Call for papers
SecurityFocus ( www.securityfocus.com ) is currently accepting submissions for new Infocus articles. We would like to extend an invitation to security researchers, authors and academics for submissions on topics of interest to the security community. Submissions should include a short summary along with the author's name, email address and contact information. All submissions should be in MS Word format and should be sent to: firstname.lastname@example.org
Maintaining Credible IIS Log Files
IIS logs are often the primary evidence used to track down Web intruders. But what would happen if the credibility of your IIS logs was challenged in court? What if the defense claimed the logs were not reliable enough to be admissible as evidence? This article will offer advice on how to maintain the credibility of IIS log files.
Remote Management of Win2K Servers: Three Secure Solutions
Remote management of servers presents several problems, the most obvious being that the traffic between the administrator and the server is travelling across the public Internet, available for others to sniff. This article will discuss three methods to make the remote management of Win2K servers more secure.
Windows ICF: Can't Live With it, Can't Live Without it
Windows ICF (Internet Connection Firewall) is the built-in firewall in Windows XP. For this article, we put ICF into the lab and set our security penetration testers loose at it to see how good it is. In this article, we will give an overview of ICF, see how ICF performs under a simulated attack, and discuss the pros and cons of ICF.
Twenty Don'ts for ASP Developers
Thinking securely is often an unnatural transition for programmers. After years of learning how to make things easy for users, you must now consider how to make things hard for hackers. As you balance features, schedule, and budget, you must also keep hackers from using your code against you. While there is much to do when building a secure Web application, you can at least start with these twenty things you shouldn't do.
It's virtually impossible to build bug-free, vulnerability-free software. This article will provide a brief overview of some of the key issues of secure coding, including some common software development mistakes, a list of best practices for secure coding, and a list of resources that will aid in your quest to build more secure software.
XP Professional Security Features: An Introduction
This article will offer an overview of the security features that are available in Microsoft XP Professional. This is not intended to be exhaustive dissertation of all the new features in XP; rather, the purpose is to highlight some of the new security features found in the product, and to provide those still considering an upgrade to XP with some insight into how doing so can help them administer their network.
Securing Microsoft Services
To master Windows security, administrators must master Windows services. They must understand how services work, how they are exploited and how services are secured. This article will give readers the how-tos of Windows services.
Securing Exchange 2000, Part 2
This is the second installment in the two-part series on securing Exchange 2000. This article will focus on secure configuration and administration of Exchange 2000, including locking down Exchange, and an analysis of some publicized vulnerabilities.
Securing Windows 2000 Communications with IP Security Filters, Part 2
This is the second part of a two-part series on implementing Windows 2000 IP Security filters. In the first article, we offered an overview of IP security policies, including defining, testing, and expanding IP security policies. In this installment, we will be discussing encryption of Windows systems and implementing IP security filters.
Active Directory and Linux
Although Linux has a perfectly good directory-based authentication system (OpenLDAP), it may be desirable on some sites to authenticate Linux users against a Microsoft Windows 2000 server. This article discusses the use of Microsoft's Active Directory as an authentication service for Linux systems.