On Windows 2000 and Windows Server 2003 you can track all the logon activity within your domain by going no futher than your domain controller security logs. But you must interpret Kerberos events correctly in order to to identify suspicious activity. This article explains how Kerberos works in the Windows environment and how to understand the cryptic codes your find in the security log.
We’re big fans of the security scanner concept; this is software that allows you to take proactive measures to protect your network instead of waiting for hackers to discover where you’re vulnerable. In order to outwit the hackers, you have to be able to think like a hacker – but merely thinking isn’t enough. You must also be able to simulate the types of attackers that hackers use. A security scanner automates the process and makes it possible for you to find the “weak links” in your network’s security more quickly and easily. In this article, we briefly review the latest incarnation of LANguard N.S.S., version 5, focusing especially on what’s new and what those new features do for you.
In spite of the fact that there’s no such thing as a secure network, there are still a lot of things you can do that doesn’t require you to take a second mortgage on your home and thousands of man-hours. This is especially true when it comes to providing secure access to Microsoft IIS Web servers.
As more and more advancements are made on security in the ‘logical’ sense (which is to implement access control rules on Firewalls, to implement IDS (Intrusion Detection) on your hosts and networks, to set up GPOs on your servers, there is little said about the actual ‘physical’ security of your systems and the site in which they are located. In this three part article, we will cover all the aspects of physical security you should be paying attention to as a security professional working with Windows based servers, or any other system for that matter.
In today’s computer networks, it is important to start to concern yourself with another level of detail in security other than how to ‘harden a system’ by killing unneeded services or adding yet another service pack or hotfix to your system(s). In this article set, we will explore Common Criteria Certification, what it is and what it means.
Due to a growing number of intrusion events and also because the Internet and local networks have become so ubiquitous, organizations are increasingly implementing various systems that monitor IT security breaches. This is the second article devoted to these systems. The previous article dealt with IDS categorization and architecture. At this point we will provide further in depth guidance. This includes an overview of the classification of intrusion detection systems and introduces the reader to some fundamental concepts of IDS methodology: audit trail analysis and on-the-fly processing as well as anomaly detection and signature detection approaches. We will also discuss the primary intrusion detection techniques.
Virtual private networking has become necessity for business users who need to remotely access their files. Of course, they could dial in directly to a remote access server, but that solution has a couple of significant drawbacks. The solution, of course, is a VPN connection. This article will discuss the different VPN options available.
In this article I’d like to introduce you to a way of installing the SQL server, which will guarantee a high level of the service’s security.
Beginning with Windows 2000, Microsoft introduced a new audit policy called “Audit account logon events” which solved one of the biggest shortcomings with the Windows security log. Until this new category it was impossible to track logon activity for domain accounts using your domain controllers’ security logs. This article will explain how to decipher authentication event on your domain controllers.
Secure Sockets Layer (SSL) is a popular method for encrypting data transferred over the Internet. It is commonly used to provide secure transfer of credit card information and other sensitive data in an e-commerce situation. SSL can also be used to create a virtual private networking (VPN) tunnel, as an alternative to “old standbys” IPSec and PPTP. I will discuss SSL VPNs in next month’s article titled VPN Options.
