Call for papers
SecurityFocus ( www.securityfocus.com ) is currently accepting submissions for new Infocus articles. We would like to extend an invitation to security researchers, authors and academics for submissions on topics of interest to the security community. Submissions should include a short summary along with the author's name, email address and contact information. All submissions should be in MS Word format and should be sent to: firstname.lastname@example.org
MRTG for Intrusion Detection with IIS 6
This article explains how to use a Multi Router Traffic Grapher (MRTG) to see the big picture of your network traffic and to help visually spot attacks.
Forensic Log Parsing with Microsoft's LogParser
The purpose of this article is to demonstrate log file forensics for IIS using SQL queries with Microsoft's LogParser tool.
Auditing Web Site Authentication, Part Two
This is the second part of a two-part series discussing a standard audit procedure consisting of a list of questions to test Web site authentication schemes.
Auditing Web Site Authentication, Part One
This is the first part of a two-part article discussing a standard audit procedure consisting of a list of questions to test Web site authentication schemes.
Remote Desktop Management Solution for Microsoft
One of the many challenges facing Microsoft administrators is how to manage remote systems in a secure manner? In the world of the UNIX the answer is quite simple: using the SSH protocol. Unfortunately, providing secure remote access to MS Windows systems is not as easy. This article will describe the universal method of remote management that can be used to manage almost all versions of MS Windows: from Windows 95 up to XP.
Exchange 2000 in the Enterprise: Tips and Tricks Part Three
This is the second installment in a two-part series on securing Exchange 2000 in the enterprise. The last segment addressed the security ramifications of publishing mail content to the Internet via Outlook Web Access. This installment will discuss configuring IPSec between front-end and back-end OWA Servers as well as headers.
Exchange 2000 in the Enterprise: Tips and Tricks Part Two
This is the second installment in a two-part series on securing Exchange 2000 in the enterprise. In the first part, we finished up building a messaging infrastructure that handled many of the issues mail administrators must contend with. This segment will address the security ramifications of publishing mail content to the Internet via Outlook Web Access.
Exchange 2000 in the Enterprise: Tips and Tricks Part One
In this two-part article we will discuss an alternate configuration in which we will utilize Microsoft's Internet Security and Acceleration (ISA) Server, a third party SMTP Gateway (Trend Micro's Internet Messaging Security Suite) and Exchange 2000. This sort of configuration is flexible enough to be used in smaller installations that do not use a DMZ, or as part of the DMZ configuration itself.
Microsoft Baseline Security Analyzer V1.1
Earlier this month, Microsoft released version 1.1 of the Microsoft Baseline Security Analyzer (MBSA). This article will offer a brief overview of MBSA.
Secure Programming with .NET
At the core of Microsoft's .NET initiative is the goal of interconnecting businesses, users, applications, and data. In this article, we will provide an overview of .NET framework security features and provide practical tips on how to write secure code in the .NET framework. More importantly, we will discuss which pitfalls to avoid.