In this article, we will discuss how passwords work, why and how passwords are vulnerable, how to create more secure passwords, how to create effective password policies, and some alternatives to password-only authentication for high security environments.
Allowing any unauthorized software to run on company computers, especially those connected to the network, poses many dangers. Even if the program isn’t infested with malicious code, incompatibility problems can result in operating system crashes, or interfere with the operation of other programs, and complicate tech support and troubleshooting – not to mention licensing issues. For this reason, Microsoft includes a new feature with Windows Server 2003 and Windows XP: software restriction policies.
In this article, we will discuss what every Wireless Administrator should do (or think about) to keep their Wireless LANs (WLANs) safe and secure. Every time you deploy a Wireless network, you should always ask yourself the following questions outlined within this article. Much has been done to secure wireless transmissions, but there are still items missed that can help your security posture, that many administrators are still not doing and are very important.
Security scanning & patch management is essential to prevent vulnerabilities on your network. Patch management in particular has become a hot topic and I review some of the leading security scanning & patch management tools available today. This review gives you a ‘birds eye’ view of each tool, to give you an idea how they work and what they they’re meant for. I also compare tools so you can decide which would be best for your network.
Security Polices are a necessary evil in today’s enterprise networks. Without a Security Policy, you leave yourself open and vulnerable to a lot of political attacks. In this article, we will begin to look at all the measures you will need to deploy to successfully define a security policy.
Due to a growing number of intrusions and since the Internet and local networks have become so ubiquitous, organizations increasingly implementing various systems that monitor IT security breaches. Intrusion Detection Systems (IDS) are those that have recently gained a considerable amount of interest. This is an introductory article to this topic. It gives an overview of several types of detectable attacks, symptoms that help in intrusion detection, describes IDS tasks, different architectures and concepts in this field.
This whitepaper will focus on strategies used when minimizing downtime caused by DOS attacks, aimed at DNS servers. To achieve high potency intruders focus their efforts on machines that have a high impact on the network, Windows 2000 networks rely a great deal on DNS. Intruders know this, and your focus should be turned to securing the organizations DNS server.
The ability to encrypt data – both data in transit (using IPSec) and data stored on the disk (using the Encrypting File System) without a need for third party software is one of the biggest advantages of Windows 2000 and XP/2003 over earlier Microsoft operating systems. Unfortunately, many Windows users don’t take advantage of these new security features or, if they do use them, don’t fully understand what they do, how they work, and what the best practices are to make the most of them. In this article I'll discuss EFS: its use, its vulnerabilities, and how it can fit into your overall network security plan.
Several configuration methods and a quick configuration guide have been devised to assist organizations in the secure configuration of their DNS servers. This document is intended to provide clarification when enabling the operational configuration requirements of the organizations configuration of secure DNS.
The Public Key Infrastructure is a concept that is discussed frequently in the IT security world, but is not always well understood. Most of us know that the PKI is used for authentication and has something to do with public key pairs, but many only vaguely understand how the components of a PKI work together and the differences between private and commercial PKIs. In this article, we’ll provide a brief overview of what a PKI is and does, and where it can fit into your organization’s security plan.
