@CyberForge
 Live Well. Laugh Often. Love Much.

Last Updated: 2/22/2004; 6:08:50 PM.


 Thursday, June 19, 2003

Microsoft Product and Technology Security Centers and Security Topics

I was browsing TechNet today and came across these Product/Technology specific Security Centers where you can ".. get in-depth information information about implementing and maintaining security on your server or network."

In addition, there is also a list of Security Topics where you can "... find in-depth information on security issues"
Enjoy!

9:19:03 PM     Comment
  


Good Name

"Regard your good name as the richest jewel you can possibly be possessed of - for credit is like fire; when once you have kindled it you may easily preserve it, but if you once extinguish it, you will find it an arduous task to rekindle it again. The way to gain a good reputation is to endeavor to be what you desire to appear."
[Socrates]

8:40:32 PM     Comment
  


Hacking Bluetooth

... the range is short (2 meters roughly), but how long of a range do you need on a crowded subway? The fine folks at @Stake have released the first known tool specifically targeting Bluetooth. Dubbed "RedFang", the tool is merely a brute-force method of discovering non-broadcasting BT devices. In most cases, the fact that the device is not broadcasting its address is the sole security enabled from the factory, and with RedFang, you can blow right past that. Take for example, the Compaq iPaq, that is set to share out its entire storage subsystem to anyone who knows the Bluetooth address. The article about the project is up on SecurityFocus. It's an interesting read, albeit short. I think we're about to see a big push to test the various security options of Bluetooth. Bluetooth can be secured rather effectively, but we're seeing a lot of implementations that are insecure right out of the box. Have we learned nothing from the "Secure by default" debates?
[bmonday(dot)com]

Scary, considering that a lot of folks synch up their business and personal email as well as contact information and notes with their Bluetooth enabled mobile device without giving any consideration to security. With Microsoft jumping on the Bluetooth bandwagon as well, this technology is poised for wider adoption, which means security needs to be addressed ASAP.

5:47:53 PM     Comment
  


Securing Wireless Networks

There was a question recently posed on one of the security mailing lists that I am on about how best to secure Wireless networks.  If you are looking for a Microsoft solution, do check out the following Patterns and Practices guide:

Microsoft Solution for Securing Wireless LANs
http://go.microsoft.com/fwlink/?LinkId=14844

"The Securing Wireless LANs solution provides Planning, Implementation, Operations and Test guides, as well as additional resources including installation scripts, security templates, monitoring scripts, and implementation planning resources.

This solution provides an overview of Microsoft's Solution for Securing Wireless LANs. The solution focuses on Microsoft's approach of using 802.1x authentication, RADIUS and public key infrastructure (PKI) to provide a robust, highly secure answer to the problems of current wireless LAN deployments for organizations ranging from several hundred to many thousand users. It will aid the IT Professional in understanding the design, installation, and ongoing management tasks involved. Topics include: secure authentication of wireless clients using 802.1x, EAP-TLS and Internet Authentication Services, tackling weaknesses in WEP, deploying a PKI with Microsoft Windows Server 2003 Certificate Services, integration with Active Directory and Group Policy, configuration of Windows XP clients, and monitoring and management of these components."

12:02:39 AM     Comment
  


 
© Copyright 2004 Anil John. All rights reserved.
The above are solely my opinions and do not represent the thoughts, intentions, plans or strategies of anyone else, including my employer.