website statistics
Welcome to TechNet Blogs Sign in | Join | Help

Browse by Tags

All Tags » Security Admin   (RSS)

Enhanced Mitigation Evaluation Toolkit

Developers, developers, developers, developers (I bet you that you know this song). As you build your new application you should start thinking about security from the source (inside out approach). However even when you try to mitigate all scenarios that Read More...
Posted Thursday, October 29, 2009 1:21 PM by yuridio | 0 Comments

MBSA 2.1.1 for Windows 7 released

If you are using Windows 7 or Windows Server 2008 R2, make sure to test the new version of the Microsoft Baseline Security Analyzer 2.1.1. Read more about it here http://technet.microsoft.com/en-us/security/cc184923.aspx and download it from MS Download Read More...
Posted Wednesday, October 28, 2009 2:03 AM by yuridio | 0 Comments
Filed under:

The Firewall Madness

This week I worked in an issue where ISA Server 2006 was stopping answering request and NLB on ISA Server was constantly appearing with the status for “Unavailable”. The odd thing about this scenario was that every time that the firewall admin changed Read More...
Posted Thursday, October 22, 2009 4:09 PM by yuridio | 0 Comments

Beyond the Perimeter Article for ISSA Journal

Today ISSA released the ISSA Journal – September 2009 issue that contains an article that I wrote about unified threat management. You can view the online version at: https://www.issa.org/Library/Journals/2009/September/ISSA%20Journal%20September%202009.pd Read More...
Posted Tuesday, September 01, 2009 8:39 PM by yuridio | 0 Comments
Filed under:

Centralized Information about Conficker

Microsoft Malware Protection Center Blog put together the latest update about Conficker worm, the attack vectors, how to prevent and how to clean the system. It is all consolidated in their blog that you can access from here: http://blogs.technet.com/mmpc/archive/2009/01/22/centralized-information-about-the-conficker-worm.asp Read More...
Posted Wednesday, January 28, 2009 12:40 PM by yuridio | 0 Comments

Detecting SQL Injection on IIS Logs

Check this out this nice tool that allows you to analyze IIS logs and see if the ASP pages were victim of SQL Injection attack: http://www.codeplex.com/Release/ProjectReleases.aspx?ProjectName=WSUS&ReleaseId=13436 Read More...
Posted Saturday, January 24, 2009 9:42 PM by yuridio | 0 Comments

Removing Conficker Worm

Quick post just to bring awareness about this new KB that explains how to manually remove Conficker. Follow the steps from: http://support.microsoft.com/kb/962007 Read More...
Posted Thursday, January 15, 2009 5:15 AM by yuridio | 0 Comments

ISA Server Firewall Service crashes when enabling cache

1. Introduction This is another one of those cases where ISA Server Service mysterious crashes once a day, at the same time and nothing changed in the environment. This just make me really fell that the lack of communication between the teams that deals Read More...
Posted Monday, January 12, 2009 11:23 PM by yuridio | 0 Comments

What can happen when you think that only Windows system needs to be patched

This post could easily be called “Slow Internet through ISA Server”, but I decided to change the title and the focus. I’m doing that for a simple reason: people still thinking that only Windows system needs to be patched. What an untrue statement this Read More...
Posted Tuesday, December 16, 2008 2:42 AM by yuridio | 1 Comments

Using IE8 to mitigate XSS attack

Yesterday I was playing a little bit with IE8 when I received the following warning message in IE window: Internet Explorer has modified this page to prevent a potential cross-site-scripting attack. Yep, that’s right: IE8 now mitigates XSS attack by using Read More...
Posted Tuesday, November 11, 2008 1:39 PM by yuridio | 1 Comments

Trigger an Action using Windows Server 2008 Event Viewer

The Microsoft Windows Server 2008 Event Viewer is a whole new program inside the Operating System, the changes made to it were completely significant and rich in new features. There are so many things that you can now do with Event Viewer that it is worth Read More...
Posted Tuesday, October 28, 2008 2:28 PM by yuridio | 2 Comments
Filed under: ,

Using Netmon 3.2 to Identify an Unexpected Traffic

1. Understanding the Problem I already worked in many cases where customer wants to know why ISA is alerting that it might be under attack by logging events such as: Figure 1 – Number of TCP Connections. …and also this one: Figure 2 – Denied Connections Read More...
Posted Sunday, October 19, 2008 8:14 PM by yuridio | 0 Comments

I can’t fix my code now to avoid SQL Injection, what can I do?

After writing the post SQL Injection, the threat beyond the perimeter I received some emails with this question. If you company also has the same dilemma you need to leverage this to upper management and show the real risk that they are running in to. Read More...
Posted Saturday, September 20, 2008 2:02 AM by yuridio | 0 Comments
Filed under: ,

Hardening ISA Server in a Supported Manner

1. Introduction One process that it is becoming more and more common today is the hardening server’s process. This is really an excellent idea in the security perspective, the problem is when you tight too much or when you do it in an unsupported manner. Read More...
Posted Thursday, September 11, 2008 3:50 PM by yuridio | 1 Comments

SQL Injection, the threat beyond the perimeter

It is very common to us from CSS Security receive calls about SQL Injection and sometimes customers prefers to apply a bandage in the perimeter rather than work in the real root cause. When I say beyond the perimeter is because as a matter of fact, the Read More...
Posted Friday, September 05, 2008 3:58 PM by yuridio | 0 Comments
Filed under:
More Posts Next page »
 
Page view tracker