Articles & Tutorials

Articles & Tutorials / Misc Network Security

Writing an Effective Security Policy (Part 2): Date - Dec 17, 2008; Author - Ricky M. Magalhaes; How to write an effective security policy, covering elements of technical controls that should be found in the majority of policies in the world of PCI DSS, SOX, Euro SoX, Hippa and ISO 127001.
Security Through Virtualization: Date - Dec 11, 2008; Author - Deb Shinder; How to use virtualization tools to increase the security of your Windows environment.
Writing an Effective Security Policy (Part 1): Date - Dec 03, 2008; Author - Ricky M. Magalhaes; How to write an effective security policy.
The Pros and Cons of Behavioral Based, Signature Based and Whitelist Based Security: Date - Nov 13, 2008; Author - Deb Shinder; Taking a look at multiple security approaches, how they operate, and the strengths and weaknesses of each, along with a brief discussion of sandboxing and virtualization as security mechanisms.
Instant Messaging: Friend or Foe?: Date - Nov 05, 2008; Author - Ricky M. Magalhaes; Taking a look at the security fundamentals and IM risks associated with opening up the messaging client access to the world.
Security in the Mobile Device Era: Date - Oct 15, 2008; Author - Deb Shinder; How to secure Windows Mobile 6.1 devices and looking at some issues that arise when you incorporate non-Windows mobile products (such as the iPhone) into your Windows network.
More VOIP, More Security: What needs to be done when securing VOIP: Date - Oct 07, 2008; Author - Ricky M. Magalhaes; How to implement a VOIP solution whilst abiding by a security framework, and the challenges that we can expect when implementing VOIP.
Risk Analysis: Things to Consider When Working Out How Much Risk We Carry: Date - Sep 03, 2008; Author - Ricky M. Magalhaes; Understanding risk is an important element of deciding on the protection mechanism selected to protect assets. This article will focus on the framework that will help justify the appropriate controls.
Securing your OCS deployment: Date - Aug 12, 2008; Author - Deb Shinder; Taking a look at the security concerns involved with unified communications and how to add security to OCS.
Security compliance: Date - May 21, 2008; Author - Ricky M. Magalhaes; In this article we will focus on things your organisation can do in working towards compliance. This will better improve the security posture of your company whilst reducing the attack surface area.
Protecting Users Against Themselves: Date - May 15, 2008; Author - Derek Melber; How to prevent your staff from unintentionally turning into an insider threat.
Analyzing a Hack from A to Z (Part 4): Date - Apr 02, 2008; Author - Don Parker; How to write some IDS signatures.
Analyzing a Hack from A to Z (Part 3): Date - Mar 11, 2008; Author - Don Parker; We finished off gathering the required information from the target network in part two. In part three we will now pull off the hack, and transfer some tools over to the compromised webserver.
Analyzing a Hack from A to Z (Part 2): Date - Jan 10, 2008; Author - Don Parker; We will finish analyzing the scan packet trace to pull out all the profiling information, and begin the network attack.
Analyzing a Hack from A to Z (Part 1): Date - Dec 19, 2007; Author - Don Parker; Within this article series we will both pull off a hack, and analyze its methodology. By understanding a hacker's methodology one can better defend one’s networks.
Securing DNS for Windows (Part 2): Date - Jul 05, 2007; Author - Derek Melber; How the DNS database is secured.
Securing DNS for Windows (Part 1): Date - Jun 13, 2007; Author - Derek Melber; Regardless of the attack on your DNS infrastructure, you need to take precautions to thwart off these attacks before it is too late.
Protecting Your Laptop: Date - Jan 16, 2007; Author - Derek Melber; Steps to take to protect your laptop.
Issues to look out for during the holiday season: Date - Dec 14, 2006; Author - Andre Muscat; A list of issues to look out for during the upcoming holiday season and beyond.
Computer background processes: Date - Nov 07, 2006; Author - Don Parker; This article shows tools that can be used to view a computer’s background processes.
Hardening Servers with Security Templates: Date - Oct 05, 2006; Author - Derek Melber; This article shows why you need to harden servers with tools like the Windows Security Templates.
Top 5 Security Settings to Audit: Date - Aug 29, 2006; Author - Derek Melber; In this article we will investigate 5 of the more important security settings that need to be audited to protect your computers at the highest level.
Network design and defense: Date - Aug 16, 2006; Author - Don Parker; I have mentioned before that every network has its own quirks and design needs. Due to that, one can only offer generic advice on a network’s security posture. Let’s take a look at a typical network and comment on it.
An Introduction to Microsoft Forefront (Part 2): Date - Aug 09, 2006; Author - Ricky M. Magalhaes; In part two of this series we will cover other parts of the Comprehensive Microsoft Forefront security suite.
Milking Tucows: The Udder Truth About Cryptographic Software Reviews: Date - Jul 19, 2006; Author - Justin Troutman; It's this piece of writing's duty to inform you of what you can conclude from software reviews, and what you can't.
An Introduction to Microsoft Forefront (Part 1): Date - Jul 05, 2006; Author - Ricky M. Magalhaes; This article will take us through the comprehensive Microsoft Forefront security suite.
Local Attacks: Date - Jun 20, 2006; Author - Don Parker; In this article I will list some of the physical attacks that a computer could fall prey to.
Event Log/Monitoring Consolidation: Date - May 24, 2006; Author - Don Parker; In most corporate organizations today there is a large array of computer network security devices deployed. All of these security tools produce voluminous amounts of output. What good is that output unless you can make use of it?
Auditing your Network: Date - May 16, 2006; Author - Don Parker; In this article we will cover just what it means to have a computer security network audited.
Compliance and You: Date - May 10, 2006; Author - Don Parker; This article is squarely aimed at those of you who are at best confused about the whole compliance quagmire.
A proxy by any other name: Date - Apr 13, 2006; Author - Don Parker; In almost every corporate computer network today there are proxies to be found. This is pretty much a standard computer security practice. The confusion starts when people start talking about all the various proxy types. Within the confines of this article all of the various proxy types will be discussed.
Tools of the Trade (Part 3): Date - Apr 05, 2006; Author - Don Parker; Over the course of part two in this article series we covered both netcat and ettercap. What we shall now cover in the final part of this series is a packet crafter and an HTTP proxy. Read on to find out more about these very powerful tools of the trade.
Tools of the Trade (Part 2): Date - Mar 22, 2006; Author - Don Parker; In part one of the article series on “Tools of the Trade” we covered a packet sniffer and network scanner. Both installation and sample usage were shown. In part two we will go on to cover other key tools that are of importance to learn. Read on to find out more!
Tools of the Trade (Part 1): Date - Mar 09, 2006; Author - Don Parker; Being in the computer security field means that you are always striving to stay current. You are always trying to learn new tools, and understand new exploits. That said there are also some tools that simply aren’t going to go away any time soon and are really necessary to learn. Over the course of this three part series we will look at some of the best known hacking tools. After all, it pays dividends to know just how your enemy works and more specifically with what.
Setting up your Lab: Date - Mar 01, 2006; Author - Don Parker; Having an interest in computer security means one thing for certain: That you will have to keep your skills up to par and continually explore new ones. How should you go about fulfilling this ambitious plan? Read on to find out how.
Securing the Network from Within (Part 2): Date - Feb 15, 2006; Author - Don Parker; In Part 1 of this article series we went over some of the physical threats confronting networks. We will continue, in Part 2, to cover various other ways to help secure the workstation, and thereby further help harden the internal network from attack.
Securing the Network from Within (Part 1): Date - Jan 19, 2006; Author - Don Parker; All too often we hear of how a hacker bypassed a router and the firewall to penetrate a company’s internal network. Reality is that there will always be a way into an internal network. Is it time to start thinking of protecting the network in a different way? Read on to find out.
The Different Shades of Hackers: Date - Dec 29, 2005; Author - Don Parker; The computer security world is populated by various types of people. Notably in that world are your various hacker types. Be they white, grey, or black, it now seems that almost every hacker is assigned a color. What does it all mean though? Read on to find out.
Book Reviews: Creating Security Policies and Defining Security Roles: Date - Dec 20, 2005; Author - Mitch Tulloch; Large organizations looking for help on creating security policies and defining security roles and responsibilities need look no further — two titles from Information Shield provide help on just that.
Protect your network from rogue users: Date - Dec 06, 2005; Author - Deb Shinder; IT departments spend a great deal of time, effort and money to protect against external threats – those that enter the network via the Internet or remote access – but sometimes forget the harm that can be done by an authorized user who decides to “go rogue” (circumvent network security policies for his/her own purposes).
The importance of having a CSO/CIO: Date - Nov 24, 2005; Author - Don Parker; In most midsize to large organizations there exists a computer security group. This group is made up of various sub-groupings. Typically you will have your technical people, as well as the management. Ideally the two groups will co-exist peacefully, and in reality it is a must for the technical folks to have strong representation by the CSO or CIO.
Use Free Microsoft Tools to Protect your Computers: Date - Nov 17, 2005; Author - Deb Shinder; As part of their trusted computing initiative, Microsoft has taken a lead in offering free security tools that you can download and use to help assess the security of your computers and protect your systems against viruses, spyware, and attacks. In this article, we’ll take a look at some of the utilities they’ve made available.
Standardization and the security appliance: Date - Oct 06, 2005; Author - Don Parker; There is a dizzying array of appliances out there today, which will address almost every security concern. Problem is that the vendors are all touting that they can accomplish this performance benchmark or task for you. There would be little point in a vendor making outright falsifications about their wares, but it would surely be nice to have them ascertained to a certain degree by an independent source.
Being Big Brother: Monitoring employees’ network activity: Date - Sep 15, 2005; Author - Deb Shinder; Big brother is watching. In today’s security-conscious world, it has become a fact of life. George Orwell coined the term to refer to government intrusion into the private lives of citizens, but the meaning has expanded to include any authority figure. The law recognizes that there are circumstances in which monitoring of others’ activities is permissible or even desirable. In general, employers have a lot of leeway in monitoring what their employees do while on company premises and using company equipment.
Pushing Out Security Settings that are Configured in the Registry: Date - Sep 01, 2005; Author - Derek Melber; Each passing day proves that security of the corporate infrastructure and the computers that live in them is extremely important. There are spyware applications, virus checkers, Group Policy extensions, network scanners and more that are installed to check, verify and protect our computers. In the long run, even the most sophisticated protection mechanism can’t protect a computer that is not configured properly to protect itself. For these computers you typically need to manually configure Registry settings that will increase the baseline security of that computer. This article will discuss how to most efficiently configure Registry settings to help improve security on all computers on the network.
Product-based Security vs. Service-based Security: Date - Aug 26, 2005; Author - Deb Shinder; Security vendors today can follow either of two different models: they can sell a product (a firewall, an encryption program, etc.) that your company pays for upfront, or they can sell a service that incurs an ongoing fee. In some cases, they can combine the two: an antivirus program or anti-spyware appliance that requires an update service to function properly. The current trend seems to be away from the standalone product model and toward the service model. In this article, we examine the advantages and disadvantages of both.
Sys Admin: Friend or Foe?: Date - Jul 21, 2005; Author - Don Parker; The network system administrator is the first line, and sometimes last line of defence that a network has. What happens though if that very same defender becomes more of a liability?
Ethical Issues for IT Security Professionals: Date - Jul 19, 2005; Author - Deb Shinder; This article takes a look at a neglected area of most computer security professionals' training: how to deal with the ethical issues that can - and invariably do - crop up during the course of doing your job.
How Do Compliance Issues Affect your Network?: Date - Jul 12, 2005; Author - Deb Shinder; Government regulations such as HIPAA, SOX and the GLB Act require changes to many network security infrastructures and IT procedures. As if wading through this alphabet soup of statutes and regulations weren’t enough, it's not enough to be compliant; you must also be able to prove your compliance if the feds come knocking. This article looks at how regulations affecting specific industries impact the computer networks of companies in those industries, as well as some of the common myths and misconceptions about various compliance requirements.
Book Reviews: Still More Security Books: Date - Jul 05, 2005; Author - Mitch Tulloch; Security books keep flooding in from publishers, so it looks like the business of information security continues to occupy a forefront in the minds of both business executives and IT professionals. Here’s my latest pick of what’s good.
Evaluating a New Security Policy: Date - Jun 21, 2005; Author - Brien Posey; There was a time when it wasn’t all that risky to try out new security settings on production servers, but operating systems have become much more complex since then. Today, even changing something as simple as the required password length can have unanticipated side effects elsewhere in the system. In this article, I will explain how to evaluate a new security policy in a safe and responsible manner.
Hiring Hackers As Security Consultants: Date - Jun 14, 2005; Author - Brien Posey; The subject of whether it is ethical to use former hackers to evaluate a network’s security is a topic that is often hotly debated. In this article, I will explore the pros and cons of using former hackers in such roles.
The Security Risks Of Desktop Searches: Date - May 31, 2005; Author - Brien Posey; Google has recently released a very handy new tool that allows you to perform searches against your own computer in the same way that you would search the Internet. With this tool come some serious security problems though. In this article, I will discuss Google’s security issues and talk about what this might mean for other companies developing similar applications.
Physical Security Primer (Part 2): Date - May 26, 2005; Author - Robert J. Shimonski; In this article we will continue with our detailed look at applying physical security whenever and wherever possible. In this article we will cover Backup Power. Let’s take a look at what you can do to make sure that power remains a reality at your facility, home or office.
Preserving Digital Evidence to Bring Hackers and Attackers to Justice: Date - May 17, 2005; Author - Deb Shinder; The world is waking up to the fact that hacking into a company’s computer network, launching attacks that cause network downtime or releasing viruses and other malicious code is more than a bit of "digital criminal mischief" -- it’s a serious crime that deserves serious attention from the criminal justice system. In this article, we’ll explain how standard rules of evidence apply to digital data and what precautions you should take to preserve it properly for a court trial.
Security Series: Final countdown tips for Disaster Recovery and Business Continuity (Part 6 of 6): Date - May 12, 2005; Author - Ricky M. Magalhaes; This article completes the DR BC series and we have covered many aspects that need to be taken into consideration when designing both a Disaster recovery and business continuity plan. WE covered documentation and the need for change control and skilled people for managing the process. We also cover some steps that can be taken now by the organization to mitigate the risk and reduce the loss of valuable data.
Book Reviews: More Security Books: Date - May 03, 2005; Author - Mitch Tulloch; Several publishers have sent me some more books on various security topics, and I want to take a few minutes to let you know which ones I recommend.
How to Audit your Network via Packet Analysis: Date - Apr 28, 2005; Author - Don Parker; Auditing your network at the packet level is a practice that is not done very often, if at all. The truth of it is that there are untold riches in all those packets flying about on your LAN. All one has to do is log them, and dig into them. One never knows what they will find.
Book Reviews: Security Books: Date - Apr 26, 2005; Author - Mitch Tulloch; Security is always an important area for IT professionals, and there's no shortage of books on computer and network security coming out these days. Below are five recent titles on various security topics and my take on them.
Security Series: Building Preparation (Part 5 of 6): Date - Apr 21, 2005; Author - Ricky M. Magalhaes; In part five we take the IT professional through strategies of offsite recovery and potential solutions that could be recommended to businesses for recovery. The importance of pre-disaster preparation is highlighted and the fact that just basic preparedness is done in the event of disaster proves to be worth the time and cost invested.
Security Series: Disaster Recovery Objectives and Milestones (Part 4 of 6): Date - Mar 31, 2005; Author - Ricky M. Magalhaes; In part four of the Disaster Recovery series the important project definition phase is covered, disaster recovery strategy as well as project mile stones. Importantly materials that should be stored offsite and best practice has also been highlighted.
Logon Type Codes Revealed: Date - Mar 29, 2005; Author - Randall F. Smith; The logon/logoff category of the Windows security log gives you the ability to monitor all attempts to access the local computer. In this article I’ll examine each logon type in greater detail and show you how some other fields in Logon/Logoff events can be helpful for understanding the nature of a given logon attempt.
Disk Based Backup: All Hype or the Best Protection for your Data?: Date - Mar 08, 2005; Author - Deb Shinder; In this article, we’ll look at disk based backup and how it can be used to replace or supplement your current tape backup system.
Security Series: Formulation of the Business Continuity Plan (Part 3 of 6): Date - Mar 01, 2005; Author - Ricky M. Magalhaes; In part three of the Disaster Recovery series, hardware selection, potential solutions, recovery strategies and centralization of information storage have been covered. Different levels at recoveries will take place at will help organizations to become effective when a true disaster occurs are also worked through.
Keeping Your Organization’s Security Current: Date - Feb 24, 2005; Author - Brien Posey; Although cyber security is critically important, there are those people whose jobs are so demanding that security gets neglected. Although it is highly recommended to maintain security on a daily basis, this article provides shortcuts for those who are too busy to deal with network security.
How To: Mastering PortQry.exe (Part 2): Date - Feb 22, 2005; Author - Robert J. Shimonski; In this article we will cover advanced topics when using the PortQry command line tool. The utility allows you to select a computer, analyze it and get a report of port status on TCP and/or UDP ports. In the second part of this two article set we will cover advanced topics and other scanning and analysis examples. We will also look at installing and using the UI *User Interface* that you can also add on to it.
Testifying in a Computer Crimes Case: Date - Feb 03, 2005; Author - Deb Shinder; As an IT professional and working network administrator, you may find yourself called upon to testify as a victim or witness (i.e., a representative of a company whose network is victimized) in a computer-related crime. Another possibility is that you might someday want to use your technical expertise to become a professional expert witness in computer-related cases. In this article, we examine the basics of testifying in either capacity in a case involving computer crimes, and how you can move into the lucrative field of computer forensics, on either a full- or part-time basis.
Security Series: Disaster Recovery Target (Part 2 of 6): Date - Feb 01, 2005; Author - Ricky M. Magalhaes; In part two of the Disaster Recovery series, we will discuss information pertaining to the organization's stance on disaster recovery. Planning of DR, potential requirements, terms of availability, business continuity, the documentation there of and the continual updating of the documentation are also covered.
How To: Mastering PortQry.exe (Part 1): Date - Jan 25, 2005; Author - Robert J. Shimonski; In this article we will cover the fundamentals of using the PortQry command line tool. PortQry.exe is a utility that you can use to help you troubleshoot TCP/IP connections. The PortQry.exe utility runs on Windows 2000-based computers, on Windows XP-based computers, and on Windows Server 2003-based computers.
The Convergence of Hacking and Security Tools: Date - Jan 18, 2005; Author - Don Parker; There is beginning to be a blurring of the lines when it comes to security tools, and hacking tools. Is there really a difference anymore between the two of them at all? This article will detail one specific example of this paradigm "Metasploit Framework". Following this article will be a clear demonstration of this tool in action as well over the course of a three part series.
Use Microsoft's Virtual PC to Test Software Before Deploying It: Date - Jan 13, 2005; Author - Deb Shinder; The introduction of new operating systems, new applications and even patches or fixes on your production network can pose its own kind of threat, if you don't know what the "unintended consequences" will be. Best practice is to first set up a test environment that emulates your production environment and run the new software there. Buying a lot of machines to do this can be prohibitively expensive, so many network administrators have turned to virtual machine software. In this article, we take a look at what's different in VPC and how to install and use it.
Security Series: Disaster Recovery Tactics that Ensure Business Continuity (Part 1 of 6): Date - Jan 11, 2005; Author - Ricky M. Magalhaes; In part one of the Disaster Recovery series potential disasters, possible events and the reason that it is vital to have a disaster recovery plan and Business continuity plan in place like an insurance policy on any valuable items are covered.
Making the Internet Safer For Your Employees: Date - Jan 06, 2005; Author - Brien Posey; The Internet is becoming such a hostile environment that some companies are starting to deny employees Web browsing and E-mail privileges in the interest of keeping the network safe. Rather than taking such extreme action though, there are other steps that you can take to help insure that those users connected to the Internet don’t infect your network with spyware, viruses, or other parasites. In this article, I will explain some of these techniques to you.
How to Plan for a Possible Network Attack: Date - Jan 05, 2005; Author - Robert J. Shimonski; In this article we will focus on a much needed topic which is proactive planning. Planning for your systems and network devices to get hit so that you can avert it if it does. A saying pops into my head – "lack of prior planning on your part does not constitute an emergency on mine." This simply means that if you failed to plan, you planned to fail. In this article we will cover the basics you need to know about properly assessing your chances for attack and ways to proactively plan for attack.
Enforcing GPO Security Settings: Date - Dec 16, 2004; Author - Derek Melber; Do you currently use Group Policy to help configure key security settings on domain controllers, servers, and clients within your Active Directory domain? Do you feel confident that these settings can’t be changed once the GPO deploys them? What if I were to tell you that these settings can easily be overwritten? You might be more at risk than you think!
Customizing Windows Security Templates: Date - Nov 11, 2004; Author - Derek Melber; Are there security settings that you wish were in a Group Policy Object, but are not? How much time, effort, and administration time could you save if you had these security settings deployed through a Group Policy Object? I am going to unlock the ability for you to customize the security settings that are deployed by Group Policy Objects.
Review of Microsoft’s Security Risk Management Guide: Date - Nov 09, 2004; Author - Mitch Tulloch; The new Security Risk Management Guide from Microsoft provide prescriptive guidance for companies to help them learn how to implement sound risk management principles and practices for enhancing the security of their networks and information assets. This article reviews the contents of this guide and recommends other vendor-neutral resources on similar topics.
Do You Leave Sensitive Data Lying Around?: Date - Nov 04, 2004; Author - Deb Shinder; How much can another person find out about you and your business by examining your hard disk? Probably a lot more than you think! This article takes a look at how a computer forensics examiner seemingly works magic to bring data that was "gone" back from the dead, and can be useful both to those who want to recover data on their systems and those who want to "forensics proof" their computers.
Instant Messaging: Does it have a Place in Business Networks?: Date - Nov 02, 2004; Author - Deb Shinder; Instant Messaging (IM) is wildly popular with home users, but in a business environment the ability to communicate with colleagues in real time can be either a benefit or a phenomenal time waster. This article looks at the pros and cons of allowing IM protocols on your business network, how to make IM more secure if you do allow it, and how to prevent users from using it altogether.
Understanding Windows Security Templates: Date - Oct 06, 2004; Author - Derek Melber; A security template contains hundreds of possible settings that can control a single or multiple computers. The security templates can control areas such as user rights, permissions, and password policies. Security templates can be deployed centrally using Group Policy objects (GPOs). Finally, security templates can be customized to include almost any security setting on a target computer.
Baselining with Security Templates: Date - Sep 30, 2004; Author - Derek Melber; When it comes to network and computer security, it is always best to have your decisions made before you install a computer or network device. In conjunction with this philosophy, it is also ideal to have a benchmark or baseline of what the security initially was on computers and network devices in case you need to troubleshoot an issue or audit the security settings. In this article we will review how to use security templates to establish security baselines on every computer in the organization. Not only will we establish the security baseline, we will keep it persistently affecting the computers.
Removing Pests from Windows (Part 2): Date - Sep 28, 2004; Author - Ricky M. Magalhaes; In this two part article I will discuss pests and potential issues associated with pests that may be encountered within windows. These pests are like parasites of the digital world. These parasites feed off the electronic resources of the host machine, eventually draining the machine to standstill point.
Removing Pests from Windows (Part 1): Date - Sep 22, 2004; Author - Ricky M. Magalhaes; In this two part article I will discuss pests and potential issues associated with pests that may be encountered within windows. IT security professionals are faced with these resource and information divulging threats daily and because at his point there is not mature technology to deal with the problem officially it is challenging to remove these pests form the computer or server manually. These pests are like parasites of the digital world. These parasites feed off the electronic resources of the host machine, eventually draining the machine to standstill point.
Group Policy Management Console (GPMC): Date - Sep 14, 2004; Author - Amit Zinman; Overview of the Group Policy Management Console, Microsoft's new tool for managing operating system settings.
Threats and your Assets – What is really at Risk?: Date - Aug 10, 2004; Author - Robert J. Shimonski; In this article we will cover some of the most important items you will need to consider when discussing, analyzing, designing or implementing a security posture within your place of business, or perhaps in a company you may be servicing. Considering that threats and their origins are constantly changing... shifting, we need to (as Security Analysts/Engineers) focus on what those threats are, where they originate from and what we can do about them as well as deal with their drift from the norm which was basically from being heavily focused on external threats to being in balance with internal threats. This article covers those details as well as why ‘Defense in Depth’ is so critical. We will also focus on Microsoft products (as well as other technologies) while doing so.
Web Browser Vulnerabilities: Is Safe Surfing Possible?: Date - Aug 05, 2004; Author - Deb Shinder; This article takes a look at what makes Web browsers vulnerable to malicious attackers, how popular Web browsers differ (or don’t) in this regard, and what you can do to protect yourself when Web surfing, no matter which browser you choose.
Applying Windows XP Group Policy in a Windows 2000 Domain (Part 2): Date - Jul 29, 2004; Author - Robert J. Shimonski; In this two part article set we will cover the fundamentals of putting Windows XP securely into your network while utilizing the Group Policy Objects in Windows 2000. This two part article covers all the details on how to configure Windows 2000 and XP so that GPOs can be used. Part 1 covers the fundamentals and setup, Part 2 covers the Implementation.
DHCP Server Security (Part 2): Date - Jul 27, 2004; Author - Mitch Tulloch; In Part 1 of this two-part article we looked at the different types of threats faced by DHCP servers and outlined some general countermeasures for mitigating these threats. Part 2 continues with a list of practical steps administrators can follow and tools they can use to help secure their Windows 2000 and Windows Server 2003 DHCP servers.
Applying Windows XP Group Policy in a Windows 2000 Domain (Part 1): Date - Jul 22, 2004; Author - Robert J. Shimonski; In this two part article set we will cover the fundamentals of putting Windows XP securely into your network while utilizing the Group Policy Objects in Windows 2000. This two part article covers all the details on how to configure Windows 2000 and XP so that GPOs can be used. Part 1 covers the fundamentals and setup, Part 2 covers the Implementation. If you are not familiar with GPOs, I will cover some fundamentals in the beginning of Part 1.
DHCP Server Security (Part 1): Date - Jul 20, 2004; Author - Mitch Tulloch; Part 1 of this two-part article looks at the different types of threats faced by DHCP servers and countermeasures for mitigating these threats. Part 2 will continue the discussion with a list of practical steps administrators can follow and tools they can use to help secure their Windows 2000 and Windows Server 2003 DHCP servers.
Microsoft Windows and the Common Criteria Certification Part II: Date - Jul 08, 2004; Author - Robert J. Shimonski; In today’s computer networks, it is important to start to concern yourself with another level of detail in security other than how to ‘harden a system’ by killing unneeded services or adding yet another service pack or hotfix to your system(s). In this article set, we will explore Common Criteria Certification, what it is and what it means. Part I of this article covered the fundamentals. In Part II of this article set we will look at how the Common Criteria is when implemented on a server at the EAL4 class level.
Windows 2000 and 2003 Server Physical/Logical Security Primer (Part 1): Date - Jun 22, 2004; Author - Robert J. Shimonski; As more and more advancements are made on security in the ‘logical’ sense (which is to implement access control rules on Firewalls, to implement IDS (Intrusion Detection) on your hosts and networks, to set up GPOs on your servers, there is little said about the actual ‘physical’ security of your systems and the site in which they are located. In this three part article, we will cover all the aspects of physical security you should be paying attention to as a security professional working with Windows based servers, or any other system for that matter.
Microsoft Windows and the Common Criteria Certification Part I: Date - Jun 17, 2004; Author - Robert J. Shimonski; In today’s computer networks, it is important to start to concern yourself with another level of detail in security other than how to ‘harden a system’ by killing unneeded services or adding yet another service pack or hotfix to your system(s). In this article set, we will explore Common Criteria Certification, what it is and what it means.
Secure Installation of Microsoft SQL Server 2000: Date - Jun 08, 2004; Author - Thomas Kopacz; In this article I’d like to introduce you to a way of installing the SQL server, which will guarantee a high level of the service’s security.
SecurityTalk with K Rudolph, CISSP: Date - May 03, 2004; Author - Dancho Danchev; The SecurityTalks is an initiative aimed at providing the scene with the worlds' leading security experts' thoughts on various information security issues, in a way much different than the usual, small and concise interviews you are used to seeing.
Should Microsoft Identity Integration Server Be Part of Your Security Plan?: Date - Apr 06, 2004; Author - Deb Shinder; Microsoft’s Identity Integration Server (MIIS) and its “lite” version, the Identity Integration Feature Pack for Windows Server 2003 (IIFP) can help organizations get a handle on all the disparate databases throughout the organization that contain information about a person’s identity. In this article, we'll take a look at what MIIS is, how it works and what the latest version has to offer.
How to Defend your Network Against Social Engineers: Date - Mar 30, 2004; Author - Deb Shinder; You can buy the most expensive firewall equipment, install the best anti-virus software, add the greatest intrusion detection system, but there is still a “weakest link” in your security plan that you may have overlooked. In this article, we discuss some common social engineering tactics and, more importantly, what you can do to protect your organization’s network against those who specialize in exploiting the weaknesses of people rather than those of the software.
Is Open Source Really More Secure?: Date - Mar 04, 2004; Author - Deb Shinder; In this article we'll discuss the claim made by proponents of open source software that such software is more secure. Is open source really inherently more secure than closed source commercial software? If so, why? And if not, why do so many have that perception?
Hacking an SQL Server: Date - Dec 04, 2003; Author - Przemyslaw Kazienko & Piotr Dorosz; Microsoft SQL Server is a popular and robust environment for many applications that use databases – it features excellent multi-access capabilities, comprehensive security coverage and can easily be transported to other database platforms. This article aims to identify certain types of risks that might result from inappropriate management of the Microsoft SQL Server.
Reducing "Human Factor" Mistakes: Date - Jul 23, 2003; Author - Dancho Danchev; Nowadays companies and organizations face the problem where massive attempts at illegal intrusions hit their network on a daily basis. In spite of the latest technological improvements in security, it's still the network users who are often unknowingly inviting security breaches through carelesnes and a lack of awareness. This paper will try to summarize various mistakes done by system administrators, company executives and of course the end users, and will also provide you with useful strategies that will definitely help you reduce or completely eliminate the mistakes.
10 Steps to a Secure FTP Server: Date - Jul 08, 2003; Author - Ray Zadjmool; With his first article for WindowSecurity.com, we are pleased to welcome Ray Zadjmool (MCSE, CISSP, CCNA) to our team of authors. FTP [File Transfer Protocol] is one of the oldest and most popular services found on the on the internet today. Serving as an easy and effective method by which to transfer files over a network, FTP has become a standard that is both accepted and widely accessible to users across almost every network and operating system in use today. In this article we will examine 10 options available native in Windows 2000 that can be used to secure an FTP site.
The Ins and Outs of Network Analyzers (Part 2): Date - Jul 02, 2003; Author - Ricky M. Magalhaes; The second installment in this two part series, in this article I have focused on the ideas and workings of most well known industry sniffers. The article is written to assist you in making a more educated decision when picking the sniffer of your choice and will definately aid you when it comes to hunting for value features.
Building and Implementing a Successful Information Security Policy: Date - Jun 19, 2003; Author - Dancho Danchev; Most recognize the necessity of having a security policy, but designing and successfully implementing one throughout your organization can be quite an intimidating task. To take the pain out of this process we are providing you with one of the most comprehensive guides on the design and implementation of an effective security policy for your company. To make this guide available to the entire community we have opened web distribution rights, allowing you to freely host this guide on your website and share it with colleagues.
The Ins and Outs of Network Analyzers (Part 1): Date - Jun 10, 2003; Author - Ricky M. Magalhaes; In this two part article I will focus on Network analyzers, the different forms they come in. I will also materialize what threat they pose to the corporate network, how they can be used as a vital troubleshooting tool and what to look for when searching for a sniffer.
A Secure SQL Server: Date - May 22, 2003; Author - Bronek Kozicki; Microsoft SQL servers are one of the favorite targets for Internet hackers, primarily because of the activity of worms (e.g. SQL Spida, Slammer) spreading through this service, secondly because the access to unsecured, however Internet-connected SQL servers is quite easy. In this article I would like to describe the rules for safeguarding the Microsoft SQL Server service to help you, dear readers, prevent yourselves from the consequences of possible attacks.
Your Quick Guide to Common Attacks: Date - May 20, 2003; Author - Robert J. Shimonski; In this guide we'll go over many of the common attacks by providing a brief description of the attack and it's unique characteristics.
Defining a Security Policy: Date - Apr 10, 2003; Author - Robert J. Shimonski; Security Polices are a necessary evil in today’s enterprise networks. Without a Security Policy, you leave yourself open and vulnerable to a lot of political attacks. In this article, we will begin to look at all the measures you will need to deploy to successfully define a security policy.
Minimizing the effect of DOS attacks and overflows on your DNS servers: Date - Mar 27, 2003; Author - Ricky M. Magalhaes; This whitepaper will focus on strategies used when minimizing downtime caused by DOS attacks, aimed at DNS servers. To achieve high potency intruders focus their efforts on machines that have a high impact on the network, Windows 2000 networks rely a great deal on DNS. Intruders know this, and your focus should be turned to securing the organizations DNS server.
Minimizing Security Incidents: Date - Mar 11, 2003; Author - Robert J. Shimonski; One of the most pertinent strategies you can implement is one of minimizing the number and of course the severity of Security incidents. One of the biggest issues that I see when looking at security infrastructure is the fact that there is not a great deal of effort put into the possibility that there may even be a problem. In fact, most times when I come to an organization, security is not even something anyone really gave a lot of thought to. Because of this, many security problems linger in the darkness of the networks in questions.
Make an Incident Response Plan: Date - Feb 12, 2003; Author - Robert J. Shimonski; Incident Response is when a problem occurs, it is identified and then you need to respond to it. Responding to such an incident would be deemed “Incident Response” and you need to know the underlying concepts to Incident Response for be able to run your network efficiently. In this article, we will look at all the underpinnings of Incident Response, Chain of Custody and how to deal with a problem that occurs on a Microsoft based network.
Denial of Service 101: Date - Feb 05, 2003; Author - Robert J. Shimonski; A denial of service (DoS) attack is an incident in which a user or organization is deprived of the services of a resource they would normally expect to have. Typically, the loss of service is the inability of a particular network service, such as e-mail, to be available or the temporary loss of all network connectivity and services. In this article we will look at a DoS and a DDoS which is a “Distributed Denial of Service” attack where the attack comes from multiple hosts, not just one host, to maximize the resulting devastation.
Risk Assessment and Threat Identification: Date - Nov 25, 2002; Author - Robert J. Shimonski; Although you’ve gathered a considerable amount of data to this point, you will need to analyze this information to determine the probability of a risk occurring, what is affected, and the costs involved with each risk. Once you’ve identified the risks that can pose a probable threat to your company, and determined how much loss can be expected from an incident, you are then prepared to make decisions on how to protect your company.
Network Security recommendations that will enhance your windows network: Date - Oct 22, 2002; Author - Ricky M. Magalhaes; Securing your network should be treated with the utmost priority. Knowing that your network is being attacked is a great advantage that will serve as a powerful tool. If your network security strategy is employed correctly you should not have a major challenge with intruders.
Port Scanning ISA Server: Date - Jul 17, 2002; Author - Thomas Shinder; When I wrote my series on how to secure your ISA Server installation, I had it in mind that ISA Server administrators could use the information to confirm whether or not their ISA Server installations we’re secure. We got some good feedback on the series, but you wanted more! Specifically, you wanted to know how you could test (via port scanning tools) what ports and services were visible and available on the external interface of the ISA server.