The Industry Insiders

Insight from the heart of the IT industry

Browse by Tags

Related Posts
  • Blog Post: The wonders of Software Restriction Policies and PowerShell Code Signing

    Thanks to Adrian J. Beasley for providing yet another excellent article, this one's titled Software Restriction Policies and PowerShell Code Signing - Adrian provides a wealth of practical advice how to make the most of one of the most powerful yet under used security features of Windows XP, Server 2000...
  • Blog Post: Public Key Infrastructure (PKI) Benefits - Why PKI?

    Adrian has written a short article enumerating many of the security threats that can be mitigated using asymmetric encryption. Click here to read Adrian's overview of the benefits of PKI As Adrian goes on to explain, Public Key Infrastructure technologies can be used to attest the identity, integrity...
  • Blog Post: Certificate Server Enterprise Edition and Smart Cards

    The following article was kindly written by Adrian Beasley General I have recently installed Certificate Services on a Windows Server 2003 R2 Enterprise Edition machine, in order to make available version 2 certificate templates, which are configurable, and I have been investigating these, and the...
  • Blog Post: Information Security; The Business Enabler

    By Paul Vincent Don’t get me wrong, I’m a tecchie. There was a time (and it wasn’t that long ago!) when I could name and identify the function of pretty much every Group Policy Object setting in Windows XP. However, Information Security is more than setting every security related configuration...
  • Blog Post: What to do in the case of a security compromise

    Harlan Carvey has written an interesting article examining misconceptions around incident response - specifically how you deal with a security breach. Like Harlan I've heard many people advocate booting a compromised machine off a LINUX boot disk to perform forensics - there are many drawbacks with this...
  • Blog Post: ID: Who do you think you are?

    Thanks to Craig Murphy for contributing his article titled Who Do You Think You Are? - it's well worth a read. He talks about identity from the perspective of a variety of vendors and applications.
  • Blog Post: Windows Server 2008 Protection from Accidental Deletion

    By Richard Siddaway, Microsoft Practice Leader, Centiq Ltd With each new version of the Windows Server Operating System there are new possibilities for automation to help make the administrator’s job easier. Automation brings increased efficiencies but also brings the possibility of bigger mistakes...
  • Blog Post: Free Microsoft Support resources

    Blake has compiled an amazing collection of all of the support resources, newsgroups, how to articles, team blogs and tips and published it here ... This must have taken an amazing amount of time to review and research and is just about the most comprehensive collection of resources on one page that...
  • Blog Post: Windows 2008 protection from Accidental deletion

    Many thanks to Richard Siddaway for his article on protecting AD objects from Accidental Deletion. Well worth a read if you've ever deleted the wrong thing from AD.
  • Blog Post: Trusting Input and Outrunning Lions

    Rhys Wilkins has written an article about - wait for it - stopping SQL injection AND Outrunning Lions! You have to read to the end of the article to understand how the Lions fit in :-) Rhys' article is available via this link . Enjoy.
  • Blog Post: A General Defence Against Injection Attacks on Websites

    By Adrian J. Beasley The usual range of IT Security techniques is of little use against injection attacks. They can mitigate some of the effects of such attacks by, for example, setting proper permissions on resources, and ensuring that access from websites is under a user with the appropriate least...
  • Blog Post: Installing New Cryptographic Service Providers

    The following article was kindly written by Adrian Beasley General That splendid company Smartcard focus (**ED - the broken link is now fixed**), purveyors of smart cards and ancillary equipment to the general public, has a number of types of card available, not all of them smart (many types are...
  • Blog Post: Insider's Guide to Comparative Anti-Virus Reviews

    By David Harley There has been a certain amount of excitement and irritation in anti-virus research circles about a not-very-good comparative test of antivirus scanners that was conducted at LinuxWorld on 8th August, 2007. I was so exercised personally that I sat down and wrote a long white paper...
  • Blog Post: Make Sense of Public Key Infrastructure

    Public Key Infrastructure Written by Adrian J. Beasley General Public Key Infrastructure (PKI), strictly speaking, is the infrastructure which supports the trustworthy distribution of public keys, and nothing else. Unfortunately the term has come to encompass the whole area of cryptography, which...
  • Blog Post: Don’t secure your documents!!

    By Adam Vero ...or rather, don’t use poor methods to secure documents (or anything else – this is bordering on Security Theatre). Also, don’t spend valuable IT resources securing things for users on a case-by-case basis by creating a tangled web of folders with arcane permissions on them. You need...
  • Blog Post: Be proactive: Information Security as a Business Enabler

    Thanks to Paul Vincent for contributing his article Information Security; The Business Enabler . Paul goes on to explain how information security is much more than setting every security control you can lay your hands on.
  • Blog Post: Certificate Server Enterprise Edition and Smart Cards

    Adrian Beasley wrote a wonderful article on Certificate Server Enterprise Edition and Smartcards - I particularly like it as he explains WHY each component is required rather than just diving into the detail - which he makes an excellent job of too. I have edited this post as the original one had...
  • Blog Post: Creating Subject Alternative Name Certificates with Certificate Server

    Brian Reid has written an interesting piece about using Powershell to create certificate requests for other web sites that can be uploaded to Certificate Server. This allows you to have a certificate for more than one domain name. Brian uses Exchange 2007 extensions to Powershell to achieve this. It...
  • Blog Post: Software Restriction Policies and PowerShell Code Signing

    By Adrian J. Beasley Health Warning Software Restriction Policies (SRPs) are extremely powerful . They also make it possible for you to foul up big-time - there is no safety barrier. For all that, they are very useful. “With great power comes great responsibility.” The following...
  • Blog Post: How to extend your Cryptographic Service Provider infrastructure

    Adrian has written another enlightening article tackling the often confusing subject of Installing New Cryptographic Service Providers with aplomb. His article explains in some detail how CSPs work to integrate devices such as smart cards with the underlying Windows Operating System.
  • Blog Post: Treat all input as Evil until proved otherwise - how to prevent code injection

    Adrian J. Beasley has provided us with another excellent article titled A General Defence Against Injection Attacks on Websites written in his inimitable fashion tackling the challenging subject of how to validate user input.
  • Blog Post: Make Sense of Public Key Infrastructure

    Adrian has written a wonderful overview of how Public Key Infrastructure words . If you don't know your certificate from your asymmetric widget then this is an excellent place to find out how it all hangs together. Adrian provided the following introduction: "These documents were written at the...
  • Blog Post: PKI Benefits - Why PKI?

    by Adrian J. Beasley The main benefits available from a Public Key Infrastructure (PKI) are as follows (not in any order of importance – they are all important). Some are simply ways of doing tasks which could be accomplished, usually less well, by other means, but in most cases, the tasks could not...
  • Blog Post: When Writing Software, Security Counts

    Matt's written an interesting article sharing his experience "from the coal face" gained during years of exerience advising the military and leading companies in writing more secure software. I share Matt's view that it's far less expensive to fix security at the inital development stage rather than...
  • Blog Post: How to make sense of anti-virus reviews

    Thanks to David Harley for sharing some of his vast experience of the anti-virus industry in his article titled An Insider's Guide to Comparative Anti-virus Reviews . David explains in detail how independant labs evaluate software and includes links and guidance for further research.