How to detect hackers on your web server
|
|
- Joan Patrick
- 8 years ago
- Views:
Transcription
1 How to detect hackers on your web server Catch hackers red handed through real-time security event log monitoring A discussion of the methods used by hackers to attack IIS web servers, and how you can use event log monitoring on your web server to be alerted to successful attacks immediately.
2 How to detect hackers on your web server 2 Introduction This white paper focuses on how administrators can set up their web servers successfully and safely. Describing the tools used by hackers to gain backdoor access to your IIS web servers, this paper details the necessary steps to detect successful intrusions on your network, as well as explaining how to prevent such attacks to your web server. Introduction...2 Hacking a web server is not difficult...2 Tools of the hacker trade...3 Intrusion detection by monitoring key system files...5 How to detect attacks on your server...6 About GFI LANguard Security Event Log Monitor (S.E.L.M.)...11 About GFI...12 Hacking a web server is not difficult Internet Information Services (IIS) web servers are highly popular among business organizations, with more then 6 million installations worldwide. Unfortunately, this makes IIS web servers also a popular target amongst hackers. As a result, every so often, new exploits emerge which endanger your IIS web server s integrity and stability. Many administrators have a hard time keeping up with the various security patches released for IIS to cope with each new exploit, making it easy for malicious users to find a vulnerable web server on the Internet. Taking advantage of an exploit is not difficult with the appropriate hacker tools these enable the average teenage hacker to easily attack and even control your web server, with the possibility of penetrating your internal network. In other words, it is not too difficult for outsiders to access proprietary corporate information. Worse still, hackers need not be teenagers out for a thrill, as is commonly presumed: disgruntled employees and competitors, for instance, may have their own reasons for breaking into confidential areas of your network. Few hacker attacks are actually instantly recognizable as such, and fewer still become high profile affairs reported in the media. Most attacks are not easy to discover because many intruders prefer to remain hidden so that they can use the IIS web server they have hacked as a launch base for attacks on far more important or popular web servers. Apart from endangering your own web site s integrity, such use of your server can render you liable should it be used to launch an attack on another organization.
3 How to detect hackers on your web server 3 Tools of the hacker trade Many tools exist to facilitate hackers who wish to deface a web site. Such tools are so easy to use that even someone with no prior hacking experience can make a mess out of a web server in no time at all. The Internet Printing Protocol (IPP) exploit IPP exploit made easy A program that makes use of this exploit is Internet Printing Protocol Exploit v.0.15 (see figure above). This is based on the infamous original exploit code in a C program file named jill.c, made public by a hacker using the alias dark spyrit. This application uses a vulnerability in the IPP buffer overflow on an IIS web server. All the hacker needs to do is type in the name of the targeted web server (or a computer with IIS installed on it) and click on Connect. Upon connecting, the application will send the actual string that overflows the stack, leading to the execution of custom code (that is known as shell code) and connecting the file cmd.exe to the specified port on the attacker s side (default being 31337). This can bypass typical firewall configurations and other similar security measures. Once that is done, the hacker is presented with a command line and SYSTEM access, from where he/she could carry out a number of activities that an administrator would definitely not have authorized, such as gaining access to databases that could contain credit card details and other such confidential data.
4 How to detect hackers on your web server 4 The UNICODE and CGI-Decode exploits Unicode exploit using Internet Explorer Two other exploits preferred by web site defacers include the UNICODE and CGI-Decode exploits. Here, the hacker can simply use the browser itself to do anything on a target machine that is running an un-patched version of IIS. All it takes is Internet Explorer and a magic string to execute anything under the anonymous account of the IIS. The above screenshot shows a directory dump of C:\ of the IIS server in the web browser itself! This is just a simple example to demonstrate that the hacker can gain access to your web server s hard disk. Initially, this access is limited to the user rights of the IIS anonymous user account (IUSR_computername). Once the hacker has IIS anonymous access, he can easily upload an ASP file, which can escalate his access to SYSTEM privileges. Such an action would give him full access to the hacked computer, meaning he can do anything. Custom-made applications Some web site cracker groups prefer to produce their own applications to automate the process of defacing a web site. IIS Storm by m0sad One such group is M0sad, an Israeli hacker unit that developed and released a hacking tool
5 How to detect hackers on your web server 5 named IIS Storm v.2. An excerpt from the IIS Storm manual runs: IIS Storm is a tool made for Remote Web Site Defacement that is running IIS (Internet Information Server [NT platform]) and that also vulnerable to the Unicode Exploit. Tools such as this give full hacking capabilities to both skilled and unskilled hackers. IIS Storm also allows users to hide their original IP address through anonymous proxies, and to easily replace files on the target website with their own custom HTML pages. PoizonB0x, another notorious group of self-proclaimed cyber-terrorists and net-warriors, created iisautoexp.pl, an automated tool that handles all the legwork required to gain access and perform defacing operations. To deface a web site, all the malicious user has to do is give the name of the web site to the script and run it. If the web site is vulnerable to attack (that is, if it does not have the appropriate patches applied), the front page (index.htm, default.htm, default.asp or variants) is changed to read PoizonB0x Ownz YA. This way, hackers can create a batch file with the names of their target web sites, producing a mass defacement of IIS web servers. This script can be adapted and run on both Windows and UNIX machines. Knowing that your web server has been attacked is easy if your web page is defaced. However, many hackers prefer stealth and install a Trojan to siphon off data or perform other malicious activity. They will make sure not to leave any traces of their intrusion. Intrusion detection by monitoring key system files So how can one protect against this potential onslaught of attacks? Well, almost all exploit tools for IIS servers make use of one or more system files. By monitoring the activity on these files in real time, an administrator can catch a hacker red-handed. The following system files are frequently used by hacker tools: 1. cmd.exe: This is the command line emulation program in Windows; from here, users can administer the server 2. ftp.exe: The command line FTP client available with all Microsoft Windows platforms; hackers use this to obtain the files they need on the server machine from a remote FTP server 3. net.exe: This program enables machine administration; under the system account, hackers can use this tool to create backdoor users and groups, start and stop services, access other machines on the network, and more 4. ping.exe: This program simply sends an ICMP echo packet to remote hosts; hackers can use your server together with other vulnerable servers to run ping against a target host, thus creating a DDoS (Distributed Denial of Service attack) on the target 5. tftp.exe: This is a TFTP client that is also available with all Microsoft Windows machines; some hackers prefer this to ftp.exe and will use it to get the files they need to further
6 How to detect hackers on your web server 6 penetrate the IIS server. When a cracker runs cmd.exe using the UNICODE exploit, it is actually run by the Internet Guest Account (IUSR_machinename). Since this user has no business running this file, a network-wide event log monitor such as GFI LANguard S.E.L.M. can log any events in which this account runs cmd.exe. This way, GFI LANguard S.E.L.M. can immediately inform the administrator of the intrusion. Buffer overflow attacks obtain the SYSTEM account instead. This means that from here, the malicious user who has already intruded the machine can change to any other user and basically do anything that the operating system itself can. However if GFI LANguard S.E.L.M. is enabled to monitor cmd.exe and log whenever the SYSTEM account has accessed this file, the network administrator will now be able to detect such activity - because to change to another user, tools make use of the command line itself. How to detect attacks on your server After examining how intruders operate, administrators can now configure their server and GFI LANguard S.E.L.M. to catch hackers red-handed. Step 1: Configuring your web server to audit objects To monitor commonly used files, object auditing must be enabled in Windows web servers. Audit Policy object access If the web server is a standalone server, to enable object auditing, you must: 1. Go to the Administrative Tools Local Security Policy 2. Select Local Policies and then Audit Policy
7 How to detect hackers on your web server 7 3. Double-click on Audit Object Access and select Success and Failure. If the web server is part of the domain, you must enable object auditing as a Domain Policy (rather than just Local Policy). This is done in the same manner via Administrative Tools Domain Security Policy. Once that is done, the files you want to audit must be specified. In this case we want to audit: cmd.exe, ftp.exe, net.exe, ping.exe and tftp.exe. The auditing tab To enable object access auditing to log each time the SYSTEM account and Internet guest account attempt to run cmd.exe: 1. Right-click on cmd.exe and select Properties 2. Next select the Security tab and click on Advanced 3. Select the Auditing tab and click on Add 4. Now you can enter which users should get logged when they try to access the Object (cmd.exe): Select the SYSTEM account 5. To enable full auditing on cmd.exe / SYSTEM account, select all Successful and Failed options
8 How to detect hackers on your web server 8 6. Press OK, select Add and do the same for the IUSR account. 7. This procedure must be followed for ftp.exe, net.exe, ping.exe, and tftp.exe. Access to these files by the System or IUSR account will now be logged to the security event log. Configuring auditing Step 2: Configuring GFI LANguard S.E.L.M. to monitor for these events and alert administrator Now you have configured file access auditing, you must configure GFI LANguard S.E.L.M. to detect these security events:
9 How to detect hackers on your web server 9 GFI LANguard S.E.L.M configuration console 1. In the GFI LANguard S.E.L.M. Configuration, ensure that the web server is listed in the Computers to monitor node 2. Now go to the Event Processing Rules > Security Event Log > Object Access node. Select the node, right-click and select New > Processing rule 3. Click on add, and add the events numbered 560 and 562. These events will identify an intrusion. Event 560: Object Open Meaning the object (e.g. cmd.exe was run) was accessed, and Event 562: Handle Closed Meaning that the object is no longer in use (e.g. Cmd.exe was closed) 4. By default the rule will be applied to all computers that GFI LANguard SELM monitors. To specify the web server only, go to the general tab and specify the web server computer name. Specify a clear description too 5. Click on OK to add the rule.
10 How to detect hackers on your web server 10 Creating a new object access rule GFI LANguard S.E.L.M. will now monitor your web server for these events, and if CMD.exe is run, it will notify you immediately! Step 3: Testing your new IDS Once you have configured the above, you can test it. You can do this by creating a new ASP script. If you have properly set up your auditing policies and enabled object access on the indicated files, this script will create and trigger an object audit rule. GFI LANguard S.E.L.M will then collect the generated event from the security event log, and because a matching rule exists it will send an alert to the administrator to advise that cmd.exe has been accessed. The script below will simply run cmd.exe and make a directory listing of the C:\ in the background. You can place this file on your IIS server and try to access it via the web browser. <%@ Language=VBScript %> <%' ' SELM_test.asp : used to test Languard S.E.L.M ' By : Sandro Gauci <Sandro@gfi.com> ' Co : GFi
11 How to detect hackers on your web server 11 ' Dim oscript On Error Resume Next Set oscript = Server.CreateObject("WSCRIPT.SHELL") Call oscript.run ("cmd.exe /c dir C:\", 0, True) %> <HTML> <BODY> You should now receive an alert from GFI LANguard S.E.L.M </BODY> </HTML> This ASP script can be downloaded from: ftp.gfi.com/testselm.zip About GFI LANguard Security Event Log Monitor (S.E.L.M.) GFI LANguard Security Event Log Monitor (S.E.L.M.) performs event log based intrusion detection and network-wide event log management. GFI LANguard S.E.L.M. archives and analyzes the event logs of all network machines and alerts you in real time to security issues, attacks and other critical events. GFI LANguard S.E.L.M.'s intelligent analysis means you do not need to be an 'Event Guru' to be able to: Monitor users attempting to access secured shares and confidential files; Monitor critical servers and create alerts for specific events and conditions occurring on your network; Back up and clear event logs automatically on remote machines; Detect attacks using local user accounts; and much more! For more info on GFI LANguard S.E.L.M. and to download your free trial, please visit
12 How to detect hackers on your web server 12 About GFI GFI is a leading provider of network security, content security and messaging software. Key products include the GFI FAXmaker fax connector for Exchange and SMTP mail servers; GFI MailSecurity content/exploit checking and anti-virus software; GFI MailEssentials serverbased anti-spam software; GFI MailArchiver an archiving solution; GFI LANguard Network Security Scanner (N.S.S.) security scanning and patch management software; GFI Network Server Monitor that automatically sends alerts, and corrects network and server issues; GFI LANguard Security Event Log Monitor (S.E.L.M.) that performs event log based intrusion detection and network-wide event log management; GFI EndPointSecurity that enables network-wide control of removable media[angelica@gfi.com] and GFI WebMonitor, HTTP/FTP monitoring and anti-virus software for ISA Server. Clients include Microsoft, Telstra, Time Warner Cable, NASA, DHL, Caterpillar, BMW, the US IRS, and the USAF. GFI has offices in the US, the UK, Germany, Cyprus, Romania, Australia and Malta, and operates through a worldwide network of distributors. GFI is a Microsoft Gold Certified Partner and has won the Microsoft Fusion (GEM) Packaged Application Partner of the Year award. For more information about GFI, visit GFI Software Ltd. All rights reserved. The information contained in this document represents the current view of GFI on the issues discussed as of the date of publication. Because GFI must respond to changing market conditions, it should not be interpreted to be a commitment on the part of GFI, and GFI cannot guarantee the accuracy of any information presented after the date of publication. This White Paper is for informational purposes only. GFI MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. GFI, GFI EndPointSecurity, GFI FAXmaker, GFI MailEssentials, GFI MailSecurity, GFI MailArchiver, GFI LANguard, GFI Network Server Monitor, GFI WebMonitor and their product logos are either registered trademarks or trademarks of GFI Software Ltd. in the United States and/or other countries. All product or company names mentioned herein may be the trademarks of their respective owners.
Installing GFI FAXmaker version 12
Installing GFI FAXmaker version 12 How to install GFI FAXmaker version 12 on the same machine as the SMTP server (non-exchange 2000/2003) This white paper explains how to install GFI FAXmaker for Exchange/SMTP
More informationPatch management with GFI LANguard N.S.S. & Microsoft SUS
Patch management with GFI LANguard N.S.S. & Microsoft SUS A cost-effective and easy solution for network-wide patch management This white paper provides an overview of how to use GFI LANguard Network Security
More informationGFI FAXmaker for Exchange/SMTP 12: An introduction to the architecture and deployment options
GFI FAXmaker for Exchange/SMTP 12: An introduction to the architecture and deployment options An overview of how GFI FAXmaker works, and how to deploy it This white paper describes the different ways in
More informationWhy Bayesian filtering is the most effective anti-spam technology
Why Bayesian filtering is the most effective anti-spam technology Achieving a 98%+ spam detection rate using a mathematical approach This white paper describes how Bayesian filtering works and explains
More informationNetwork fax technology A primer
Network fax technology A primer Choosing the right fax server software and hardware A fax server buyers guide, this paper describes the features you need to look for in fax server software and why. It
More informationPatch management with GFI LANguard and Microsoft WSUS
A cost-effective and easy solution for network-wide patch management This white paper provides an overview of how to use GFI LANguard and Microsoft Windows Software Update Services (WSUS) to keep your
More informationDeploying GFI LANguard S.E.L.M.
Deploying GFI LANguard S.E.L.M. Design overview & deployment strategies This white paper gives an overview of how GFI LANguard S.E.L.M. works and discusses installation and deployment issues, enabling
More informationPatch management with GFI LANguard N.S.S. & Microsoft WSUS
Patch management with GFI LANguard N.S.S. & Microsoft WSUS A cost-effective and easy solution for network-wide patch management This white paper provides an overview of how to use GFI LANguard Network
More informationHow to perform network-wide security event log monitoring
How to perform network-wide security event log monitoring Using GFI LANguard S.E.L.M. for intrusion detection and essential auditing of security event logs This white paper explains the need to monitor
More informationHow To Block Ndr Spam
How to block NDR spam Spam generates an enormous amount of traffic that is both time-consuming to handle and resource intensive. Apart from that, a large number of organizations have been victims of NDR
More informationPatch management with GFI LanGuard and Microsoft WSUS
GFI White Paper Patch management with GFI LanGuard and Microsoft WSUS A cost-effective and easy solution for network-wide patch management This white paper provides an overview of how to use GFI LanGuard
More information4. Getting started: Performing an audit
4. Getting started: Performing an audit Introduction Security scans enable systems administrators to identify and assess possible risks within a network. Through GFI LANguard N.S.S. this is performed automatically,
More informationPod Slurping An easy technique for stealing data
Pod Slurping An easy technique for stealing data The problem with uncontrolled use of ipods, USB sticks and flash drives on your network A common misconception is that perimeter security measures such
More informationGFI Product Manual. Administration and Configuration Manual
GFI Product Manual Administration and Configuration Manual http://www.gfi.com info@gfi.com The information and content in this document is provided for informational purposes only and is provided "as is"
More informationInstalling GFI LANguard Network Security Scanner
Installing GFI LANguard Network Security Scanner System requirements Install GFI LANguard Network Security Scanner on a computer which meets the following requirements: Windows 2000 (SP4) / XP (SP2) /
More informationNetwork Fax Technology
Network fax technology A primer Choosing the right fax server software and hardware A fax server buyers guide, this paper describes the features you need to look for in fax server software and why. It
More informationGFI LANguard Network Security Scanner 3.3. Manual. By GFI Software Ltd.
GFI LANguard Network Security Scanner 3.3 Manual By GFI Software Ltd. GFI SOFTWARE Ltd. http://www.gfi.com E-mail: info@gfi.com Information in this document is subject to change without notice. Companies,
More information2. Installing GFI LANguard Network Security Scanner
2. Installing GFI LANguard Network Security Scanner System requirements Install GFI LANguard N.S.S on a computer that meets the following requirements: Windows 2000 (SP4), XP (SP2), 2003, 2008, VISTA (SP1),
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationGFI Product Manual. Administration and Configuration Manual
GFI Product Manual Administration and Configuration Manual http://www.gfi.com info@gfi.com The information and content in this document is provided for informational purposes only and is provided "as
More information1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained
home Network Vulnerabilities Detail Report Grouped by Vulnerability Report Generated by: Symantec NetRecon 3.5 Licensed to: X Serial Number: 0182037567 Machine Scanned from: ZEUS (192.168.1.100) Scan Date:
More informationSetting and Checking LISTSERV www Interface Permissions Windows Server 2012 with IIS 8.x Last Updated: 20 Mar 2014
Setting and Checking LISTSERV www Interface Permissions Windows Server 2012 with IIS 8.x Last Updated: 20 Mar 2014 These instructions apply only to Windows Server 2012 with Internet Information Server
More informationKaseya Server Instal ation User Guide June 6, 2008
Kaseya Server Installation User Guide June 6, 2008 About Kaseya Kaseya is a global provider of IT automation software for IT Solution Providers and Public and Private Sector IT organizations. Kaseya's
More informationWeb Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability
Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability WWW Based upon HTTP and HTML Runs in TCP s application layer Runs on top of the Internet Used to exchange
More informationThe need for effective event management
The need for effective event management Challenges, strategies and solutions to effective event management GFI EventsManager is based on the simple fact that event log management is an indispensable tool
More informationNetwork and Host-based Vulnerability Assessment
Network and Host-based Vulnerability Assessment A guide for information systems and network security professionals 6600 Peachtree-Dunwoody Road 300 Embassy Row Atlanta, GA 30348 Tel: 678.443.6000 Toll-free:
More informationGFI MailSecurity 10.1 for Exchange/SMTP User Guide
GFI MailSecurity 10.1 for Exchange/SMTP User Guide http://www.gfi.com Email: info@gfi.com Information in this document is subject to change without notice. Companies, names, and data used in examples
More informationInstalling GFI MailSecurity
Installing GFI MailSecurity Introduction This chapter explains how to install and configure GFI MailSecurity. You can install GFI MailSecurity directly on your mail server or you can choose to install
More informationHow to keep spam off your network
What features to look for in anti-spam technology A buyers guide to anti-spam software, this white paper highlights the key features to look for in anti-spam software and why. GFI Software www.gfi.com
More informationThe Microsoft JPEG Vulnerability and the Six New Content Security Requirements
The Microsoft JPEG Vulnerability and the Six New Content Security Requirements Table of Contents OVERVIEW...3 1. THE VULNERABILITY DESCRIPTION...3 2. NEEDED: A NEW PARADIGM IN CONTENT SECURITY...4 3. PRACTICAL
More informationBasic Exchange Setup Guide
Basic Exchange Setup Guide The following document and screenshots are provided for a single Microsoft Exchange Small Business Server 2003 or Exchange Server 2007 setup. These instructions are not provided
More informationN-CAP Users Guide Everything You Need to Know About Using the Internet! How Firewalls Work
N-CAP Users Guide Everything You Need to Know About Using the Internet! How Firewalls Work How Firewalls Work By: Jeff Tyson If you have been using the internet for any length of time, and especially if
More informationHow To Use Gfi Mailarchiver On A Pc Or Macbook With Gfi Email From A Windows 7.5 (Windows 7) On A Microsoft Mail Server On A Gfi Server On An Ipod Or Gfi.Org (
GFI MailArchiver for Exchange 4 Manual By GFI Software http://www.gfi.com Email: info@gfi.com Information in this document is subject to change without notice. Companies, names, and data used in examples
More informationWindows Security Scoring Tool Implementation Guide v2.0.1
Windows Security Scoring Tool v2.0.1 By Kerry Steele Win2K-Feedback@cisecurity.org Terms of Use Agreement 1. Grant of Permission to use the Windows 2000 Download Package consisting of the Windows 2000
More informationIDS and Penetration Testing Lab ISA 674
IDS and Penetration Testing Lab ISA 674 Ethics Statement Network Security Student Certification and Agreement I,, hereby certify that I read the following: University Policy Number 1301: Responsible Use
More informationFifty Critical Alerts for Monitoring Windows Servers Best practices
Fifty Critical Alerts for Monitoring Windows Servers Best practices The importance of consolidation, correlation, and detection Enterprise Security Series White Paper 6990 Columbia Gateway Drive, Suite
More informationThe Essentials Series. PCI Compliance. sponsored by. by Rebecca Herold
The Essentials Series PCI Compliance sponsored by by Rebecca Herold Using PCI DSS Compliant Log Management to Identify Attacks from Outside the Enterprise...1 Outside Attacks Impact Business...1 PCI DSS
More informationMy FreeScan Vulnerabilities Report
Page 1 of 6 My FreeScan Vulnerabilities Report Print Help For 66.40.6.179 on Feb 07, 008 Thank you for trying FreeScan. Below you'll find the complete results of your scan, including whether or not the
More informationITEC441- IS Security. Chapter 15 Performing a Penetration Test
1 ITEC441- IS Security Chapter 15 Performing a Penetration Test The PenTest A penetration test (pentest) simulates methods that intruders use to gain unauthorized access to an organization s network and
More informationGFI Product Manual. Administrator Guide for ISA/TMG
GFI Product Manual Administrator Guide for ISA/TMG The information and content in this document is provided for informational purposes only and is provided "as is" with no warranty of any kind, either
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationPort Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology
Port Scanning and Vulnerability Assessment ECE4893 Internetwork Security Georgia Institute of Technology Agenda Reconnaissance Scanning Network Mapping OS detection Vulnerability assessment Reconnaissance
More informationGFI Product Manual. Deployment Guide
GFI Product Manual Deployment Guide http://www.gfi.com info@gfi.com The information and content in this document is provided for informational purposes only and is provided "as is" with no warranty of
More informationEvaluation Guide. Evaluator s Guide to Get the Maximum Benefit Out of a GFI LanGuard Trial
Evaluation Guide Evaluator s Guide to Get the Maximum Benefit Out of a GFI LanGuard Trial The information and content in this document is provided for informational purposes only and is provided "as is"
More informationGFI Product Manual. Getting Started Guide
GFI Product Manual Getting Started Guide http://www.gfi.com info@gfi.com The information and content in this document is provided for informational purposes only and is provided "as is" with no warranty
More informationTHE ROLE OF IDS & ADS IN NETWORK SECURITY
THE ROLE OF IDS & ADS IN NETWORK SECURITY The Role of IDS & ADS in Network Security When it comes to security, most networks today are like an egg: hard on the outside, gooey in the middle. Once a hacker
More informationProduct comparison. GFI LanGuard 2014 vs. Microsoft Windows Server Update Services 3.0 SP2
Product comparison GFI LanGuard 2014 vs. Microsoft Windows Server Update Services 3.0 SP2 General features GFI LanGuard 2014 Microsoft WSUS 3.0 SP2 Scheduled scans Agent-less r Agent-based Integration
More informationWeb Plus Security Features and Recommendations
Web Plus Security Features and Recommendations (Based on Web Plus Version 3.x) Centers for Disease Control and Prevention National Center for Chronic Disease Prevention and Health Promotion Division of
More informationClient logo placeholder XXX REPORT. Page 1 of 37
Client logo placeholder XXX REPORT Page 1 of 37 Report Details Title Xxx Penetration Testing Report Version V1.0 Author Tester(s) Approved by Client Classification Confidential Recipient Name Title Company
More informationAttachment spam the latest trend
the latest trend Spammers using common file formats as attachments for pumpand-dump scams This white paper explains what makes spam such an unbearable problem and how spamming tactics are evolving daily
More informationPenetration Testing. NTS330 Unit 1 Penetration V1.0. February 20, 2011. Juan Ortega. Juan Ortega, juaorteg@uat.edu. 1 Juan Ortega, juaorteg@uat.
1 Penetration Testing NTS330 Unit 1 Penetration V1.0 February 20, 2011 Juan Ortega Juan Ortega, juaorteg@uat.edu 1 Juan Ortega, juaorteg@uat.edu 2 Document Properties Title Version V1.0 Author Pen-testers
More informationCertified Ethical Hacker (CEH)
Certified Ethical Hacker (CEH) Course Number: CEH Length: 5 Day(s) Certification Exam This course will help you prepare for the following exams: Exam 312 50: Certified Ethical Hacker Course Overview The
More informationInstalling GFI MailArchiver
Installing GFI MailArchiver Introduction This chapter highlights important points you should take into consideration before installing GFI MailArchiver on your network, so that you can make the best decisions
More informationIDS and Penetration Testing Lab ISA656 (Attacker)
IDS and Penetration Testing Lab ISA656 (Attacker) Ethics Statement Network Security Student Certification and Agreement I,, hereby certify that I read the following: University Policy Number 1301: Responsible
More informationEndpoint Security Console. Version 3.0 User Guide
Version 3.0 Table of Contents Summary... 2 System Requirements... 3 Installation... 4 Configuring Endpoint Security Console as a Networked Service...5 Adding Computers, Groups, and Users...7 Using Endpoint
More informationStep-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses
Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses 2004 Microsoft Corporation. All rights reserved. This document is for informational purposes only.
More informationIntegrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com
SAINT Integrated Network Vulnerability Scanning and Penetration Testing www.saintcorporation.com Introduction While network vulnerability scanning is an important tool in proactive network security, penetration
More informationCreating and Configuring Web Sites in Windows Server 2003
Page 1 of 18 Admin KnowledgeBase Articles & Tutorials Authors Hardware Links Message Boards Newsletters Software Control USB stick usage - Network-wide control with LANguard PSC. - Dl Admin KnowledgeBase
More informationGFI Product Manual. GFI MailEssentials Administrator Guide
GFI Product Manual GFI MailEssentials Administrator Guide The information and content in this document is provided for informational purposes only and is provided "as is" with no warranty of any kind,
More informationInstalling GFI MailSecurity
Installing GFI MailSecurity Introduction This chapter explains how to install and configure GFI MailSecurity. You can install GFI MailSecurity directly on your mail server or you can choose to install
More information2X SecureRemoteDesktop. Version 1.1
2X SecureRemoteDesktop Version 1.1 Website: www.2x.com Email: info@2x.com Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious
More informationPension Benefit Guaranty Corporation. Office of Inspector General. Evaluation Report. Penetration Testing 2001 - An Update
Pension Benefit Guaranty Corporation Office of Inspector General Evaluation Report Penetration Testing 2001 - An Update August 28, 2001 2001-18/23148-2 Penetration Testing 2001 An Update Evaluation Report
More informationUpgrade Guide. CA Application Delivery Analysis 10.1
Upgrade Guide CA Application Delivery Analysis 10.1 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is
More informationSecure Web Service - Hybrid. Policy Server Setup. Release 9.2.5 Manual Version 1.01
Secure Web Service - Hybrid Policy Server Setup Release 9.2.5 Manual Version 1.01 M86 SECURITY WEB SERVICE HYBRID QUICK START USER GUIDE 2010 M86 Security All rights reserved. 828 W. Taft Ave., Orange,
More informationSymantec Database Security and Audit 3100 Series Appliance. Getting Started Guide
Symantec Database Security and Audit 3100 Series Appliance Getting Started Guide Symantec Database Security and Audit 3100 Series Getting Started Guide The software described in this book is furnished
More informationWHITE PAPER. An Introduction to Network- Vulnerability Testing
An Introduction to Network- Vulnerability Testing C ONTENTS + Introduction 3 + Penetration-Testing Overview 3 Step 1: Defining the Scope 4 Step 2: Performing the Penetration Test 5 Step 3: Reporting and
More informationInstalling GFI MailArchiver
Installing GFI MailArchiver Introduction This chapter highlights important points you should take into consideration before installing GFI MailArchiver on your network, so that you can make the best decisions
More informationGFI White Paper PCI-DSS compliance and GFI Software products
White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption
More informationProduct comparison. GFI LanGuard 2014 vs. Microsoft Windows InTune (October 2013 Release)
Product comparison GFI LanGuard 2014 vs. Microsoft Windows InTune (October 2013 Release) GFI LanGuard 2014 Windows Intune General features Scheduled scans Agent-less r Agent-based Integration with Active
More informationProduct Manual. Administration and Configuration Manual
Product Manual Administration and Configuration Manual http://www.gfi.com info@gfi.com The information and content in this document is provided for informational purposes only and is provided "as is" with
More informationGFI Product Manual. ReportPack Manual
GFI Product Manual ReportPack Manual http://www.gfi.com info@gfi.com The information and content in this document is provided for informational purposes only and is provided "as is" with no warranty of
More informationEvaluation guide. Evaluator s guide to getting the maximum benefit out of a GFI LanGuard trial
Evaluation guide Evaluator s guide to getting the maximum benefit out of a GFI LanGuard trial Contents GFI LanGuard 2012 evaluation guide 1 Introduction 4 GFI LanGuard overview 4 Why do customers purchase
More informationWeb Application Security
E-SPIN PROFESSIONAL BOOK Vulnerability Management Web Application Security ALL THE PRACTICAL KNOW HOW AND HOW TO RELATED TO THE SUBJECT MATTERS. COMBATING THE WEB VULNERABILITY THREAT Editor s Summary
More informationGFI Product Manual. Web security, monitoring and Internet access control. Administrator Guide
GFI Product Manual Web security, monitoring and Internet access control Administrator Guide The information and content in this document is provided for informational purposes only and is provided "as
More informationSecuring Database Servers. Database security for enterprise information systems and security professionals
Securing Database Servers Database security for enterprise information systems and security professionals Introduction: Database servers are the foundation of virtually every Electronic Business, Financial,
More informationNorton Personal Firewall for Macintosh
Norton Personal Firewall for Macintosh Evaluation Guide Firewall Protection for Client Computers Corporate firewalls, while providing an excellent level of security, are not always enough protection for
More informationGFI Product Manual. Evaluation Guide Part 1: Quick Install
GFI Product Manual Evaluation Guide Part 1: Quick Install The information and content in this document is provided for informational purposes only and is provided "as is" with no warranty of any kind,
More informationGFI White Paper: GFI FaxMaker and HIPAA compliance
GFI White Paper: GFI FaxMaker and HIPAA compliance This document outlines the requirements of HIPAA in terms of faxing protected health information and how GFI Software s GFI FaxMaker, an easy-to-use fax
More informationManual. By GFI Software Ltd. GFI Network Server Monitor
GFI Network Server Monitor 6 Manual By GFI Software Ltd. GFI Network Server Monitor Contents i http://www.gfi.com Email: info@gfi.com Information in this document is subject to change without notice. Companies,
More informationHP ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide
HP ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide Product overview... 3 Vulnerability scanning components... 3 Vulnerability fix and patch components... 3 Checklist... 4 Pre-installation
More informationBitrix Site Manager ASP.NET. Installation Guide
Bitrix Site Manager ASP.NET Installation Guide Contents Introduction... 4 Chapter 1. Checking for IIS Installation... 5 Chapter 2. Using An Archive File to Install Bitrix Site Manager ASP.NET... 7 Preliminary
More informationSophos for Microsoft SharePoint startup guide
Sophos for Microsoft SharePoint startup guide Product version: 2.0 Document date: March 2011 Contents 1 About this guide...3 2 About Sophos for Microsoft SharePoint...3 3 System requirements...3 4 Planning
More informationVulnerability Assessment and Penetration Testing
Vulnerability Assessment and Penetration Testing Module 1: Vulnerability Assessment & Penetration Testing: Introduction 1.1 Brief Introduction of Linux 1.2 About Vulnerability Assessment and Penetration
More informationBasic Exchange Setup Guide
Basic Exchange Setup Guide The following document and screenshots are provided for a single Microsoft Exchange Small Business Server 2003 or Exchange Server 2007 setup. These instructions are not provided
More informationHow to configure IBM iseries (formerly AS/400) event collection with Audit and GFI EventsManager
GFI White Paper How to configure IBM iseries (formerly AS/400) event collection with Audit and GFI EventsManager This document explains how to configure and use GFI EventsManager to collect IBM iseries
More informationWindows Remote Access
Windows Remote Access A newsletter for IT Professionals Education Sector Updates Issue 1 I. Background of Remote Desktop for Windows Remote Desktop Protocol (RDP) is a proprietary protocol developed by
More informationIntrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks
Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323
More informationRelease Notes for Websense Email Security v7.2
Release Notes for Websense Email Security v7.2 Websense Email Security version 7.2 is a feature release that includes support for Windows Server 2008 as well as support for Microsoft SQL Server 2008. Version
More informationDell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide
Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your computer.
More informationGFI Product Guide. GFI MailArchiver Archive Assistant
GFI Product Guide GFI MailArchiver Archive Assistant The information and content in this document is provided for informational purposes only and is provided "as is" with no warranty of any kind, either
More informationIntelligent Power Protector User manual extension for Microsoft Virtual architectures: Hyper-V 6.0 Manager Hyper-V Server (R1&R2)
Intelligent Power Protector User manual extension for Microsoft Virtual architectures: Hyper-V 6.0 Manager Hyper-V Server (R1&R2) Hyper-V Manager Hyper-V Server R1, R2 Intelligent Power Protector Main
More informationAN OVERVIEW OF VULNERABILITY SCANNERS
AN OVERVIEW OF VULNERABILITY SCANNERS February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole
More informationGFI Product Comparison. GFI LanGuard 2011 vs Retina Network Security Scanner 5.12.1
GFI Product Comparison GFI LanGuard 2011 vs Retina Network Security Scanner 5.12.1 General features GFI LanGuard 2011 Retina 5.12.1 Scheduled scans Agent-less Agent-based Integration with Active Directory
More informationNETWRIX CHANGE NOTIFIER
NETWRIX CHANGE NOTIFIER FOR SQL SERVER QUICK-START GUIDE Product Version: 2.6.194 February 2014. Legal Notice The information in this publication is furnished for information use only, and does not constitute
More informationManaged Antivirus Quick Start Guide
Quick Start Guide Managed Antivirus In 2010, GFI Software enhanced its security product offering with the acquisition of Sunbelt Software and specifically its VIPRE product suite. Like GFI Software, Sunbelt
More informationINSIDE. Malicious Threats of Peer-to-Peer Networking
Symantec Security Response WHITE PAPER Malicious Threats of Peer-to-Peer Networking by Eric Chien, Symantec Security Response INSIDE Background Protocols New Vector of Delivery Malicious Uses of Peer-to-Peer
More informationHands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities
Objectives After reading this chapter and completing the exercises, you will be able to: Describe vulnerabilities of Windows and Linux operating systems Identify specific vulnerabilities and explain ways
More informationConfiguring the Outlook 2003 RPC over HTTP Client
Anti Spam Articles Authors Books Discussion List FAQs Hardware Links Message Boards Newsletter Services Software GFI FAXmaker - The #1 Fax Connector for Exchange! Dld Eval Anti Spam Section Articles &
More informationWhen attackers have reached this stage, it is not a big issue for them to transfer data out. Spencer Hsieh Trend Micro threat researcher
TrendLabs When attackers have reached this stage, it is not a big issue for them to transfer data out. Spencer Hsieh Trend Micro threat researcher Advanced persistent threats (APTs) refer to a category
More informationGFI White Paper. Vulnerability scanning Your company s personal virtual security consultant
GFI White Paper Vulnerability scanning Your company s personal virtual security consultant Contents Introduction 3 Automating the vulnerability discovery process 3 The cost of an exploited vulnerability
More information