All pages tagged with accountability
An Audit of Active Directory Security, Part 2
The scope of this particular article is largely around accounting, permission, enumeration, and logging issues. This article does not cover default DNS settings.
Document added on June 21, 2011Introduction to the NSA Infosec Assessment Methodology (IAM)
On May 22, 1998 President Clinton signed Presidential Decision Directive 63 (PPD 63). This directive outlined the civilian and governmental responsibility of protecting the US Critical Infrastructure and established the ...
Written by: Mitchell Rowton and added on April 2, 2011An Evening with Berferd
On 7 January 1991 a cracker, believing he had discovered the famous sendmail DEBUG hole in our Internet gateway machine, attempted to obtain a copy of our password file. I ...
Document added on March 14, 2011Intrusion detection evasion: How Attackers get past the burglar alarm
The purpose of this paper is to show methods that attackers can use to fool IDS systems into thinking their attack is legitimate traffic. With techniques like obfuscation, fragmentation, Denial ...
Document added on Jan. 19, 2011Policy on Requirements for Authenticated Access to PennNet
This policy specifies authentication and accounting requirements for certain user access to PennNet. Specifically, it addresses on-campus access to PennNet from locations or devices that are not dire
Document added on April 23, 2011NIST - Procedures for Handling Security Patches
To help address this growing problem, we recommend that organizations have an explicit and documented patching and vulnerability policy and a systematic, accountable, and documented process for handling patches. This ...
Written by: Peter Mell and Miles C. Tracy and added on May 9, 2011Tracking the source of email spam
Spammers often forge the headers of their email in an attempt to avoid losing their accounts and to evade email filters. These notes may help you track the source of ...
Document added on Jan. 25, 2011Authentication as the Foundation for eBusiness
This article outlines the reasons why authentication is critical for a successful business, along with a discussion of the two main security methods it can be applied to. Additionally, this ...
Written by: Diana Kelley and added on Jan. 29, 2011The Simplest Security: A Guide To Better Password Practices
Passwords are simpler and cheaper than other, more secure forms of authentication like special key cards, fingerprint ID machines, and retinal scanners. They provide a simple, direct means of protecting ...
Written by: Sarah Granger and added on May 12, 2011Installation of a Red Hat 9.0 server with DNS
This paper seeks to provide an edited account of the work done by the author to create a minimal-install, primary DNS server based on a Linux platform. The document includes ...
Written by: Mark E. Chandler and added on May 18, 2011