Addressing
DoS Vulnerabilities
Last month, Microsoft published an article that
documents five registry modifications you can use
to reduce Windows 2000's TCP vulnerability to a
variety of Denial of Service (DoS) attacks. These
guidelines are appropriate for Win2K systems
connected to a WAN or to the Internet and for
sites that operate under strict security controls.
Source: Windows & .NET Magazine
(Feb 2002)
Barbarians at the
Gate: An Introduction to Distributed Denial of
Service Attacks
This article will explain the concept of DDoS
attacks, how they work, how to react if you become
a target, and how the security community can work
together to prevent them. Source: SecurityFocus
(December 2002)
Big Risks to Windows-based Networks
Columnist Mark Edwards discusses what he thinks are the biggest software-related risks to a Windows-based network. Source: Windows & .NET Magazine (June 2000)
Hacking Techniques
An excellent primer on common techniques from SecurityWatch.com
IP Spoofing: An Introduction
IP spoofing allows an attacker to gain unauthorized access to a
computer or a network by making it appear that a malicious
message has come from a trusted machine by ©spoofing? the IP
address of that machine. In this article, we will examine the
concepts of IP spoofing: why it is possible, how it works, what
it is used for and how to defend against it. Source:
SecurityFocus (March 2003)
How DNS Can Divulge Sensitive Information
An indispensable directory service may be giving away your secrets. Source: Network Magazine (March 1999)
Keeping SNMP's Secrets Safe
A useful network service can also prove useful to attackers. Source: Network Magazine (April 1999)
NT Vulnerabilities
By Paul E. Proctor Windows NT Systems Magazine. November 1998
Security Threats: Motives and Methods.
An overview of general network threats by Diane Levine in Planet IT, Oct. 1999
Social Engineering Fundamentals, Part I: Hacker
Tactics
Security is all about trust. Trust in protection and
authenticity. Generally agreed upon as the weakest link in the
security chain, the natural human willingness to accept someone
at his or her word leaves many of us vulnerable to attack. Many
experienced security experts emphasize this fact. No matter how
many articles are published about network holes, patches, and
firewalls, we can only reduce the threat so much... and then
it©s up to Maggie in accounting or her friend, Will, dialing in
from a remote site, to keep the corporate network secured.
Source: SecurityFocus (Dec
2001)
Source
Address Spoofing
Source address spoofing is often misunderstood, and therefore a
cause for concern. Learn more about what to do to protect
yourself. Source: Microsoft TechNet
The Dangers of PPP
Summary: PPP means you don't need a cable or DSL modem to be vulnerable to hacking. Find out what the dangers are and how to protect yourself.
The
Evolution of an Exploit
A quick look at how security holes are discovered, reported, and
exploited. Source: Network Computing (April 2000)
Think You're Safe from Sniffing?
Columnist Mark Edwards talks about a handful of available tools that might make your network traffic vulnerable to sniffing. Source: Windows & .NET Magazine (June 2000)
UNC Path Can Be Used to Start Programs by Using .chm Files
Microsoft Knowledge Base Article: 259166 - The HTML Help facility provides the ability to start code by using shortcuts included in HTML Help files. If a compiled HTML Help (.chm) file were referenced by a malicious Web site, it could be used to start code on a visiting
user's computer.
Unofficial NT Hack FAQ
An FAQ for Hackers on how to break NT security. A useful primer for SysAdmins. From Simple Nomad.
|