| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Oracle
|
|
PHP and MySQL
|
|
Case Study on Improving the Security of a Firm in a Legacy Application Setting This paper documents the steps that were taken by me to increase the security within my firm's computer network system, a system that includes Windows XP workstations and Windows 2000 Server systems. The implementation process includes enhancements to internal firm policies and procedures as a result of and in response to an updated firm risk assessment. Recent legislative activities in the State of California regarding the privacy of names and social security numbers maintained within network computer systems dictated a self-imposed review of our current security practices. The network in my firm was previously set up when "legacy" business applications required and needed more access to the registry of the attached workstations. As is the case, typical business applications that are written for a specific industry are trailing in their use and application of securely written code.
By Susan E. Bradley, 04/03/2004
|
|
Label Controlled File Transfer Server - Case Study The following is the process that I used to configure my portion of the label controlled file transfer system. I will touch on Trusted Solaris (TSOL), the secure operating system, Washington University File Transfer Protocol Daemon (wuftpd), the file transfer program, and a chroot jail, the suggested direction of implementation. By the end of the project I had configured a file transfer system that displayed an acceptable amount of security for my project leader (What more can you ask?).
By Don C. Weber, 04/03/2004
|
|
Using Microsoft Terminal Services and Windows Terminals With distributed PC-based computing, much of the organization's resources are spent supporting end-user hardware and PC configuration issues. Using Terminal Services, the administrator will have the time and resources to focus on security. Terminal Services with Windows terminals is the most secure configuration but also has a range of technical, educational, cultural, political, and internal marketing challenges.
By Tony Sweeney, 03/28/2004
|
|
NetMeeting Security Concerns One of the more common tools used in business environments is Microsoft's NetMeeting, which is offered for free and provides real-time collaboration tools. Some of the tools provided by NetMeeting include: video/audio conferencing, whiteboard, chat, file transfer, program sharing, remote desktop sharing, and security. Users from inside or outside of a private network are able to connect to each other and utilize the program. A few of NetMeeting's features are of concern in respect to network security. Perhaps, the scariest element is remote desktop sharing; however Microsoft lists security as one of NetMeeting's features. In this paper I'd like to explore how NetMeeting works and understand its security implications in a business environment.
By Jody Weiner, 03/28/2004
|
|
An investigation of Microsoft's Passport protocol and issues regarding its security, privacy No other commonly used single sign-on solution currently exists for public web sites. There are now 165 million registered Passport users and over 200 different commerce websites that use the Passport service. Therefore, it is important to look at both the benefits and the failings of the Passport service. Indeed, since millions of users worldwide have Hotmail accounts that utilize Passport authentication and millions more will most likely use .Net products, the security and privacy concerns of this product bear great scrutiny.
By Arthur Hermann, 03/28/2004
|
|
Configuring Internet Explorer Security Zones: A New Tool for the Security Community This paper will review the work of others in discussing the risks inherent in each of the active content technologies, and the very different ways in which they approach security. Then it will gather into one place all of the information that the author could find regarding the meanings and implications of all but one of IE's security zone settings. After that, we shall discuss Microsoft's System Policy Editor tool for Windows NT and how it could have been used to quickly and easily enforce users' IE security zone settings throughout an enterprise, had Microsoft only provided a policy editor template for the IE security zones. Finally (and admittedly somewhat belatedly) a template to do just that, written by the paper's author, shall be presented to the security community.
By Ken Barber, 03/28/2004
|
|
Security Issues For Exchange 2000 Outlook Web Access Implementation The following topics will be covered in this document: establishing and enforcing a strong password policy, implementing a comprehensive virus protection program, keeping service packs and security patches up to date, eliminating unnecessary services and setting permissions properly, determining the type of web presence desired, and finally opening only the minimum required ports on the firewall. The goal of this document is to provide system administrators with the basic points they need to consider when securing their OWA 2000 FE server to minimize the risk of providing secure HTTP access to their users. This document was written for administrators with a basic level of experience on firewall configuration, Windows 2000, IIS, and Exchange 2000.
By Paula Kohrt, 03/28/2004
|
|
NetMeeting 3.01 Remote Desktop Sharing: Security Concerns The growth in the networking and interconnection of systems has blurred the notion of a "stand alone" system, making physical presence less of a requirement for system operation, access, and maintenance. Here we'll examine the concept of Remote Desktop, in particular analyzing Microsoft's NetMeeting 3.0 Remote Desktop Sharing (RDS) offering. Security features and risks will be covered, as well as recommendations for RDS implementation.
By Randy Humphrey, 03/28/2004
|
|
Lessons Learned in Securing Blackboard This paper details the efforts taken to secure Blackboard, a Course Management System (CMS), at an educational institution. Blackboard is currently in use at over 6000 institutions, and CMS use has risen dramatically in recent years. The institution's initial Blackboard implementation was accomplished without any system security policies or safeguards in place. The paper describes the initial process, and then details the variety of system compromises (including a UNICODE compromise and one compromise of unknown origin) and security safeguards that were put in place in the following months. The process of increasing the security of Blackboard proved invaluable for the institution, leading to a number of positive outcomes for Blackboard and for systems across the institution. The paper includes a summary of steps taken to further security, ongoing security concerns and the plans to address them, and some questions for future research.
By Peter Benedict, 03/28/2004
|
|
Securing your RILOE cards Early in 2001, I was tasked with qualifying and testing RILOE cards in our environment here. Soon after product qualification, my company started ordering Compaq Remote Lights Out Edition Cards (RILOE) for our proliant family of servers. RILOE's are a PCI based Board designed by Compaq intended to provide remote server manageability from any network client using a standard web browser. The RILOE board provides keyboard, mouse, network, power, and video capability for a server regardless of the state of the host operating system or host server. In order for one to completely understand RILOE's, I believe it's very important for me to cover all aspects of the card. In this paper I will outline the components of the RILOE, detailed features and functionality of the card, pre installation tips, physical installation instructions, physical setup instructions, and initial setup configuration perameters. These sections prelude the most important part of this paper which is securing the RILOE.
03/26/2004
|
|
Page: 1234 5 678 |
