IT Answers » Vulnerability Assessment & Audit

Website monitoring suggestions?

NewnanIT — Thu, 16 Dec 2010 21:21:55 +0000

Question Edited by MTidmarsh

Security advisories

Michael Morisy — Thu, 24 Sep 2009 14:50:34 +0000

Does a security research firms track record of vulnerabilities and exploits published make you trust them more, or more likely to hire them?

Shares Baseline Security Information

ITAudit — Fri, 05 Aug 2005 06:02:19 +0000

Hello,

I use the Microsoft Baseline Security Analyser 2.0 to retrive information about shares in some local servers.

I can not understand the diference between the information give in the report, about authorizations in the column Share ACL and Directory ACL.

If some one can help me,

Thank you
PPG

aaa authorization ?

EngineerIT — Fri, 22 Jul 2005 09:45:56 +0000

Which of the following authorization commands are valid? (we have to choose 2 correct)

A. aaa authentication exec home radius
B. aaa accounting exec home radius
C. aaa authorization default none
D. aaa authorization exec home radius
E. aaa authorization network default enable
F. aaa authorization network default local

IM Blocking and URL Filtering

EngineerIT — Thu, 07 Jul 2005 03:18:13 +0000

We have Pix515E which is gateway to Internet.
We also got IWSS Proxy(Trend Micro) along with URL filtering module.
Domain users get directed to IWSS proxy (GPO settings) and restrictions about URL filterings can be imposed as per company’s policy.
Those users who are not on the domain, they can not get GPO settings and they do not get IWSS as there proxy. Hence they can browse any site they want.
My question is how to restrict the browsing for those users who are not on the domain.
Is it possible to redirect all HTTP traffic to IWSS to check before it is out?
Or is there any other way to solve this issue?

2nd MAJOR problem is: blocking MSN messanger and Yahoo messanger in the company’s network….
If we are blocking one particualr port, it still works…
MSN messenger to be blocked for domain users and for other users who are not on the domain.

Certificates

TheVyrys — Wed, 29 Jun 2005 11:45:40 +0000

I am pretty new to the 2003 Microsoft world, but I am NT 4 MCSE.
My setup:
2 W2K3 DC’s
1 Exchange 2K3 member server
1 W2K3 member server–web server
about 60 users–single domain

some of my users want to use Outlook Web Access to get their mail from home (approx. 10-15)

Everything is set up and running fine.
My question is, do I need Certificates to be secure? with this small amount of users it hardly seems necessary, but being new to the 2003 world, I just don’t know.
If I do need certificates, can I do them myself without ANY other vendors involved?

Thanks to all of you for helping us and each other out…this is a great website.

Files and directory access loging

Zbanoon — Tue, 28 Jun 2005 12:51:20 +0000

one of my clients is asking about a daily report contains all files and directories accessed every day and who is accessing it (time and mode:delete ,read ,write.) on a spicific share.
so i tried using a script to filter out all events regarding files access but that looks time consuming method .
so please if any one have a better idea or a software name.

ping from outside

Redrose — Fri, 13 May 2005 00:51:35 +0000

hi,
could you please tell me which command in cisco routers prevent them from being ping from outside networks. and also how can i prevent terminals inside a network to ping outside ips(group policies etc??).

thanks

Data vs. perimeter vs. network security

RobynLorusso23 — Wed, 04 May 2005 16:36:33 +0000

A short time ago, author Wes Noonan wrote some tips for SearchWindowsSecurity.com about deperimeterization. He explained how security is always pitted against business needs, and perimeters have become porous because businesses require traffic from SMTP, HTTP or VPNs to pass through the firewall. He then offered techniques for keeping data safe in spite of the activity at your perimeter.

I realize you have a variety of options when it comes to choosing a Windows line of defense, but I’m trying to get a sense of how many people actually lock down Windows at the data level. Do you invest most of your protection efforts at the data, perimeter or network level? What measures do you take to keep your Windows data secure even if the perimeter is compromised? Do you have data protection plans or products in place?

Another issue is that networks and applications are often treated as separate entities that never interact. This may be because they have different people maintaining them, unique security policies, etc. Is this the case in your shop?

I’m collecting this information for possible technical tips or a trends article on SearchWindowsSecurity.com.

Thanks for your time and attention. I hope to hear from you soon.

Best regards,
Robyn Lorusso
Editor
SearchWindowsSecurity.com

http://searchwindowssecurity.techtarget.com/

Is Windows security an afterthought?

RobynLorusso23 — Tue, 19 Apr 2005 15:00:40 +0000

As the editor of SearchWindowsSecurity.com, I often speak with users about their Windows security responsibilities. One senior systems analyst in particular sent me an interesting note recently… To give you some background, he’s in charge of configuring and administering desktop systems (primarily Win2000 and XP)for a large company, and he developed many of the security policies and procedures in place for those desktops. However, even with those seemingly important tasks on his plate, he said he took over Windows security only because no one else had.

He specifically said: “I ended up taking over the security functions because no one else was looking after them. I’ve learned a lot (enough to know there’s so much more to learn), earned my CISSP and started specializing in MS Windows security. I never really set out to do that though.”

Does this sound familiar to you? Were you recently or temporarily assigned Windows security responsibilities because they weren’t being handled? Did you choose to take over Windows security on your own? How long have you been working at it, or plan to?

Any feedback is appreciated. I will include comments in a story for SearchWindowsSecurity.com. I’m just trying to get a sense of how people got into the Windows security field, how long they’ve been in charge of securing Windows systems and if they plan to stay there.

You may contact me publicly or privately. Thanks for your time and attention!

Best regards,
Robyn Lorusso
Editor
SearchWindowsSecurity.com

http://searchwindowssecurity.techtarget.com/