Today at the annual AusCERT Asia Pacific Information Technology Security Conference, Microsoft Corp. announced the extension of the Microsoft Security Cooperation Program (SCP) to include computer emergency response teams (CERTs), computer security incident response teams (CSIRTS), and other response and guidance organizations that represent a nation, region or population.
http://www.pressroom2.com/2008/05/20/microsoft-expands-security-information-sharing-program-to-certs/
Urs
The National Institute of Standards and Technology is seeking comment on its draft guidelines for securing servers, released this week.
NIST Special Publication 800-123, "Guide to General Server Security," makes recommendations for securing server operating systems and software in addition to maintaining a secure configuration with patches and software upgrades, security testing, log monitoring and backups of data and operating system files.
http://www.gcn.com/online/vol1_no1/46239-1.html
Security researchers have developed a new type of malicious rootkit software that hides itself in an obscure part of a computer's microprocessor, hidden from current antivirus products.
Called a System Management Mode (SMM) rootkit, the software runs in a protected part of a computer's memory that can be locked and rendered invisible to the operating system, but which can give attackers a picture of what's happening in a computer's memory.
The proof-of-concept software will be demonstrated publicly for the first time at the Black Hat security conference in Las Vegas this August.
http://www.pcworld.com/businesscenter/article/145703/hackers_find_a_new_place_to_hide_rootkits.html
There s a lot of noise arround currently ongoig SQL injection attacks and even if that is quite an "old" topic, there are still a lot of unprotected servers out in the cloud. This has nothing to do with vulnerabilities in the products (Webserver, database server), but are resulting from unproper programming practices, configuration, etc.
Here is a list of good best practices, advice and guidance for IIS and SQL:
MSDN Guidance:MSDN: How To: Protect From SQL Injection in ASP.NEThttp://msdn.microsoft.com/en-us/library/ms998271.aspx
MSDN: SQL Injectionhttp://msdn.microsoft.com/en-us/library/ms161953.aspx
MSDN: Explained – SQL Injectionhttp://msdn.microsoft.com/en-us/library/bb671351.aspx
Recent blog entries:Michael Howard’s SDL Blog: Giving SQL Injection the Respect it Deserveshttp://blogs.msdn.com/sdl/archive/2008/05/15/giving-sql-injection-the-respect-it-deserves.aspx
Neil Carpenter's Blog: SQL Injection Mitigation: Using Parameterized Querieshttp://blogs.technet.com/neilcar/archive/2008/05/21/sql-injection-mitigation-using-parameterized-queries.aspx
BILLS Blog: SQL Injection Attacks on IIS Web Servershttp://blogs.iis.net/bills/archive/2008/04/25/sql-injection-attacks-on-iis-web-servers.aspx
MSRC Blog: Questions about Web Server Attackshttp://blogs.technet.com/msrc/archive/2008/04/25/questions-about-web-server-attacks.aspx
Incident Response Focus on SQL Injection:Neil Carpenter's Blog: Anatomy of a SQL Injection Incidenthttp://blogs.technet.com/neilcar/archive/2008/03/14/anatomy-of-a-sql-injection-incident.aspx
Neil Carpenter's Blog: Anatomy of a SQL Injection Incident, Part 2: Meathttp://blogs.technet.com/neilcar/archive/2008/03/15/anatomy-of-a-sql-injection-incident-part-2-meat.aspx
RSAT is the collection of Windows Server 2008 management tools which enable IT professionals to manage their Windows Server infrastructure from their PCs running Windows Vista with Service Pack 1.
Where to Install:
• Microsoft Remote Server Administration Tools for Windows Vista with SP1 (x86): http://www.microsoft.com/downloads/details.aspx?FamilyId=9FF6E897-23CE-4A36-B7FC-D52065DE9960
• Microsoft Remote Server Administration Tools for Windows Vista with SP1(x64): http://www.microsoft.com/downloads/details.aspx?FamilyId=D647A60B-63FD-4AC5-9243-BD3C497D2BC5
This is the list of Windows Server 2008 administration tools which are included in RSAT:
Role Administration Tools:• Active Directory Certificate Services (AD CS) Tools• Active Directory Domain Services (AD DS) Tools• Active Directory Lightweight Directory Services (AD LDS) Tools• DHCP Server Service Tools• DNS Server Service Tools• Shared Folders Tools• Network Policy and Access Services Tools• Terminal Services Tools• Uniiversal Description, Discovery, and Integration (UDDI) Services Tools
Feature Administration Tools:• BitLocker Drive Encryption Tools• Failover Clustering Tools• Group Policy Management Tools• Network Load Balancing Tools• SMTP Server Tools• Storage Manager for SANs Tools• Windows System Resource Manager Tools
The tools in the following list are fully supported managing Windows Server 2003 servers as well:• Active Directory Domain Services (AD DS) Tools• Active Directory Lightweight Directory Services (AD LDS) Tools • Active Directory Certificate Services (AD CS) Tools• DHCP Server Tools • DNS Server Tools • Group Policy Management Tools • Network Load Balancing Tools• Terminal Services Tools • Universal Description, Discovery, and Integration (UDDI) Services Tools
One day in May 2005, a 16-year-old hacker named "SoBe" opened his front door to find a swarm of FBI agents descending on his family's three-story house in Boca Raton, Florida. With an arm and leg in casts from a recent motorcycle accident, one agent grabbed his good arm while others seized thousands of dollars worth of computers, video game consoles and other electronics.
http://www.securityfocus.com/news/11517?ref=rss
Roger A. Grimes: "I've been at several recent conferences where virtual machine (VM) and security “experts” were telling audiences how VM technology can be used to improve computer security. Wow! They are either drunk on the marketing Kool-Aid, misinformed, or simply trying to misrepresent VM capabilities to sell more product..."
http://weblog.infoworld.com/securityadviser/archives/2008/04/virtual_machine.html?source=rss
Security guru Joel Snyder from Opus One recently starred as the guest of a live Network World chat where he discussed the state of network access control. Snyder says that Microsoft is emerging as one of the clear winners of NAC, but that Microsoft's technology is a foundation from which to build, not an end-all. He also says that those who are anti-NAC simply don't understand the technology. He answered a slew of technical questions from attendees including why ACLs are better than VLANs, the dirty dark corner of NAC (management) and the how and why of 802.1X.
http://www.networkworld.com/chat/archive/2008/050608-nac-chat-joel-snyder.html
Botnet fighters have another tool in their arsenal, thanks to Microsoft.
Microsoft is giving law enforcers access to a special tool that keeps tabs on botnets, using data compiled from the 450 million computer users who have installed the Malicious Software Removal tool that ships with Windows.
http://www.pcworld.com/businesscenter/article/145257/microsoft_botnethunting_tool_helps_bust_hackers.html
Active Directory Certificate Services (AD CS) provides customizable services for issuing and managing public key certificates used in software security systems that employ public key technologies.
This document discusses the planning and implementation of a Windows Server 2008 AD CS upgrade and migration from an existing Windows public key infrastructure (PKI), including scenarios and step-by-step instruction:
http://go.microsoft.com/fwlink/?LinkId=116454
If you're an IT pro who is looking a bit more seriously at Windows Vista for your enterprise environment, you should take a close look at the firewall. Once you realize what the Windows Vista firewall can do, you may want to renegotiate the agreement you have for that third-party security suite to remove the firewall from the package.
http://technet.microsoft.com/en-us/magazine/cc510323.aspx
When IT professionals look to reduce the total cost of ownership, or TCO, of their desktop machines, there are two key strategies that often come to mind. The first one is to get your desktop users' accounts out of the Administrators group. And the second one is to limit the applications that the users can run. Approaching these problems can be quite a challenge in an enterprise environment, but Windows Vista® offers some technologies that can help you to achieve these goals.
http://technet.microsoft.com/en-us/magazine/cc510322.aspx
http://technet.microsoft.com/en-us/magazine/cc510320.aspx
Security by obscurity is, in a nutshell, a violation of Kerckhoffs' Principle, which holds that a system should be secure because of its design, not because the design is unknown to an adversary. The basic premise of Kerckhoffs' Principle is that secrets don't remain secret for very long.
Debate by Jesper M. Johansson and Roger Grimes:http://technet.microsoft.com/en-us/magazine/cc510319.aspx
What's new in Windows Vista SP1 or Windows Server 2008 Bitlocker?
http://technet.microsoft.com/en-us/magazine/cc510321.aspx
The United States is increasingly vulnerable to cyberattacks that could have catastrophic effects on critical physical infrastructure and severely damage the country’s economic, military, and strategic interests, cybersecurity specialists said today.
The conventional strategic thinking that has driven defense efforts over the past century is becoming irrelevant in today’s networked world, according to specialists from the U.S. Cyber Consequences Unit (US-CCU), who spoke at the GovSec, U.S. Law and Ready Conference and Exposition today in Washington.
“Looking at the many wake-up calls that the international community has had over the past decade…I would say that we have entered an era of cyberterror and perhaps even an era of cyberwar,” said Lauri Almann, Estonia’s Permanent Undersecretary of Defence, at the conference.
http://www.fcw.com/online/news/152335-1.html
Have you seen the recent television commercial that shows the Pentagon and says, "This building gets attacked 3 million times a day." The sad news is that it's true.
Cyber-warfare and cyber-attacks have now become a reality. Ever consider how your business would be impacted if the Internet went away for an hour, a day, or an even a longer period of time?
Businesses, governments, and industries have all become dependent on the Internet as a primary channel for businesses. They buy, sell, and support their customers as well as their employees over the Internet. Given the significant role the Internet plays in our society and economy, it has become a primary target for attack by nation states and terrorists.
http://www.technewsworld.com/story/62725.html?&welcome=1210757081
The Internet is slowly inching closer to ratcheting up the security of its Domain Name System (DNS) server architecture: The Internet Corporation for Assigned Names and Numbers (ICANN ) plans to go operational with the secure DNS technology, DNSSEC, later this year in one of its domains.
ICANN officials said the organization plans to add DNSSEC to its .arpa Internet domain servers and that the .org domain servers (run by PIR) as well as the .uk servers also will go DNSSEC soon. Country domains .swe (Sweden), .br (Brazil), and .bg (Bulgaria) already run the secure version of DNS for their domain servers.
http://www.darkreading.com/document.asp?doc_id=152032&WT.svl=news1_1