http://ezinearticles.com/?expert=Benjamin_Hargis
Feel free to read them and email them to friends and colleagues. Keep checking back as I plan to write alot more!!!
Orange County Computer Consultant
- Orange County Computer Security Consultant
- Orange County Computer Consultant helps small businesses with networking, installations and small business software.
Wednesday, November 30, 2005
Here are some articles I have written!!
http://ezinearticles.com/?expert=Benjamin_Hargis
Feel free to read them and email them to friends and colleagues. Keep checking back as I plan to write alot more!!!
A great way to start investing
I use this service and I love it. Its great because there is no minimum to start.
http://www.sharebuilder.com/sharebuilder/Index.asp
Check them out!!!
http://www.sharebuilder.com/sharebuilder/Index.asp
Check them out!!!
Looking for a great and cheap way to Try Linux, or Unix?
I go on this site on almost a daily basis to check out the new flavors of Unix and Linux, I probably own at least 4 or 5 distributions currently and all have their ups and downs. I own Whoppix, Knoppis, Auditor and a couple of forensics CD's as well. This is a great way to get alot of tools for open source on one CD. http://distrowatch.com/
Class I'm thinking about taking.
This is a PERL class that I might take; Ive had this teacher previously and hes pretty cool.
Students will be introduced to the Perl scripting language syntax, data types, input/output, Managing System Processes, Database programming, CGI programming and Web Programming. Not an introductory programming course. Students need to have previous programming experience.
I love PERL there are so many things that it is usefull for. I want to be able to write flawless networking applications with it.
Students will be introduced to the Perl scripting language syntax, data types, input/output, Managing System Processes, Database programming, CGI programming and Web Programming. Not an introductory programming course. Students need to have previous programming experience.
I love PERL there are so many things that it is usefull for. I want to be able to write flawless networking applications with it.
Looking for a good way to find files on your desktop?
I have used Google Desktop search and personally do not like the way it indexes my files here is an alternative. Its called Copernic Desktop Search and yes its free!
http://www.download.com/3000-2379_4-10314159.html
It searches most file formats as well.
http://www.download.com/3000-2379_4-10314159.html
It searches most file formats as well.
Friday, November 25, 2005
Free computer security software
Looking for free computer security tools to use?
Got Spyware?
There is now a bill in Congress to make Spyware illegal. Good luck at catching the creators, in the mean time here are two links you can use to get started on your journey against Spyware.
http://www.lavasoft.com/ Ad-aware
http://www.safernetworking.com/ Spybot Search and Destroy.
Note there is better version available for a cost. There are many things you can also do to protect your computer Keep Automatic Updates turned on for all of your Anti-Virus Software, and operating systems. Clean out your cookies as well there is often cookies placed to track your whereabouts on the Internet.
Now the subject of viruses. There are commercial anti-virus scanner like Symantec Norton Anti-Virus and MacAfee in fact many new computers come with trial versions. Unfortunately when these versions run out users most of the time ignore it and wonder why do I have a virus? Let me explain something just because you have a antivirus software program on your computer you are not cured. Virus writers do just that write new viruses and edit old ones to do new things. You need to update your signatures of your anti-virus software continuously. Crafty virus writer’s code Viruses to disable your anti-virus software!
There is free anti-virus solutions one is called AVG http://free.grisoft.com/. I personally use this product and love It, it is not a memory hog like Norton. And you can also set up schedules to run and get updates.
A good firewall is a must especially nowadays. This is because everyone for the most part is running DSL and Cable modems. Which are great for connectivity horrible because it’s like leaving your front door unlocked.
Check out http://www.zonelabs.com/ They have a product called Zone Alarm. It is customizable and blocks allot of attempts of entering your network. It is shocking to see the amount of people trying to get into your network. Zone Alarm will alert you to programs trying to access the Internet. This is kind of annoying but can be a life saver if a program is dialing Kenya on your telephone!! Zone Alarm can remember certain programs.
Windows Service Pack 2 has a firewall in it and I recommend enabling it.
There are many web browsers that you can use. I love Open Source you can probably guess I’m using Firefox www.mozilla.org/products/firefox.com There are so many features that I can rave about like tabbed browsing, if your anything like me at home I have at least two or three browser running if using Internet Explorer, with Firefox I can have as many websites as I want open and tabs at the top with descriptions. it's ingenious in my opinion. I don’t have to switch browsers like I do with IE.
Internet Explorer is one of the most used browsers and most targeted. Mozilla Firefox has many advantages including security. It also does not use ActiveX.
Scan your own systems! To see what ports are open and running. DO you have services that do not need to be running?
Knowledge is power. I work for a technology company for three years and never have they trained any people in multiple departments on security that I'm aware of. I’m amazed to hear things from co-workers such as I don’t have an account with so and so bank but they wanted my information and I gave it to them! Corporate networks are and will continue to be infected by users that are untrained about computer security. People all the time open attachments that they do not know where they came from. Homes users are sometimes even more ignorant. That is not said in a mean way.
File Sharing programs are popular and an opening to viruses, Trojans and other lovely things you don’t want in your network.
For the best and current security tools, alerts and news use Google http://www.google.com/.
Got Spyware?
There is now a bill in Congress to make Spyware illegal. Good luck at catching the creators, in the mean time here are two links you can use to get started on your journey against Spyware.
http://www.lavasoft.com/ Ad-aware
http://www.safernetworking.com/ Spybot Search and Destroy.
Note there is better version available for a cost. There are many things you can also do to protect your computer Keep Automatic Updates turned on for all of your Anti-Virus Software, and operating systems. Clean out your cookies as well there is often cookies placed to track your whereabouts on the Internet.
Now the subject of viruses. There are commercial anti-virus scanner like Symantec Norton Anti-Virus and MacAfee in fact many new computers come with trial versions. Unfortunately when these versions run out users most of the time ignore it and wonder why do I have a virus? Let me explain something just because you have a antivirus software program on your computer you are not cured. Virus writers do just that write new viruses and edit old ones to do new things. You need to update your signatures of your anti-virus software continuously. Crafty virus writer’s code Viruses to disable your anti-virus software!
There is free anti-virus solutions one is called AVG http://free.grisoft.com/. I personally use this product and love It, it is not a memory hog like Norton. And you can also set up schedules to run and get updates.
A good firewall is a must especially nowadays. This is because everyone for the most part is running DSL and Cable modems. Which are great for connectivity horrible because it’s like leaving your front door unlocked.
Check out http://www.zonelabs.com/ They have a product called Zone Alarm. It is customizable and blocks allot of attempts of entering your network. It is shocking to see the amount of people trying to get into your network. Zone Alarm will alert you to programs trying to access the Internet. This is kind of annoying but can be a life saver if a program is dialing Kenya on your telephone!! Zone Alarm can remember certain programs.
Windows Service Pack 2 has a firewall in it and I recommend enabling it.
There are many web browsers that you can use. I love Open Source you can probably guess I’m using Firefox www.mozilla.org/products/firefox.com There are so many features that I can rave about like tabbed browsing, if your anything like me at home I have at least two or three browser running if using Internet Explorer, with Firefox I can have as many websites as I want open and tabs at the top with descriptions. it's ingenious in my opinion. I don’t have to switch browsers like I do with IE.
Internet Explorer is one of the most used browsers and most targeted. Mozilla Firefox has many advantages including security. It also does not use ActiveX.
Scan your own systems! To see what ports are open and running. DO you have services that do not need to be running?
Knowledge is power. I work for a technology company for three years and never have they trained any people in multiple departments on security that I'm aware of. I’m amazed to hear things from co-workers such as I don’t have an account with so and so bank but they wanted my information and I gave it to them! Corporate networks are and will continue to be infected by users that are untrained about computer security. People all the time open attachments that they do not know where they came from. Homes users are sometimes even more ignorant. That is not said in a mean way.
File Sharing programs are popular and an opening to viruses, Trojans and other lovely things you don’t want in your network.
For the best and current security tools, alerts and news use Google http://www.google.com/.
Microsoft Internet Security Accelerator
Quick and Dirty Primer on Internet Security and Acceleration Server.
What exactly is ISA?
Microsoft Internet Security and Acceleration server is a web-cache, virtual private networks and application layer firewall.
For vendor information check out www.microsoft.com/isaserver.
I went to a Microsoft security conference and this is what I picked up.
ISA can inspect traffic coming into your network and also do HTTP filtering. It is designed to look for directory traversing. YOu can customize protocolsand policies based upon your criteria.
ISA allows for better authentication thru RADIUS remote access dial in server. You can also use products from RSA such as secure ID, which I recommend.
VPN's can also be customized thru ISA. VPN's are virtual private networks to allow remote users to access your network thru encrypted tunnels using protocolssuch as IPSec.
Internet Security Accelerator can also be used with Microsoft Exchange server for better security.
Internet Security accelerator allows traffic thru that has been deemed ok by the firewall administrator without additional packet inspection increasing performance of your network.
ISA will also cache webpages to allow faster access over the network.
There are always open source alternatives such as Squid, http://www.squid.org which is a open source proxy. This is just a few notes I took down that I thought I would share with the internet community. I hope this helps with any IT decisions.
What exactly is ISA?
Microsoft Internet Security and Acceleration server is a web-cache, virtual private networks and application layer firewall.
For vendor information check out www.microsoft.com/isaserver.
I went to a Microsoft security conference and this is what I picked up.
ISA can inspect traffic coming into your network and also do HTTP filtering. It is designed to look for directory traversing. YOu can customize protocolsand policies based upon your criteria.
ISA allows for better authentication thru RADIUS remote access dial in server. You can also use products from RSA such as secure ID, which I recommend.
VPN's can also be customized thru ISA. VPN's are virtual private networks to allow remote users to access your network thru encrypted tunnels using protocolssuch as IPSec.
Internet Security Accelerator can also be used with Microsoft Exchange server for better security.
Internet Security accelerator allows traffic thru that has been deemed ok by the firewall administrator without additional packet inspection increasing performance of your network.
ISA will also cache webpages to allow faster access over the network.
There are always open source alternatives such as Squid, http://www.squid.org which is a open source proxy. This is just a few notes I took down that I thought I would share with the internet community. I hope this helps with any IT decisions.
Making Money
It is Friday morning and I'm thinking about how to make more money on the Internet. There is allot of opportunities. I'm currently using Google Adsense and am constantly looking at ways to improve traffic to my website and total number of clickthrus. I run my own computer consulting company, which is fine. I would rather work fulltime from home because I have a baby on the way and would love to spend all the time I can with my girlfriend, child and my computers. I currently have two jobs. I like my day job, but hate my slow computer at work, it is also not as technically challenging as I would like.
Then there is affiliate programs. I like Amazon http://www.amazon.com because I can select what books amongst other items I want displayed.
The possibilities are almost endless. It takes allot of writing, even more research and link building to get the results I’m looking for. I would like to make a fulltime income of the Internet and not even leave the house unless there is some interesting security problem or technical problem to get into. I'm thinking about just writing more security articles on a daily basis as well. I do it for fun and to share knowledge.
It must be the Colombian coffee this morning because my mind is racing with business ideas of ways to profit and turn nothing into something. I don’t want to reveal too much though because there is always competition :) I’m looking forward to going to the USENIX conference in December it should be a blast. I will be blogging and taking photos of every bit as well. Then I and my pregnant girlfriend will be making a trip to San Diego to Sea world.
This February I should be going back to college, I have attended like 6 community colleges, various trade schools and I'm not even a PH.D.. I think my problem is that I focus on only technical classes and not the General Curriculum suggested. YAWN. The classes I’m looking at? Oddly enough more psychology and ecommerce, maybe a design class. I took Java and could not stand it. They don’t offer Python.
Then there is affiliate programs. I like Amazon http://www.amazon.com because I can select what books amongst other items I want displayed.
The possibilities are almost endless. It takes allot of writing, even more research and link building to get the results I’m looking for. I would like to make a fulltime income of the Internet and not even leave the house unless there is some interesting security problem or technical problem to get into. I'm thinking about just writing more security articles on a daily basis as well. I do it for fun and to share knowledge.
It must be the Colombian coffee this morning because my mind is racing with business ideas of ways to profit and turn nothing into something. I don’t want to reveal too much though because there is always competition :) I’m looking forward to going to the USENIX conference in December it should be a blast. I will be blogging and taking photos of every bit as well. Then I and my pregnant girlfriend will be making a trip to San Diego to Sea world.
This February I should be going back to college, I have attended like 6 community colleges, various trade schools and I'm not even a PH.D.. I think my problem is that I focus on only technical classes and not the General Curriculum suggested. YAWN. The classes I’m looking at? Oddly enough more psychology and ecommerce, maybe a design class. I took Java and could not stand it. They don’t offer Python.
Thursday, November 24, 2005
Windows Server 2003 Security
Windows Server 2003 has some of the following feautres to help protect your corporate enviroment:
There is now forest trust that allows you to authenticate other companies in your WAN thru Active Directory, this simplifies some security issues for security and network administrators.
Kerberos is now availiable thru Windows Server 2003 to allow for better and more secure authentication.
Credential Manager allows secure storage for usernames and passwords as well as certificates.
You can now delegate what services can access other resources on your network.
.NET password is now integrated with Active Directory aloowing SSO or single sign on.
RBAC or Remote Based Access Control you can assign more efficient restrictions to manage access to information.
Systems administrators can disallow software to run, with the Software Restrcition Policy.
In Windows 2003 you can audit system alerts and even set up audits of individual users!
Account Management logs IP addresses and even calls for Logon and Logoff events.
You can now log security events in real time and export them to a SQL database to anaylze later.
PKI or Public Key Infrastructure is is system of digital certificates and CA or Certificate
Authorities to verify you are who you really say you are. This is great for ecommerce systems, think E-Bay. You want to know if your really giving your credit card information to E-Bay or E-fake.
Windows Server 2003 now helps with Wireless 802.1x., you can enable PEAP which is protected EAP for authentication.I suggest using WPA in conjuction. he encrytpion protocl they use is called EFS.EFS uses AES-256 which is very strong encryption. There should be security in depth applied.Two form authentication should be applied such as biometrics and passwords.Take a look at RSA secure ID cards.This provides great authetication for users on the move connecting to the corporate networks, or even home. I like open source solutions myself or even third party vendors for encryption such as RSA http://www.rsa.com.
There is now forest trust that allows you to authenticate other companies in your WAN thru Active Directory, this simplifies some security issues for security and network administrators.
Kerberos is now availiable thru Windows Server 2003 to allow for better and more secure authentication.
Credential Manager allows secure storage for usernames and passwords as well as certificates.
You can now delegate what services can access other resources on your network.
.NET password is now integrated with Active Directory aloowing SSO or single sign on.
RBAC or Remote Based Access Control you can assign more efficient restrictions to manage access to information.
Systems administrators can disallow software to run, with the Software Restrcition Policy.
In Windows 2003 you can audit system alerts and even set up audits of individual users!
Account Management logs IP addresses and even calls for Logon and Logoff events.
You can now log security events in real time and export them to a SQL database to anaylze later.
PKI or Public Key Infrastructure is is system of digital certificates and CA or Certificate
Authorities to verify you are who you really say you are. This is great for ecommerce systems, think E-Bay. You want to know if your really giving your credit card information to E-Bay or E-fake.
Windows Server 2003 now helps with Wireless 802.1x., you can enable PEAP which is protected EAP for authentication.I suggest using WPA in conjuction. he encrytpion protocl they use is called EFS.EFS uses AES-256 which is very strong encryption. There should be security in depth applied.Two form authentication should be applied such as biometrics and passwords.Take a look at RSA secure ID cards.This provides great authetication for users on the move connecting to the corporate networks, or even home. I like open source solutions myself or even third party vendors for encryption such as RSA http://www.rsa.com.
Wednesday, November 23, 2005
XBOX 360 buggy.
I really do not find this shocking as it is a new product. There will be bugs and probably lots of them we have not even heard about possible vulnerabilities this might open up on your home network. Here is the link
http://www.xbox-scene.com/xbox1data/sep/EEFkZkkkyEHasmrPqu.php
I look forward to playing around with an Xbox 360 shortly. I will then write my own review. I have to admit it looks sweet and has some nice feautres.
The Value Of An Oracle Database
There are some very large, very powerful companies out there that have saved quite a bit of money using an Oracle database. Will your company be one of those? Or, will you simply overlook this opportunity? In order to know if in fact an Oracle database will help you, perhaps you have to know a little more about it. Also, you need to realize the differences that are out there in various versions of the Oracle database. Gathering this information will help you make a sound decision about the use of this product in your business. First, realize that the Oracle database is available to be used and can be benefited from by virtually any size of business. Large corporations, medium sized companies, and even small organizations can all benefit here. What makes it nice to everyone as well is the lower prices that are currently being offered on Oracle database systems. There is no doubt that the introductory price is something to turn heads. The system we will mention here is the Oracle Database 10g Products. These are, believe it or not, the first databases designed for grid computing in the industry. Your options are many: • Enterprise Edition: Packed full with the highest level of performance and scalability. You will find reliability in OLTP as well as in decision support, and management activities. • Standard Edition: Clustering support is provided with this 4 processor version. • Standard Edition One: Same great stuff with a 2 processor version that is perfect for the entry level. • Personal Edition: Perfect for an individual • Lite Edition: Great option for managing mobile database applications. While the features of each of these Oracle database options are many, it makes sense for each and every business out there to find out how well these products can serve their basic needs. Take a moment to see what they can do for you and you may just be impressed with the options that are available to you in Oracle database.View all Sandy Baker's articles
About the Author: For more information please see http://www.money-market-info.co.uk
About the Author: For more information please see http://www.money-market-info.co.uk
Active Scripting
I have commented on this many times, this is how alot of Spyware and Viruses infect your computer. Disable active scripting.
How to stop 'Active Scripting' in home PCs by ZDNet's George Ou -- A supercritical zero-day IE flaw has been released in to the wild by a reckless British company. There are no patches available as of 11/22/2005. Here is what you can do now to protect yourself. You must disable "Active Scripting" on all Windows computers running Internet Explorer 5.5 or 6.0 even if you have Windows [...]
Thursday, November 17, 2005
Ezine Expert Author
I have been doing alot of writing lately on security topics you can check them out here:
ezinearticles.com/?expert=Benjamin_Hargis
Todays Security Alerts from CERT
US-CERT Technical Cyber Security AlertTA05-312A
Microsoft Windows Image Processing Vulnerabilities
US-CERT Technical Cyber Security AlertTA05-292A
Oracle Products Contain Multiple Vulnerabilities
US-CERT Technical Cyber Security AlertTA05-291A
Snort Back Orifice Preprocessor Buffer Overflow
On another note the German goverment is warning of new strains of Sobig a trojan thats turns PC into email spam bots. look for patches at Microsoft. www.microsoft.com
Microsoft Windows Image Processing Vulnerabilities
US-CERT Technical Cyber Security AlertTA05-292A
Oracle Products Contain Multiple Vulnerabilities
US-CERT Technical Cyber Security AlertTA05-291A
Snort Back Orifice Preprocessor Buffer Overflow
On another note the German goverment is warning of new strains of Sobig a trojan thats turns PC into email spam bots. look for patches at Microsoft. www.microsoft.com
Wireless Security
Wireless networks using 802.11 have made it simple to connect multiple devices to your home network.This can also make your data availiable anywhere, even outside your home.To set this up all you need is a broadband connection connected to a wireless router or a WAP Wireless Access Point. Your home computers should have wireless access cards installed or if your using a laptop a PCMCIA wireless card. Intel Centrino is great for wireless, I personally use it. I like the fact that I did not have to purchase additional hardware.
When you set up your wireless router or WAP your signal is broadcast. This broadcast usually goes further than your home or business. People like to drive around finding unsecured wireless access points. This is known as Wardriving, some hackers even mark spots on the sidewalk to let other hackers know your home or business is offering free Internet service, or worse yet access to your data.This is not to scare you but make you aware.
Diasble broadcasting so people cannot you your wireless network.
Your routers come with pre-configured system ID's its called a SSID or Service Set Identifier, its very simple to locate this information on the Internet for default SSID's I recommend changing this to something hard to guess. Use alphanumeric's to make it even harder to guess.
Use encryption to protect your network. WEP or Wireless Encryption Protocol is not secure, I have cracked my own network with a Linux machine running Kismet. WEP's keylength is only 40 bits, once you collect enough data from packets its only a matter of time for a determined cracker.Instead use WPA which is WI-Fi protected access. This is more secure.
Configure your router to block incoming outgoing traffic you do not use. Consider blocking Port 23 Telnet and Even FTP.
Router manafacturers have default passwords which I find many home users do not change. CHANGE THEM!
Invest in a software firewall and keep your system up to date. In the month of October 2005 there have been several security flaws listed by Microsoft. Keep Informed.
When you set up your wireless router or WAP your signal is broadcast. This broadcast usually goes further than your home or business. People like to drive around finding unsecured wireless access points. This is known as Wardriving, some hackers even mark spots on the sidewalk to let other hackers know your home or business is offering free Internet service, or worse yet access to your data.This is not to scare you but make you aware.
Diasble broadcasting so people cannot you your wireless network.
Your routers come with pre-configured system ID's its called a SSID or Service Set Identifier, its very simple to locate this information on the Internet for default SSID's I recommend changing this to something hard to guess. Use alphanumeric's to make it even harder to guess.
Use encryption to protect your network. WEP or Wireless Encryption Protocol is not secure, I have cracked my own network with a Linux machine running Kismet. WEP's keylength is only 40 bits, once you collect enough data from packets its only a matter of time for a determined cracker.Instead use WPA which is WI-Fi protected access. This is more secure.
Configure your router to block incoming outgoing traffic you do not use. Consider blocking Port 23 Telnet and Even FTP.
Router manafacturers have default passwords which I find many home users do not change. CHANGE THEM!
Invest in a software firewall and keep your system up to date. In the month of October 2005 there have been several security flaws listed by Microsoft. Keep Informed.
Security Process
What is ARBIL?
Asset and Risk Based INFOSEC lifecycle.
To implement a comprehensive security plan in I.T. and strategies for risk management.
What is CIA?
Confidentiality, Integrity, and Availability
Confidentiality- making sure your data is available to only those allowed.
Integrity- making sure your data has not been altered in any way. Think bank transactions or chemical formulas.
Availability- making sure your data is available. Hackers often use denial of services attacks to bring down your servers or networks by overloading them with packets.
Hackers use attack trees to determine every possible entrance into your networks. This can be through modems connected to your network, routers, switches, and application vulnerabilities, almost anything connected to your internet.
Make it difficult to determine your OS, which hackers use for Banner Grabbing. This is a simple fix that many systems administrators leave.
Change your banner to display a security warning.
Many people have difficulty understanding security processes alone implementing solutions.
What is SMIRA? Simple methodology for INFOSEC based risk assessment.
Risk management is the practice and process of identifying threats and vulnerabilities to assets. This helps making the correct decisions to implement the necessary safeguards to help your organization carry out its mission.
Organizations should look at threats, vulnerabilities, assets and safeguards.
Risk Assessment
The goal is to have a list of your critical assets. Critical in understanding mission, objectives and operations and what if scenarios.
Then to implement safeguards to protect those assets.
Vulnerability Assessment
This is when you look for vulnerabilities in existing applications and determine there severity. The vulnerabilities will be rated. This includes physical security, web application reviews, policy and procedure reviews, host assessments and OS reviews, and vulnerability scans.
Threat Assessment
This is the process, of identifying existing and potential threats to assets and environments. This will also be based on severity.Where can threats come from? Disgruntled employees, script kiddies, hackers, crackers, foreign governments, and your competition. You can look for threat indicators in your server, logs, CCTV, intrusion detection systems like SNORT. http://www.snort.org
What can threats cause?
Loss of businessDeathFinancial lossCorruption of data.Inability to work, servers down or running slowly.Confidentiality issues.
What are assets?
User IT OperationsStaff Connectivity DocumentationSecurity SystemsThird partiesPaperFilesMedia, like disk, CD’s and USB drives.File, Web, EMAIL, Storage, Application serversAnything of value to the company.
Hackers like to get there hands on all information no matter how unimportant it may seem it can be used to filter out more information.
How do you protect yourself against threats and protect your assets?
Have policies and procedures in place.
Employee awareness of security issues.
Software security in place
Hardware security in place.
Physical security.
Environmental Security. I.e. water level sensors.
Communication security- to protect your phone lines, and PBX systems.
Personnel security.
There is a lot of software on the internet that allows even technically challenged people to run scans on your systems to try to crack them. Anybody that knows how to search Google can easily find such tools. The way the Internet is evolving and more and more people joining the Internet the security risks increase.
Attackers gain information on your systems by doing Domain Lookups with Whois. Port scans using many available tools to find out what you’re running and then do internet searches to find exploit code to crack your systems. Once they find out what applications you’re running it’s only a matter of time before they can crack your systems if you are not protected.
Attackers like to get information on your Domain Names, IP addresses, then they will scan your network looking for live hosts. This can be accomplished with tools like NMAP by Fyodor http://www.nmap.com . By using a tool like NMAP you can send UDP, ICMP, and TCP packets.
This is done to identify host by looking at responses. At this point attackers find out what applications are being used, or any information the host is willing to give out. The more services you have running the more opportunities for someone to remotely exploit your hosts. This can be very time consuming for the attacker. The goal is to find out what OS platforms are being run. Are they Unix, Microsoft Windows or Apple Mac OS? From here it easy much easier for someone to look for shellcode to use against your system.
Asset and Risk Based INFOSEC lifecycle.
To implement a comprehensive security plan in I.T. and strategies for risk management.
What is CIA?
Confidentiality, Integrity, and Availability
Confidentiality- making sure your data is available to only those allowed.
Integrity- making sure your data has not been altered in any way. Think bank transactions or chemical formulas.
Availability- making sure your data is available. Hackers often use denial of services attacks to bring down your servers or networks by overloading them with packets.
Hackers use attack trees to determine every possible entrance into your networks. This can be through modems connected to your network, routers, switches, and application vulnerabilities, almost anything connected to your internet.
Make it difficult to determine your OS, which hackers use for Banner Grabbing. This is a simple fix that many systems administrators leave.
Change your banner to display a security warning.
Many people have difficulty understanding security processes alone implementing solutions.
What is SMIRA? Simple methodology for INFOSEC based risk assessment.
Risk management is the practice and process of identifying threats and vulnerabilities to assets. This helps making the correct decisions to implement the necessary safeguards to help your organization carry out its mission.
Organizations should look at threats, vulnerabilities, assets and safeguards.
Risk Assessment
The goal is to have a list of your critical assets. Critical in understanding mission, objectives and operations and what if scenarios.
Then to implement safeguards to protect those assets.
Vulnerability Assessment
This is when you look for vulnerabilities in existing applications and determine there severity. The vulnerabilities will be rated. This includes physical security, web application reviews, policy and procedure reviews, host assessments and OS reviews, and vulnerability scans.
Threat Assessment
This is the process, of identifying existing and potential threats to assets and environments. This will also be based on severity.Where can threats come from? Disgruntled employees, script kiddies, hackers, crackers, foreign governments, and your competition. You can look for threat indicators in your server, logs, CCTV, intrusion detection systems like SNORT. http://www.snort.org
What can threats cause?
Loss of businessDeathFinancial lossCorruption of data.Inability to work, servers down or running slowly.Confidentiality issues.
What are assets?
User IT OperationsStaff Connectivity DocumentationSecurity SystemsThird partiesPaperFilesMedia, like disk, CD’s and USB drives.File, Web, EMAIL, Storage, Application serversAnything of value to the company.
Hackers like to get there hands on all information no matter how unimportant it may seem it can be used to filter out more information.
How do you protect yourself against threats and protect your assets?
Have policies and procedures in place.
Employee awareness of security issues.
Software security in place
Hardware security in place.
Physical security.
Environmental Security. I.e. water level sensors.
Communication security- to protect your phone lines, and PBX systems.
Personnel security.
There is a lot of software on the internet that allows even technically challenged people to run scans on your systems to try to crack them. Anybody that knows how to search Google can easily find such tools. The way the Internet is evolving and more and more people joining the Internet the security risks increase.
Attackers gain information on your systems by doing Domain Lookups with Whois. Port scans using many available tools to find out what you’re running and then do internet searches to find exploit code to crack your systems. Once they find out what applications you’re running it’s only a matter of time before they can crack your systems if you are not protected.
Attackers like to get information on your Domain Names, IP addresses, then they will scan your network looking for live hosts. This can be accomplished with tools like NMAP by Fyodor http://www.nmap.com . By using a tool like NMAP you can send UDP, ICMP, and TCP packets.
This is done to identify host by looking at responses. At this point attackers find out what applications are being used, or any information the host is willing to give out. The more services you have running the more opportunities for someone to remotely exploit your hosts. This can be very time consuming for the attacker. The goal is to find out what OS platforms are being run. Are they Unix, Microsoft Windows or Apple Mac OS? From here it easy much easier for someone to look for shellcode to use against your system.
Wednesday, November 16, 2005
Sony BMG Spyware
I like Sony as a company but when I heard that they install spyware onto your computer to hid their protection scheme without users knowing, thats shady. If you try to delete it, it will disable your CD-ROM drive! Amazing. There trying to make it hard for people to burn music CD's which is illegal. Copy protection is and will continue to be breakable. That is just my opinion.
F-secure and Symantec have put out updates to remove this spyware.
F-secure and Symantec have put out updates to remove this spyware.
Home Computer Security
This is a paper about securing your home computers and networks.
The goal of computer security is to keep unauthorized users from using your resources. This can be anything from your computer to your printer or even your web camera. Detection is another important aspect that should be monitored as well.I often get asked "Why should I worry?"
Maybe you shouldn’t. If you are concerned about any of your files or the possibility of losing them you should care. There is also online banking that many people use to watch their accounts. Malicious users can also use your computer to launch attacks against other networks, or put files on your computer as a means of storage. Even if you have the computer just to send email to Grandma don’t think that you are not at risk. Attackers like to hide there tracks by jumping thru multiple locations such as your computer.
Malicious users can take over your webcam and watch and even listen to you!Attackers like to use multiple systems to launch denial of service attacks-sending tons of packets to bring a network to its knees.
Identity theft is huge right now. Your credit report should be reviewed frequently. Identity thieves can gain allot of information from your home computers. FTC said there are approximately over 10 million victims a year. If your ID is stolen or think it is visit www.consumer.gov/idetheft. Never send out your personal information in email it is not secured.The risk is getting greater daily as more people connect to the Internet. Script Kiddies download tools that make breaking into computers as easy as pressing a button. Security patches are offered thru vendors but most people do not bother to patch there systems or have the time.Do people in your household use file sharing programs? I cannot believe the amount of Spy ware and viruses that are hidden in some of those files. I removed over 600 different Malwares from a home computer who thought they were just downloading music.
The system was always freezing and changing homepages in Internet Explorer. Not to mention these file sharing programs can be sharing your financial data, medical records, secret recipes or your last tax return.Key loggers can be on your system recording every keystroke and emailing it to an attacker, enemy or even your spouse. This includes IM's, Emails, and passwords anything.
There are Anti-Virus software that will detect most of these programs.Anti-Spyware can also detect allot of MalWare or malicious code.
Use strong passwords that are alphanumeric or use a password strength tool. I would not use anything in a dictionary American or Foreign as those can be cracked easily thru Brute Force.
Don’t use the same password for every account. Change your passwords regularly, and don’t write them down.I recommend making regular backups of at a minimum your critical system files. Back up to a CDR to ensure that your data cannot be overwritten.
Please monitor your children’s surfing habits and teach them about the dangers of the Internet.
I recommend installing filtering software to keep their curious minds out of the wrong sites.Staying abreast of Anti-Virus updates.Don’t open email attachments that can contain viruses or other malware.
Don’t run programs if you don’t know where they came from than can have Trojan horses. Trojan Horse is a program that appears to be a regular program such as Solitaire buts its actually sending your bank account information to an email address. Attackers can also take over your computer have .mp3 file ran at 3AM in the morning to scare you, even open and close your CD-DRIVE door.
Disable JAVA, JavaScript and Active X
Keep up to date on patching your operating systems and applications. In Windows you can set up automatic updates. You can also visit the Windows Update site.
Microsoft releases patches even second Tuesday of the month this is known in IT as black Tuesday, there is always allot of patches. Upgrade to Service Pack 2.
Internet Explorer always has security issues.
There are Open Source browsers like Firefox http://www.firefox.org which is a great browser and has more security feautures. Firefox has allot of great add ons as well that can make researching more effective amongst other utilities
Disable scripting in emailEnable NAT Network Address Translation on your router. This will hide your private IP address from the Internet. While still allowing computers to access the Internet. Most network firewalls have IP NAT masquerading where multiple device on the Internet appear as one IP address.Make sure you are not enabling shares on your computer for any of your drives. This will look like a hand holding a drive in Microsoft Windows.
Be aware of Phishing these are Internet Con-Artist looking to catch a some fish. Emails are sent that look like Bank Emails, Amazon and PayPal, it amazes me how many people I work with think its the real thing.If your considered about security consider encryption. For Home users look into PGP or Pretty Good Privacy to secure your email, you can even encrypt your hard drive.When you think you have deleted your files they are still retrievable consider a file wiping utility.
Use a Surge Protector.
No firewall can stop all attacks.
The goal of computer security is to keep unauthorized users from using your resources. This can be anything from your computer to your printer or even your web camera. Detection is another important aspect that should be monitored as well.I often get asked "Why should I worry?"
Maybe you shouldn’t. If you are concerned about any of your files or the possibility of losing them you should care. There is also online banking that many people use to watch their accounts. Malicious users can also use your computer to launch attacks against other networks, or put files on your computer as a means of storage. Even if you have the computer just to send email to Grandma don’t think that you are not at risk. Attackers like to hide there tracks by jumping thru multiple locations such as your computer.
Malicious users can take over your webcam and watch and even listen to you!Attackers like to use multiple systems to launch denial of service attacks-sending tons of packets to bring a network to its knees.
Identity theft is huge right now. Your credit report should be reviewed frequently. Identity thieves can gain allot of information from your home computers. FTC said there are approximately over 10 million victims a year. If your ID is stolen or think it is visit www.consumer.gov/idetheft. Never send out your personal information in email it is not secured.The risk is getting greater daily as more people connect to the Internet. Script Kiddies download tools that make breaking into computers as easy as pressing a button. Security patches are offered thru vendors but most people do not bother to patch there systems or have the time.Do people in your household use file sharing programs? I cannot believe the amount of Spy ware and viruses that are hidden in some of those files. I removed over 600 different Malwares from a home computer who thought they were just downloading music.
The system was always freezing and changing homepages in Internet Explorer. Not to mention these file sharing programs can be sharing your financial data, medical records, secret recipes or your last tax return.Key loggers can be on your system recording every keystroke and emailing it to an attacker, enemy or even your spouse. This includes IM's, Emails, and passwords anything.
There are Anti-Virus software that will detect most of these programs.Anti-Spyware can also detect allot of MalWare or malicious code.
Use strong passwords that are alphanumeric or use a password strength tool. I would not use anything in a dictionary American or Foreign as those can be cracked easily thru Brute Force.
Don’t use the same password for every account. Change your passwords regularly, and don’t write them down.I recommend making regular backups of at a minimum your critical system files. Back up to a CDR to ensure that your data cannot be overwritten.
Please monitor your children’s surfing habits and teach them about the dangers of the Internet.
I recommend installing filtering software to keep their curious minds out of the wrong sites.Staying abreast of Anti-Virus updates.Don’t open email attachments that can contain viruses or other malware.
Don’t run programs if you don’t know where they came from than can have Trojan horses. Trojan Horse is a program that appears to be a regular program such as Solitaire buts its actually sending your bank account information to an email address. Attackers can also take over your computer have .mp3 file ran at 3AM in the morning to scare you, even open and close your CD-DRIVE door.
Disable JAVA, JavaScript and Active X
Keep up to date on patching your operating systems and applications. In Windows you can set up automatic updates. You can also visit the Windows Update site.
Microsoft releases patches even second Tuesday of the month this is known in IT as black Tuesday, there is always allot of patches. Upgrade to Service Pack 2.
Internet Explorer always has security issues.
There are Open Source browsers like Firefox http://www.firefox.org which is a great browser and has more security feautures. Firefox has allot of great add ons as well that can make researching more effective amongst other utilities
Disable scripting in emailEnable NAT Network Address Translation on your router. This will hide your private IP address from the Internet. While still allowing computers to access the Internet. Most network firewalls have IP NAT masquerading where multiple device on the Internet appear as one IP address.Make sure you are not enabling shares on your computer for any of your drives. This will look like a hand holding a drive in Microsoft Windows.
Be aware of Phishing these are Internet Con-Artist looking to catch a some fish. Emails are sent that look like Bank Emails, Amazon and PayPal, it amazes me how many people I work with think its the real thing.If your considered about security consider encryption. For Home users look into PGP or Pretty Good Privacy to secure your email, you can even encrypt your hard drive.When you think you have deleted your files they are still retrievable consider a file wiping utility.
Use a Surge Protector.
No firewall can stop all attacks.
Article I wrote on Firewalls
It seems nowadays if you are not online, you don’t exist. It really does not matter what type of company you run, you should have an online presence to let your prospects and clients know about your company and services. When you decide to take the leap onto the Internet there are some precautions you should take. I have friends who say all the time, I really have nothing to hide or worry about. This may be true, but malicious users like to deface websites.Which
can ruin you and your businesses reputation.
This is a paper about firewalls protecting your company from outside threats and unauthorized access.
A firewall is a great start. Firewalls can be both hardware and software based. There are many different firewall vendors some of the bigger names are Cisco, Symantec, and Checkpoint. The difficult part is configuring the firewall.This is where many intruders bypass security, because the firewall is poorly
configured.
I would like to mention that there are many Open Source programs and operating systems that offer great firewall software. I personally believe that OpenBSD has one of the most secure operating systems and firewall configurations if done right. FreeBSD also has firewall software, it is called IPTABLES.IPTABLES offers packet filtering, NAT and you can even change packets in Linux. I have to say you can do anything you want in Linux, because the source code is right
there. It’s a beautiful thing. Linux also uses this; you can build a firewall with the old system sitting in your garage and two Linux compatible network cards.Linux can be hardened, this means to make the operating system more secure. I like the tool Bastille Linux its is developed by Jeff Beale.
To really get a grasp on firewalls you need to understand TCP/IP and allot of different protocols to know if you should allow or deny them into your network. IP addresses identify hosts on the Internet they look like this 127.214.234.54. Firewalls can block IP addresses, ports, protocols and even keywords that come into packets. Hackers that want into you network have many different tools at their disposal to try to bypass firewalls. One common attack is known as
Denial Of Service or DOS attacks. The attacker simply floods your network, firewalls with so many packets that it cannot handle them and sometimes crashes. Firewalls are available with DOS filtering to keep these attacks low, and start dropping packets.
Firewalls do not protect you from internal threats such as employees bringing in viruses from home. Or remote users using VPN's (virtual Private Networks) bypassing your firewall. Think about if you bring your son to work and he downloads music on your fast company internet connection only to introduce your corporate network with a worm or even worst a Trojan horse. Service ports that are open to the public such as Port 80 HTTP, have know vulnerabilities on the Internet. FTP has many vulnerabilities as well.
Are there different types of firewalls?
Yes. There are hardware and software firewalls. You might be even using Zone Alarm or Black Ice Defender. These are software based firewalls, the more I
study firewall technology I realize that everything truly is a software firewall. A computer is nothing without software to tell it what to do.
Packet Filters
Packet Filters look at source and destination addresses. This is where firewall rule sets come in to play. The firewall administrator must determine which source and destination ports and addresses to allow or deny. The security administrator needs to keep up to date with alerts on vulnerabilities as new holes are found and created daily. A technique known as spoofing can sometimes fool firewalls but making it appear that a packet is coming from inside the protected
network when in fact it is an attacker changing the source address.
Application Gateways
Application Gateways are like errand boys. You request a file and the application gateway grabs it for you.This is great for logging connections, and setting
up authentication as well.
Statefull Packet Inspection
Statefull Packet Inspection is a technique used by Cisco PIX firewalls and Checkpoint Firewalls these firewalls look at the data coming across the network.It can also authenticate connections, users can usually not notice that the firewall is in place. Allot of firewalls now allow you to configure VPN's which is awesome if you have remote workers and satellite offices and need to transfer data securely.
Intrusion Detection is also something to consider, I like SNORT. SNORT can detect known attacks against your system and does a great job at logging them if set up correctly. There are thousands of different software and hardware solutions you can purchase for you home or network. I happen to like Open Source, because I like learning and knowledge and the Open Source community has taught me more than the corporate world ever will. A book I would like to recommend that is great for learning about firewalls is called simply enough Building Internet Firewalls, it is by O'reilly. That is all for now. One last tip, backup, backup, backup.
can ruin you and your businesses reputation.
This is a paper about firewalls protecting your company from outside threats and unauthorized access.
A firewall is a great start. Firewalls can be both hardware and software based. There are many different firewall vendors some of the bigger names are Cisco, Symantec, and Checkpoint. The difficult part is configuring the firewall.This is where many intruders bypass security, because the firewall is poorly
configured.
I would like to mention that there are many Open Source programs and operating systems that offer great firewall software. I personally believe that OpenBSD has one of the most secure operating systems and firewall configurations if done right. FreeBSD also has firewall software, it is called IPTABLES.IPTABLES offers packet filtering, NAT and you can even change packets in Linux. I have to say you can do anything you want in Linux, because the source code is right
there. It’s a beautiful thing. Linux also uses this; you can build a firewall with the old system sitting in your garage and two Linux compatible network cards.Linux can be hardened, this means to make the operating system more secure. I like the tool Bastille Linux its is developed by Jeff Beale.
To really get a grasp on firewalls you need to understand TCP/IP and allot of different protocols to know if you should allow or deny them into your network. IP addresses identify hosts on the Internet they look like this 127.214.234.54. Firewalls can block IP addresses, ports, protocols and even keywords that come into packets. Hackers that want into you network have many different tools at their disposal to try to bypass firewalls. One common attack is known as
Denial Of Service or DOS attacks. The attacker simply floods your network, firewalls with so many packets that it cannot handle them and sometimes crashes. Firewalls are available with DOS filtering to keep these attacks low, and start dropping packets.
Firewalls do not protect you from internal threats such as employees bringing in viruses from home. Or remote users using VPN's (virtual Private Networks) bypassing your firewall. Think about if you bring your son to work and he downloads music on your fast company internet connection only to introduce your corporate network with a worm or even worst a Trojan horse. Service ports that are open to the public such as Port 80 HTTP, have know vulnerabilities on the Internet. FTP has many vulnerabilities as well.
Are there different types of firewalls?
Yes. There are hardware and software firewalls. You might be even using Zone Alarm or Black Ice Defender. These are software based firewalls, the more I
study firewall technology I realize that everything truly is a software firewall. A computer is nothing without software to tell it what to do.
Packet Filters
Packet Filters look at source and destination addresses. This is where firewall rule sets come in to play. The firewall administrator must determine which source and destination ports and addresses to allow or deny. The security administrator needs to keep up to date with alerts on vulnerabilities as new holes are found and created daily. A technique known as spoofing can sometimes fool firewalls but making it appear that a packet is coming from inside the protected
network when in fact it is an attacker changing the source address.
Application Gateways
Application Gateways are like errand boys. You request a file and the application gateway grabs it for you.This is great for logging connections, and setting
up authentication as well.
Statefull Packet Inspection
Statefull Packet Inspection is a technique used by Cisco PIX firewalls and Checkpoint Firewalls these firewalls look at the data coming across the network.It can also authenticate connections, users can usually not notice that the firewall is in place. Allot of firewalls now allow you to configure VPN's which is awesome if you have remote workers and satellite offices and need to transfer data securely.
Intrusion Detection is also something to consider, I like SNORT. SNORT can detect known attacks against your system and does a great job at logging them if set up correctly. There are thousands of different software and hardware solutions you can purchase for you home or network. I happen to like Open Source, because I like learning and knowledge and the Open Source community has taught me more than the corporate world ever will. A book I would like to recommend that is great for learning about firewalls is called simply enough Building Internet Firewalls, it is by O'reilly. That is all for now. One last tip, backup, backup, backup.
Tuesday, November 15, 2005
WEP VS WPA
I came across this article it is a interesting read, I feel all keys are breakable it's just a matter of time.
Steve Gibson weighs in on WPA-PSK keys by ZDNet's George Ou -- Brute forcing cryptographic keys is only interesting from a top secret or academic standpoint. Brute forcing a random 8 character alphanumeric WPA-PSK key for a home is a fool's errand because there are infinitely cheaper and easier ways to penetrate a home network by some other means.
Thursday, November 10, 2005
Look out Network Admins
I know alot of IT admins that dont stay up on alerts, so the more the beter. It time to upgrade to the newest IOS version as many flaws are found in the current version. This was announced at the previous BlackHat Conference which caused alot of controversy.
Time to patch your Cisco routers by ZDNet's George Ou -- While Cisco isn't alone in upgrade complexity, the end result is that most end users never patch their routers and switches and just assume they never needs patching. This probably won't change until a conventional PC worm makes the jump to attack IOS vulnerabilities and causes massive damage.
Friday, November 04, 2005
Windows 2000 Security
Windows 2000 Security
By Benjamin Hargis
I was asked recently to go to a car dealership and do a security analysis on their Windows Server 2000 machine.
This is what I recommend doing to any Windows 2000 machine where applicable.
Make sure that the guest account is disabled. It comes disabled by default.
A problem I notice allot is when I go to companies, lots of accounts are still active for employees who no longer work there. They should be removed when the employee is terminated or leaves on their own accord. Disgruntled employees have been known to wreck havoc.
Group policies can and should be implemented in a Windows 2000 environment and audited to make sure there are no extra accounts or accounts with weak passwords.
Password security is also important; if your password is weak it will be cracked. I have been in companies where your password is your initials. That is to simple. Implement password policies and account lockouts after multiple failed login attempts. WARNING this can create a denial of service attack. Create multiple admin accounts and give them different rights. A strong password policy for administrative tasks.
Run Net Share from the command line to view open shares on your network and shut those down unless needed.
Go into the BIOS and set a user password and disable the ability to boot from a floppy, USB, or CD. People can easily grab the SAM file which is a password hash stored on your system from a Linux boot CD or other tools. Then attempt to crack the hash.
Change the administrator account to a different name. That is usually a crackers first attempt. Rename it to something other than root as well.
Use NTFS on all partitions this gives you more control and security than using the FAT file system.
Make sure that the "Everyone" permission is not allowed on your resources, directories, etc.
Have the last user logged on turned off. This makes it easier for an attacker to guess passwords. There already half way there the have the username.
Apply appropriate access control lists.
Don’t forget about the people around you and either lock your workstation when you leave or have a screensaver enabled with a strong password. Insider threats are a reality.
You can enable EFS encryption file system; you can encrypt whole directories as well. I suggest if your really paranoid or smart to look into a utility that allows you to choose different encryption algorithms. I do not like encryption standards that are closed. Meaning we cant see the source code. I prefer open source its easier to look for holes and attacks.
Make backups of all your important files. This is the most important thing I learned in System Administration. Backup, Backup, Backup to something that cannot be overwritten such as a CD-R.
To configure Security Policies use the Security Configuration Toolset you can make your job allot simpler by using snap-ins.
I visited Microsoft’s site to see everything they had, I have to say there is plenty of information.
Shut down services that are not needed. The more ports that are open and the more applications running the more avenues of attack.
Restrict access to Local Security Authority only to admin.
Change log in warning to something like. Authorized Personnel only, "all activities are logged and monitored. Violators will be prosecuted to the fullest extent of the law."
Shut down individual ports, that are not used.
I personally like smartcards for two form authentication. I recommend RSA secure ID for machines that need more security.
Enable auditing to track what users and possible intruders are doing on your system.
Everything from login attempts to access of objects can be audited in Windows 2000.
Protect the registry from anonymous access.
Make sure the audit logs are locked down so they cannot be erased, or tampered with. Only the admin should have rights to these files.
Install service packs.
Make sure that your antivirus is up to date with the latest signatures.
Run a Spy-Ware utility.
You can also run an online vulnerability checker such as Shields Up by Gibson Research.
Get automated patch software.
Remember that security is not something that can be finished. Keep up to date.
Benjamin Hargis CEO & MCP
Phuture Networks
Visit us on the web! http://www.phuturenetworks.com
Article Source: http://EzineArticles.com/
By Benjamin Hargis
I was asked recently to go to a car dealership and do a security analysis on their Windows Server 2000 machine.
This is what I recommend doing to any Windows 2000 machine where applicable.
Make sure that the guest account is disabled. It comes disabled by default.
A problem I notice allot is when I go to companies, lots of accounts are still active for employees who no longer work there. They should be removed when the employee is terminated or leaves on their own accord. Disgruntled employees have been known to wreck havoc.
Group policies can and should be implemented in a Windows 2000 environment and audited to make sure there are no extra accounts or accounts with weak passwords.
Password security is also important; if your password is weak it will be cracked. I have been in companies where your password is your initials. That is to simple. Implement password policies and account lockouts after multiple failed login attempts. WARNING this can create a denial of service attack. Create multiple admin accounts and give them different rights. A strong password policy for administrative tasks.
Run Net Share from the command line to view open shares on your network and shut those down unless needed.
Go into the BIOS and set a user password and disable the ability to boot from a floppy, USB, or CD. People can easily grab the SAM file which is a password hash stored on your system from a Linux boot CD or other tools. Then attempt to crack the hash.
Change the administrator account to a different name. That is usually a crackers first attempt. Rename it to something other than root as well.
Use NTFS on all partitions this gives you more control and security than using the FAT file system.
Make sure that the "Everyone" permission is not allowed on your resources, directories, etc.
Have the last user logged on turned off. This makes it easier for an attacker to guess passwords. There already half way there the have the username.
Apply appropriate access control lists.
Don’t forget about the people around you and either lock your workstation when you leave or have a screensaver enabled with a strong password. Insider threats are a reality.
You can enable EFS encryption file system; you can encrypt whole directories as well. I suggest if your really paranoid or smart to look into a utility that allows you to choose different encryption algorithms. I do not like encryption standards that are closed. Meaning we cant see the source code. I prefer open source its easier to look for holes and attacks.
Make backups of all your important files. This is the most important thing I learned in System Administration. Backup, Backup, Backup to something that cannot be overwritten such as a CD-R.
To configure Security Policies use the Security Configuration Toolset you can make your job allot simpler by using snap-ins.
I visited Microsoft’s site to see everything they had, I have to say there is plenty of information.
Shut down services that are not needed. The more ports that are open and the more applications running the more avenues of attack.
Restrict access to Local Security Authority only to admin.
Change log in warning to something like. Authorized Personnel only, "all activities are logged and monitored. Violators will be prosecuted to the fullest extent of the law."
Shut down individual ports, that are not used.
I personally like smartcards for two form authentication. I recommend RSA secure ID for machines that need more security.
Enable auditing to track what users and possible intruders are doing on your system.
Everything from login attempts to access of objects can be audited in Windows 2000.
Protect the registry from anonymous access.
Make sure the audit logs are locked down so they cannot be erased, or tampered with. Only the admin should have rights to these files.
Install service packs.
Make sure that your antivirus is up to date with the latest signatures.
Run a Spy-Ware utility.
You can also run an online vulnerability checker such as Shields Up by Gibson Research.
Get automated patch software.
Remember that security is not something that can be finished. Keep up to date.
Benjamin Hargis CEO & MCP
Phuture Networks
Visit us on the web! http://www.phuturenetworks.com
Article Source: http://EzineArticles.com/
Thursday, November 03, 2005
Free Micorsoft Security Toolkit
Follow this link to get a informative newsletter and a free security CD from Microsoft.https://microsoft.order-7.com/sbsnewsletter/addrform.asp
Wednesday, November 02, 2005
A great article on Spyware definitions
Spyware definitions released by ZDNet's Suzi Turner -- The Anti-Spyware Coalition (ASC) released their definitions of spyware today, available at the website. The document includes a table of technologies that could be classified as spyware, depending on factors including control, notice and consent. Another document (PDF) is available, with a summary of the nearly 400 public comments and the ASC's response. The coalition also outlined their [...]
I liked this article and thought it provided good information.
Google Base
Google Base: What might Google be up to? by ZDNet's Garett Rogers -- Google is smart, they know what they want, and more importantly they know what people want. The answer to both is "information" and "money". Looking at both of these "wants", they must decide how they can do this and stick to their "do no evil" guns.
Google has alot of information this is a good thing but also a concern about privacy. I like Google, they have great technology and I cant wait to see whats going to happen know that they are partnered with one of my favoite companies Sun Microsystems.