Infocus: Dogs of War: Securing Microsoft Groupware Environments with Unix (Part One) This article discusses the implementation of layered mail security using Unix as MTA in front of Microsoft groupware products. Part one describes the use of Sendmail, MIMEDefang and SpamAssassin.
Security vendor offers commercial C# crypto library Certicom, a commercial vendor of cryptography algorithms and software, has released what it claims is the “first commercially available cryptographic developer toolkit for the Microsoft .NET Framework and .NET Compact Framework”. It includes a digital certificate management toolkit, and a “complete” SSL/TLS toolkit, according to the site.
Determining Free Physical RAM 24 Mar 2004: “This article explores how application programs can find out how much free physical memory is available and how you can take advantage of this information. Specifically for the Solaris Operating System (Solaris OS), it provides a routine to determine the currently available physical memory, plus a sample program demonstrating how this interface can be used.” Story
Security One Step at a Time 26 Mar 2004: “Last year, the not-so-dramatically-named CAN-2003-0434 vulnerability allowed humble PDF files to run arbitrary commands as you. Linux users and distributions dealt with it quickly enough that it didn’t turn into a vector for spreading a worm. With today’s larger Linux user base and more desktop standardization, the next vulnerability will be a bigger risk.” Story
Internet Information Services (IIS) 6.0 Resource Kit Whether you manage a single Web server or many, the prescriptive, task-based, and scenario-based guidance in this book will help you effectively plan, deploy, operate, and troubleshoot your IIS 6.0 solution.
Securing Windows Server 2003 Active Directory This guide explains how to avoid loss of access to network resources by legitimate clients or the inappropriate disclosure of potentially sensitive information by enhancing security for Microsoft Windows Server 2003 network operating system (NOS) environments.
Infocus: Forensic Analysis of a Live Linux System, Pt. 1 This article is the first of a two-part series that provides step-by-step instructions on forensics of a live Linux system that has been recently compromised.
Microsoft has released a great slide deck and Word document discussing what the Microsoft Corporate Security group does to prevent malicious or unauthorized use of digital assets at Microsoft.
It is very interesting to see how their asset protection takes place through a formal risk management framework, risk management processes, and clear organizational roles and responsibilities. The basis of the approach is recognition that risk is an inherent part of any environment and that risk should be proactively managed. They say that the principles and techniques described can be employed to manage risk at any organization.
Its well worth your time to see how they present the information. Although this is not really “new” information, its interesting to see Microsoft so open about it. And man.. their slide decks sure are looking much better now adays.
Enjoy.
Handbook of Information Security Management
The CISSP Open Study Guides Web Site in collaboration with Auerbach have released the content online for the book “Handbook of Information Security Management”.
Personally I prefer to read books in analog( ie: paper) form, since its much more comfortable, but if you are into reading an entire book online, check it out.
Of course, this does give me more incentive to rethink the idea of getting a TabletPC… 
Change Management The Change Management SMF is responsible for the process of documenting, assessing the impact of, approving, scheduling, and reviewing changes in an IT environment.
Server Consolidation White Paper Find out if your company is a candidate for server consolidation and how to get started on the right track to achieve lower total cost of ownership.
Flaws in identity management have huge impact. Security breaches resulting from identity management flaws are rising and creating huge problems for businesses, research shows. Identity management breaches affected one in 10 large companies last year, and half of them said it was their worst security problem of the year, according to the Department of Trade and Industry’s biennial Information Security Breaches Survey 2004.
Infocus: Detection of SQL Injection and Cross-site Scripting Attacks This article discusses techniques to detect SQL Injection and Cross Site Scripting (CSS) attacks against your networks using regular expressions with the open-source IDS, Snort.
The new Linux kernel includes support for and improvements in many areas of networking: from tunneling and better file security to encryption and privacy protection. This article covers how these improvements affect users even as they make Linux more secure and more enterprise-ready. (Posted 9 Mar 2004 by Idean Momtaheni)
HOW TO: Tune and Scale Performance of Applications That Are Built on the .NET Framework HOW TO: Tune and Scale Performance of Applications That Are Built on the .NET Framework
(818015) - This step-by-step article describes important considerations for performance tuning and scaling of applications that are built on the .NET Framework. This is one of a series of articles that provide detailed information for applications built on the..