Security FAQ's, Tutorials and Guides for Beginners

Considerations on Securing End Systems
The starting point for any security model is to assure that security standards and policies are in place to protect the system from external attacks and unauthorized internal usage. Securing computer resources, applications, and related data is an integral part of securing an enterprise. Securing a system involves implementing a set of procedures, practices, and technologies to protect the information technology (IT) infrastructure as well as software and associated data throughout the organization. In this white paper, we will take a close look at the common steps needed to secure a Microsoft© Windows© system. We will use a real world example based on a Microsoft Consulting Services project in the banking industry to show how to develop a security plan. Source: Microsoft.com

IT Baseline Protection Manual  
Excellent Web-Site that recommends measures to meet Medium-Level Protection Requirements for Windows NT, Unix, Novell, Firewalls, PBX, Databases, Email, etc.) They even offer a free CD! Don't worry about the German intro, the site is in English (although they could use a better translator).

IT Introduction to Windows 2000 Security
This introduction provides an overview of how Windows 2000 security services work. It outlines the key business and technical benefits your company can gain from deploying Windows 2000. Source: Microsoft.com

IT Security Cookbook  
A great online "book" designed as a self help guide for managers, programmers, and network administrators.

Manager's Guide to Securing Windows NT Server
A downloadable whitepaper in PDF Format from CIAC.

Mastering the Fundamentals, Part 1
Encryption Technology provides a valuable means to guarantee confidentiality, integrity and authenticity in today's networked world. Source: Information Security Magazine (January 2000)

Mastering the Fundamentals, Part 2
Extending your business to the Web requires securing your corporate perimeter, identifying and fixing vulnerabilities and conducting best practices in e-commerce security. Source: Information Security Magazine (Feb 2000)

Mastering the Fundamentals, Part 3
Getting all the details right may still leave your business insecure©maybe even unsecurable. Amazingly, many organizations miss the big picture entirely. Source: Information Security Magazine (March 2000)

Microsoft's Security 101 Basics  
A broad based single page overview of IT security, but contains additional links and whitepapers.

PKP Course on Data and Network Security   
Part of the Professional Knowledge Program, this is an excellent online course that covers all of the fundamentals. It also offers online testing and certification.

NT Security FAQ 
An exceptional (and fairly large) guide to NT Security in the familiar FAQ format. One of the nice things about this FAQ is that it includes footnotes for most of its references. A must read!

Securing Your Networks: A Primer
This year©s ?Love Bug? e-mail worm and denial-of-service attacks against Yahoo, Amazon.com, and other e-commerce giants caused many companies to reevaluate their security programs. Advancing your security program can be complex and perhaps costly, but this guide can help you decide what to improve and how. The money and effort needed to protect sensitive information or keep a revenue-generating e-commerce site running will be well spent. Source: 8 Wire (Nov 2000)

Security Considerations for Administrative Authority
This white paper is one of a series. Best Practices for Enterprise Security contains a complete list of all the articles in this series. See also the Security Entities Building Block Architecture.

Security Provisions, Basic to Advanced
Security is a dynamic problem and requires implementing a range of technologies for full-spectrum protection. Any network connected to the Internet needs basic security hardware and software, but companies with especially sensitive information need to consider more advanced measures. Source: 8 Wire (Aug 31, 2000)

Windows Hacking 101
Unfortunately for all you script kiddies, this is not the definitive guide to hacking into someone©s system. Our goal is to walk the network administrator through the basic steps a hacker takes to locate and identify target machines. Source: 8Wire (March 2001)

Windows Hacking 102
We created this series to walk the network administrator through the steps a hacker takes to locate and identify target machines on a Windows system. This installment plunges into the world of using more advanced techniques such as Null Sessions to gain information about and access to a system. Source: 8 Wire (April 2001)

Steps for Evaluating the Security of a Windows NT Installation  
A very useful excerpt from Tom Sheldon's Windows NT Security Handbook

The ABC's of computer security (Apr 1999)
This White Paper gives an introduction to computer security and its significance for businesses, followed by an alphabetical guide to common security measures and threats. Source: Sophos (April 1999)

Unofficial NT Hack FAQ  
An FAQ for Hackers on how to break NT security. A useful primer for SysAdmins. From Simple Nomad.

USENET Computer Security FAQ's  
Ohio State University's Usenet FAQ's on Computer Security.

Windows 2000 Distributed Security Features
This paper discusses the features of the Windows 2000 Distributed Security Services, which include Integration with Windows 2000 Active Directory services, Kerberos version 5 authentication protocol, strong authentication using public-key certificates, secure channels based on Secure Sockets Layer (SSL) 3.0 and CryptoAPI. Source: Microsoft.com