| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Windows 2000 and NT
|
|
Windows 2003
|
|
Windows XP
|
|
FOCUS on Microsoft: Securing Exchange: Securing your Exchange Server Installation In this article, I will take a close look at Exchange Server, Microsoft's messaging platform. First, I will examine some basic and not-so-basic steps toward securing an Exchange Server installation. Then I will consider the options available to connect this platform securely to the Internet.
By A. Monty Hall, 07/14/2004
|
|
FOCUS on Microsoft: Securing Exchange - Secure Messaging Concepts with Exchange Clients Before starting any discussion on the security features and options of Exchange Server and the Exchange Clients, we must look closer at what assets we are trying to protect.
By A. Monty Hall, 07/14/2004
|
|
Exchange 2000 in the Enterprise: Tips and Tricks Part Three When we left off in the last article, we had finished talking about Exchange and OWA, and some of the security ramifications of direct server access and front-end server models. After a simple recommendation to use IPSec between front-end and back-end servers to ensure the encryption of credentials passed by the required Basic Authentication model, I realized how often that recommendation is made without providing step-by-step instructions on how to do so. Since we have a little more room to talk in this segment, let's go over just how to do that.
By Tim Mullen, 07/13/2004
|
|
Exchange 2000 in the Enterprise: Tips and Tricks Part Two This is the second installment in a two-part series on securing Exchange 2000 in the enterprise. When we left off, we had finished up building a messaging infrastructure that handled many of the issues mail administrators must contend with. Since Part One was published, Microsoft has released a new feature pack for ISA Server, which includes many new features including an Enhanced SMTP Application Filter (allowing you to filter sender names and domains), and encrypted RPC between an Outlook client and an Exchange Server if you wanted VPN-less encryption for client-to-Exchange connections over the Internet. One quick note- the SMTP filter does not support SMTPS; well, it is supposed to- it just doesn't work. It breaks after STARTTLS- you should know that if you try to use the filter in conjunction with SMTPS.
By Tim Mullen, 07/13/2004
|
|
Exchange 2000 in the Enterprise: Tips and Tricks Part One The Mighty Chris Webber covered securing Exchange 2000 in a DMZ configuration in a series of SecurityFocus articles that makes for great reading. In this two-part article we will discuss an alternate configuration in which we will utilize Microsoft's Internet Security and Acceleration (ISA) Server, a third party SMTP Gateway (Trend Micro's Internet Messaging Security Suite) and Exchange 2000. This sort of configuration is flexible enough to be used in smaller installations that do not use a DMZ, or as part of the DMZ configuration itself.
By Tim Mullen, 07/13/2004
|
|
PWL Files: The Achilles' Heel of Windows 9X Client Networks What purpose does the PWL file serve? What information does the PWL file hold and why? Microsoft does not offer much detailed technical information on the PWL file, because they believe in "security through obscurity". This theory says that the less you know about a products inner security workings, the safer it will be.
By Scott Winters, 05/17/2004
|
|
Port Requirements for the Microsoft Windows Server System The Windows server system includes a comprehensive and integrated infrastructure that is designed to meet the requirements of developers and of information technology (IT) professionals. This system is designed to run programs and solutions that information workers can use to obtain, to analyze, and to share information quickly and easily. These Microsoft server products use a variety of network ports and protocols to communicate with client systems and with other server systems over the network. Dedicated firewalls, host-based firewalls, and Internet Protocol security (IPSec) filters are other important components that are required to help secure your network. However, if these technologies are configured to block ports and protocols that are used by a specific server, that server will no longer respond to client requests.
05/10/2004
|
|
Enforcing the "Least Privilege" Principle through Active Directory, OUs, GPOs, and Group Policy Filtering This document presents an approach to further enforce the “Least Privilege” principle by combining Active Directory, GPOs, and Group Policy filtering techniques. This principle states that users should be given the minimum amount of privileges to perform their job. A simple scenario follows to emphasize the concepts and processes required to properly accomplish this task. Basic understanding of Active Directory and GPOs is assumed.
By Ricardo Rodriguez, 04/27/2004
|
|
CyberInSecurity: The Cost of Monopoly A warning that relying on a single software vendor for effectively all software in certain categories inevitably leads to security problems.
By Geer, Bacce, Guttman, Metzger, Pfleeger, Quartermain, Schneier, 04/26/2004
|
|
Windows 9X in a Bad Neighborhood This paper discusses security of Windows 9X machines under the control of certain registry settings and the impact of malicious code [see Notes 1] on maintaining registry setting. Specifically, it discusses the Internet Explorer registry settings. In the Windows 98 Resource Kit, Microsoft authors state “Internet Explorer is an integrated suite of Internet software that includes a customizable browser built on open Internet standards. It delivers an Internet solution to network administrators, who can customize and control their users’ Web-browsing capabilities and ensure the security of their corporate Intranets.”[MT] This paper argues a contrary position in that Windows 9X machines, while relatively safe in isolated LAN environments, may now be inherently unsafe in the environments where Internet connectivity, enhanced email, and macro enhanced Office products are common.
03/28/2004
|
|
Page: 1 2 3 |
