d

Windows Security: The Complete Documentation

• This category contains 9 Papers
• The last paper was added on 2007-03-26 (YYYY-MM-DD)

Microsoft Office security, part one

Published on 2006-08-22, by Khushbu Jithra, ©SecurityFocus.

The flood of recent Microsoft Office vulnerabilities has brought forth the need to understand the mechanics of the MS Office security architecture and the possible fault injection points. This article discusses Microsoft Office’s OLE Structured Storage and the nature of recent dropper programs and other exploit agents, in an effort to scrutinize the workings of some of the recent MS Office exploits. The second part of this article then collates some forensic investigation avenues through different MS Office features. Parts of the article sample different MS Office vulnerabilities to discuss their nature and the method of exploitation.

Microsoft Office security, part two

Published on 2006-08-29, by Khushbu Jithra, ©SecurityFocus.

The flood of recent Microsoft Office vulnerabilities has brought forth the need to understand the mechanics of the MS Office security architecture and the possible fault injection points. The first part of this article primarily discussed Microsoft Office’s OLE Structured Storage and the nature of recent dropper programs and other exploit agents, in an effort to scrutinize the workings of some of the recent MS Office exploits. Now the second part looks at some forensic investigation avenues with different MS Office features. Parts of the article sample different MS Office vulnerabilities to discuss their nature and the method of exploitation.

MS Terminal Server Cracking

Published on 2007, by Chris Gates, ©The Ethical Hacker Network.

If you want to do any MS Terminal Server cracking you basically have your choice of three tools that can do it for you; TSgrinder, TScrack, and a patched version of RDesktop. This article and its companion Video: Terminal Server / RDP Password Cracking, takes you step-by-step through the concepts, tools and usage.

1. TSGrinder is readily available from http://www.hammerofgod.com/download.html.
2. TSCrack you’ll have to google for as it is not readily available anymore.
3. Rdesktop v1.41 can be downloaded from http://www.rdesktop.org/ and you’ll need the patch from foofus.net http://www.foofus.net/jmk/rdesktop.html

MS-06-040 Exploit In Action!

Published on 2006-08-31, by SecurityMonkey, ©Information Technology Toolbox, Inc..

Once again reader Didier Stevens has put together some tasty security goodness in the form of a video that shows the Microsoft MS-06-040 exploit in action! Pay attention to the tools that he’s using, and experience just how amazing the Metasploit Toolkit is.

PC Security Guide — Protection from Viruses, Attacks and Spyware

Published on 2005-09-15, by Patrick Tilsen, ©TweakTown Pty Ltd..

Ever since the advent of the Web in 1990, owners of personal computers with Internet connections have had to worry about the problems it can cause. There had been crackers — also know (erroneously) as hackers — since the 70s, but the real problems started shortly after the web was created.

It wasn't long before viruses, trojans, worms and attacks started. Less than a decade later, spyware was rampant and all kinds of viruses were common. Anyone who knew anything had anti-virus software, and some people even had firewalls. As cable, DSL, ISDN, and other forms of broadband became common, the problems worsened. Spyware protection soon became necessary, as well as a good firewall and regular patches from Microsoft™.

Secure Internet Information Services 5 Checklist

Published on 2000-06-29, by Michael Howard, ©Microsoft Corporation.

This document lists some recommendations and best practices to secure a server on the Web running Microsoft Windows 2000™ and Internet Information Services (IIS) 5. The information in this document is adapted from Designing Secure Web-Based Applications for Microsoft Windows 2000™, Microsoft Press (ISBN: 0735609950).

Securing Exchange With ISA Server 2004

Published on 2004-10-19, by Jonathan Hassell, ©SecurityFocus.

You might be thinking that running Exchange Server 2003 on the Internet itself is tempting, however you should be concerned with the security issues in doing so -- there are many attacks and automated scripts in the hands of hackers that pound on Exchange machines and attempt to compromise them. Outlook Web Access can be a useful option, however there are security issues with deploying this as well. And the fact remains that sometimes you absolutely need to provide full access for Microsoft Outlook clients, and the Web Access front-end just won't cut it.

Security Configuration Wizard in Windows Server 2003 Service Pack 1

Published on 2005-01-20, by Derek Melber, ©Internet Software Marketing Ltd..

Microsoft™ has developed an almost ideal tool to help you configure security on computers in your organization. The tool is the Security Configuration Wizard, which is available in Windows Server 2003™ service pack 1. The tool can help you configure services, network security, auditing, registry settings, and more. The wizard accomplishes these goals by producing security policies, which can be used in conjunction with security templates and specific server roles.

Use Free Microsoft Tools to Protect your Computers

Published on 2005-11-17, by Deb Shinder, ©TechGenix Ltd..

As part of their trusted computing initiative, Microsoft™ has taken a lead in offering free security tools that you can download and use to help assess the security of your computers and protect your systems against viruses, spyware, and attacks. In this article, we’ll take a look at some of the utilities they've made available.