1: Social networking as an avenue of attack
Social networking has experienced a boom in popularity over the last few years. It’s now finding its way from the home into the workplace and up the generational ladder from the young folks into the mainstream. It’s a great way to stay in touch in a mobile society, and it can be a good tool for making business contacts and disseminating information to groups. However, popular social networking sites have been the target of attacks and scammers. Many people let their hair down when posting on these sites and share much more personal data (and even company data) than they should.
As Steve Riley pointed out in his recent talk on attack progressions at the 2009 MVP Summit, today’s young professionals are growing up with social networking, and they expect to have it available to them at work just as older employees expect to be able to use their office telephones for reasonable, limited personal calls.
2: More attacks on the integrity of the data
Another point Steve made in his presentation is that “First they came for bandwidth; now they want to make a difference.” In the past, many attackers were looking for a free ride on your Internet connection. Then the nature of attacks progressed. Instead of the network being the target, it was the data. The next step was stealing data, but step after that is even more insidious: the malicious modification of data.
This can result in catastrophic consequences: personal, financial, or even physical. If a hacker changed the information in a message to your spouse, it could harm your marriage. If the change were to a message to your boss, you might lose your job. Changing information on a reputable Web site regarding a company’s financial state could cause its stock prices to drop. A change to electronic medication orders on a hospital network could result in a patient’s death.
3: Attacks on mobile devices
Laptop computers have presented a known security risk for many years. Today, we are more mobile than ever, carrying important data around with us not just when we go on business trips but every day, everywhere we go, on smart phones that are really just small handheld computers. These devices have important business and personal e-mail, text messages, documents, contact information and personal information stored on them. Many of them have 8 or 16 GB of internal storage and you can add another 32 GB on a micro SD card. That’s much more storage space than the typical desktop computer had in the 1990s.
4: Virtualization
Virtualized environments are becoming commonplace in the business world. Server consolidation is a popular use of virtualization technologies. Desktop virtualization, application virtualization, presentation virtualization — all of these provide ways to save money, save space, and increase convenience for users and IT administrators alike. If it’s properly deployed, virtualization can even increase security — but that’s a big “if.” Virtualization makes security more complicated because it introduces another layer that must be secured. In essence, you now have to worry about two attack surfaces: the virtual machine and the physical machine on which it runs. And when you have multiple VMs running on a hypervisor, a compromise of the hypervisor could compromise all of those machines.
Another virtualization-related threat was demonstrated by the infamous Blue Pill VM rootkit. Hyperjacking is a form of attack by which the attacker installs a rogue hypervisor to take complete control of a server, and VM jumping/Guest hopping exploits hypervisor vulnerabilities to gain access to one host from another.
5: Cloud computing
If virtualization was last year’s buzzword, this year it’s all about “the Cloud.” The uncertain economy and tight budgets have companies looking for ways to lower operating costs, and outsourcing e-mail, data storage, application delivery, and more to cloud providers can present some attractive potential savings. Microsoft, IBM, Google, Amazon, and other major companies are investing millions in cloud services.
Cloud advocates envision a day when we’ll all use inexpensive terminals to access our resources that are located someplace “out there.” But when your data is “out there,” how can you be sure that it’s protected from everyone else “out there?” In fact, the biggest obstacle to moving to the cloud, for many companies and individuals, is the security question. IDC recently surveyed 244 IT executives and CIOs about their attitudes toward cloud services, and 74.6% said security is the biggest challenge for the cloud computing model.
7: Third-party applications
Microsoft has put tremendous effort into securing the Windows operating system and its popular productivity applications, such as Microsoft Office. Linux and Mac receive regular security updates. As operating systems become more and more secure, attackers will focus less on OS exploits and more on application exploits. The major Web browsers are routinely updated to patch security vulnerabilities. But the vendors of many third-party applications are less security-aware.
8: Side effects of green computing
Green computing is all the rage today, and saving energy is certainly a good thing — but as with beneficial medications, there can be unexpected and unwanted side effects. Recycling computer components, for instance, can expose sensitive data to strangers if you don’t ensure that hard drives have really been wiped cleaning.
On the other hand, such green initiatives as powering down systems that aren’t in use can actually enhance security, since a computer that’s turned off isn’t exposed to the network and isn’t accessible 24/7.
9: IP convergence
Convergence is the name of the game today, and we are seeing a melding of different technologies on the IP network. With our phones, cable TV boxes, Blu-ray players, game consoles, and even our washing machines connected to the network, we’re able to do things we never even imagined a decade ago. But all of those devices on an Internet-connected network present myriad “ways in” for an attacker that didn’t exist when only our computers used IP.
We can only hope that the manufacturers of all these devices put security at the forefront; otherwise, we may see a rash of new malware targeting vulnerabilities in our entertainment devices and household appliances.
10: Overconfidence
Perhaps the greatest threat to the security of our networks, whether at work or at home, is overconfidence in our security solutions. Many home users believe that as long as they have a firewall and antivirus installed, they don’t have to worry about security. Businesses tend to put too much faith in the latest and greatest security solutions. For example, there is an assumption that biometric authentication is infallible and undefeatable — but it can be compromised in various ways, and when it is, the legitimate user it was meant to protect becomes the victim. If the system shows that your fingerprint was used to log on, you may be presumed guilty, and an investigation might not even be deemed necessary.
For More Info visit:http://blogs.techrepublic.com.com/10things/?p=602
Thursday, March 26, 2009
Tuesday, March 17, 2009
Three Security Bulletins for Patch Plan by Microsoft
Microsoft is prepping three security bulletins affecting Windows next week as part of Patch Tuesday. The most serious of the bulletins addresses a remote code execution situation. There is no word, however, on a patch for the Microsoft Office Excel zero-day Microsoft warned users about last month.
Microsoft plans to push out three security bulletins next week, the most serious of which is meant to squash at least one remote code execution bug in Windows.
All three bulletins deal with security bugs in Windows, with the other two addressing what Microsoft characterized as "spoofing" issues. The remote code execution bulletin is rated “critical,” and affects Windows 2000, XP, Vista and Windows Server 2003 and 2008.
This month's patch lineup does not include a fix for the zero-day vulnerability affecting Microsoft Office Excel that hackers have been targeting in recent weeks. Microsoft issued an advisory on the bug Feb. 24, warning the bug could allow a hacker to execute arbitrary code if a specially crafted Excel file attempts to access an invalid object.
So far, Microsoft has only reported seeing limited, targeted attacks leveraging the vulnerability. However, the company has publicized workarounds for users concerned about exploitation. For one, Microsoft advises customers to use MOICE opening files from unknown or untrusted sources. Users can also take advantage of Microsoft Office File Block policy to block the opening of Office 2003 and earlier documents from unknown or untrusted senders as well.
The spoofing issues addressed in the two bulletins slated for next week are rated “important.” One of those two bulletins covers Windows 2000, XP, Vista and Windows Server 2003 and 2008. The final bulletin, however, only impacts Windows 2000 and Windows Server 2003 and windows server 2008.
Source:
Microsoft plans to push out three security bulletins next week, the most serious of which is meant to squash at least one remote code execution bug in Windows.
All three bulletins deal with security bugs in Windows, with the other two addressing what Microsoft characterized as "spoofing" issues. The remote code execution bulletin is rated “critical,” and affects Windows 2000, XP, Vista and Windows Server 2003 and 2008.
This month's patch lineup does not include a fix for the zero-day vulnerability affecting Microsoft Office Excel that hackers have been targeting in recent weeks. Microsoft issued an advisory on the bug Feb. 24, warning the bug could allow a hacker to execute arbitrary code if a specially crafted Excel file attempts to access an invalid object.
So far, Microsoft has only reported seeing limited, targeted attacks leveraging the vulnerability. However, the company has publicized workarounds for users concerned about exploitation. For one, Microsoft advises customers to use MOICE opening files from unknown or untrusted sources. Users can also take advantage of Microsoft Office File Block policy to block the opening of Office 2003 and earlier documents from unknown or untrusted senders as well.
The spoofing issues addressed in the two bulletins slated for next week are rated “important.” One of those two bulletins covers Windows 2000, XP, Vista and Windows Server 2003 and 2008. The final bulletin, however, only impacts Windows 2000 and Windows Server 2003 and windows server 2008.
Source:
Thursday, March 12, 2009
Microsoft Fixed Windows 7 Holes with Security Updates
Microsoft stated that the critical fix was for just about every version of Windows, including Windows 2000, XP, Vista, Server 2003 and Server 2008. However, the software giant failed to mention that the update also was intended for Windows 7 under its "Affected Software" heading.
Microsoft did, however, mention that the update affected Windows 7 under the "Frequently Asked Questions" section. In addition to Windows 7, the patch repaired critical flaws in Windows Server 2008 Service Pack 2 Beta and Windows Vista Service Pack 2 Beta.
Altogether, the patch bundle resolved a total of four image vulnerabilities in the Windows kernel, the most serious of which could allow hackers to install malicious code on users' computers without any user intervention by enticing a victim to view a maliciously crafted EMF or WMF image file. The user could then download a Trojan or other piece of malware that would enable hackers to take complete control of the machine and steal sensitive data. Other vulnerabilities repaired by the update could leave the user susceptible to a denial of service attack.
Microsoft's March security update addressed two other security flaws, both deemed "important," that could allow hackers to spoof Web sites in identify theft schemes.
One of the flaws, occurring in the Windows DNS server and the Windows WINS server, could allow a remote attacker to redirect Web traffic to his or her own malicious Web site. Once users opened the maliciously crafted page, attackers could then entice users to submit sensitive password, credit card or bank account information for identity theft activities. Hackers also could infuse the page with malware designed to record keystrokes and steal information, security experts said.
The other "important" fix repaired a bug in the Windows Secure Channel security package that could allow miscreants to spoof a Web site by gaining access to the authentication credentials utilized by the end user.
Microsoft did, however, mention that the update affected Windows 7 under the "Frequently Asked Questions" section. In addition to Windows 7, the patch repaired critical flaws in Windows Server 2008 Service Pack 2 Beta and Windows Vista Service Pack 2 Beta.
Altogether, the patch bundle resolved a total of four image vulnerabilities in the Windows kernel, the most serious of which could allow hackers to install malicious code on users' computers without any user intervention by enticing a victim to view a maliciously crafted EMF or WMF image file. The user could then download a Trojan or other piece of malware that would enable hackers to take complete control of the machine and steal sensitive data. Other vulnerabilities repaired by the update could leave the user susceptible to a denial of service attack.
Microsoft's March security update addressed two other security flaws, both deemed "important," that could allow hackers to spoof Web sites in identify theft schemes.
One of the flaws, occurring in the Windows DNS server and the Windows WINS server, could allow a remote attacker to redirect Web traffic to his or her own malicious Web site. Once users opened the maliciously crafted page, attackers could then entice users to submit sensitive password, credit card or bank account information for identity theft activities. Hackers also could infuse the page with malware designed to record keystrokes and steal information, security experts said.
The other "important" fix repaired a bug in the Windows Secure Channel security package that could allow miscreants to spoof a Web site by gaining access to the authentication credentials utilized by the end user.
Source: http://www.crn.com/security/215801984
Tuesday, March 3, 2009
Windows Server 2003 Security Compliance Management Toolkit
The Windows Server 2003 Security Compliance Management Toolkit provides you with you with an end-to-end solution to help you plan, deploy, and monitor the security baselines of servers running Windows Server 2003 Service Pack 2 (SP2) in your environment.
This Solution Accelerator includes the Windows Server 2003 Security Guide and the GPOAccelerator tool to provide you with prescriptive information and automated tools to establish and deploy your security baseline. This toolkit also provides you with 6 DCM Packs to use with the desired configuration management (DCM) feature in Microsoft® System Center Configuration Manager 2007 SP1. Use this functionality to help you monitor the implementation of your security baseline for Windows Server 2003 SP2.
The Windows Server 2003 Security Compliance Management Toolkit is part of the Security Compliance Management Toolkit series.
The Windows Server 2003 Security Guide offers a choice of preconfigured security baselines for the following two different environments:
* Enterprise Client. This security baseline is best for most organizations in which functionality is evenly balanced with security.
* Specialized Security – Limited Functionality. This security baseline is best for organizations in which concern for security is so great that a significant loss of functionality is acceptable. For example, military and security agency organizations operate in this type of environment.
Included in the Download
The Windows Server 2003 Security Compliance Management Toolkit includes the following components:
* Security guide – The updated security guide for Windows Server 2003. The guidance provides you with best practices and information about automated tools to help you plan and deploy your security baseline.
* Attack Surface Reference workbook – A resource that lists the changes introduced as server roles are installed on computers running Windows Server 2003.
* Security Baseline Settings workbook – A resource that lists the prescribed settings for each of the preconfigured security baselines that the guide recommends.
* Security Baseline XML – An XML file that allows customers to consume the data defined in the Security Baseline Settings workbook.
* GPOAccelerator tool – A tool that you can use to create all the Group Policy objects (GPOs) you need to deploy your chosen security configuration.
* INF Files – INF files for Windows Server 2003.
* Baseline Compliance Management Overview – An overview that includes best practices about how to monitor security baselines for computers running Windows Server 2003.
* DCM Configuration Pack User Guide – A step-by-step prescriptive user guide about how to use the Configurations Packs in Configuration Manager 2007 SP1.
* DCM Configuration Packs – The toolkit includes 6 DCM Configuration Packs for you to use with the DCM feature in Configuration Manager 2007 SP1.
Download: Here
This Solution Accelerator includes the Windows Server 2003 Security Guide and the GPOAccelerator tool to provide you with prescriptive information and automated tools to establish and deploy your security baseline. This toolkit also provides you with 6 DCM Packs to use with the desired configuration management (DCM) feature in Microsoft® System Center Configuration Manager 2007 SP1. Use this functionality to help you monitor the implementation of your security baseline for Windows Server 2003 SP2.
The Windows Server 2003 Security Compliance Management Toolkit is part of the Security Compliance Management Toolkit series.
The Windows Server 2003 Security Guide offers a choice of preconfigured security baselines for the following two different environments:
* Enterprise Client. This security baseline is best for most organizations in which functionality is evenly balanced with security.
* Specialized Security – Limited Functionality. This security baseline is best for organizations in which concern for security is so great that a significant loss of functionality is acceptable. For example, military and security agency organizations operate in this type of environment.
Included in the Download
The Windows Server 2003 Security Compliance Management Toolkit includes the following components:
* Security guide – The updated security guide for Windows Server 2003. The guidance provides you with best practices and information about automated tools to help you plan and deploy your security baseline.
* Attack Surface Reference workbook – A resource that lists the changes introduced as server roles are installed on computers running Windows Server 2003.
* Security Baseline Settings workbook – A resource that lists the prescribed settings for each of the preconfigured security baselines that the guide recommends.
* Security Baseline XML – An XML file that allows customers to consume the data defined in the Security Baseline Settings workbook.
* GPOAccelerator tool – A tool that you can use to create all the Group Policy objects (GPOs) you need to deploy your chosen security configuration.
* INF Files – INF files for Windows Server 2003.
* Baseline Compliance Management Overview – An overview that includes best practices about how to monitor security baselines for computers running Windows Server 2003.
* DCM Configuration Pack User Guide – A step-by-step prescriptive user guide about how to use the Configurations Packs in Configuration Manager 2007 SP1.
* DCM Configuration Packs – The toolkit includes 6 DCM Configuration Packs for you to use with the DCM feature in Configuration Manager 2007 SP1.
Download: Here
Wednesday, February 25, 2009
Microsoft Releases Security patch for old Windows versions
Microsoft has rereleased an update that patches a remote code execution security issue in the Graphics Rendering Engine in old versions of Windows. Most users do not have to worry about installing the update.
Microsoft has rereleased a security update that was originally released back in 2005. It was revised to address minor issues "unrelated to the stability of the update or the security of the intended target systems." Most users have already applied this update and don't need to apply it again. The vulnerability is only found in older versions of Windows, 32-bit and 64-bit versions of Windows Server 2003, Windows Small Business Server 2003, Windows XP Tablet PC Edition, Windows 2000 SP4, and Small Business Server 2000.
However, the rereleased update (4.8MB) is only for various editions of Windows Server 2003 64-bit. Server 2003 customers who never installed the previous update will now be offered the revised one. The update should be offered automatically to these users.
When originally disclosed, the vulnerability was given a Critical rating by Microsoft because it included a remote code execution security issue in the Graphics Rendering Engine that could allow an attacker to remotely compromise the Windows-based system and gain control over it. Microsoft Security Bulletin MS05-053 has more information about the security issue that was fixed.
Source: http://arstechnica.com/microsoft/news/2009/02/security-patch-rereleased-for-old-windows-versions.ars
Thursday, February 12, 2009
Windows Server 2003 Security
Windows Server 2003 has some of the following features to help protect your corporate enviroment:
There is now forest trust that allows you to authenticate other companies in your WAN thru Active Directory, this simplifies some security issues for security and network administrators.
Kerberos is now availiable through Windows Server 2003 to allow for better and more secure authentication.
Credential Manager allows secure storage for usernames and passwords as well as certificates. You can now delegate what services can access other resources on your network.
.NET password is now integrated with Active Directory aloowing SSO or single sign on.
RBAC or Remote Based Access Control you can assign more efficient restrictions to manage access to information.
Systems administrators can disallow software to run, with the Software Restrcition Policy. In Windows 2003 you can audit system alerts and even set up audits of individual users!
Account Management logs IP addresses and even calls for Logon and Logoff events.
You can now log security events in real time and export them to a SQL database to anaylze later.
PKI or Public Key Infrastructure is is system of digital certificates and CA or Certificate Authorities to verify you are who you really say you are. This is great for ecommerce systems, think E-Bay. You want to know if your really giving your credit card information to E-Bay or E-fake.
Windows Server 2003 now helps with Wireless 802.1x., you can enable PEAP which is protected EAP for authentication. I suggest using WPA in conjuction. he encrytpion protocl they use is called EFS.EFS uses AES-256 which is very strong encryption. There should be security in depth applied.Two form authentication should be applied such as biometrics and passwords.Take a look at RSA secure ID cards.
Source: http://www.anyarticles.com/Computers-and-Technology/Software/Windows-Server-2003-Security.html
There is now forest trust that allows you to authenticate other companies in your WAN thru Active Directory, this simplifies some security issues for security and network administrators.
Kerberos is now availiable through Windows Server 2003 to allow for better and more secure authentication.
Credential Manager allows secure storage for usernames and passwords as well as certificates. You can now delegate what services can access other resources on your network.
.NET password is now integrated with Active Directory aloowing SSO or single sign on.
RBAC or Remote Based Access Control you can assign more efficient restrictions to manage access to information.
Systems administrators can disallow software to run, with the Software Restrcition Policy. In Windows 2003 you can audit system alerts and even set up audits of individual users!
Account Management logs IP addresses and even calls for Logon and Logoff events.
You can now log security events in real time and export them to a SQL database to anaylze later.
PKI or Public Key Infrastructure is is system of digital certificates and CA or Certificate Authorities to verify you are who you really say you are. This is great for ecommerce systems, think E-Bay. You want to know if your really giving your credit card information to E-Bay or E-fake.
Windows Server 2003 now helps with Wireless 802.1x., you can enable PEAP which is protected EAP for authentication. I suggest using WPA in conjuction. he encrytpion protocl they use is called EFS.EFS uses AES-256 which is very strong encryption. There should be security in depth applied.Two form authentication should be applied such as biometrics and passwords.Take a look at RSA secure ID cards.
Source: http://www.anyarticles.com/Computers-and-Technology/Software/Windows-Server-2003-Security.html
Wednesday, February 4, 2009
Key Small Business Server 2008 Log Files
In SBS 2008 we have centralized the location of log files, all log files will now be placed in C:\Program Files\Windows Small Business Server\Logs. From a server support perspective this is a big plus in simplifying troubleshooting as you will always know where the log file will be located. We have compiled a list of important logs and their associated wizards below.
| C:\Program Files\Windows Small Business Server\Logs | |
| Console.log | SBS Console Log |
| CTIW.log | Logs events of the "Connect to the Internet" wizard |
| DCPromo_yymmdd.xxxxxx.log | DCPromo that ran during SBS install |
| DPCW.log | Logs events of the "Set up your Internet address" wizard |
| ERRORLOG.TXT | Logs any errors that occurred during SBS setup |
| ExtSchemaTask.log | Logs result of SBS AD schema additions |
| FinishSetup.log | Logs the completion of the SBS 2008 install |
| GPOTask.log | Logs the creation of the SBS Group Policy objects |
| olsignupwiz.log | Logs events of the "Set up your Microsoft Office Live Small Business Web site" wizard |
| pop3connectorinstall.log | Install log for the POP3 Connector |
| SBSHook.log | Logs hooking of SBS install shell to Windows install and runonce modification |
| SBSSetup.log | Logs all events that occurred during SBS setup |
| adduser.log | Logs events of the "Add a new user account" wizard |
| addgroup.log | Logs events of the "Add a new group" wizard |
| CreateUserRole.log | Logs events of the "Add a new user role" wizard |
| CopyConnectComputer.log | Logs events of the "Connect computers to your network" wizard |
| SBCW.log | Logs events of the "Configure server backup" wizard |
| fncw.log | Logs events of the "Fix My Network" wizard |
| AddMultipleUsers.log | Logs events of the "Add multiple user accounts" wizard |
| FaxRoleInstallation.log | Install log for Fax |
| FaxCW.log | Logs events of the "Configure the fax service" wizard |
| MoveData.log | Logs events of the "Move Exchange Server Data", "Move Windows SharePointServices Data", "Move User's Shared Data", "Move User's Redirected Documents Data", and "Move Windows Update Repository Data" wizards |
| CIMW.log | Logs events of the "Configure a Smart Host for Internet e-mail" wizard |
| TrustedCert.log | Logs events of the "Add a trusted certificate" wizard |
| VPNCW.log | Logs events of the "Configure a virtual private network" wizard |
| C:\Program Files\Windows Small Business Server\Logs\MonitoringServiceLogs | |
| Contains logs for SBS Monitoring and it's associated data collection tasks | |
| C:\Program Files\Windows Small Business Server\Logs\pop3connector | |
| Pop3service.log | POP3 Connector log |
| C:\Program Files\Windows Small Business Server\Logs\WebWorkplace | |
| W3WP.log | IIS worker process log for RWW |
Please note that you will also find many event log (*.evt) files in the SBS log directory. These files are a snapshot of the event logs at the completion of the SBS install. These are kept for historical purposes and for trouble-shooting installs.
Subscribe to:
Posts (Atom)
