy one would prefer to use. The password policy should be strict and no exemptions should be allowed.
Using Protocol Rules to Block Specific Protocol Access to Sites: Date - Jun 03, 2003; Author - Ricky M. Magalhaes; In this tutorial I will cover how to block specific user accessing a resource related to a specific protocol on the internet. In most business environments it becomes important to have granular control on your domain users and your IP protocol stack. With this in mind you will find that you can use ISA to reduce specific protocol traffic at various times making more bandwidth available for other more productive activities.
Digital Signatures: Date - May 29, 2003; Author - Ricky M. Magalhaes; In this article I will clarify what a digital signature is and will demonstrate ways of using this technology to validate the identity of a user. The internet is filled with fraudulent villains that can take you or your organization to the cleaners, without you even knowing about it till it’s too late.
Securing Remote Access Connections: Date - May 15, 2003; Author - Deb Shinder; Today many companies are enjoying the cost savings inherent in allowing some employees to work from home, while those employees benefit from the convenience of telecommuting. In addition, executives, salespeople and others need to connect to the company network when they go on the road, and/or need to access network resources in the evenings or on the weekends from home. All this adds up to a lot of remote access connections to the organization's network. In this article, we will discuss how to prevent remote connections from creating a security nightmare on your network.
Passwords: the Weak Link in Network Security: Date - May 07, 2003; Author - Deb Shinder; In this article, we will discuss how passwords work, why and how passwords are vulnerable, how to create more secure passwords, how to create effective password policies, and some alternatives to password-only authentication for high security environments.
Where Does EFS Fit into your Security Plan?: Date - Mar 25, 2003; Author - Deb Shinder; The ability to encrypt data – both data in transit (using IPSec) and data stored on the disk (using the Encrypting File System) without a need for third party software is one of the biggest advantages of Windows 2000 and XP/2003 over earlier Microsoft operating systems. Unfortunately, many Windows users don’t take advantage of these new security features or, if they do use them, don’t fully understand what they do, how they work, and what the best practices are to make the most of them. In this article I'll discuss EFS: its use, its vulnerabilities, and how it can fit into your overall network security plan.
Understanding the Role of the PKI: Date - Mar 18, 2003; Author - Deb Shinder; The Public Key Infrastructure is a concept that is discussed frequently in the IT security world, but is not always well understood. Most of us know that the PKI is used for authentication and has something to do with public key pairs, but many only vaguely understand how the components of a PKI work together and the differences between private and commercial PKIs. In this article, we’ll provide a brief overview of what a PKI is and does, and where it can fit into your organization’s security plan.
SSH: Using Secure Shell for Windows: Date - Sep 09, 2002; Author - Robert J. Shimonski; In this article, we will look at Windows based Security tools that have always been heavily used on Unix based systems, and not used as often on Windows based systems.
SSH: Date - Jul 19, 2002; Author - Pawel Golen; When I started using the Internet during my University days, an intelligent friend of mine told me that SSH is a client application needed to build up a secure connection with the University’s server. I took his word for it, but later my curiosity prompted me to ask a question “Why?”
Secure Socket Layer: Date - Jul 19, 2002; Author - Tomasz Onyszko; Security of data in transit over the Internet becomes increasingly necessary because of steadily growing data volume and importance. Nowadays, every user of a public network sends various types of data, from email to credit card details daily, and he would therefore like them to be protected when in transit over a public network. To this end, a practical SSL protocol has been adopted for protection of data in transit that encompasses all network services that use TCP/IP to support typical application tasks of communication between servers and clients.
How to Block Dangerous Instant Messengers Using ISA Server: Date - Jul 16, 2002; Author - Thomas Shinder; I get a lot of questions about how can ISA Server be used to block dangerous applications. What is a dangerous application?
Windows XP: Access control via Security: Date - Jul 15, 2002; Author - Johannes Helmig; Windows XP Professional offers (in addition to the User Access control in Network Sharing) also the possibility to control access to file via Security:
Enforcing Network Login via POLEDIT: Date - Jul 15, 2002; Author - Johannes Helmig; This procedure is more detailed than actually required, because I use it also as an example on usage of the "System Policy Editor" ( POLEDIT ) on the local Registry and on downloading a profile from the Network server.

Articles & Tutorials topic

[109] Authentication, Access Control & Encryption: Updated: Jul 01, 2009
[9] Content Security (Email & FTP): Updated: Apr 16, 2008
[24] Firewalls & VPNs: Updated: Jul 23, 2008
[23] Intrusion Detection: Updated: Apr 19, 2007
[118] Misc Network Security: Updated: Jun 10, 2009
[6] Product Reviews: Updated: Mar 08, 2007
[26] Viruses, trojans and other malware: Updated: Oct 10, 2007
[9] Web Application Security: Updated: Oct 22, 2008
[17] Web Server Security: Updated: Sep 06, 2006
[33] Windows 2003 Security: Updated: May 23, 2007
[7] Windows Networking: Updated: Jan 26, 2006
[99] Windows OS Security: Updated: Feb 25, 2009
[13] Wireless Security: Updated: Dec 28, 2006