Call for papers
SecurityFocus ( www.securityfocus.com ) is currently accepting submissions for new Infocus articles. We would like to extend an invitation to security researchers, authors and academics for submissions on topics of interest to the security community. Submissions should include a short summary along with the author's name, email address and contact information. All submissions should be in MS Word format and should be sent to: firstname.lastname@example.org
A new way to bypass Windows heap protections
This paper looks at a new way to bypass Windows heap protections on Windows XP SP2 and Windows 2003.
Windows Syscall Shellcode
This article shows how shellcode can be written and executed on a Windows host without using any native API calls at all.
Securing Exchange With ISA Server 2004
This article will highlight the security issues involved with providing Outlook Web Access or full Outlook client connections over the Internet, and then discuss how Microsoft's new ISA Server 2004 can be configured to mitigate these threats.
Deploying Network Access Quarantine Control, Part 2
This article discusses Network Access Quarantine Control in Windows Server 2003, which allows administrators to quarantine mobile users and verify their security posture before giving them full access to the network. Part 2 of 2.
Deploying Network Access Quarantine Control, Part 1
This article discusses Network Access Quarantine Control with Windows Server 2003, which allows administrators to quarantine mobile users before giving them full network access, by first ensuring these machines are up-to-date according to a baseline security model.
Automating Windows Patch Mngt: Part III
The final installment of this series discusses two alternative, low cost tools to manage the application of patches to Windows systems, and also provides information on the upcoming, revised Software Update Services (SUS) from Microsoft.
IIS 6.0 Security
This article discusses the major default configuration and design changes incorporated in IIS 6.0 to make it a more secure platform for hosting critical web applications.
Automating Windows Patch Mngt: Part II
In this segment of the Windows Patch Management series, you'll learn what happens on the client computers when SUS is active, how to monitor the client's patching activities, and how to fix or work around some common problems.
Automating Windows Patch Mngt: Part I
This article, the first in a three-part series, discusses Microsoft's Software Update Services (SUS) in depth, including installation, administration, and maintenance.
IIS Lockdown and Urlscan
This article discusses two important tools provided by Microsoft, IIS Lockdown and Urlscan, that target significant security-related configuration problems for IIS versions 6.0, 5.0, and earlier.