Writing an Effective Security Policy (Part 2)
How to write an effective security policy, covering elements of technical controls that should be found in the majority of policies in the world of PCI DSS, SOX, Euro SoX, Hippa and ISO 127001.
WindowSecurity.com
WindowSecurity.com provides Windows security news, articles, tutorials, software listings and reviews for information security professionals.
10 mars 2010 : It's Time to Get Smart About Smart Phone Security
Taking a deep dive into smart phone security.
4 mars 2010 : Quick Guide to Troubleshooting Group Policy Security Settings
Some tips on tools, commands, and other tips you can use to try and ensure that your GPOs and their security settings are applying correctly.
25 février 2010 : Acunetix Web Vulnerability Scanner - Voted WindowSecurity.com Readers' Choice Award Winner - Web Application Security
Acunetix Web Vulnerability Scanner was selected the winner in the Web Application Security category of the WindowSecurity.com Readers' Choice Awards. Defiance Threat Management System and N-Stalker Web Application Security Scanner were runner-up and second runner-up (...)
17 février 2010 : Video: Setting up Subscriptions for Event Log Forwarding
This video explains the process of setting up subscriptions for Event Log forwarding.
10 février 2010 : How I Cracked your Windows Password (Part 2)
Going through the process of cracking passwords with different free tolls whilst providing tips for defending your password from being cracked.
3 février 2010 : Is Internet Explorer Inherently Insecure?
Taking a look beyond the sensationalized headlines about IE browser security whilst asking whether switching will really keep you safe from attack.
28 janvier 2010 : Authenex ASAS - Voted WindowSecurity.com Readers' Choice Award Winner - Authentication & Smart Cards
Authenex ASAS was selected the winner in the Authentication & Smart Cards category of the WindowSecurity.com Readers' Choice Awards. Aladdin eToken and Smart Enterprise Guardian were runner-up and second runner-up respectively.
27 janvier 2010 : Configuring Advanced IE Settings Using Group Policy
What is involved in the Advanced Security settings in IE and how best to configure each one.
20 janvier 2010 : How I Cracked your Windows Password (Part 1)
How Windows creates and stores password hashes and how those hashes are cracked.
13 janvier 2010 : Securing the Intranet in a World of Digital Natives
How securing a network in this new user environment differs from the old model and why it may be beneficial to change some longstanding policies and training methods to adapt to the natives.
6 janvier 2010 : Product Review: GFI WebMonitor 2009
This article reviews the capabilities and features of GFI WebMonitor 2009, an integrated Web security, monitoring and Internet access control product from GFI Software.
23 décembre 2009 : Admin Report Kit for Windows Server (ARK) - Voted WindowSecurity.com Readers' Choice Award Winner - Network Auditing Software
Admin Report Kit for Windows Server (ARK) was selected the winner in the Network Auditing Software category of the WindowSecurity.com Readers' Choice Awards. GFI LANguard and Altiris SecurityExpressions were runner-up and second runner-up (...)
16 décembre 2009 : The Anatomy of a Null Attack
Taking a look at the anatomy of a null session attack, how it works and how to prevent it from happening to you.
9 décembre 2009 : VIDEO: Securing USB Thumb Drives with BitLockerToGo
The process of securing USB Thumb Drives and Hard Drives using BitLockerToGo utility.
2 décembre 2009 : Securing your Multi-Platform Network
A guide to securing your multi-platform network.
26 novembre 2009 : Menlo Logic AccessPoint SSL VPN Software - Voted WindowSecurity.com Readers' Choice Award Winner - VPN Software
Menlo Logic AccessPoint SSL VPN Software was selected the winner in the VPN Software category of the WindowSecurity.com Readers' Choice Awards. Astaro Security Gateway and Check Point VPN-1 Power were first runner-up and second runner-up (...)
25 novembre 2009 : Endpoint Encryption - Is BitLocker Enough?
The strengths and weaknesses of BitLocker and how seriously organizations need to take encryption.
18 novembre 2009 : VIDEO: Securing Windows 7 desktops with AppLocker
This video explains of the process of securing Windows 7 desktops using AppLocker utility.
11 novembre 2009 : Microsoft Azure: Security in the Cloud
What Microsoft is doing to address the biggest cloud security hot spots.
4 novembre 2009 : Top 10 Windows Security Configurations: Where and How! (Part 3)
The final installation on Derek Melber's top 10 security configurations.
29 octobre 2009 : Nessus Security Scanner - Voted WindowSecurity.com Readers' Choice Award Winner - Security Scanner Software
Nessus Security Scanner was selected the winner in the Security Scanner Software category of the WindowSecurity.com Readers' Choice Awards. GFI LANguard and AW Security Port Scanner were first runner-up and second runner-up respectively.
28 octobre 2009 : Buffer Overflows, Data Execution Prevention, and You
What a buffer overflow is, how it can allow a potential attacker to execute a code on your system and how data execution can be employed in order to safeguard against this threat.
21 octobre 2009 : Microsoft Security Essentials: Does it have a Place in the Business World?
Is deploying Microsoft's Security Essentials a great way to save money, an invitation to disaster, or something in between?
14 octobre 2009 : VIDEO: Using Advanced Auditing to Troubleshoot Group Policy Security Settings
Using Advanced Auditing to troubleshoot Group Policy security settings.
7 octobre 2009 : Top 10 Windows Security Configurations: Where and How! (Part 2)
Part two of three articles to complete Derek Melber's top 10 Windows Security configurations.
24 septembre 2009 : ISA Server - Voted WindowSecurity.com Readers' Choice Award Winner - Firewall Software
ISA Server was selected the winner in the Firewall category of the WindowSecurity.com Readers' Choice Awards. Astaro Security Gateway and Kerio WinRoute Firewall were first runner-up and second runner-up respectively.
23 septembre 2009 : Maintaining, Mandating, and Mitigating Privacy in Internet Explorer 8
Showcasing some of the enhancements in Internet Explorer 8 and how you can use them to make sure you maintain the privacy level you desire.
16 septembre 2009 : Windows 7 XP Mode: What are the Security Implications?
What are the security implications of Windows 7's XP Mode?
9 septembre 2009 : Document placement: File Shares or SharePoint?
Choosing the right location for your files and how SharePoint can help you secure certain information.
2 septembre 2009 : Securing Application Execution with Microsoft AppLocker
A deep dive into AppLocker, Microsoft's new feature for Windows 7 and Windows Server 2008 R2.
27 août 2009 : WinINSTALL - Voted WindowSecurity.com Readers' Choice Award Winner - Patch Management
WinINSTALL was selected the winner in the Patch Management category of the WindowSecurity.com Readers' Choice Awards. GFI Languard and Shavlik NetChk Protect were first runner-up and second runner-up respectively.
26 août 2009 : Restricting Specific Web Sites in Internet Explorer Using Group Policy
How to use Group Policy to restrict Web sites access and how to restrict different users from one another.
19 août 2009 : Storage Security Best Practices
Taking a look at the security issues related to data traveling over the network and the reasons organizations need to become more security-aware when it comes to storage strategies.
12 août 2009 : Top 10 Windows Security Configurations: Where and How! (Part 1)
After years in the field, here are Derek Melber's top 10 Windows security configurations complete with references for you to take a deeper dive into the subject.
5 août 2009 : Death of VPN
Secure Remote Computing with DirectAccess.
30 juillet 2009 : ScriptLogic Active Administrator - Voted WindowSecurity.com Readers' Choice Award Winner - Group Policy Management
ScriptLogic Active Administrator was selected the winner in the Group Policy Management category of the WindowSecurity.com Readers' Choice Awards. Quest GPOADmin was first runner-up while GPAnywhere and GPExpert Desktop Policy Manager were second runners-up (...)
22 juillet 2009 : Cloud Computing; The Past, The Present, The Future (Part 1)
What a company needs to consider when evaluating a cloud service.
15 juillet 2009 : Considering remote access for IT professionals
Taking a look on some different types of remote access solutions that you can use for internal and external support.
8 juillet 2009 : DirectAccess: Microsoft's Newest VPN Solution - Part 1: Overview of Current Remote Access Solutions
Taking a look at DirectAccess, Microsoft's latest VPN solution and assessing the current Remote Access Solutions.
1er juillet 2009 : Event IDs for Windows Server 2008 and Vista Revealed!
How to track every event that is logged on a Windows Server 2008 and Windows Vista computer.
25 juin 2009 : Kaspersky Security for Mail Server - Voted WindowSecurity.com Readers' Choice Award Winner - Email Anti Virus
Kaspersky Security for Mail Server was selected the winner in the Email Anti Virus category of the WindowSecurity.com Readers' Choice Awards. Symantec AntiVirus for Messaging and BitDefender Security were first runner-up and second runner-up (...)
25 juin 2009 : Centralized Auditing is here and it's FREE!
Discussing Centralized Auditing, focusing on the system requirements and ultimate advantages.
17 juin 2009 : What's new in the Windows 7 Firewall?
Taking a look at the Windows Firewall in Windows 7, showing you how to configure it with multiple active firewall policies.
10 juin 2009 : Active Directory information exposed to users?
What information normal domain users can see in Active Directory and why this is available to users.
3 juin 2009 : Windows Passwords: Making them Secure (Part 3)
How to make a Windows password secure enough to solve all of the issues that were covered in the first two installations of this series.
28 mai 2009 : AccessPatrol - Voted WindowSecurity.com Readers' Choice Award Winner - Portable Storage Security
AccessPatrol was selected the winner in the Portable Storage Security category of the WindowSecurity.com Readers' Choice Awards. USB CopyNotify! and GFI EndPointSecurity were first runner-up and second runner-up respectively.
27 mai 2009 : Infosec Europe
Some of the predictions and the discussions by top Security professionals at Infosec Europe 2009.
20 mai 2009 : Locking Down Windows Server 2008 Terminal Services
Things you can do to make your Terminal Server environment more secure.
13 mai 2009 : Security in the Cloud: Trustworthy Enough for Your Business?
Taking a look at The Cloud. Is it secure enough for your business?
6 mai 2009 : Windows Passwords: Making them secure (Part 2)
What technologies are available to break into a Windows password.
30 avril 2009 : Kaspersky Enterprise Space Security - Voted WindowSecurity.com Readers' Choice Award Winner - Anti Virus solution
Kaspersky Enterprise Space Security was selected the winner in the Anti Virus category of the WindowSecurity.com Readers' Choice Awards. McAfee VirusScan Enterprise and avast! Server edition were first runner-up and second runner-up (...)
23 avril 2009 : Readers' Choice Awards Yearly Round Up 2008
The winning solutions for the 2008 Readers' Choice awards.
22 avril 2009 : Understanding Microsoft's Secure Remote Access Offerings
The secure remote access options currently available to Microsoft networks.
15 avril 2009 : Windows Passwords: Making them Secure (Part 1)
What you can do to increase security for your passwords.
8 avril 2009 : Troubleshooting Kerberos in a Sharepoint Environment (part 3)
What Kerberos delegation is and when we need to configure it.
1er avril 2009 : Windows Server 2008 R2 and Windows 7: More Secure Together
Taking a look at some features that make the Server 2008 R2/Windows 7 combination the best for organizations looking to improve the security of their Windows-based networks.
26 mars 2009 : EventSentry - Voted WindowSecurity.com Readers' Choice Award Winner - Event Log Monitoring solution
EventSentry was selected the winner in the Event Log Monitoring category of the WindowSecurity.com Readers' Choice Awards. AdventNet EventLog Analyzer was first runner-up while Enterprise Security Analyzer (ESA) and GFI EventsManager were second (...)
25 mars 2009 : Secure Data Disposal
Secure data disposal methods; how organisations that reuse media may employ countermeasures to prevent exposure.
19 mars 2009 : Exposing Microsoft Windows 7 User Account Control (UAC)
Taking a look at the old and new UAC technology to determine if you should consider Windows 7 and UAC.
11 mars 2009 : Security Zoning for Virtualized Environments
An important consideration when assessing the security of a virtualized environment: network security zoning.
4 mars 2009 : Social Networking: Latest, Greatest Business Tool or Security Nightmare?
The good, the bad and the ugly of using popular social networking tools in the business environment.
26 février 2009 : Acunetix Web Vulnerability Scanner - Voted WindowSecurity.com Readers' Choice Award Winner - Web Application Security
Acunetix Web Vulnerability Scanner was selected the winner in the Web Application Security category of the WindowSecurity.com Readers' Choice Awards. Defiance Threat Management System and SecureIIS Web Server Protection were first runner-up and second (...)
25 février 2009 : Controlling Service Security Using Windows Server 2008 (Part 2)
Expanding on the previous article, this time focusing on security settings as well as real time updating of the services and their accounts.
18 février 2009 : Using Group Policy to Negate Conflicker on Windows
Different methods you can use to help secure a desktop from being infected with the ConFlicker worm.
11 février 2009 : What's new on the security front with Windows 7?
Taking a look at Windows 7 security features and whether, from a purely security standpoint, it is worth the upgrade.
4 février 2009 : Troubleshooting Kerberos in a Sharepoint Environment (part 2)
Taking a look at SPN Configuration, Duplicate Service Principal Names and DNS Configuration mismatch.
29 janvier 2009 : RSA SecurID - Voted WindowSecurity.com Readers' Choice Award Winner - Authentication/Smart Cards
RSA SecurID was selected the winner in the Authentication/Smart Cards category of the WindowSecurity.com Readers' Choice Awards. SafeWord 2008 and eToken were first runner-up and second runner-up.
28 janvier 2009 : Unveiling IE 7 and Integrity Levels
How Windows Vista's Internet Explorer 7 comes with Protected Mode, works with User Account Control, and provides Integrity Levels for internet protection.
21 janvier 2009 : The End of Passwords?
The end of passwords and how new technologies will keep enterprise information assets secure.
14 janvier 2009 : Using Certificate-Monitoring Tools with Windows Server 2008
How Windows Server 2008 works with Certificate Services as well as which tools you can use to monitor it with.
7 janvier 2009 : Troubleshooting Kerberos in a SharePoint environment (Part 1)
Creating a test environment to show which error-messages come from configuration problems.
25 décembre 2008 : Symantec Altiris SecurityExpressions - Voted WindowSecurity.com Readers' Choice Award Winner - Network Auditing
Symantec Altiris SecurityExpressions was selected the winner in the Network Auditing category of the WindowSecurity.com Readers' Choice Awards. Karalon Traffic IQ Professional was first runner-up and i-Sprint Enterprise AdminGuard and Stealthbits StealthAUDIT were second (...)
17 décembre 2008 : Writing an Effective Security Policy (Part 2)
How to write an effective security policy, covering elements of technical controls that should be found in the majority of policies in the world of PCI DSS, SOX, Euro SoX, Hippa and ISO 127001.
11 décembre 2008 : Security Through Virtualization
How to use virtualization tools to increase the security of your Windows environment.
9 décembre 2008 : Protecting System Files with UAC Virtualization (Part 2)
How to control User Account Control virtualization using Group Policy, the Registry, and Task Manager.
3 décembre 2008 : Writing an Effective Security Policy (Part 1)
How to write an effective security policy.
27 novembre 2008 : Menlo Logic's AccessPoint SSL VPN Software - Voted WindowSecurity.com Readers' Choice Award Winner - VPN Software
Menlo Logic's AccessPoint SSL VPN Software was selected the winner in the VPN Software category of the WindowSecurity.com Readers' Choice Awards. Check Point VPN-1 Power was first runner-up and Astaro VPN Clients and Winfrasoft VPN-Q 2008 were second (...)
26 novembre 2008 : Protecting System Files with UAC Virtualization (Part 1)
How User Account Control uses Virtualization to protect the system.
19 novembre 2008 : Deploying IPsec Server and Domain Isolation using Windows Server 2008 Group Policy (Part 4)
Testing the clients and seeing how the security certificates are assigned and removed automatically and how clients are connected and disconnected from the network.
13 novembre 2008 : The Pros and Cons of Behavioral Based, Signature Based and Whitelist Based Security
Taking a look at multiple security approaches, how they operate, and the strengths and weaknesses of each, along with a brief discussion of sandboxing and virtualization as security mechanisms.
11 novembre 2008 : Deploying IPsec Server and Domain Isolation using Windows Server 2008 Group Policy (Part 3)
How to configure a NAP IPsec Enforcement policy on the NPS and then moving on to the client systems so that we can use them for testing.
5 novembre 2008 : Instant Messaging: Friend or Foe?
Taking a look at the security fundamentals and IM risks associated with opening up the messaging client access to the world.
30 octobre 2008 : AW Security Port Scanner - Voted WindowSecurity.com Readers' Choice Award Winner - Network Security Scanner
AW Security Port Scanner was selected the winner in the Network Security Scanner category of the WindowSecurity.com Readers' Choice Awards. GFI LANguard Network Security Scanner and ManageEngine Security Manager Plus were first runner-up and second (...)
29 octobre 2008 : Deploying IPsec Server and Domain Isolation using Windows Server 2008 Group Policy (Part 2)
Installing and configuring the Network Policy Server, the Health Registration Authority and the subordinate CA.
22 octobre 2008 : Sharepoint Data Security Risks
The challenges of securing data on Microsoft SharePoint sites, lists, pages and the information made available through data-links to backend systems (through BDC and manually created data-links).
15 octobre 2008 : Security in the Mobile Device Era
How to secure Windows Mobile 6.1 devices and looking at some issues that arise when you incorporate non-Windows mobile products (such as the iPhone) into your Windows network.
9 octobre 2008 : Deploying IPsec Server and Domain Isolation using Windows Server 2008 Group Policy (Part 1)
How to put together a NAP solution using IPsec policy enforcement.
7 octobre 2008 : More VOIP, More Security: What needs to be done when securing VOIP
How to implement a VOIP solution whilst abiding by a security framework, and the challenges that we can expect when implementing VOIP.
1er octobre 2008 : Creating and Managing Local Groups on Servers and Desktops
With the new Group Policy Preferences, you can create and manage the members of local groups. Here, learn how to do all of this with the new GPP settings.
25 septembre 2008 : Microsoft ISA Server - Voted WindowSecurity.com Readers' Choice Award Winner - Firewall Softare
Microsoft ISA Server was selected the winner in the Firewall Software category of the WindowSecurity.com Readers' Choice Awards. Symantec Endpoint Protection and Astaro Security Gateway were first runner-up and second runner-up.
24 septembre 2008 : Using Group Policy Filtering to Create a NAP DHCP Enforcement Policy (Part 4)
Setting up the DHCP server to work with the NPS server and the NAP policies, and then configure Group Policy so that NAP policy and NAP components are automatically configured for any machine that belongs to the NAP computers security group in Active (...)
17 septembre 2008 : Control ALL USB Devices Using Group Policy
How to use Device Installation Restrictions to control USB devices on Windows Vista.
11 septembre 2008 : Microsoft Live Mesh: What are the Security Implications?
The security implications of cloud computing in general and Live Mesh in particular, and what mechanisms Microsoft has built in to protect your "meshed" devices and data.
9 septembre 2008 : Using Group Policy Filtering to Create a NAP DHCP Enforcement Policy (Part 3)
Taking a closer look at the policies created in the previous article and seeing what they do in the NAP DHCP enforcement solution.
3 septembre 2008 : Risk Analysis: Things to Consider When Working Out How Much Risk We Carry
Understanding risk is an important element of deciding on the protection mechanism selected to protect assets. This article will focus on the framework that will help justify the appropriate controls.
28 août 2008 : WinINSTALL - Voted WindowSecurity.com Readers' Choice Award Winner - Patch Management
WinINSTALL was selected the winner in the Patch Management category of the WindowSecurity.com Readers' Choice Awards. GFI Languard NSS and Shavlik NetChk Protect were first runner-up and second runner-up.
27 août 2008 : Using Group Policy Filtering to Create a NAP DHCP Enforcement Policy (Part 2)
How to use the NAP policy wizard to automatically create the Network, Health and Connection policies that will be used to control access to the network.
