Ebay Attack Online Jargon
The very definitive article explaining the art of performing ebay attacks and understanding the base against which the Ebay attacks are performed.
Read the Article
|
How To Implement Security in the MAX TNT RAS Server
This document intends to show the necessary configurations and cares to provide a more secure DIAL or ISDN (Integrated Service Digital Network) access network, based on equipments Lucent MAX TNT. Pointing the best practices, special configurations in the RAS Servers (Remote Access Service) and in the RADIUS (Remote Authentication Dial-In User Service) and management servers. Generally the main components of a network based on MAX TNT RAS servers are : the RAS Servers, Authentication, Authorization, Accounting and Management servers, as showed below. This kind of access network can provide different services like DIAL-UP access, ISDN access, tunneling access with L2TP (Layer 2 Tunneling Protocol), PPTP (Point-to-Point Tunneling Protocol) and others.
Read the Article
|
Is Your Personal Financial Information Safe? Practical Lessons in Quicken Password Vulnerabilities
This paper examines password encryption and authentication techniques applied to the file-level protection of personal documents and databases. As a practical example, I have researched protection schemes used by Intuit Corporation's Quicken software. This personal financial software contains information that most people would consider to be extremely sensitive. However, the password protection and encryption schemes that Quicken uses fail to provide the level of security that might be expected. I've found that the password protection used by Quicken is easily reversed with the purchase of a $30 password cracking application.
Read the Article
|
Securing Webmin with Tcp Wrappers and SSH Port Forwarding: A Practical and Economical Approach
This paper will detail the benefits of securing the Webmin product by using tcp wrapper and utilizing ssh port forwarding. Without these safeguards in place, the port utilized by the Webmin install is vulnerable to attacks and a nuisance during Nessus scans. This paper will specifically address securing the software and not the operational advantages or disadvantages of Webmin.
Read the Article
|
Using Chroot Securely
The chroot() function can be a powerful mechanism to secure your system, but only if used correctly. Anton provides a good foundation for implementing it in your programs and services running on your system.
Read the Article
|
A Primer on OpenVMS (VMS) Security
This is not a practical step-by-step guide to securing VMS; rather, it is an introductory primer on the security concepts and features that the operating system has. VMS system security is quite comprehensive and there exists numerous parameters and settings which would require a much more granular depth than the length of this paper would provide. The Compaq OpenVMS Guide to System Security manual listed in the List of References Section is the recommended reference for further examining VMS system security settings and how the reader may go about tailoring the security settings of their system in conjunction with their particular organizational needs or security policy. My aim therefore is to provide insight into such functionalities and to provide an overview.
Read the Article
|
Assessing Vendor Application Security: A Practical Way to Begin
The purpose of this paper is to establish a guide for targeting areas of potential concern to the business regarding the security of vendor developed applications that will be deployed in an enterprise environment. This paper is not intended to be a complete guide to assessing vendor applications, but will give the reader a roadmap for gathering relevant information about the proposed application, formulating directed questions to ask the vendor, determining where potential pitfalls may exist, and giving management feedback on security concerns that may influence the final purchasing decision.
Read the Article
|
Configuring Internet Explorer Security Zones: A New Tool for the Security Community
This paper will review the work of others in discussing the risks inherent in each of the active content technologies, and the very different ways in which they approach security. Then it will gather into one place all of the information that the author could find regarding the meanings and implications of all but one of IE's security zone settings. After that, we shall discuss Microsoft's System Policy Editor tool for Windows NT and how it could have been used to quickly and easily enforce users' IE security zone settings throughout an enterprise, had Microsoft only provided a policy editor template for the IE security zones. Finally (and admittedly somewhat belatedly) a template to do just that, written by the paper's author, shall be presented to the security community.
Read the Article
|
Database Security (Common-sense Principles)
So, let me begin this article with a brief synopsis of how security policies should be implemented and then move into actual system configuration.
Read the Article
|
Distributed Systems Security: Java, CORBA, and COM+
Security can have varying levels of difficulty for implementation. One factor in determining the difficulty is the number and distribution of the systems. With distributed systems architecture, there are different nodes and resources. One major issue with distributed systems is application security. There is the question of how security is handled in distributed applications, and how the client handles applications coming from an unknown source. The purpose of this paper is to examine three popular architectures for distributed systems applications and their security implications. The architectures analyzed are Java by Sun, CORBA by the OMG, and COM+ from Microsoft. Outstanding issues and future areas for research are considered.
Read the Article
|
