Interesting article from IBM that offers a new security design framework that covers two common types of vulnerability: action tampering and parameter manipulation (also known as data tampering).
Check it out: Build extra secure Web applications
– Suramya
This article shows a simple approach of reducing privileges for Internet-facing applications on such as IE, Firefox, IM and email clients when the user must operate as a Windows administrator.
One of the most effective ways to secure a Windows workstation is to turn off unnecessary services. This reference sheet lists the Windows XP SP 2 services, describes each service’s function, specifies whether you can safely disable the service, and outlines the ramifications of disabling the service.
Good Information. Check it out.
Downloading Windows XP services that can be disabled – TechRepublic
One of the most effective ways to secure a Windows workstation is to turn off unnecessary services. This reference sheet lists the Windows XP SP 2 services, describes each service’s function, specifies whether you can safely disable the service, and outlines the ramifications of disabling the service.
Good Information. Check it out.
Downloading Windows XP services that can be disabled – TechRepublic
This is an awesome article on how to create Encrypted Containers that makes it easy to create encrypted backup locations that can copied to other systems without hassle and are simple to use.
A good trilogy of articles by Peter van der Linden on encryption.
Part 1, describes how public key encryption works and where to get the GnuPG encryption software. Part 2 walks through some examples of file encryption/decryption, and Part 3 explains how to send and read encrypted e-mail
Lesson in Encryption, Part 1
Lesson in Encryption, Part 2
Lesson in Encryption, Part 3
– Suramya
Tutorial on how to setup LDAP on Linux. Looks interesting, might try it out on my spare machine when I go home next week.
Article Link: Linux LDAP authentication
– Suramya
This article explains how we can setup a SOCKs proxy via SSH which lets you surf the internet securely from unsecure locations.
Excerpt:
Open PuTTY (see the list of requirements above for a URL). You should be greeted with a configuration screen. First, you will enter the hostname or IP address of the SSH server. Type in a name for your connection settings in the box below “Saved Sessionsâ€, and click the Save button.
Now you need to look at the tree of options to the left; expand the SSH tree, and select “Tunnelsâ€. Enter 4567 (or any port number above 1024) in the Source Port area, and click the Dynamic radio button to select it. Leave the Destination field blank, and click “Addâ€.
Now go back to the Session tree (very top of the left section), and save again.
You will be prompted to enter a username, which is the username of your shell account. Type that in, hit enter, and then type in your password when it prompts you.
Original Article:
Security Engine: Secure surfing SSH
To restrict access to a server by allowing an authorized user to only run a specific command add an authorized_keys file entry that looks like (this is all in one line one line)
from=”202.41.95.13″,command=”rsync -aCz –server –sender $SRCDIR .”,
no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty
ssh-dss
AAAAB3NzaC1kc3M
Here you must put the appropriate source directory in $SRCDIR.
The authorized key file can be put in a dummy users directory. This dummy user should have appropriate read/write permissions for the directory in question.
As an alternative you can use a configuration file “–config=$FILE” in place of $SRCDIR.
Once this is done, the owner of the SSH private key associated with the public-key (which is the bit that starts ssh-dss AAA….) can connect to the ssh server and start the above command and *only* the above command.
– Suramya
PS: Thanks to Kapil from the Linux Gazette Answer Gang for the above tip.
Techrepublic has a really nice article that tells you how to disable IE. Keep in mind that this just disables IE not remove it.
Article Extract:
The easiest way to remove users’ ability to browse with IE is to add a bogus proxy server to IE’s Internet Settings.
Follow these steps:
1. In IE, go to Tools | Internet Options.
2. On the Connections tab, click the LAN Settings button.
3. In the resulting dialog box, select the following check box in the Proxy Server section: Use a Proxy Server For Your LAN (These Settings Will Not Apply To Dial-up Or VPN Connections).
4. Enter 0.0.0.0 in the Address text box.
5. Enter 80 in the Port text box, and click OK.
Please note that adding a bogus proxy server to your Internet settings won’t affect Automatic Windows Update from connecting and updating your operating system.
You can also restrict Internet settings via Group Policy. Follow these steps:
1. On your domain controller, right-click the organizational unit that contains your domain users, and select Properties.
2. On the Group Policy tab, click Edit.
3. Expand User Configuration to set restrictions on a per-user basis.
4. Expand Windows Settings, and expand Internet Explorer Maintenance.
5. Select Connection, and double-click Proxy Settings.
6. Select the Enable Proxy Settings check box, add 0.0.0.0 to the HTTP entry, and click OK.
7. Expand Administrative Templates, and expand Windows Components.
8. Select Internet Explorer, and double-click Disable Changing Proxy Settings.
9. Select Enabled, and click OK.
Article Source :
Learn two ways to disable Internet Explorer
– Suramya
Powered by WordPress