Wireless Network Security Threats
Wireless networks do not have the inbuilt physical security of wired networks, and are unfortunately more prone to attacks from intruders. Once unauthorized access is gained to the wireless network, the intruder would be able to easily access the resources of the corporate, internal network. To complicate matters, there are numerous tools which attackers can use to detect and connect to a wireless network, thus making abusing a wireless network not an intricate
[ read more ]
The level of access that one has to his/her Windows machine depends on whether the Windows Login interface is enabled or disabled. When the logon screen is enabled, the user is prompted to select an account username and put in a password for the account selected. This allows users to access a single computer via many accounts when it has been preconfigured for this purpose. Individuals who are the sole users of their computer prefer to disable the Windows logon screen. They may also use a single
[ read more ]
An Introduction to the Public Key Infrastructure (PKI)
It has grown more important to ensure the confidentiality and integrity for data communication where an organization's network contains intranets, extranets, and Internet Web sites. Because of the connectivity of networks today, an organization's network is exposed to unauthorized users who could possibly attempt to access and manipulate mission critical data or the confidential data of its clients. The need to authenticate the id
[ read more ]
Determining Security Business Requirements
When analyzing and determining the security business requirements of the organization, you have to include the
following factors:
Business model: The business model that the organization uses greatly influences the type of security an
organization implements. An organization that has world-wide branches would have different security requirements to a
business that has a single office.
Business processes: To successfully impl
[ read more ]
The new MS Vista operating system is trying to be much tougher on viruses, trojan horses and other forms of malware. However, to implement this tough approach, Vista employs UAC (User Account Control) as the default setting.
Vista UAC while is a great tool and resource for many to have on their computer, it does get on some peoples nerves. For experienced or power users, it can be down-right annoying, the reason being that any function that can limit security requires an administrator-level use
[ read more ]
Internet Authentication Service (IAS) is Microsoft's implementation of a RADIUS (Remote Authentication Dial-in User Service) server and proxy. As a RADIUS server, IAS performs centralized connection authentication, authorization, and accounting for many types of network access, including wireless and VPN (Virtual Private Network) connections. As a RADIUS proxy, IAS forwards authentication and accounting messages to other RADIUS servers.
The Authentication and Authorization Processes
When
[ read more ]
Microsoft Windows NT/2000/XP passwords are encrypted as 32-bit one-way hashes using the MD4 messages digest algorithm. This is similar to the way that Unix stores passwords, although the hashing algorithm is different.
For compatibility with legacy Microsoft LAN Manager software, Windows NT/2000/XP also stores the passwords redundantly as a 56-bit DES (Data Encryption Standard) hash. This 56-bit hash is created by splitting the password into two 7-character uppercase strings, and then convert
[ read more ]
Database Server Security Overview
When it comes to securing database servers, the actual database software usually provides some security features or mechanism which you can implement. A common database is Microsoft SQL Server which you can manage through its Enterprise Manager tool. The Enterprise Manager can be found in the SQL Server program group.
It is recommended that you do not expose your SQL Server databases to public networks such as the Internet. If you do have to connect a SQL Serv
[ read more ]
Computer malware has evolved at a rapid rate in recent years. A common trend among the fake anti-virus programs that the Trojan virus deploys on the Internet is disabling the computer's Task Manager. The associated virus does this in order to make it more difficult to remove infections from computers. When this happens to a computer, the registry editor must be used to remove the malware. Depending on the nature of the computer infection and the configuration of the Windows computer, several met
[ read more ]
Understanding Security Policy Types
With Windows Server 2003, you can implement and manage security settings at the following levels:
Local computer (local security policies)
Active Directory site, domain, or organizational unit (domain security policies)
Local security policies are managed through Local Computer Group Policy Objects (GPOs), and domain security policies are managed through Group Policy with the Active Directory Domain Controller GPOs. However, domain securi
[ read more ]
