Friday, April 29, 2005

& This is why I use Anti-virus and Firewalls

 Jacques' Hack Attack

Spencer Kelly We're always telling you how important anti-virus and firewall software is for securing your home PC - the Internet is a dangerous place for unprotected PCs. Spencer Kelly met up with a reformed ex-hacker, who gave him a demonstration of just how much damage a worm or virus can do to your home computer.

video iconSee Spencer's Report : (Windows Media) Low | Medium | High / (Real Player) Low | Medium | High


Check out the video clip from BBC World, showing an ex-hacker at work. Seems way too easy altogether. 8 seconds and u are a goner !!!

Bottom line if u love ur pc u wud hav Antivirus and Firewall installed!

Free AntiSpyware's n Firewall's

Here’s a list of some of the best antispyware’s and firewall’s that too freeware !!!, get secure without spending green!


 AntiSpyware’s:

Microsoft Windows AntiSpyware
Microsoft Windows AntiSpyware is a new product from Microsoft, that is based on the former Giant AntiSpyware product. It detects and removes adware and spyware from your computer, and also features a ...
5 star rating for Microsoft Windows AntiSpyware   Freeware    More info & Download

KL-Detector
KL-Detector is designed to provide a way to find out whether your activity is being recorded with a keylogger application. It uses the fact that most keyloggers create a hidden log file on your hard ...
2 star rating for KL-Detector   Freeware    More info & Download

X-Cleaner Free
XCleaner is a privacy tool suite that detects and removes installed spyware and adware components and includes tools to securely delete files, edit the registry, disable startup programs and more. Ad ...
3 star rating for X-Cleaner Free   Freeware    More info & Download

SpywareGuard
SpywareGuard provides a real-time protection solution against so-called spyware. It works similar to an anti-virus program, by scanning EXE and CAB files on access and alerting you if known spyware ...
4 star rating for SpywareGuard   Freeware    More info & Download

Perfect Process
Perfect Process is a spyware/adware shield that protects your computer in real-time from more than a 1000 potential spyware and malware programs. The program can also connect to a network machine and ...
3.5 star rating for Perfect Process   Freeware    More info & Download

Spybot - Search & Destroy
Spybot - Search & Destroy is an adware and spyware detection and removal tool. This includes removal of certain advertising components, that may gather statistics as well as detection of various ...
 5 star rating for Spybot - Search & Destroy   Freeware    More info & Download

Aranea Spywizard
Aranea Spywizard is a adware and malware scanner that scans for various known Dialers, Popups, Toolbars, and other parasites. It performs a very fast registry scan that only takes a second, however ...
2.5 star rating for Aranea Spywizard   Freeware    More info & Download

Ad-Aware
AdAware is a privacy tool, that scans your memory, registry, hard, removable and optical drives for known data-mining, aggressive advertising, and tracking components. It then lists the results and o ...
4 star rating for Ad-Aware   Freeware    More info & Download

X-RayPC Spyware Process Analyzer
X-RayPC Spyware Process Analyzer is as a tool to assist expert spyware researchers in quicly analyzing a PC. It performs a quick scan of all active processes, auto-start programs, BHOs, and IE Downl ...
3 star rating for X-RayPC Spyware Process Analyzer   Freeware    More info & Download

Webroot SpyAudit
SpyAudit is a small tool that quickly scans your system registry and hard drive space for thousands of known spyware programs. The results are launched in your browser with detailed descriptions on ...
2.5 star rating for Webroot SpyAudit   Freeware    More info & Download

HijackThis
HijackThis is a tool, that lists all installed browser add-on, buttons, startup items and allows you to inspect, and optionally remove selected items. The program can create a backup of your original ...
3 star rating for HijackThis   Freeware    More info & Download

SpywareBlaster
SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It achieves this by disabling the CLSIDs of popular spyware ActiveX controls, and ...
5 star rating for SpywareBlaster   Freeware    More info & Download

Bazooka
Bazooka Adware and Spyware Scanner is a small and fast scanning engine that scans your system for more than 460 known spyware and adware installation. This includes keyloggers, activity monitors, Tro ...
2.5 star rating for Bazooka   Freeware    More info & Download

EMCO Malware Bouncer
EMCO Malware Bouncer is a malware removal utility that detects more than 4000 adware, trojans, worms, spyware and dialers. In addition it includes a special removal engine for Alexa Toolbar, HotBar, ...
2.5 star rating for EMCO Malware Bouncer   Freeware    More info & Download

XP-AntiSpy
XP-AntiSpy is a small utility to quickly disable some built-in update and authentication features in WindowsXP that may rise security or privacy concerns in some people. For example, there is a serv ...
3.5 star rating for XP-AntiSpy   Freeware    More info & Download


 Firewall’s:

ZoneAlarm
ZoneAlarm provides essential protection for Internet users. Combining the safety of a dynamic firewall with total control over applications Internet use, ZoneAlarm gives rock-solid protection agains ...
5 star rating for ZoneAlarm   Freeware    More info & Download

Sygate Personal Firewall
Sygate Personal Firewall is more than an advanced, user-friendly personal firewall -- it is a bi-directional intrusion defense system. Sygate Personal Firewall ensures your personal computer is comp ...
5 star rating for Sygate Personal Firewall   Freeware    More info & Download

Kerio Personal Firewall
Kerio Personal Firewall (KPF) is a software agent that builds a barrier between your personal computer and the Internet. KPF is designed to protect your PC against attacks from both the Internet, and ...
4 star rating for Kerio Personal Firewall   Freeware    More info & Download

Jetico Personal Firewall
Jetico Personal Firewall can protect your computer from outside attacks, as well as from malicious programs that are attempting to communicate with the outside. It offers three levels of protection ...
3 star rating for Jetico Personal Firewall    Freeware    More info & Download

NetVeda Safety.Net
NetVeda Safety.Net is an application firewall that offers inbound and outbound protection, as well as filtering, parental controls and email safety to protect you from hackers, worms, Trojans and in ...
4 star rating for NetVeda Safety.Net   Freeware    More info & Download

SoftPerfect Personal Firewall
SoftPerfect Personal Firewall is a rule based network firewall to protect your PC against incoming attacks from the Internet or the local area network. It offers rule based settings for packet filter ...
3 star rating for SoftPerfect Personal Firewall   Freeware    More info & Download

Filseclab Personal Firewall
Filseclab Personal Firewall is a personal firewall that allows you to control which programs can access the Internet and at what times. It offers an automated rules wizard that will prompt you for a ...
3.5 star rating for Filseclab Personal Firewall   Freeware    More info & Download

NetBoz Firewall
NetBoz is a burn-and-play network firewall, that boots from a CD-ROM and does not use a hard disk. You can make a firewall out of any old Pentium class PC with min. 64mb Ram. NetBoz provides a compre ...
0 star rating for NetBoz Firewall   Freeware    More info & Download

Look n Stop Lite
Look 'n' Stop Lite is a rule based firewall that allows you to filter all incoming traffic into your computer by setting up rules for individual ports and protocols. The firewall comes pre-configured ...
4 star rating for Look n Stop Lite   Freeware    More info & Download

Thursday, April 28, 2005

Install AD\AM !

Install AD\AM, the Secure Windows LDAP ServiceMicrosoft introduced a portable, scalable, and secure Lightweight Directory Access Protocol (LDAP) database based on their Network Operating System (NOS) Active Directory (AD). This service is called Active Directory [surprise, surprise] Application Mode, or AD\AM for short. AD\AM is a very simple, yet powerful, LDAP service you can use to handle authentication for your online applications, without requiring a full-blown NOS directory.

Why Use AD\AM?
AD\AM is a LDAP database that is primarily used to store users, groups, and other objects that represent organizations or other associations. It allows you to easily implement security within your applications, without having to write a huge amount of validation or user management code.

AD\AM provides the following capabilities, which separate it from AD:

  • Simple backup and recovery – AD\AM uses a single .dit file, which contains all the database information.
  • Easy installation and clean uninstall – It doesn't require you to have DNS working nor to install additional components on a server.
  • Extended support for X.500 directory naming rather than just DNS directory-style naming.
  • Effortless schema extensions without impacting on production Active Directory environments.
  • Free download from Microsoft – AD\AM itself does not have a license cost associated with it.
  • Can run multiple instances on the same machine (similar in concept to multiple instances of SQL Server 2000).

AD\AM has a number of great features that make it perfect for an online authentication system:

  • Password Policies – AD\AM provides the ability to ensure that a user's password meets certain complexity requirements (e.g., number of characters, case, alpha-numeric, etc.). Have you ever tried to write that code? What a pain!
  • Encrypted password store – AD\AM uses the same password encryption store as Active Directory, and as such, passwords cannot be reverse-engineered (unless you store them in reversible encryption).
  • Ability to use Active Directory authentication for internal users – AD\AM can pass off the authentication to Active Directory, allowing AD to authorize internal users to use the online application.

AD\AM has the ability to scale out in proportions similar to Active Directory. So given all the great things about AD\AM, what are its limitations?

  • AD\AM installs only on Windows XP (SP1 or above), Windows Server 2003 Standard, Enterprise, and Data Center Editions, but not on Windows 2000 (any edition) or Windows Server 2003 Web Edition.
  • For Windows XP, the AD\AM install is a limited release. You are limited to 10,000 objects within the AD\AM instance.
  • AD\AM currently does not have complete integration with Microsoft's Authentication Manager (nick-named AZMan). However, this is reportedly cleaned up in SP1 for Windows 2003 (no promises though!).
  • AD\AM has no capabilities for Kerberos. If you wish to use Kerberos, you need to implement Active Directory (and probably not over the Web!).
  • Pass-through (or user-proxy) authentication requires domain membership.

 AD\AM comes in six different flavors. When you download AD\AM, be sure to select the correct version for your requirements.

File NamePlatformDownload LinkFile Size (Bytes)
AdamMUIia64.msi64-bitAdamMUIia64.msi3,574
AdamMUIx86.msi32-bitAdamMUIx86.msi9,880
ADAMredistIA64.exe64-bitADAMredistIA64.exe10,895
ADAMredistX86.exe32-bitADAMredistX86.exe8,467
ADAMretailIA64.exe64-bitADAMretailIA64.exe10,891
ADAMretailX86.exe32-bitADAMretailX86.exe8,463

You can review the information about the individual downloads from the Microsoft AD\AM download site.

People who mistype 'Google.com' !!!

Scheme preys on people who mistype 'Google.com'

Security researchers have discovered an attack aimed at would-be visitors to Google.com, one that attempts to download malicious programs onto the computers of people who simply mistype the search giant's Web address.

According to security specialist F-Secure, unsuspecting Web surfers may be bombarded with various types of Trojan horse threats, spyware and backdoors when they go to "Googkle.com." The scheme is meant to take advantage of sloppy or hurried typists, given that on most keyboards the letter "k" key sits next to the "l" needed to type "Google."

    Google representatives said the company had no comment on the matter for the time being. In the past, the company appears to have made moves to protect its users against mistyping errors. If a person puts an extra "o" in Google's URL, they are simply redirected to the company's homepage. On the other hand, if someone mistakenly adds a fourth "o" to Google, they are directed to USseek.com, a Web portal that offers pop-up advertising for an online casino.

In an advisory, F-Secure strongly advises people not to go to Googkle.com. People who do so will see two pop-ups linked to Web sites that install the Trojan programs. One of the programs is a phishing-style Trojan that attempts to garner individuals' online banking information, while another drops phony antivirus alerts on the victim's desktop that attempt to lure people to other infected Web sites.

While relatively low-tech in terms of its social engineering, the URL mistype attack is an approach that has long been incorporated by many different kinds of Internet opportunists, from legitimate companies trying to steal traffic from their rivals or simply piggyback on the success of larger companies, to criminals looking to misrepresent themselves and trick consumers into handing over personal data. In one of the most famous instances of URL deception, the site hosted at Whitehouse.com for several years was an advertisement for pornography, not a link to the office of the president, whose official site is Whitehouse.gov.

Monday, April 25, 2005

TIPS: Building Secure Web Applications - ASP.NET

Security is the matter of the moment now! Building secure web applications is an integral part of today's web development owing to the alarmingly increasing number of hacking threats.

Some of the key things to keep in mind while building secure web applications are

1. Never expose open SQL Statements in your Code.

A statement "select username from users where username='"+ txtUserName.txt +"' and password ='" + txtPassword + "' "

can be easily hacked by a malicious user to read as follows:-
select username from users where username= ' ' OR ' '='' AND password= ''OR ''=''

The above statement will compare "nothing" to "nothing" which will always return True. This will authenticate the user and fetch the first username in the table.
To avoid such type of hacking always use Stored Procedures which are much secured and also good in Performance.

2. Always switch On Custom Errors in the web.config. They are friendly when switched off, only to us and not friendly when viewed by users. Make sure once you go for deployment, to make it either RemoteOnly or On

An ASP.NET Detailed error page can provide the exact error such as, where the application broke and if due to a SQL End problem, straight away can expose the TableName and thus the DB Structure.

Therefore, always use Custom Errors and take the users to a page which tells "Sorry for the Inconvenience..." once an error occurs in your application.

3. Validate all data received as input from the clients. A search textbox which gets search text from the user can very well prove an excellent source for a hacker to embed his SQL Statements, Scripts.

Therefore, ensure you turn the ValidateRequest="True" at the Page directive or do it at the web.config level. Also, validate if the text entered contains any statement like SELECT, DELETE etc., before processing the information.

4. Never use sa username for your DB Connection String. Its most vulnerable and can be compromised with. Always use a custom Username and Password to access the database from your application.

5. Never store Passwords in your Database as plain text. Hash them or encrypt them to make them secured. Also, sending the password by Email is another source of security threat.

There are many more secure strategies which when followed provide a safe environment for your applications and perhaps can save a Bad Day for you due to hacking.

via Harish

Building Secure Web Applications using ASP.NET 2.0 ("Whidbey")

In .NET Framework 2.0 ("Whidbey"), ASP.NET has undergone a lot of enhancements. Building secure web applications is one of the aspects that deserves good attention. There are many new features introduced such as Login Control, Membership API and Personalization API which helps in increasing the productivity of developers.

In .NET 1.1, you can leverage the Forms Authentication to take your anonymous users to the login page. The "Login Page" is your call and you need to code the logic for validating a user against his credentails. Now, you dont need to do it in 2.0. Microsoft has provided cool features like Login Control which you can just drag and drop! and use it for validating your users. It has provided controls for Creating, Modifying, Assigning roles and deletion of users. All of this without you writing single code.

In .NET 1.1, Forms Authentication works on Cookie based scenarios. This has been changed and in 2.0, Forms Authentication woirks for both cookie based and cookieless scenarios. So, your .NET 1.1 code will work very well when moved to 2.0 Framework.
For Cookie based scenarios, it will work the same as earlier and for Cookie Less Scenarios, the Cookie information is encrypted and attached as a querystring value to the URL. Its a long chunk of characters which determine the User's identity and validity.

The Membership API, allows you to manage users effectively, without writing a single line of code. There is also a Website Administration Tool, which comes automatically and from there you can do a website administration for your applications.
In general, the focus has been towards increasing the developer's productivity and automating the plumbing work done which earlier, had to be done manually.
For more information check ASP.NET 2.0

via Harish

Tuesday, April 19, 2005

Object Level Security Auditing ( Target only what is required in Auditing )

 Its no big secret that Windows Server 2003 allows you to perform auditing in fine granular detail. The only problem is that if you audit too many events, your audit logs will be huge and looking for a specific event in the security logs will be like looking for the proverbial needle in the haystack. Because of this, I always recommend that organizations audit only the events that would most likely reflect a security breach or an attempted security breach. These events usually consist of logon failures, account management successes and failures, and successful or failed policy changes. These and other common events can easily be audited by enabling the appropriate audit option within the group policy.

More...

Monday, April 18, 2005

The Definitive Guide to Securing Windows in the Enterprise.

Complete eBook Now Available!
 

The Definitive Guide to Securing Windows in the Enterprise, written by industry expert Don Jones, introduces often-overlooked areas of Windows security and provides practical advice for handling them. In addition, the guide explores tools and techniques that can overcome possible Windows shortcomings and missing capabilities to help you to develop a more comprehensive, detailed, and functional security plan for any Windows enterprise.

Get the book.
        Happy Readin...

DNS Server Security!!!

     As you probably know, the Active Directory is completely dependant on the DNS services. However, DNS was originally designed as a mechanism for resolving host names into IP addresses on the Internet. Although the task of resolving host names on the Internet is procedurally very similar to the task of resolving host names for the Active Directory, the fact is that the DNS services were not originally intended to handle the demands of an Active Directory environment.

DNS has traditionally been a static mechanism. In an Internet environment, a DNS Server’s records (for which the server is authoritative) only change when an Administrator adds, deletes, or modifies a record. This usually only happens if a new domain name is registered, a server changes IP addresses, a domain name is relinquished, or in other similar situations.

By comparison, Active Directory environments are much more dynamic. Any time that a new workstation or server is added to an Active Directory domain, a corresponding DNS entry must be created that associates the PC’s name with it’s IP address. The problem is that DHCP servers are commonly used to dynamically assign IP addresses to workstations. This means that a workstation’s IP address can change on a frequent basis. To keep the Active Directory functioning correctly, the DNS record that corresponds to a machine must be updated every time that the machine’s IP address changes. Since this would be nearly impossible for an administrator to keep up with manually, Microsoft includes dynamic DNS services with Windows servers.

In a traditional DNS environment, only the Administrator makes changes to DNS servers. In a dynamic DNS environment however, every workstation on the entire network has the authority to make changes to the DNS server’s record set. The trick is therefore to prevent changes from being made to DNS records that might be incorrect or malicious.

Microsoft solved this problem by designing the DNS services so that they supported multiple zone types. A normal DNS server supports primary, secondary, and stub zones. A Windows based DNS server supports these same types of zones, but gives you the option of creating Active Directory integrated zones (assuming that the DNS services are running on a domain controller).


For the most part, an Active Directory integrated zone functions similarly to a zone that isn’t integrated into the Active Directory. The main difference is that an Active Directory integrated zone stores its records within the Active Directory rather than in a zone file. This allows zone information to be portable, but there is a more important reason for the Active Directory integration.

A traditional DNS server does not maintain any type of zone security. By moving zone information to the Active Directory, it becomes possible for Windows to associate an access control list (ACL) with the zone. Of course, all of this happens behind the scenes when you initially setup Active Directory. Windows automatically configures the ACL so that authenticated users have the Create All Child Objects permission. This allows a DNS entry to be created when a workstation comes online (assuming that the entry doesn’t already exist), without giving users sufficient rights to do anything destructive. Domain Admins, Enterprise Admins, and Domain Controllers have higher levels of access that allow full DNS management.

The reason why it is important to know about this is because Windows allows you to convert an Active Directory integrated zone into a non Active Directory integrated zone, and visa versa. Granted, this isn’t exactly something that you would do on a daily basis, but converting to a non Active Directory integrated zone allows zone information to be exported to a file. This is a common requirement in DNS related disaster recovery scenarios. When you convert an Active Directory integrated zone into a non Active Directory integrated zone, Windows removes the zone’s ACL. This means that there is no longer any security protecting the zone.

As I mentioned earlier, you can convert a zone into an Active Directory integrated zone. If you do this and your DNS Server is running Windows Server 2003, then the ACL is automatically reconstructed (with default values). However, there is a bug in Windows 2000 Server that causes the ACL not to be created if a zone is converted into an Active Directory Integrated zone. Therefore, if your DNS server is still running Windows 2000, it might be worth your while to check out your zone’s ACL to make sure that it isn’t empty. To do so, just right click on the zone within the DNS console and select the Properties command from the shortcut menu. The zone’s ACL is located on the Security tab.

Good read, via msd2d.com

Differences Between IDS and IPS

"An interesting article explaining differences between IDS n IPS..."

With the rapid increasing of internal threats, and those that easily bypass traditional perimeter security defenses, organizations must think about security beyond the perimeter. To meet these demands many organizations have looked to Intrusion Prevention Systems (IPS) and Intrusion Detection Systems (IDS). While IPS and IDS are an important feature in a layered security deployment, products falling under these categories only partially address the unique requirements of internal networks.

IPS and IDS originally were designed to address requirements lacking in most legacy firewalls and traditional perimeter defense systems. IDS solutions are typically used to monitor potential intrusions after the fact, and IPS solutions are focused on identifying and blocking attack traffic. IPS's inherited from their IDS predecessors both a reliance on reactive signatures to detect attacks and an orientation for perimeter security. While both systems play a critical role in preventing external attacks, neither is prepared to completely protect an organization from internal threats.  Read more...

Sunday, April 17, 2005

Microsoft Security Risk Self-Assessment Tool (MSRSAT)

 Download the Microsoft Security Risk Self-Assessment Tool (MSRSAT) and install it on your computer to obtain information and recommendations about best practices to help enhance security within your information technology (IT) infrastructure.
This application is designed to help organizations with fewer than 1,000 employees assess weaknesses in their current IT security environment. It will help identify processes, resources, and technologies that are designed to promote good security planning and risk mitigation practices within your organization.

My Views:

" One can see great effort put in Compilation of this tool "

" Would have been great if baseline security analyzer was integrated with it! "

" It lets you compare your scores against the scores of others in your industry! "

>> In an all a good security assesment tool for your organization!

 

< Download: 3.4 MB, Requires  .NET Framework 1.1 >

Secure your Applications!



Developing secure software is the MANTRA of today's developers. Security is through out the software development lifecycle (SDLC), and not alone Development. Starting from Design, through development, to testing and deployment, a multi-disciplinary approach must be taken to deliver a quality Secure software product!

Application Security Assurance Programs (ASAP) helps you to ensure that IT assets are fully secure and compliant with privacy directives.

Check out the Webcasts and other Links for more information on how to secure your application:

via ARUN

Saturday, April 02, 2005

SSL Diagnostics Version 1.0 (x86)

A common problem for administrators of IIS servers is configuring and troubleshooting SSL enabled websites. To assist in administrators efforts, Microsoft has designed a tool - SSL Diagnostics - to aid in quickly identifying configuration problems in the IIS metabase, certificates, or certificate stores.

This tool allows users to review configuration information in a easy to read view mode or to run the tool silently with only the creation of a log file. During use, administrators can simulate the SSL handshake to find errors. They can also quickly "hot swap" certificates for testing purposes.

These packages come in two forms: Express and Full. The express will only give the pertinent tools for administrators to use SSL Diagnostics while full install installs the same files with the appropriate documentation. Included in the full install is a SSL Frequently Asked Questions that can assist in the learning of SSL for administrators.

Friday, April 01, 2005

Windows Server 2003 Service Pack 1

Windows Server 2003 SP1 provides enhanced security, increased reliability, and simplified administration to help enterprise customers across all industries.

You can find in-depth technical information about Windows Server 2003 SP1 at the Windows Server 2003 TechCenter on TechNet.

You can get Windows Server 2003 SP1 by downloading the service pack or by ordering the CD.

Related Links:

# via MVP Jubo