Deb Shinder

Debra Littlejohn Shinder is a technology and security analyst and author specializing in identity, security and cybercrime, utilizing her past experience as a police officer and police academy/criminal justice instructor. She has written numerous books and articles for web and print publications and has been awarded the Microsoft MVP designation for fourteen years in a row.

What’s New in Windows Server 2003 IPSec (Part 2)

In Part 1 of this two-part article, we took a look at one of the most important new additions to Windows Server 2003’s implementation of IPSec: the new and improved IP Security Monitor. You learned about its new look (MMC console) and increased functionality. In Part 2, we’ll discuss the other improvements that Microsoft has made to IPSec in Windows Server 2003. Many of these are small things, but taken together, they make IPSec more secure and easier for administrators to manage than ever before.

What’s New in Windows Server 2003 IPSec (Part 1)

With the release of Windows Server 2003, Microsoft has made improvements to a number of their operating system security features, including several new features for IPSec. In this two part article, we’ll focus on what’s new for IPSec in Windows Server 2003, and show you how to use its new features to make it even easier for you to ensure secure communications across your network. Part One covers the IP Security Monitor, which has a brand new look and added functionality.

What’s New in Windows 2003 Server: IIS Security Enhancements

Microsoft’s Internet Information Services (IIS), while one of the most popularly deployed web servers, has long been considered to be a weak point on any server on which it is installed, when it comes to security. Web servers, by their very nature, are generally open to the Internet (unless they are used only for intranet access) and this makes them a natural target for hackers and attackers. In this article, we’ll cover some of the changes to the new version of IIS that are intended to make it less vulnerable to attackers.

Protecting your Email from Viruses and Other MalWare

Virus writers, who used to spread their virtual “diseases” via infected floppies and network shares, have seized the opportunity posed by email programs that support attached files, HTML messages, and embedded scripts to send viruses and other malicious software (called “malware”) to hundreds or thousands of people with just a few keystrokes. In this article, we will look at how email viruses work and what you can do to protect your computer and network from them.

mission-critical encryption

Securing Remote Access Connections

Today many companies are enjoying the cost savings inherent in allowing some employees to work from home, while those employees benefit from the convenience of telecommuting. In addition, executives, salespeople and others need to connect to the company network when they go on the road, and/or need to access network resources in the evenings or on the weekends from home. All this adds up to a lot of remote access connections to the organization's network. In this article, we will discuss how to prevent remote connections from creating a security nightmare on your network.

Passwords: the Weak Link in Network Security

In this article, we will discuss how passwords work, why and how passwords are vulnerable, how to create more secure passwords, how to create effective password policies, and some alternatives to password-only authentication for high security environments.

How Windows Server 2003’s Software Restriction Policies Improve Security

Allowing any unauthorized software to run on company computers, especially those connected to the network, poses many dangers. Even if the program isn’t infested with malicious code, incompatibility problems can result in operating system crashes, or interfere with the operation of other programs, and complicate tech support and troubleshooting – not to mention licensing issues. For this reason, Microsoft includes a new feature with Windows Server 2003 and Windows XP: software restriction policies.

mission-critical encryption

Where Does EFS Fit into your Security Plan?

The ability to encrypt data – both data in transit (using IPSec) and data stored on the disk (using the Encrypting File System) without a need for third party software is one of the biggest advantages of Windows 2000 and XP/2003 over earlier Microsoft operating systems. Unfortunately, many Windows users don’t take advantage of these new security features or, if they do use them, don’t fully understand what they do, how they work, and what the best practices are to make the most of them. In this article I'll discuss EFS: its use, its vulnerabilities, and how it can fit into your overall network security plan.

Understanding the Role of the PKI

The Public Key Infrastructure is a concept that is discussed frequently in the IT security world, but is not always well understood. Most of us know that the PKI is used for authentication and has something to do with public key pairs, but many only vaguely understand how the components of a PKI work together and the differences between private and commercial PKIs. In this article, we’ll provide a brief overview of what a PKI is and does, and where it can fit into your organization’s security plan.

Securing Data in Transit with IPSec

With her first article for WindowSecurity.com, we are pleased to welcome Debra Littlejohn Shinder to our team of authors. Network security has many facets, and much emphasis is placed (rightly) on keeping intruders and attackers out of the network via firewalls. However, in today’s business environment, there are also many instances in which sensitive data needs to be protected within the local network from users who have legitimate access to the network – but do not need to have access to the data in question. The answer in that case is encryption.

Scroll to Top