headers
Thor (Hammer of God | 20 Mar 2012 16:12

Regarding MS12-020

PoC code for MS12-020 (RDP) is obviously floating about, and many are still worried about worm activity
from this.

One of my criticisms about this industry is that rarely is mitigation information shared or discussed;
people seem to concentrate on breaking and not preventing exploitation.  I wanted to point out that anyone
who followed the processes or techniques in my RDP chapter of Thor's Microsoft Security Bible (or used the
tool I wrote for RDP access) would have been automatically protected from this vulnerability.  That is not
a point of ego, just a point of fact. 

If you are concerned with RDP security, as you should be, you can read most (if not all) of Chapter 7 for *free*
using the Amazon "preview a page" feature.  If the RDP vulnerabilities have caused you any level of
concern, then I suggest you do.  Like I said on the FD list, I'm far more concerned with making sure people get
the information they need (for free of course) than I am trying to earn a buck - anyone who knows me knows I've
always freely shared all information in an effort to contribute to security.

The first think I will tell you is to always use NLA (network level authentication).  It can be a very powerful
way to obviate exploitability.  The rest of the information is all right there gratis for your viewing
pleasure.  

If you are in a pinch and need help with any of this, I'll try my best to help if you want to ping me offline.   Thanks.
t

---------------------------
Timothy "Thor"  Mullen
www.hammerofgod.com

There's no need to think outside the box if you don't 
think yourself into to start with.
(Continue reading)

Permalink | Reply | 0 comments |
headers
wt521125 | 1 Mar 2011 02:45
Picon
Favicon

Re: Hardening Sharepoint 2010 on Win 2008 R2

Hello.

We have quite complex policy that is not possible to summarize on a
mailing list.
Some important point for me specific for this project (it is a public web
site):
- The front end on internet need to a have a secure in depth
configuration (if one level fail, I don't want to have all site
compromised).
I am looking both on configuration to be applied to the front end and
to the backend.
- I want to have a strong auditing level on who does what in changing
the content of the site to be able to analise possible
compromise/mistake with the change functionality.

Thank you.
Mamo

On Mon, Dec 20, 2010 at 8:02 AM, Anupam Kumar <anupam <at> kumargroups.org>
wrote:
> Hi Mamo,
>
> There is no definitive guide that can be given as it depends completely on
> the security policy of your company. I work for Capital One and almost
> everything is disabled due to security. However, I am also aware from past
> experiences that some companies hardly follow any hardening procedures. To
> answer your question better, please let us know what is your requirement.
> What kind of security are you looking at?
>
> Knowing this is critical before something can be suggested.
(Continue reading)

Permalink | Reply | 0 comments |
headers
wt521125 | 1 Mar 2011 02:45
Picon
Favicon

RE: Windows Server Roles

Hi all and thanks for your replys.
Mr. Koch, we'll use Windows server 2003 for new VM's.
We are planning to replace the W2K Domain Controller and convert the Windows
2003 to primary domain controller and virtualize a second domain controller
using Windows 2003 too and raise the domain functional level to 2003. 

Regards,
Alberto Medina

From: Steven J. Koch [mailto:steve.koch <at> gmail.com] 
Sent: Monday, December 13, 2010 2:10 PM
To: Alberto Medina
Cc: focus-ms <at> securityfocus.com
Subject: Re: Windows Server Roles

Alberto,

What version of Windows will you be using for the new virtual servers?

Kind regards,

Steven J. Koch
Systems Development Engineer

steve.koch <at> gmail.com

On Mon, Dec 13, 2010 at 11:19 AM, Alberto Medina <amedinaj <at> gmail.com> wrote:
Hi all,
I'm planning in migrating some servers to VM's for separate some roles and
for and replace some old servers. Currently we have 2 domain controllers,
(Continue reading)

Permalink | Reply | 1 comment |
headers
Shang Tsung | 17 Feb 2011 12:07
Picon

Bitlocker without PIN

Hello all,

We are on the process of setting up Bitlocker on our laptops for OS
encryption and we are wandering if we should set up a PIN or not. If
we do not, the attacker can get to Windows login screen, but this is
where he will stop.

What happens if he boots with a linux live CD/USB? Can he decrypt the
drive? The key is stored in the TPM. Does linux have access to the
TPM?

We are just not sure if the extra security worths having the users to
type 2 passwords to boot a laptop.

ST
Permalink | Reply | 17 comments |
headers
Laura A. Robinson | 9 Feb 2011 20:03
Favicon

RE: Administrator in Domain Admins group

Resending as there was a "failure to act" on the prior post and the points
are valid and important, IMO. :-)

Laura

-----Original Message-----
From: Laura A. Robinson [mailto:lrobinson <at> technologist.com] 
Sent: Monday, January 31, 2011 10:04 PM
To: 'Michael Sturtz'; 'Shang Tsung'; focus-ms <at> securityfocus.com
Subject: RE: Administrator in Domain Admins group

A couple of small corrections-
1. The built-in Administrator account cannot be deleted via normal
mechanisms. Any mechanisms that might work to delete the account would be
unsupported.
2. The Administrator account for the domain and the local Administrator
account for a DC booted into DSRM are not actually the same account. 

Thanks,

Laura

-----Original Message-----
From: listbounce <at> securityfocus.com [mailto:listbounce <at> securityfocus.com] On
Behalf Of Michael Sturtz
Sent: Monday, January 31, 2011 1:16 PM
To: Shang Tsung; focus-ms <at> securityfocus.com
Subject: RE: Administrator in Domain Admins group

The "Built in Administrator" account CAN be deleted however it is strongly
(Continue reading)

Permalink | Reply | 2 comments |
headers
Shang Tsung | 31 Jan 2011 16:58
Picon

Administrator in Domain Admins group

After an audit, I noticed that in the Domain Admins group of our
domain, there is an account named Administrator. As my engineers told
me, this account is created by default when you create a new domain
and cannot be deleted or disabled. Is this true? I am not convinced
yet.

We do not like general purpose accounts like this because we lose
accountability. I am pretty sure the password of that account is in
the hands of people who are not supposed to have it. Each domain admin
has his own account who is in the Domain Admins group, so there is no
need for this Administrator account.

Can we delete it? And if yes, what would be the consequences?

Thanks,
Shang Tsung
Permalink | Reply | 4 comments |
headers
im | 12 Jan 2011 18:28
Picon

Tor

Hello Everyone,

What are the security implications of running a Tor relay on a machine
behind a firewall?

Is  there a high probability of it being hacked somehow, and what does
one do to prevent that?

Thank you in advance for your time and advice.

mailto:im <at> anikin.us
Permalink | Reply | 4 comments |
headers
Edgar Zapata | 12 Jan 2011 18:18
Favicon

RE: HOW TO encrypt and store mail

Thanks Jide,

I read through this as you suggested:

http://www.entrust.com/pci-security.htm

Protect cardholder data. Entrust offers an encryption and content-control solution that can secure
cardholder data transmitted across public networks and embedded e-mail, as well as data stored on files,
folders, card-processing systems, Web servers, laptops, PDAs and more. Encryption can take place with
or without user intervention, and companies can choose to create a plan to encrypt some or all data at the
edges of the organization via a gateway-encryption server.

Does Entrust provide a means to encrypt mail stored in Exchange 2007?

Thank you.

________________________________

De: Jide Akinyemi [mailto:jideakinyemi <at> gmail.com] 
Enviado el: miƩrcoles, 12 de enero de 2011 18:12
Para: Edgar Zapata
CC: focus-ms <at> securityfocus.com
Asunto: Re: HOW TO encrypt and store mail

Use Secure TLS to communicate AND use PGP or Entrust to encrpyt your mails.

I work for a PCI Compliant company and also examine our PCI Compliance status quaterly.

 
On Wed, Jan 12, 2011 at 4:09 PM, Edgar Zapata <edgar.zapata <at> sitel.com> wrote:
(Continue reading)

Permalink | Reply | 1 comment |
headers
Edgar Zapata | 12 Jan 2011 17:09
Favicon

HOW TO encrypt and store mail

Hello,

We are looking for a solution to store and encrypt mails.

We need to comply with PCI (Payment Card Industry) standards.
We have Windows 2008 and Exchange 2007 SP2.

So far, we haven't found a way to encrypt and store mail in Exchange.
We'll be encrypting communications with TLS.

Plus, we need to use OE (Outlook Express) so we can use IMAP for
incoming mail and SMTP for outgoing e-mail.

Any ideas/suggestions are more than welcome.

Thank you.

**CONFIDENTIAL NOTICE** 
This e-mail and any files transmitted with it may contain PRIVILEGED or CONFIDENTIAL information and may
be read or used only by the intended recipient.  If you are not the intended recipient of the e-mail or any of 
its attachments, please be advised that you have received this e-mail in error and that any use,
dissemination, distribution, forwarding, printing, or copying of this e-mail or any attached files is
strictly prohibited.  If you have received this e-mail in error, please immediately purge it and all
attachments and notify the sender by reply e-mail.
Permalink | Reply | 16 comments |
headers
Rafael Correia | 20 Dec 2010 15:16
Picon
Gravatar

Re: Hardening Sharepoint 2010 on Win 2008 R2

Hi,

I don't know about SharePoint 2010, but about Windows 2008, you can
use the guide "Windows 2008 STIG - Version 6, Release 1.12".
http://iase.disa.mil/stigs/content_pages/windows_os_security.html

I hope this helps.

--
Rafael Correia

2010/12/19 mamo <mamo74 <at> gmail.com>:
> Hello.
>
> My company is working on the new internet web site.
> It is going to be based on Sharepoint 2010 on Windows 2008 R2.
>
> They are very new platform (very very new for me :-( ). Do you know of
> any hardening guide for Sharepoint 2010? Can you give me pointers on
> Windows 2008 Hardening or security checklist?
>
> Thank you in advance.
> Mamo
>
Permalink | Reply | 0 comments |
headers
mamo | 20 Dec 2010 12:24
Picon

Re: Hardening Sharepoint 2010 on Win 2008 R2

Hello.

We have quite complex policy that is not possible to summarize on a
mailing list.
Some important point for me specific for this project (it is a public web site):
- The front end on internet need to a have a secure in depth
configuration (if one level fail, I don't want to have all site
compromised).
I am looking both on configuration to be applied to the front end and
to the backend.
- I want to have a strong auditing level on who does what in changing
the content of the site to be able to analise possible
compromise/mistake with the change functionality.

Thank you.
Mamo

On Mon, Dec 20, 2010 at 8:02 AM, Anupam Kumar <anupam <at> kumargroups.org> wrote:
> Hi Mamo,
>
> There is no definitive guide that can be given as it depends completely on
> the security policy of your company. I work for Capital One and almost
> everything is disabled due to security. However, I am also aware from past
> experiences that some companies hardly follow any hardening procedures. To
> answer your question better, please let us know what is your requirement.
> What kind of security are you looking at?
>
> Knowing this is critical before something can be suggested.
>
> Regards
(Continue reading)

Permalink | Reply | 8 comments |

Gmane