WindowSecurity.com - Monthly Article Update
Hi Security World,
New articles added to WindowSecurity.com last month:
Title: Packet analysis tools and methodology (Part 1)
Author: Don Parker
Summary: There are untold billions of packets flying around the web today. A great many of them are of malicious intent. A prelude to malicious activity is often the port scan. We will learn about some of the more popular types of port scans in existence today, and the tools used for them.
Link: http://www.WindowSecurity.com/articles/Packet-analysis-tools-methodology-Part1.html
Title: Product-based Security vs. Service-based Security
Author: Deb Shinder
Summary: Security vendors today can follow either of two different models: they can sell a product (a firewall, an encryption program, etc.) that your company pays for upfront, or they can sell a service that incurs an ongoing fee. In some cases, they can combine the two: an antivirus program or anti-spyware appliance that requires an update service to function properly. The current trend seems to be away from the standalone product model and toward the service model. In this article, we examine the advantages and disadvantages of both.
Link: http://www.WindowSecurity.com/articles/Product-based-Security-Service-based-Security.html
Title: Ideal-to-Realized Security Assurance In Cryptographic Keys (Part 2)
Author: Justin Troutman
Summary: In the final installment of this two-part series, we'll cover two closely related collision attacks - the birthday attack and the meet-in-the-middle attack. We'll conclude by emphasizing the importance of simplicity through conservatism, and establishing a "golden rule" for instantiating the lengths of many cryptographic values.
Link: http://www.WindowSecurity.com/articles/Ideal-to-Realized-Security-Assurance-Cryptographic-Keys-Part2.html
Title: Implementing Principle of Least Privilege
Author: Derek Melber
Summary: The Principle of Least Privilege is not a new concept, but the push to implement it on production networks has never been so important. This article will go over some of the most common configurations that you can make to implement these principles and reduce the possibility of an attack from a typical end user.
Link: http://www.WindowSecurity.com/articles/Implementing-Principle-Least-Privilege.html
Title: Ideal-to-Realized Security Assurance In Cryptographic Keys (Part 1)
Author: Justin Troutman
Summary: In the first installment of this two-part series, we'll cover key length, and relative concerns, such as entropy and how password etiquette affects key space complexity. We'll look at how the length of the key doesn't inherently equate to the security of the key, and why security isn't even just about keys, at all.
Link: http://www.WindowSecurity.com/articles/Ideal-to-Realized-Security-Assurance-Cryptographic-Keys-Part1.html
Title: Product Review: Acunetix Web Vulnerability Scanner
Author: Deb Shinder
Summary: We’ve all heard of vulnerability scanners, but as the spectrum of security threats expands, security tools become more specialized. Acunetix has created a vulnerability scanner that’s specifically designed to protect your Web servers and Web applications. It sounded interesting to us, so we installed the Acunetix WVS package on a Windows Server 2003 server to try it out. In this article, we’ll review our experiences with its features and functionality.
Link: http://www.WindowSecurity.com/articles/Product-Review-Acunetix-WVS.html
Title: Bluetooth: Is it a Security Threat?
Author: Deb Shinder
Summary: I’ve received a lot of questions from readers recently about security issues related to different types of wireless technology. 802.11 (wi-fi) security has been covered in detail in this and other forums, but you don’t see nearly so much discussion of Bluetooth security. Bluetooth is becoming more and more popular, and it’s time to examine its security implications. Is it secure? Can it be made secure? What are particular security concerns? We’ll take a look at those questions in this article.
Link: http://www.WindowSecurity.com/articles/Bluetooth-Security-Threat.html
Title: Auditing user accounts
Author: Derek Melber
Summary: With Sarbanes Oxley, HIPAA, GLM, and the other auditing compliance programs getting so much attention, all aspects of the network environment are under a microscope. For any operating system environment this includes the auditing of the user accounts and their related properties. Considering that many attacks are accessed through a user account that has one or more incorrect and insecure settings, it makes sense to focus on user account properties during the audit. Within a Windows Active Directory environment there are the standard user properties that must be audited, plus a few that may not fall into too many other network environments. This article will discuss the key user account properties that need to be audited, as well as the tools that can help complete the task.
Link: http://www.WindowSecurity.com/articles/Auditing-user-accounts.html
Title: Installing and Configuring Microsoft’s Data Protection Manager (DPM) Part 2
Author: Deb Shinder
Summary: In this two part article, we show you how to install and configure DPM and evaluate how this can be integrated into your overall security strategy. In Part 1, we covered the process of installing the DPM prerequisite software, DPM itself, the file agent software and the end-user recovery client software. In Part 2, we’ll show you how to configure your DPM server to protect data, and how end users can recover their protected files without administrative assistance.
Link: http://www.WindowSecurity.com/articles/Installing-Configuring-Microsoft-Data-Protection-Manager-Part2.html
Visit the Subscription Management (http://newsletter.isoftmarketing.com/) section to unsubscribe.
WindowSecurity.com is in no way affiliated with Microsoft Corp.
For sponsorship information, contact us at advertising@windowsecurity.com
Copyright © WindowSecurity.com 2005. All rights reserved.
No comments:
Post a Comment