LabMice.net - The Windows 2000\XP\.NET Resource Index
Home | About Us | Search |

Last Updated December 10, 2003

LabMice Link of the Day Archive - Jan 2003
As we surf the web in our pursuit of additional content for LabMice, we occasionally stumble upon a really cool, humorous, unusual, or very useful link that we think should stand out from the hundreds we add every week. So we developed a small section on our front page to highlight these, and will archive the rest here.
 
This Month:

Forensics on the Windows Platform, Part 1
This article, the first in a two-part series about forensics on the Windows platform, will examine the preparatory steps that can be taken by both investigators and system administrators alike. While this series is concerned with Windows-specific investigations, this article will examine some basic, non-technical concepts that are applicable to all forensic investigations. Source:SecurityFocus.com

Fact-finding mission
Resum© puffery ranges from inflations to untruths. But a verified paper trail and tactics such as technical drill-downs and panel interviews can confirm the context and depth of skills, integrity of responses, and openness of communication. Source: NetworkWorldFusion

Prevent social engineering
Experts recommend providing security awareness training on at least a quarterly basis to keep security ideals fresh in users' minds. Concepts on social engineering - what it is, and how to prevent it - should be a mainstay of your training. Source:ITWorld

Best Practices for an XP Desktop Deployment
This downloadable Webcast provides the best practices to plan and prepare for an XP desktop deployment of Microsoft© Windows XP Professional and Office XP. It examines the requirements for deployment and provide the steps necessary for desktop migration. The download file is 148Mb and requires Windows Media Player 6.x or greater.
Source: Microsoft.com

Using Windows XP Professional with Service Pack 1 in a Managed Environment
This white paper provides information about the communication that flows between components in Windows XP Professional Service Pack 1 (SP1) and sites on the Internet, and how to limit, control, or prevent that communication in an organization with many users. The white paper is designed to help you, the administrator, plan strategies for deploying and maintaining Windows XP Professional SP1 in a way that provides an appropriate level of security for your organization©s networked assets. Source: Microsoft.com

Forensics and Your Exchange Server
If you had to provide computer data in response to a subpoena, how would you go about it? Tape backups often aren't acceptable; even though they contain the same data, the data is in a different physical form and thus isn't an exact bit-for-bit representation of the data on disk. For the same reason, files copied from the targeted server to another server usually won't suffice. In this article Paul Robichaux takes a look at a few tools that make a true copy of your data so prosecutors, government agencies, and the US courts accept the results. Source: Windows & .NET Magazine

Credit card-size hard drive can hold 5GB
StorCard announced its plans to release a credit card sized removable storage device that can hold from 100Mb to 5GB of data. A spinning wheel made of Mylar is engaged when the card is inserted into a StorReader, a USB-connected drive or PC Card that reads and writes to the StorCard. The reader is expected to retail for under $100 and the cards for under $15 each. The StorCard and StorReader are scheduled to become available in the second half of 2003. Source: PCWorld

Test Piracy: The Darker Side of Certification
Stealing questions, changing test results, taking tests for someone else and unauthorized use of materials during testing are some of the daring, illegal and unethical actions becoming more commonplace as individuals attempt to achieve unearned certifications. The problem has become epidemic, and serious efforts are underway throughout the industry to combat it. But here©s the bright side: Today?s piracy efforts for the most part are juvenile, occur infrequently, remain unorganized and have occurred in an environment of trust and developing technology. With industry-wide support and organization, along with new tools and industry commitment to protecting the value of certification, these piracy efforts can be countered  Source: CertMag

Network Security: Best Practices
Believe it or not, best practices in network security begin with a top-down policy. The levels of responsibility need to be understood, and that implies that security is everyone's job, as each employee understands how he or she contributes to the organization. Best practices in network security are more about the what and why of securing the organization's information assets than about the how. It is possible to unmuddy the waters by starting with a three-step framework that will aid in establishing a "best practices" network security program: Prepare, organize and execute. Let's take a look at each piece of this framework in more depth.
Source: ComputerWorld

Hackers Humble Security Experts
A hacking group called Gobbles whips up virus hysteria and distributes a destructive Trojan horse program. Despite the mischief, some say hacking groups like Gobbles keep security pros honest. Source: Wired

Ten Web Vulnerabilities to Watch
The Open Web Application Security Project (OWASP) has compiled a list of ten serious security vulnerabilities commonly found in Web applications. This list was created to focus government and industry on the most serious of these vulnerabilities. Web application security vulnerabilities are highly exploitable and the consequence of an attack can be devastating. These vulnerabilities represent an equivalent magnitude of risk as network security problems, and should be given the same degree of attention. Using this list, organizations can send a message to web site developers that "we want you to make sure that you won't make these mistakes." Source OWASP

Instant Insecurity: Security Issues of Instant Messaging
Instant messaging services are becoming an increasingly popular form of communication, both in the personal and the professional spheres. This paper will describe instant messaging and offer a brief overview of some of the security threats associated with the service. Source: SecurityFocus.com

Attention to Detail is the Great Divider
The key factor in network administration is attention to detail. The following Real Problems © Real Solutions article is based on the top 10 tips submitted by Carl Fransen. Carl raises some very good points and to help administrators we added some extra information and links to supplement the original submission. Source: Microsoft TechNet

Silver Health Scams Spread Online
Doctors nationwide are reporting a surge in silver poisoning cases. Despite modern medicine and a ruling by the Food and Drug Administration that such remedies are ineffective, companies selling silver remedies have resurfaced online in recent years, hawking their products as a cure-all for everything from cancer to herpes. Investigators from the FDA and FTC periodically surf the Net to search for bogus health claims and send websites letters warning of potential prosecution if they don't tone down their assertions. But for every site the government shuts down, another pops up. Source: Wired

.NOT
In a letter released to Microsoft Certified Partners and Microsoft Gold Certified Partners, Microsoft has announced that Microsoft Windows .NET Server 2003 will be changing to Windows Server 2003. Microsoft is making an effort to clarify the naming and branding strategy for .NET. "As support for Web services becomes intrinsic across our entire product line, we are moving toward a consistent naming and branding strategy to better enable partners to affiliate with this strategy and customers to identify .NET-enabled products." This is a naming change, and does not affect the functionality of the product in any way. Release is still scheduled for April 2003. Source: http://winxp.bink.nu/

Closing the Floodgates: DDoS Mitigation Techniques
To be on the receiving end of a distributed denial of service (DDoS) attack is a nightmare scenario for any network administrator or security professional. With these challenges in mind, this article will explore some techniques that systems administrators and security professionals can employ should they ever find themselves in this situation. Source: SecurityFocus.com

Take Care When Disabling Windows' Default Shares
Many users, very reasonably, are concerned about the overall security of networked computers. To provide what they feel is the highest possible level of security against outside attacks, they disable some (or all) of the default shares that Windows creates on server and client computers. Some third-party security software products even automate disabling default administrative shares as part of their security solution. However, disabling default shares has a major downside. Products such as SMS, Microsoft Operations Manager (MOM), and many third-party systems management tools depend on the existence of the default shares for proper operation. A little knowledge about these default shares and how to properly manage them can help you avoid problems. Source: Windows & .NET Magazine

.NET Deployment Guide
The Microsoft .NET Framework represents a new paradigm in software development, and Information Technology (IT) professionals will be faced with the task of managing and deploying these new applications and components in their pre-existing infrastructure. This .NET Deployment Guide provides information and guidelines for deploying applications and components based on the Microsoft .NET Framework. The guide offers detailed descriptions of the processes involved in a successful rollout of a .NET application, as well as links to documentation that direct readers to additional information. Source: Microsoft.com

Exchange 2000 in the Enterprise: Tips and Tricks Part One
In this two-part article we will discuss an alternate configuration in which we will utilize Microsoft's Internet Security and Acceleration (ISA) Server, a third party SMTP Gateway (Trend Micro's Internet Messaging Security Suite) and Exchange 2000. This sort of configuration is flexible enough to be used in smaller installations that do not use a DMZ, or as part of the DMZ configuration itself. Source: SecurityFocus.com

Windows Forensics: A Case Study, Part 1
This article is the first in a two-part series that will offer a case study of forensics in a Windows environment. This installment will offer a brief overview of the detection and analysis of an attack incident. The second installment will look at continue to look at network traffic analysis techniques and will resolve a hypothetical attack scenario. Source: SecurityFocus.com

Using Neural Networks To Beat Hackers
By combining the behavioral and computer sciences, a Washington-based startup believes it has created the ultimate anti-hacker system
. Source: EarthWeb


Past Archives

2003
January February March
April May

June

July August September
October November December
2002
2001
This site and its contents are Copyright 1999-2003 by LabMice.net. Microsoft, NT, BackOffice, MCSE, and Windows are registered trademarks of Microsoft Corporation. Microsoft Corporation in no way endorses or is affiliated with LabMice.net. The products referenced in this site are provided by parties other than LabMice.net. LabMice.net makes no representations regarding either the products or any information about the products. Any questions, complaints, or claims regarding the products must be directed to the appropriate manufacturer or vendor.