Articles & Tutorials

Articles & Tutorials / Windows OS Security

Top 10 Security Settings to make directly after Installing Active Directory: Date - May 07, 2008; Author - Derek Melber; The initial settings that you should make to get Active Directory secure for your network before you dive into setting up the entire structure.
Security and Virtualization: Date - Apr 30, 2008; Author - Ricky M. Magalhaes; What security measures to keep in mind when using Virtual Machines.
Protect Public Computers with Windows SteadyState, Part 2: Date - Apr 10, 2008; Author - Jakob H. Heidelberg; How to configure Windows SteadyState – a completely free toolkit from Microsoft that helps administrators take control of shared access computers running Windows XP.
Configuring Granular Password Settings in Windows Server 2008 – The Easy Way: Date - Mar 19, 2008; Author - Jakob H. Heidelberg; This article will demonstrate “The Easy Way” of how to handle Granular Password Policies – also known as Fine-Grained Password Policies - in a Windows Server 2008 domain environment.
Using WEVTUTIL to Manage Event Logs: Date - Mar 13, 2008; Author - Derek Melber; In addition to the new subscription option that Event Viewer now possesses, there is a new command line utility, WEVTUTIL, which allows you to control nearly every aspect of the Event Viewer logs.
Security Baselining with AGPM Templates: Date - Mar 05, 2008; Author - Derek Melber; How to use Advanced Group Policy Management to create security baselines.
Windows XP SP3 Security: Date - Feb 27, 2008; Author - Ricky M. Magalhaes; In this article we will focus on Windows XP Service Pack 3 security features and Operating System changes.
Group Policy related changes in Windows Server 2008 - Part 4: Group Policy Preferences continued: Date - Feb 20, 2008; Author - Jakob H. Heidelberg; Taking a closer look at Group Policy Preferences, including Actions, Item level Targeting, Export/Import, Common options, Shortcuts and more.
Scripting and Automating Custom Group Policy Delegation: Date - Feb 06, 2008; Author - Derek Melber; How to alter one or all GPOs using Microsoft GPMC scripts.
ADM Template Repository: Date - Jan 16, 2008; Author - Derek Melber; Control over registry using an administrative template repository solution.
Group Policy related changes in Windows Server 2008 - Part 3: Introduction to Group Policy Preferences: Date - Dec 05, 2007; Author - Jakob H. Heidelberg; The upcoming Windows Server 2008 operating system brings a lot of new goodies. This article series will focus on the Group Policy related features which will bring both easier manageability and better security.
Windows Administrative Delegation Techniques: Date - Nov 28, 2007; Author - Derek Melber; Now that Group Policy is becoming more important, it also has delegation options. Understanding where to establish these delegations, as well as how to delegate certain tasks can help you establish a more secure and efficient network.
Group Policy related changes in Windows Server 2008 - Part 2: GPMC Version 2: Date - Nov 22, 2007; Author - Jakob H. Heidelberg; The new Group Policy related features which will bring both easier manageability and better security.
Security Market Trends for 2007: Date - Nov 07, 2007; Author - Ricky M. Magalhaes; What leading organizations are doing this year to better secure their environments.
Controlling Resource Permissions: Date - Oct 31, 2007; Author - Derek Melber; Controlling permissions on network resources.
Group Policy related changes in Windows Server 2008 - Part 1: What are Starter GPOs?: Date - Oct 24, 2007; Author - Jakob H. Heidelberg; This article series will focus on the Group Policy related features which will bring both easier manageability and better security.
Protect Public Computers with Windows SteadyState, Part 1: Date - Oct 03, 2007; Author - Jakob H. Heidelberg; This article series will focus on “Windows SteadyState” – a completely free toolkit from Microsoft that helps administrators take control of shared access computers running Windows XP.
PowerShell Security: Date - Sep 13, 2007; Author - Derek Melber; The built-in PowerShell security features as well as some additional security you can configure once in PowerShell.
Unique Group Policy Security Settings: Date - Aug 29, 2007; Author - Derek Melber; Enforcing Group Policy Security Settings (including some in-depth Registry “hacks”), and some of the most common scenarios where security settings do not behave as they appear.
Reducing the Attack Surface of the Administrator Account: Date - Aug 09, 2007; Author - Derek Melber; Limiting what the 'administrator' accounts can do in networks.
Configuring Granular Password Settings in Windows Server 2008, Part 2: Date - Aug 07, 2007; Author - Jakob H. Heidelberg; How to configure Granular Password Settings for individual users or groups in a Windows Server 2008 Active Directory environment.
Efficient Registry Cleanup: Date - Jul 25, 2007; Author - Jakob H. Heidelberg; How to script a registry cleanup or modification for all user profiles on a given computer.
Configuring Granular Password Settings in Windows Server 2008, Part 1: Date - Jul 03, 2007; Author - Jakob H. Heidelberg; How to configure Granular Password Settings for individual users or groups in a Windows Server 2008 Active Directory environment.
Profiling an Operating System (Part 4): Date - Jun 07, 2007; Author - Don Parker; How to use NBTSTAT to get host information.
Profiling an Operating System (Part 3): Date - May 29, 2007; Author - Don Parker; Testing Windows 2003 Standard.
Profiling an Operating System (Part 2): Date - May 02, 2007; Author - Don Parker; What a computer's packet can reveal.
Longhorn Poised to Provide Multiple Domain Passwords: Date - Apr 05, 2007; Author - Derek Melber; Longhorn Domain Passwords and its capabilities in this area.
Reverse Engineering Malware (Part 5): Date - Apr 03, 2007; Author - Don Parker; The malware sample in its uncompressed format.
Best practice security guide to built-in device control in Windows (Part 2): Date - Mar 28, 2007; Author - Martin Kiaer; A quick overview of the device control options in Windows Vista.
Profiling an Operating System (Part 1): Date - Mar 22, 2007; Author - Don Parker; Architectural and host profiling.
Controlling Block (GPO) Inheritance via Delegation: Date - Mar 20, 2007; Author - Derek Melber; How to control Block Inheritance via delegation.
Reverse Engineering Malware (Part 4): Date - Mar 06, 2007; Author - Don Parker; Unmasking the efforts of spammers, internet bottom feeders, and others with ill intent trying to mask what is in reality malware.
Best practice security guide to built-in device control in Windows (Part 1): Date - Feb 28, 2007; Author - Martin Kiaer; How to protect your Windows XP, Windows Server 2003 or Vista based computer from unwanted or built-in devices.
Reverse Engineering Malware (Part 3): Date - Feb 15, 2007; Author - Don Parker; The actual malware analysis.
Reverse Engineering Malware (Part 2): Date - Jan 31, 2007; Author - Don Parker; The actual process of rev eng, as many call it.
PSTools suite (Part 3): Date - Jan 24, 2007; Author - Don Parker; The remaining tools in the PsTools Suite.
Reverse Engineering Malware (Part 1): Date - Jan 18, 2007; Author - Don Parker; How to apply reverse engineering, the rapidly growing computer security field.
PSTools suite (Part 2): Date - Jan 10, 2007; Author - Don Parker; A look at more of the tools available in the PsTools suite.
Controlling your Server Service Security using Group Policy: Date - Nov 22, 2006; Author - Derek Melber; A look at the appropriate measures to take to secure the key aspects of your services.
PsTools Suite (Part 1): Date - Oct 25, 2006; Author - Don Parker; This article will focus on the PsTools suite from Sysinternals and how they enhance the command line tools available in Windows.
Scripting and Security (Part 2): Date - Aug 02, 2006; Author - Don Parker; We saw in the first article of this two part series that scripting definitely has a place in the life of the computer security professional. In this second part I shall show how you would modify the earlier script, and cover some command line power tools.
Scripting and Security (Part 1): Date - Jul 12, 2006; Author - Don Parker; In this article, the first in a two part series, I will give a brief introduction to PERL scripting.
Group Policy Changes in Vista: Date - Jun 14, 2006; Author - Derek Melber; In this article we will look at the new Group Policy features in Vista.
Will upgrading to 64 Bit Windows make you More Secure?: Date - Dec 13, 2005; Author - Deb Shinder; Both Windows Server 2003 and Windows XP now come in 64 bit versions, to run on the 64 bit processors made by Intel and AMD. 64 bit hardware and operating systems offer some big advantages over the currently more commonplace 32 bit systems, including the ability to handle more physical memory and big performance boosts for applications that are written for the 64 bit system.
New Security Features in IE 7.0: Date - Oct 18, 2005; Author - Deb Shinder; The browser security wars have been heating up again lately. After a small but significant exodus in which many computer users switched from Internet Explorer to Mozilla’s Firefox because of its supposed security advantages, last month a report from Symantec shocked many open source fans with data showing the Mozilla browsers suffered from more security vulnerabilities than IE, including more that were of high severity.
First Look at Windows Vista: Secure at Last?: Date - Oct 11, 2005; Author - Deb Shinder; In the early days of Windows operating systems, security was not at the forefront of computer users’ priorities as it is today – especially for home computer users. Now that the vast majority of systems are connected to the Internet, wireless networks have popped up everywhere, and we’re much more vulnerable to viruses and attacks, security is a necessity. With the release of each new version, Microsoft has focused more and more on protecting the system from inadvertent and deliberate security breaches, and the culmination of those efforts is Windows Vista (formerly known as Longhorn), the next generation of their client operating system that’s expected to be released sometime in 2006.
Controlling Windows Services and Service Accounts: Date - Sep 08, 2005; Author - Derek Melber; When you install any Windows computer it will immediately be running multiple services. These services provide core operating system and tool functionality to the computer. In addition to these core services, you might also be running more services due to installed applications. There are a slew of Microsoft products, as well as other third party products, that install services on your computer. Examples includes Exchange, SQL, SMS, backup programs, and enterprise management applications. Since many attackers can exploit services that are running, you will want to protect the services that must run and disable all services that are not required. We will talk about the management of services to protect your computers.
Can Service Pack 2 Make Windows XP Less Secure?: Date - Apr 14, 2005; Author - Brien Posey; Although Windows XP Service Pack 2 was designed to make your system more secure, there are some situations in which installing the service pack can actually undermine your existing security. In this article, I will take a look at what these situations are and how you can get around them.
Wipe your Deleted Data Away: Using cipher.exe: Date - Apr 12, 2005; Author - Robert J. Shimonski; In this article we will look at how to use a tool called ‘cipher’ which is a command line tool included with Windows 2000 and XP. We will learn how to use its newest functionality – allowing administrators the ability to wipe all deleted (marked for deletion) data on the hard disk. This would overwrite all of the deleted data and provide for better security. If someone steals your system, like a laptop, then the thief would not be able to recover that data. In this article we learn how to perform this procedure.
Protecting the Administrator Account: Date - Feb 15, 2005; Author - Derek Melber; The Administrator user account is by far the number one target for someone trying to gain illegal access to your network and resources. You must protect this account above all other accounts to ensure that you are not left vulnerable to the tools, tricks, and exposure that this account accommodates. There are some basic and advanced options that you can configure within Windows Active Directory to protect this valued account.
Quick Check: Is Internet Explorer Safe?: Date - Dec 21, 2004; Author - Robert J. Shimonski; In the spirit of the Holidays coming up, I wanted to put a quick article together and out to you, the community so that you can quickly do a ‘health check’ on your Internet Explorer browsers. It’s not uncommon to have your PC filled with spyware, browser vulnerabilities, or other problems that affect its use. This year you may be shopping online, or doing some online banking. This article quickly covers some essential things you should do to ensure you are safe this holiday season while online.
Using Restricted Groups: Date - Nov 25, 2004; Author - Derek Melber; If you are a medium or large sized organization, you might have thousands of clients and hundreds of servers that you need to manage. Manually trying to manage all of the local groups on all of these computers is difficult, and almost impossible. Have no fear, Group Policy Objects (GPOs) are here! GPOs provide a mechanism that allows you to control the membership in local groups, and even domain groups, on any computer in the Active Directory enterprise. The specific configuration that you use for this task is the Restricted Groups GPO setting.
Review: Windows XP Security Guide: Date - Oct 07, 2004; Author - Deb Shinder; Microsoft has recently released an updated version of the Windows XP Security Guide (version 2.0) that includes information on XP with Service Pack 2 installed. It is a very comprehensive document that should be a part of the security arsenal of every network administrator who has Windows XP clients on the network. In this article, we’ll provide a review of the new Guide and point out which parts are most useful to administrators.
Using Windows Terminal Services to Run a Single Application: Date - Sep 07, 2004; Author - Amit Zinman; Using Group Policy and some scripting to publish a single application to Remote Desktop users.
Auditing Users and Groups with the Windows Security Log: Date - Sep 02, 2004; Author - Randall F. Smith; Active Directory is one of the most important areas of Windows that should be monitored for intrusion prevention and the auditing required by legislation like HIPAA and Sarbanes-Oxley. I say that because Active Directory is home to objects most associated with user access: user accounts, groups, organizational units and group policy objects. This article deals with monitoring users and groups using the Windows Security Log.
Top 10 Security Modifications in Windows XP Service Pack 2: Date - Aug 24, 2004; Author - Derek Melber; Windows XP Professional and Home will soon be introduced to Service Pack 2, which is really nothing more than security updates and new security features. Here are the top 10 security features and modifications that you can expect after the installation.
Hidden Threat: Alternate Data Streams: Date - Mar 24, 2004; Author - Ray Zadjmool; A relatively unknown compatibility feature of NTFS, Alternate Data Streams (ADS) provides hackers with a method of hiding root kits or hacker tools on a breached system and allows them to be executed without being detected by the systems administrator.
How Secure are Windows Terminal Services?: Date - Jan 09, 2004; Author - Deb Shinder; Microsoft’s Windows Terminal Services (built into Windows 2000 Server and Windows Server 2003) and Windows XP’s Remote Desktop, which is based on Terminal Services, provide an easy, convenient way for administrators to implement thin computing within an organization or for users to connect to their XP desktops from a remote computer and run applications or access files.
Securing the Windows 2000 Registry: Date - Oct 07, 2003; Author - Ray Zadjmool; One key security practice that is often overlooked by admins is the Windows registry. In addition to configuration information, the registry contains security contexts that can be used to elevate a user’s privilege. If left unsecured, it is a good platform from which a hacker can use to gain access to administrative functions of the computer, and even possibly the domain as well.
Auditing for Increased Security (Part 1): Date - Aug 26, 2003; Author - Robert J. Shimonski; You will need to Audit your systems for enhanced and increased security. When Microsoft laid out this objective, they were most likely thinking about building your security strategy up with Defense in Depth. This strategy is outlined as a way to avoid depending on one single protective measure deployed on your network. In other words, to eliminate the feeling of being secured because you implemented a firewall on your Internet connection you should implement other security measures like an IDS (Intrusion Detection) system, Auditing and Biometrics for Access Control.
Hardening Windows NT/2000/XP Information Systems: Date - Jul 31, 2003; Author - Ricky M. Magalhaes; This article is written as a security guideline to help administrators and security professionals to be able to configure windows in a more robust way. The recommendations in this whitepaper assume that the computer is physically secure.
Understanding Windows Logging: Date - May 13, 2003; Author - Ricky M. Magalhaes; This article will focus on the importance of monitoring your windows event logs and will highlight the information that is able to be extracted from typical windows logs that help to secure your critical servers. The importance of monitoring the logs will be stressed and creative ways to do this centrally will also be covered. Logging is a very important factor when attempting to decipher what has taken place on a server.
Securing Windows 2000 DNS by using configuration (Part 2): Date - Mar 20, 2003; Author - Ricky M. Magalhaes; Several configuration methods and a quick configuration guide have been devised to assist organizations in the secure configuration of their DNS servers. This document is intended to provide clarification when enabling the operational configuration requirements of the organizations configuration of secure DNS.
Securing Windows 2000 DNS by design (Part 1): Date - Mar 13, 2003; Author - Ricky M. Magalhaes; This white paper will focus on the importance of securing your Windows network’s DNS service and the features, functionality and security of the DNS server by using design. Several deployment methods for DNS in a Windows 2000 environment will be covered and defined. This document is intended to provide clarification when enabling the operational requirements of the organizations designing secure DNS.
SMBDie: Crashing Windows Servers with Ease: Date - Mar 04, 2003; Author - Robert J. Shimonski; In this article, we will look at Windows based Security tools, and in this article, we will look at how to easily crash a Windows server in about 5 seconds. What is SMBDie? SMBDie is a tool (proof of concept) that was created to exploit a problem with the Windows operating system and when activated, will crash and Blue Screen the server immediately.
Securing Data in Transit with IPSec: Date - Feb 17, 2003; Author - Deb Shinder; With her first article for WindowSecurity.com, we are pleased to welcome Debra Littlejohn Shinder to our team of authors. Network security has many facets, and much emphasis is placed (rightly) on keeping intruders and attackers out of the network via firewalls. However, in today’s business environment, there are also many instances in which sensitive data needs to be protected within the local network from users who have legitimate access to the network – but do not need to have access to the data in question. The answer in that case is encryption.
Securing Windows 2000 Active Directory (Part 4) - Restoration: Date - Jan 29, 2003; Author - Ricky M. Magalhaes; In this article I will focus on how important restoring the active directory is compared to running it securely. Having an un-restorable backup is disastrous especially if your AD has been corrupted by an attacker or a new AD targeting virus. There is no point in backing up and having thousands of dollars invested in a backup strategy if you can not restore.
Hidden Backdoors, Trojan Horses and Rootkit Tools in a Windows Environment: Date - Jan 23, 2003; Author - Bartosz Bobkiewicz; Not every case of a successful intrusion is “crowned” with a replaced Web site on the server, data theft or damage. Often electronic intruders do not wish to create a spectacle but prefer to avoid fame by hiding their presence on compromised systems, sometimes leaving certain unexpected things. They use sophisticated techniques to install specific “malware” (backdoors) to let them in again later with full control and in secret.
Securing Windows 2000 Active Directory (Part 3) - Backup and Restoration: Date - Jan 06, 2003; Author - Ricky M. Magalhaes; In this article I will focus on the active directory process. As part of securing your active directory you need to ensure that as a contingency plan you are able to restore your active directory in event of disaster.
Securing Windows 2000 Active Directory (Part 2): Date - Dec 20, 2002; Author - Ricky M. Magalhaes; Protecting active directory’s integrity is paramount. This is the second article in the two part series that focuses on active directory security. Active directory is the windows 2000 information repository that needs to be kept very secure. Active directory has vital service dependencies such as DNS which changes the scope of what needs to remain secure. I will focus on actions that you can take in order to safeguard the active directory service.
Securing Windows 2000 Active Directory (Part 1): Date - Dec 02, 2002; Author - Ricky M. Magalhaes; Protecting active directory’s integrity is paramount. This article will focus on active directory security and will be written in two parts. Active directory is the windows 2000 information repository that needs to be kept very secure. Active directory has vital service dependencies such as DNS which changes the scope of what needs to remain secure. I will focus on actions that you can take in order to safeguard the active directory service.
Analysis of Buffer Overflow Attacks: Date - Nov 08, 2002; Author - Maciej Ogorkiewicz & Piotr Frej; What causes the buffer overflow condition? Broadly speaking, buffer overflow occurs anytime the program writes more information into the buffer than the space it has allocated in the memory. This allows an attacker to overwrite data that controls the program execution path and hijack the control of the program to execute the attacker’s code instead the process code. For those who are curious to see how this works, we will now attempt to examine in more detail the mechanism of this attack and also to outline certain preventive measures.
Windows XP: Your Definitive Lockdown Guide: Date - Sep 18, 2002; Author - Robert J. Shimonski; In this article we will look at Windows XP Professional and what you need to do to be secure. After reading this, you may be surprised about some of the items you may have taken for granted! Let's take a look…
New Internet Explorer 6.0 Security Features with the .NET Server default browser: Date - Aug 19, 2002; Author - Robert J. Shimonski; Windows .NET Server comes standard with Internet Explorer Version 6. You should be aware of the many security advantages you have with the new browser. This article, Robert Shimonski will show you what you can expect.
Windows .NET Server locks down “Everyone”: Date - Jul 18, 2002; Author - Robert J. Shimonski; Well, I thought I would never see the day that Microsoft actually followed up with industry on reversing their infamous “everything open” mentality with their Operating systems when first installed. Before .NET Server, everything was open to everyone by default. In this article let’s look at the major difference in default security settings with the Everyone Group.
Useful security tools/utilities for System administrators: Date - Jul 18, 2002; Author - William Henderson; I have collected a number of useful tools for keeping a network secure. Note that this list is in no way exhaustive. Some of the tools are difficult to find, so you can download them right of this page. Please do not send any email asking support for these tools. For questions, please use the forums. PLEASE NOTE, I am NOT RESPONSIBLE FOR WHAT YOU DO WITH THESE FILES...
The Netbus trojan: Date - Jul 18, 2002; Author - William Henderson; This article gives background information on the various Netbus trojan versions, what they can do and how you can remove them from your system. It also allows you to download the program in order to analyse what it does.
Securing the Operating System and the Interface: Date - Jul 17, 2002; Author - Thomas Shinder; ISA Server is all about security. ISA is about securing network access into and out of the internal network. But after you’ve done all of your configuring, how do you know that you’ve done an adequate job of securing the internal network and the system that ISA Server is running on?
Windows XP Professional Edition: Local Security Policies: Date - Jul 15, 2002; Author - Johannes Helmig; Windows XP Professional Edition allows full User Management and Security. The permissions assigned to the Usergroups (assigned in User Management to users) are defined in the Local Security Policies:
Security concerns on Internet connections (Dialup-Connection to the Internet): Date - Jul 15, 2002; Author - Johannes Helmig; Please be aware of a serious security issue, in case your system is connected to a local network and is also configured to use Dialup-networking for connection to the Internet.