1. Introduction Nowadays information is much easier to find than it was in the past, you can find information about pretty much everything by just searching on the web (try http://www.letmebingthatforyou.com/?q=dns%20atacck for example). For this reason it is even more important to be diligent while...

I’ve being so busy lately that I couldn’t really stop to write some posts that I have on hold, waiting for me to complete it. Me and Tom Shinder are also very busy working on a tight schedule for a new MSPress book (details will be revealed soon) and writing here is getting very challenging, but I will...

Microsoft released the Security Compliance Manager version 1.0 beta, this tool provides centralized security baseline management features, baseline portfolio, customization capabilities, and the ability to automate the creation of GPOs and System Center Configuration Manager DCM packs. Here are some...

Introduction This post is about an interesting issue where a third party application that was configured as service was failing to establish a connection with the destination server because ISA Server was denying the traffic. For this brief description it really sounds like a trivial issue where...

Yesterday Microsoft released six security updates and there is one in particular that is very important for VPN scenarios that uses IAS for RADIUS authentication. MS09-071 describes that Servers using IAS are only affected when configured to use PEAP with MS-CHAP v2 authentication (described in CVE-2009...

Microsoft just release a guide with 113 pages that covers many aspects of Microsoft Security strategy, terminologies, tools and a guideline to approach in different stages. This guide is not target only for Security Professionals, as matter of fact all IT Professionals should read this to better understand...

Developers, developers, developers, developers (I bet you that you know this song). As you build your new application you should start thinking about security from the source (inside out approach). However even when you try to mitigate all scenarios that you can imagine there is always a concern before...

If you are using Windows 7 or Windows Server 2008 R2, make sure to test the new version of the Microsoft Baseline Security Analyzer 2.1.1. Read more about it here http://technet.microsoft.com/en-us/security/cc184923.aspx and download it from MS Download Center .

This week I worked in an issue where ISA Server 2006 was stopping answering request and NLB on ISA Server was constantly appearing with the status for “Unavailable”. The odd thing about this scenario was that every time that the firewall admin changed a rule in one node and forces a synchronization the...

Today ISSA released the ISSA Journal – September 2009 issue that contains an article that I wrote about unified threat management. You can view the online version at: https://www.issa.org/Library/Journals/2009/September/ISSA%20Journal%20September%202009.pdf

Microsoft Malware Protection Center Blog put together the latest update about Conficker worm, the attack vectors, how to prevent and how to clean the system. It is all consolidated in their blog that you can access from here: http://blogs.technet.com/mmpc/archive/2009/01/22/centralized-information-about...

Check this out this nice tool that allows you to analyze IIS logs and see if the ASP pages were victim of SQL Injection attack: http://www.codeplex.com/Release/ProjectReleases.aspx?ProjectName=WSUS&ReleaseId=13436

Quick post just to bring awareness about this new KB that explains how to manually remove Conficker. Follow the steps from: http://support.microsoft.com/kb/962007

1. Introduction This is another one of those cases where ISA Server Service mysterious crashes once a day, at the same time and nothing changed in the environment. This just make me really fell that the lack of communication between the teams that deals with technology is getting far beyond of...

This post could easily be called “Slow Internet through ISA Server”, but I decided to change the title and the focus. I’m doing that for a simple reason: people still thinking that only Windows system needs to be patched. What an untrue statement this is and how I’m convinced more and more that if you...

Yesterday I was playing a little bit with IE8 when I received the following warning message in IE window: Internet Explorer has modified this page to prevent a potential cross-site-scripting attack. Yep, that’s right: IE8 now mitigates XSS attack by using the built in XSS Filter. Do you want...

The Microsoft Windows Server 2008 Event Viewer is a whole new program inside the Operating System, the changes made to it were completely significant and rich in new features. There are so many things that you can now do with Event Viewer that it is worth to take some time off and play with it. The new...

1. Understanding the Problem I already worked in many cases where customer wants to know why ISA is alerting that it might be under attack by logging events such as: Figure 1 – Number of TCP Connections. …and also this one: Figure 2 – Denied Connections per Minute. ...

After writing the post SQL Injection, the threat beyond the perimeter I received some emails with this question. If you company also has the same dilemma you need to leverage this to upper management and show the real risk that they are running in to. Neil Carpenter from CSS Security (IR) Team wrote...

1. Introduction One process that it is becoming more and more common today is the hardening server’s process. This is really an excellent idea in the security perspective, the problem is when you tight too much or when you do it in an unsupported manner. Before go to the best practices I’m going...

It is very common to us from CSS Security receive calls about SQL Injection and sometimes customers prefers to apply a bandage in the perimeter rather than work in the real root cause. When I say beyond the perimeter is because as a matter of fact, the internal user will still be able to exploit this...

The CSS Security Team released yesterday a very cool tool that combines features from WSUS MPSReports tool and the FCS MPSReports tool. Click it here to see for more details and download the tool.

1. Introduction The process flow is very known by all IT professionals: user can’t access a web site and calls the Help Desk. First contact, initial troubleshooting, can’t fix and it calls the network admin. At that point, after troubleshoot his “piece” of the puzzle, it says: well, it got be our...

Last July 8th Microsoft released the security update MS08-039 for OWA, the following Exchange versions are affected: Software Maximum Security Impact Aggregate Severity Rating Bulletins Replaced by this Update Microsoft Exchange Server 2003 Service Pack...

About one month ago, a friend of mine from Brazil told me about the idea to write the Security Article of the month and we got together on this. We wrote an overview about Microsoft Security Products and how to use a layered approach to use them. Today Microsoft published this article, to read it click...