|
 |
|
|||||||||||||||||||||||||
|
Security Pro VIP 
[Writing Secure Code]  Avoiding Buffer Overruns with String Safety — David LeBlanc Bind Basics — David LeBlanc Controlling Socket Connections When you're dealing with sockets and other network connections, you want to be selective about which hosts you accept connections from. — David LeBlanc Defeating Denial of Service – CPU Starvation Attacks This week, David tells you how to protect yourself from CPU starvation attacks, where an attacker leverages your mistakes to cause your system to consume all available processing resources. — David LeBlanc Defeating Denial of Service Attacks Learn how attackers attempt to starve the resources associated with your application and how to protect yourself from these types of Denial of Service attacks. — David LeBlanc Detecting Alternate Data Streams Alternate data streams occasionally crop up as security concerns because an attacker might use these streams to hide files. Find out how you can track down these data streams so that you can protect your systems. — David LeBlanc Good Programming and the Rules for Writing Secure Code — David LeBlanc Overflowing Buffers — David LeBlanc Parsing POP — David LeBlanc Restricting Processes David LeBlanc shares some code to help you control the access levels that a process uses in Windows 2000. — David LeBlanc Secure Services Securing services is important to overall network security. Programmers need to be aware of the user context that a service will use and be careful when deciding which choice is right for each service. — David LeBlanc Setting Security If your information is the least bit sensitive, inherited security permissions typically won’t be appropriate for your needs. Learn how to create and apply an ACL to protect your sensitive data. — David LeBlanc Setting Security, Part 2 In Part 2 of his series on Setting Security, David LeBlanc presents an application you can use to initialize the discretionary access control list on a Registry key to give Administrators full control, making your applications more secure. — David LeBlanc Structured Exception Handling and Security Learn how to use the structured exception handling (SEH) function that comes with the Win32 API to let C code handle errors in your application in much the same way that C++ handles exceptions. — David LeBlanc Understanding Process Tokens Learn how process tokens work, and find out about a piece of code that can expose the information within these tokens to help you debug your code. — David LeBlanc Writing a Secure POP3 Server — David LeBlanc [Ultimate Security Toolkit ] CyberCop 5.5 — Steve Manzuik HackerShield 2.0 — Steve Manzuik Intact Enterprise 3.0 Check out this software tool for automatic detection and correction of changes that intruders make to your system. — Shawn Porter Internet Scanner 6.1 — Steve Manzuik LT Auditor +, 7.0 Check out this Windows-based intrusion detection and audit trail security software. LT Auditor +, 7.0, provides 24x7 monitoring of network activity across the enterprise, protecting organizational assets accessible through NT and Novel networks. — Shawn Porter MailRecall 1.1 Does your company require ultimate control over its email and file attachments? Learn how you can use this software to keep your sensitive documents from ending up in the wrong hands. — Shawn Porter NetRecon 3.0 — Steve Manzuik Praesidium WebEnforcer for Windows NT 1.1 Learn about HP's entry into the burgeoning server security scanning software market. — Shawn Porter Raptor Firewall 6.5 Axent Technologies improves on its Raptor enterprise-level firewall product and gives the user an all-new management interface, malicious traffic filters, and definable custom proxies. — Mark Joseph Edwards Retina 3.0 Find out about the Common Hacking Attack Methods (CHAM) and Fix-It features in the latest version of eEye Digital Security's Retina 3.0 security scanner for Win2K and NT networks. — Shawn Porter SecurePC — Steve Manzuik Specter 5.01 Learn how you can use this honeypot-deception software to trick would-be intruders into thinking they are accessing your systems and to respond to them. — Shawn Porter WebTrends 3.0 — Steve Manzuik [Windows 2000 Security ] Analyzing Security Fixes in Win2K Service Pack 1 Microsoft's release of Windows 2000 Service Pack 1 (SP1) fixes 17 security problems, but do you need to install this latest fix? Randy Smith walks you through the service pack and to help you find some answers. — Randy Franklin Smith Auditing Windows 2000 In addition to NT’s seven categories of audit events, Win2K provides two new categories to track additional areas of activity. Find out where Microsoft has added enhancements to this important feature. — Randy Franklin Smith Checking Your Current Configuration in Group Policy As I discussed in a previous column, the way you configure Windows 2000 is very different from the way you configure Windows NT. In general, you no longer directly touch a system’s settings in Win2K. — Randy Franklin Smith Code Red and Proactive Security If you always read Microsoft security bulletins and load hotfixes on your Windows 2000 IIS servers, you're probably already protected from the Code Red worm. However, Randy Smith shows you an even more important way to practice proactive security. — Randy Franklin Smith Cracking User Passwords in Windows 2000 For years, Windows NT administrators have used L0phtCrack 2.5 to obtain users' passwords in their domain. But, if you’ve tried to use this tool on your Windows 2000 domain controller, you know that it doesn’t work. — Randy Franklin Smith Creating a Custom Password-Reset MMC Last time, I showed you how to give your Help desk staff the authority to handle forgotten passwords without giving them sweeping administrative privileges. — Randy Franklin Smith Dangerous Services, Part 1 Windows 2000 comes with some unnecessary services enabled by default. Attackers use these services to access confidential information or impersonate a high-level user. Consider disabling these vulnerable services on workstations and servers. — Randy Franklin Smith Dangerous Services, Part 2 Randy Smith continues his look into Windows 2000 services that can pose unnecessary security risks. Find out which services you will want to consider disabling to keep attackers from accessing your systems. — Randy Franklin Smith Dangerous Services, Part 3 Randy Smith concludes his look into Windows 2000 services that can present security risks. Learn how to use Group Policy to control services on all computers in your domain and to change security settings to keep your systems secure from network attacks. — Randy Franklin Smith Delegating Password Reset Control in Windows 2000 — Randy Franklin Smith Don't Shoot Yourself in the Foot with Group Policy Security Settings, Part 1 If you aren't careful with your Group Policy Security Settings, you can easily shoot your security in the foot. Randy Smith shows you how to implement some fail-safe measures to protect your systems. — Randy Franklin Smith Don't Shoot Yourself in the Foot with Group Policy Security Settings, Part 2 In Part 2, Randy Smith shows you how to use change control techniques and least privilege to protect the rest of your domain from administrator mistakes. — Randy Franklin Smith Group Policy — Randy Franklin Smith Internet Explorer Security Options, Part 1 You take the serious risk of suffering from a security attack each time you browse the Web. Randy Smith shows you how to reduce this risk by properly configuring the security options available in Internet Explorer (IE) 5.0. — Randy Franklin Smith Internet Explorer Security Options, Part 2 Randy Smith continues his look into security options available when you use Internet Explorer (IE) 5.0 to browse the Web. Learn how to configure the Custom Level settings for the security zones. — Randy Franklin Smith Internet Explorer Security Options, Part 3 Web browsing leaves cookies and downloads that might be security risks to your systems. Randy Smith shows you how to how to control cookies and file downloads by properly configuring the security options available in Internet Explorer (IE) 5.0. — Randy Franklin Smith Internet Explorer Security Options, Part 4 Randy Smith continues his look into security options available when you use Internet Explorer (IE) 5.0 to browse the Web. Learn how to control permissions for Java applets you encounter on Web sites and how to configure the settings under Miscellaneous. — Randy Franklin Smith Internet Explorer Security Options, Part 5 Web browsing exposes your systems to dangers associated with active scripts. Randy Smith shows you how to properly configure the security options for scripting that are available in Internet Explorer (IE) 5.0. — Randy Franklin Smith Internet Explorer Security Options, Part 6 Randy Smith completes his look at the security options that are available in Internet Explorer (IE) 5.0. Learn how to use Group Policy to configure the security options centrally for all your users. — Randy Franklin Smith IP Security Filtering Attackers are always scanning the Internet for unsecured PCs. Randy Smith shows you how to use Windows 2000 IP Security (IPSec) Filtering to protect onsite and offsite computers exposed to the Internet. — Randy Franklin Smith New Rights in Windows 2000 — Randy Franklin Smith Protect Confidential Information Using IPSec and Group Policy Learn how to use Group Policy to implement a limited rollout of IPSec and protect your classified information as it traverses your Windows 2000 network. — Randy Franklin Smith Protect Confidential Information Using IPSec and Group Policy – Part 2 In part 2 of this series, Randy shows you how to use a GPO's ACL permissions to assign the Server (Require Security) IPSec policy for your secure servers. — Randy Franklin Smith Protecting Data Recovery Certificates in EFS Learn the importance of exporting and deleting the recovery agent certificate when you are using Win2K-based systems that aren't members of an Active Directory (AD) domain. — Randy Franklin Smith Protecting the Administrator Account Find out why Windows 2000's built-in Administrator account needs special protection against attacks because of several idiosyncrasies that Win2K inherited from Windows NT. — Randy Franklin Smith Reducing the Risks Associated with Windows 2000's Group Policy — Randy Franklin Smith Securing Win2K Laptops with EFS Learn how to securely implement EFS on Win2K Professional laptops and protect your mobile users. — Randy Franklin Smith Setting Active Directory Property Permissions By the time a user calls the Help desk to ask for assistance with a forgotten password, Windows 2000 will likely have locked out that user's account as a result of several failed logons. — Randy Franklin Smith Terminal Services, Part 1 Terminal Services lets you fully administer a remote server. With the graphical, interactive environment of a PC and the manageability and simplicity of a mainframe, Terminal Services offers the best of two worlds. — Randy Franklin Smith Terminal Services, Part 2 Randy Smith continues his look at some of the features available in the Microsoft Management Console (MMC) Terminal Services snap-in. Learn how to use Terminal Services features to keep your server secure during remote administration. — Randy Franklin Smith Terminal Services, Part 3 Randy Smith continues his look at features in the Microsoft Management Console (MMC) Terminal Services snap-in. Learn how to use some of the properties for Terminal Services connection objects to keep your server secure during remote administration. — Randy Franklin Smith Terminal Services, Part 4 Randy Smith completes his look at features in the Microsoft Management Console (MMC) Terminal Services snap-in. Learn how to use IP Security (IPSec) protocol to wrap a final layer of security around your server. — Randy Franklin Smith Updating Service Packs and Hotfixes with Boot Scripts Learn how to use a few simple scripts and Group Policy to keep your Win2K systems up-to-date and secure and still get home at a decent hour. — Randy Franklin Smith Win2K SP1 Security Improvements Find out what improvements Microsoft has made in Win2K SP1 to help you keep your systems up to date and secure. — Randy Franklin Smith Windows 2000 Installer Package for Service Pack 1 Using service packs to keep servers and workstations up-to-date is crucial to your entire OS and Internet Explorer. Now you can use Windows 2000 Installer to deploy service packs throughout your network with little effort. — Randy Franklin Smith Windows 2000's Advances in Administrative Authority — Randy Franklin Smith [Hot Tips] Cause Microsoft ISA to Automatically Dial Out Some of you use Microsoft's new Internet Security and Acceleration (ISA) Server in conjunction with a modem-based connection. — Mark Joseph Edwards Convert to NTFS During an Unattended Installation As you know FAT file systems offer very little in the way of security. Therefore its always wise to format your drives to use the NTFS file system, where you gain the ability to control access to files and directories on a per user basis. While In the right Microsoft article Start the Registry Outlook users (and possibly users of other As I tell As I tell If you run [Product Reviews] Baseline +Plus 2.2.1 Administrators and Help desk support personnel often struggle with inconsistent file versions on computers throughout an organization. Computing Edge's Baseline +Plus 2.2.1 eases this struggle by analyzing the difference between a baseline — Mark Joseph Edwards CyberwallPLUS-SV 5.1.1 CyberwallPLUS-SV is a software-based embedded firewall that resides at the kernel level on an NT server, between the host's Ethernet NICs and the network protocol stacks. During installation, the program bonds its proprietary virtual network device — Mark Joseph Edwards Enterprise Backup Software Data that you store on enterprise networks represents money, and for most organizations, irrecoverable loss of such data would be a financial catastrophe. Thus, choosing the correct backup software is like picking the right vehicle to take your — Mark Joseph Edwards SecureNT 1.2 A growing reliance on computers for the processing and storage of critical data means that securing system integrity is crucial. A lot of public hype exists about the external threats that system crackers pose, yet internal threats are more likely to — Mark Joseph Edwards SFProtect 2.0 Scanning your systems for security vulnerabilities is a paramount task, so selecting a security scanner that is right for your network is important. If you're looking for an agent-based system security scanner, SFProtect 2.0 might be the solution for — Mark Joseph Edwards UltraBac 5.5 Stand Alone Disaster Recovery for Windows NT UltraBac.com's UltraBac 5.5 Stand Alone Disaster Recovery (SADR) for Windows NT streamlines partition-image backup and restoration. You can write the backup images to any local device on the NT 4.0 Hardware Compatibility List (HCL), and SADR includes — Mark Joseph Edwards [How To] Advanced Security in Exchange 2000, Part 1 Microsoft Exchange Server has always provided the Advanced Security subsystem to let users secure their mail messages. Advanced Security guarantees confidentiality and message content integrity and verifies the sender’s authenticity. Advanced Security — Mark Joseph Edwards Encrypting Files for Added Security If you're running NTFS on your Win2K system, you can give yourself extra security by encrypting files. To do so, open My Computer, drill down to the file or folder you want to encrypt, and right-click it to bring up a menu. Select Properties and — Mark Joseph Edwards Internet Explorer's Upcoming Cookie Management Update Microsoft will soon release a public beta of its upcoming cookie management update for Internet Explorer (IE) 5.5. — Mark Joseph Edwards Microsoft Releases IIS 5.0 Security Checklist Microsoft recently released a new security-related document that helps administrators better secure their Internet Information Server 5.0 systems. — Mark Joseph Edwards Multibooting Windows 2000 Systems You're probably just taking the shrink-wrap off your new copy of Windows 2000 (Win2K) and wondering how Win2K will integrate into your existing system configuration. If you've configured multiboot systems with Windows NT 4.0 in the past, you — Mark Joseph Edwards Quickly Disable Network Access to Your System Here's a handy tip for disabling access to NT 4.0 systems while you perform maintenance or upgrade tasks, or if you suspect your system is being attacked via NetBIOS. Unless you have modified the default settings, the Everyone group has the right — Paula Sharick Secure E-Commerce with Smart Cards Your company might still consider smart cards to be a futuristic technology. To help make them a present reality, Windows 2000 (Win2K) will offer highly integrated support for smart cards. In this article, I introduce you to smart cards, show you why — Mark Joseph Edwards Tougher Computer Crime Laws Sought White House Chief of Staff John Podesta made a proposal for updates to existing computer crime laws. — Mark Joseph Edwards White House Eases Encryption Export Policy The White House announced a new policy on Monday designed to ease restrictions on export of strong encryption. — Mark Joseph Edwards Windows 2000's Network Address Translation In Windows 2000 Server (Win2K Server), Microsoft offers you two ways to connect SOHO networks to the Internet: You can use a routed connection or a translated connection. With routed connections, Win2K Server acts as an IP router and forwards packets — Mark Joseph Edwards Your Web Browser is Bugged Cookies have been the nemesis of privacy advocates for quite some time now, but cookies are relatively tame compared to their sneakier siblings, Web bugs, which stealthly track you as you view content from around the Internet. — Mark Joseph Edwards [Feature] Avoiding WinZapper's Sting Learn to protect your NT security log from a new utility that lets intruders erase the log while the OS is running. — Randy Franklin Smith FOR MORE INFORMATION Understanding how EFS works is the key to securing your environment. Here are a few resources to get you started. — John Howie Guarding Your Certificate Authorities Implement some disaster-prevention and recovery techniques that will help keep your CAs and the certificates they issue secure. — Brien Posey [SOHO Security] Email Security and You Reading and sending email can threaten the security of your system's data. Learn what you can do to protect your SOHO against email security threats. — Jonathan Hassell Encryption Basics In previous columns, Jonathan Hassell has discussed encryption as it relates to pretty good privacy (PGP) and secure email. In "Encryption Basics," he presents a primer on how SOHO users can use encryption to make their data more secure. — Jonathan Hassell | |||||||||||
