Computer Related Info.

Reasons and Methods for securing Microsoft Internet Explorer

Outlook, Outlook Express, + news readers are dangerous software because they come linked to IE's HTML rendering engine.  As a result, they can execute scripts. IE has 106 security settings.  Things that you can do to secure IE:

- Active scripting, plug-ins (e.g.Flash, Acroread), and ActiveX should be disabled in Internet security zone to make IE secure.  (Note: Enabling plug-ins enables ActiveX)  -Internet + Restricted zone security should be set to High.  -Add sites to the trusted zone with scripting turned of in Trusted Zone. -Use MacOs -Update Flash plug-in. (buffer overflow bug discovered 5/2/02) -Never read e-mail using administrative account (you can easily switch to other user in XP) ** More details at www.microsoft.com/technet/security/bestprac/mblcode.asp + www.kb.cert.org/vuls/id/25249 ** Extensive list of MS + other bugs / vulnerabilities listed at www.guninski.com

*** Do not delete files with the .ocx extension (used for ActiveX controls), because of ActiveX control login gui used in NT/2000/XP.

Good + Bad Software and their creators/vendors

Trojan Horses: SubSeven, Back Orifice

Malevolent Freeware: Trinoo, Stachheldraht, Tribal Flood, Shaft

Denial of Service:

ISP DOS Solution products: arbor.com, captus.com, astanetworks.com, mazuNetworks.com, lancape.com, wanwall.com

Enterprise DOS Solution products: cs3-inc.com, webscreen-technology.com, recourse.com

DOS Guidelines: www.cert.org/reports/dist_workshop-final.html www.staff.washington.edu/dittrich/misc/ddos

Protective software:   VLAD                                      Proxy v3.x from Funk s/w                                      Zombie Zapper + Razor from Bindview                                      Snort

Security companies:

Hurwitz.com

eEye Security (eeye.com)

Gibson Research (grc.com)

GreyMagic Software (greymagic.com)

Internet Security Systems (iss.net)

Sans.org

Symantec

Computer Security Institute (gocsi.com)

CERT (cert.org)

Aberdeen Research (aberdeen.com)

Cisco

RFGroup.com

YankeeGroup.com

Acronyms

IDS - intrusion detection system

IDP - intrusion prevention system

RID - remote intrusion detection

RIP - remote intrusion prevention

IRT - incident response team

ISP - internet service provider

DOS - denial of service

DDOS - distributed denial of service

KVM - keyboard, video, mouse

Monitor + Keyboard Sharing choices

KVM over IP vs. in-band remote control over KVM switch or software

Biometrics

- fingerprint (capacitive, thermal, laser/optical),              - iris/retina              - hand              - face              - voice              - signature

AntiVirus

Signature based Anti-Virus (AV) Software vs. Behavior-blocking (BB) Technology

BB Features:

- code can have access isolated to certain OS resources and applications - interrupts system calls by inserting itself into kernel of hosts OS

BB +'s:

- anti-virus updates difficult to roll out

- policies allow flexibility between dept.'s/users and keeps essential s/w running

- no delay to receive updates w/ new digital signature

BB -'s:

- policies must be maintained + good to be effective

- many false positive

Behavior Blocking vendors: Finjan Aladdin Pelican Security Trend Micro Tiny software Okena

AV vendors:   Symantec McAfee

Web Hosting Companies

Powersurge.net

Aitcom.net Advanced Internet Technologies

Rachshack.net

Datapipe.com

Easyspace.com

Rackspace.com

Expression.edu Ex?pression Center for New Media

Statefarm.com

Fatcow.com

Vfs.com Vancouver Film School

Modernpostcard.com