MySQL service setup
Installing and chrooting MySQL step by step with detailed instructions.
Read the Article
|
Options For Securely Deploying Outlook Web Access
In this paper, I will provide an overview of Outlook Web Access and how it functions to deliver Exchange server mail via HTTP. Next, I will take an in-depth look at four primary areas of concern in securing OWA; 1) the foundation technology, 2) encryption and authentication, 3) network architecture and, 4) logoff. Finally, I will review various products that offer a more secure way to deploy OWA than the off-the-shelf solution. It is my goal to heighten the reader's awareness of the potential security risks associated with Outlook Web Access and to provide sufficient technical information regarding options for securely deploying OWA such that administrators can make informed decisions to narrow the direction they wish to take their own deployment efforts. This paper is not an endorsement for any one product or solution.
Read the Article
|
Securing Vulnerable Software
Scott Wimer, CTO Cylant Software, discusses methods for improving the security of a computer system in spite of their vulnerabilities in order to break out of the current security cycle.
Read the Article
|
Security Issues in Running an Email Server
This paper discusses security topics with respect to administering an email system. It starts discussing system hardening (CIS security benchmarks, disabling services, TCP wrappers, Tripwire, logging, etc.) from the perspective of an email system sysadmin. Then it discusses anti-virus software and why quarantining, cleansing, notifying are the wrong approach. Instead, messages containing viruses should be rejected during the SMTP protocol. It details how the SMTP protocol works and how a sendmail mail filter ("milter") can be used to reject messages containing viruses. The milter is included as an appendix. The last section discusses quotas on mail accounts and why blocking rather than queuing/retrying is the best policy, both for the user, the system, and for security.
Read the Article
|
SQL Server Email vulnerability issues and prevention strategies
This paper will explore some of the ways this feature could be used by both legitimate users and intruders. Installation and configuration of the utility will be briefly described in enough detail to support the ensuing discussion of the vulnerability. Finally, a number of strategies will be suggested that could be used to minimize the vulnerabilities exposed by use of this feature.
Read the Article
|
AS/400 & iSeries: A Comprehensive Guide to Setting System Values to Common Best Practice Security
The purpose of this document is to assist anyone configuring or auditing iSeries (formerly known as AS/400) system values. This document should only serve as an informational guide and represents a security consultant's opinion on what the "Best Practice" setting should be in a typical corporate environment. Appropriate system value settings for the reader's environment may differ due to varying circumstances.
Read the Article
|
Ebay Attack Online Jargon
The very definitive article explaining the art of performing ebay attacks and understanding the base against which the Ebay attacks are performed.
Read the Article
|
Is Your Personal Financial Information Safe? Practical Lessons in Quicken Password Vulnerabilities
This paper examines password encryption and authentication techniques applied to the file-level protection of personal documents and databases. As a practical example, I have researched protection schemes used by Intuit Corporation's Quicken software. This personal financial software contains information that most people would consider to be extremely sensitive. However, the password protection and encryption schemes that Quicken uses fail to provide the level of security that might be expected. I've found that the password protection used by Quicken is easily reversed with the purchase of a $30 password cracking application.
Read the Article
|
Making Your Network Safe for Databases
If you are charged with administering a network that contains a database server, there are a number of steps you can take to help protect the data from being compromised. Properly configured, you can help prevent your organization's information assets from falling into the wrong hands.
Read the Article
|
Regulus Exposed
Masood Mehmood issues a scathing report on the Regulus logging software used by many ISPs. He includes step-by-step instructions illustrating how to compromise staff passwords and exploit other hidden bugs.
Read the Article
|
