| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
IP Security in Windows 2000: Step-by-Step Internet Protocol Security (IPSec) is a structure built of standards to provide secure communications and ensure privacy over Internet Protocol (IP) networks. IPSec is an Internet Engineering Task Force (IETF) standard defined in Requests for Comments (RFCs) 2401-2411. Based on the assumption that most networks are not secure, and thus require additional components to protect data as it travels over the wire, IPSec provides source authentication, integrity checking, and content confidentiality.
By Timothy J. Rogers, 03/28/2004
|
|
NT/2000 Security Tool Kit on A Budget This paper will focus on the shareware, freeware and low cost commercial security tools that I have found useful and have used to solve security issues in the organization I presently work in. The following brief list is by no means all-inclusive as the environment I presently work in is almost exclusively Microsoft based with NT 4.0 as the primary operating system. Many of these security tools are direct ports from the Unix/Linux world.
03/28/2004
|
|
NULL Sessions In NT/2000 A null session is a session established with a server when no credentials are supplied. This paper is going to discuss the issue of null sessions in NT 4.0 and Windows 2000. It will investigate the uses and vulnerabilities of such sessions, and will show how to control and/or eliminate those vulnerabilities.
03/28/2004
|
|
Windows NT/2000 Event Logs This paper was written to provide a very simple way to manipulate security event logs in Windows NT/2000. It is meant to be an example of using Windows Native Tools, Built-in Tools, and freeware tools to reduce the amount of work required when dealing with security event logs, as well as provide a fully functional example that may be used as-is or modified to suit specific needs.
By William Mendez, 03/28/2004
|
|
Taking the Confusion Out of Security Templates This paper will address how security templates are constructed using the Security Templates Snap-in to the Microsoft Management Console (MMC). The primary focus of the examples will deal with Windows 2000 Professional. A security template is a versatile tool to assist in creating a baseline security configuration for a system. The settings used in a template need to be thoroughly researched and tested to comply with company security policies. The Security Template that is created can then be applied using the Security Configuration and Analysis Snap-in within the MMC, or by using the Secedit.exe command-line tool.
03/28/2004
|
|
Centralized Windows 2000 Event Logging: A Step-by-Step Guide So much takes place on corporate networks these days that Administrators and IT staff are often completely un-aware of. I know that on my network there was a lot taking place that was contrary to company policy, and that opened up security vulnerabilities. There were even problems that I was un-aware of because the end users did not want to file Help Desk tickets. I think the key to having a smooth running, secure network, is awareness. If the IT team is aware of the goings on of the network they can deal with small issues when they arise instead of waiting for the problem is grow out of control and cause system failures. One way to raise the awareness is with the built-in Event Logging in Windows 2000. While the Event Viewer has it's benefits it also has one major downfall: Each computer holds it's own logs and there is no built-in way to centralize the logging.
By Scott Richardson, 03/28/2004
|
|
Case Study: Automating Common InfoSec Auditing Tasks on a Windows 2000 Network Policies are only as good as the procedures used to implement them. When the procedures are too cumbersome or time-consuming, it is likely that policy compliance will suffer. Unrealistic procedures can lead to “implemented policies” that are weaker than the stated policies. Conversely, ensuring that procedures are easy to implement has the effect of making full policy compliance more likely. In this case study, we will examine how automating information security audit procedures at a university had the effect of increasing security through increased policy compliance. We will discuss three stated policies, their associated procedures, and how poorly designed procedures led to weak “implemented policies.” We will then discuss how the procedures were automated, and, finally, discuss the effects of the automation on the university’s overall security stance.
03/28/2004
|
|
Microsoft Security Guidance Center: Windows 2000 Index Learn how to harden Windows® 2000 operating system security through a wide variety of measures, including security policy, authorization and authentication, patch management, virus protection strategies, security assessment tools, and more.
03/24/2004
|
|
Windows 2000, SNMP and Security In this article, we will examine SNMP in the context of Windows 2000, focusing mainly on the security aspects. SNMP can be beneficial for the overall level of security but can also be a risk - this discussion will examine both aspects. Only standard Windows 2000 features and tools will be covered in this discussion, except for some locally developed tools that illustrate the possible (mis)usage of information gathered through SNMP.
03/20/2004
|
|
Ten Windows Password Myths Ultimately the goal is to get users to choose better passwords. However, it is not always clear how to achieve that goal. The problem is that as creative as humans are, we are way too predictable. If I asked you to make a list of totally random words, inevitably some sort of pattern will emerge in your list. Selecting good passwords requires education. System administrators need to be educated and that education needs to be passed on to end users. This article is meant to bring you closer to understanding passwords in Windows 2000 and XP by addressing common password myths.
03/20/2004
|
|
Page: 12 3 4 |
