|
Fill
that toolbox before tackling Active Directory
"About 80% of Active Directory deployments will require third-party tools because what
Microsoft gives you out-of-the-box is not very adequate," says Neil MacDonald, an analyst for
Gartner Group. Source:
Network World Fusion (March 29, 2001)
Microsoft
releases new browser beta
Microsoft has quietly released the public beta of its next-generation browser, Internet Explorer (IE) 6. This time
round, though, security is the watchword, with the new IE promising support for open standard privacy policies. See Vnunet.com's
review of the preview and download IE6 beta here.
Source: Vnunet.com
War
driving - the latest hacker fad
The introduction of wireless networking has spawned a fresh
sub-culture in the digital underground. It has brought script kiddies out of their bedrooms and onto the roads. War
dialing, the hacking practice of phoning up every extension of a corporate phone network until the number associated with a firm's modem bank is hit upon, has been replaced by war
driving with the introduction of wireless LANS Source:The Register (March 29, 2001)
Microsoft
opens Security Bulletin Search Page
Microsoft has implemented a Security
Bulletin Search Page which includes a search function
that will let you view all of the security patches available
for a particular product according to the service packs
you've installed on your system. For more information, see
the FAQ
How
to bamboozle a woozle
Network managers could be facing a new security nightmare
because of crackers' new network entrance, a special cookie
that silently taps data through the internet port. The
information it seeks can range from a simple inventory of
applications to a list of user identifications and
passwords. Source: Vnunet
Lessons
in Laptop Security
The laptop is not only a teleworker's power tool. It's a
thief magnet. Securing confidential or proprietary data when
you're on the road or you work beyond the enterprise is a
pressing issue. Source: Network World Fusion (March
26, 2001)
Reinvent
your job
The IT workers who had fun disrupting corporate tradition
and loyalty shouldn't be surprised about layoffs. But
management can make loyal employees while balancing
corporate bottom-line requirements. Source: ComputerWorld
Windows
Hacking 101
Unfortunately for all you script kiddies, this is not the
definitive guide to hacking into someone©s system. Our
goal is to walk the network administrator through the basic
steps a hacker takes to locate and identify target
machines. Source: 8Wire
Where
to Find Microsoft Security Patches
Do you need localized security patches?
Or patches that can be installed automatically? Or ones that
are customized for easy deployment in a large network? If
you know about the various types of patches Microsoft
produces and where to find them, you'll be able to keep your
systems up to date more effectively.
Google
Toolbar
If you're running Internet Explorer and frequently use the Google
search engine, try the new Google Toolbar. This
free add on is a powerful information search and retrieval
companion that seamlessly integrates with a your web
browser. The Google Toolbar enables users to search for
information on websites without their own search capability,
and can quickly highlight and jump to search terms on any
web page.
Computer
Randomly Plays Classical Music
If your PCs or servers ever start playing "Fur
Elise" or "It's a Small, Small World"
seemingly at random, it's not a virus - it's worse. It's an
indication from the computer's BIOS that the CPU fan is
failing or has failed, or that the power supply voltages
have drifted out of tolerance. This is a design feature of a
detection circuit and system BIOSes developed by Award/Unicore
from 1997 on.
Preventing
the IIS Unicode Exploit
A vulnerability in Microsoft's Internet Information Server
(IIS) known as the Unicode bug permits unauthorized access
to Web servers and could result in destruction of the data
and applications residing on them. This case study shows how
the bug was found during a security assessment and shows how
to eliminate it. The good news: fixing the problem is as
simple as applying a software patch.
Battle
Plans
Information Security Magazine takes a look at 15 cracker
exploits every security professional should know about-and
how to defend against. Covers IP Spoofing, FTP Attacks,
Flooding, fragmented packet attacks, DNS and BIND
vulnerabilities, e-mail attacks, remote attacks, and
more.
The
Future of Operating Systems Security
The microcomputer revolution empowered script kiddies and
other, more inquisitive, barbarians to begin an onslaught
against IT. With the advent of wireless computing and
distributed operating systems, the dangers continue to
evolve and to multiply. Source:EarthWeb
Security
center issues antihacker tool
The Center for Internet Security has released a free tool to
help plug vulnerabilities that the FBI last week warned were
being exploited by Russian and Ukrainian hackers. Source: IDG.net
(March 13, 2001)
NIPC
Issues E-Commerce Warning
Today, the FBI's National Infrastructure Protection Center (NIPC)
released an advisory detailing recent attacks against e-commerce
and e-banking systems. One of the most troubling aspects of
these attacks is that virtually all of them were carried out via
known vulnerabilities for which patches have been available for
months or, in some cases, years.
How
to cope when disaster strikes
Disaster-related downtime or data loss can
erode customer confidence and close a business for good. To
protect themselves, e-businesses are joining up with
disaster recovery providers. Source: ZDNet (March
2001)
NakedWife
virus hits U.S. military companies
A virus advertising itself as an e-mailed photo of someone's
wife is infecting computers, and may have started spreading
from the military, experts say. If the attachment is opened
the virus deletes any files in the Windows and system
directories with DLL, INI, EXE, BMP and COM extensions,
removing numerous critical system files. Source: CNET (March
6, 2001)
Managing
Remote Desktop Firewalls
With the growth of telecommuting and the rise of the
Internet, the corporate perimeter has expanded from its
traditional boundaries into home PCs and employee laptops.
To protect your network and its remote client systems, you
must face the daunting task of building a remote security
solution.
'Decoy
nets' gain backers in battle against hackers
As hackers obtain ever more dangerous and easy-to-use tools,
they are being countered by novel defense strategies.
Witness the experimental idea of setting up a decoy network
separate from your real one to fool intruders as they try to
fool you. Source: Network World Fusion (March 5, 2001)
Is
your PC safe from the enemy within?
Most software firewalls adequately protect you from outside
hackers who try to access your files or otherwise probe your
PC. But what if the danger comes from within? Several
personal firewall vendors have released updates addressing
your vulnerability to intruders who get in when you
unsuspectingly run a malicious application that masquerades
as a friendly one.
Using
IPSec Policies in Windows 2000
Windows 2000 incorporates IPSec, a protocol designed to protect individual TCP/IP
packets traveling across your network by using public key
encryption. This tutorial will show you how to tell Windows
which communications need IPSec encapsulation and which can
be sent through traditional packets, and will also explain
how to implement various types of IPSec policies in your
organization. Source: 8wire.com
|
