Security Information and Review

Collection of security information and review

Archive for August, 2009

Hardening MS SQL Server Security with Database Roles

Author : Admin

MS SQL Server divides it’s authorization architecture into statement permission and object permission. In the MS SQL Server there are three types of permissions : GRANT, REVOKE AND DENY. With statement permissions allow user to create, alter and drop objects in the database, such as CREATE DATABASE, CREATE FUNCTION, CREATE PROCEDURE and others. In the object permission, allow user to perform operations that use the objects in the dataset such as SELECT, INSERT, DELETE and others.

In the MS SQL Server, each database has a set of ten built-in roles : public, db_owner, db_accessadmin, db_securityadmin, db_ddladmin, db_backupoperator, db_datareader, db_datawriter, db_dennydatareader, db_denydatawriter. … continue reading : Hardening MS SQL Server Security with Database Roles.

31 August 2009 at 23:47 - Comments

Fixed Database Roles in MS SQL Server Security

Author : Admin

The first step to securing MS SQL server security is Login Security. So, we will spend a lot of time ensuring unauthorized user never log into MS SQL Server successfully. The Login process is comparing account names and password in the list of authorized users, we need to prevent account name and password from being stolen by the wrong people.

In the MS SQL Server, there are some roles that represent server administrator tasks and we more granular control over what the administrator can do. We can classify of the fix role in the MS SQL Server : Primary Server Roles and Secondary Server Roles. … continue reading : Fixed Database Roles in MS SQL Server Security.

31 August 2009 at 21:41 - Comments

Tips and Tricks to Protect and Store Password

Author : Admin

Password are the keys we use to access personal information that we’re stored on our computer and in our online accounts. So it’s very important for our privacy. Therefore, we must not give our password to anyone and write to anything that can be accessed by anyone.

 

In this discussion, we will talk about how to properly protect our password. This discussion is called : tips and tricks to protect our password. We hope this discussion, we can manage our account more safe and secure.

… continue reading : Tips and Tricks to Protect and Store Password.

15 August 2009 at 20:42 - Comments

Tips and Tricks to Improve E-mail Security

Author : Admin

E-mail has become one of the communication tools that it is very important. However, there are several obstacles to make e-mail communication is very safe and secure. So, every organization and company must maintain robust e-mail security defenses. But it’s very harder to do, such as spam volumes are increasing, malware as attachment of e-mail becoming stealthier and more developer of malicious content are developing more effective ways to circumvent e-mail security defenses. So, it’s make e-mail security very expensive and difficult, really ? … continue reading : Tips and Tricks to Improve E-mail Security.

15 August 2009 at 17:51 - Comments

2Wire Gateway Password Reset Vulnerability

Author : Admin

In August 11, 2009, a vulnerability have been reported in 2Wire Modem Gateway. There is an authentication bypass vulnerability in the web administration that allow an attacker to set new password even if the password was previously set.

 

2Wire is the leading provider of intelligent service delivery platforms for the DSL broadband market. Its flagship products include the award-winning HomePortal residential gateways, the first to allow broadband subscribers to connect to the high-speed Internet with an integrated DSL modem, … continue reading : 2Wire Gateway Password Reset Vulnerability.

13 August 2009 at 04:23 - Comments

SquirrelMail Cross-Site Request Forgery CSRF Vunerability and Solution

Author : Admin

SquirrelMail is one of the famous webmail package written in pure PHP and support standard e-mail protocol such as IMAP and SMTP protocols. In the SquirrelMain, all pages will render in pure HTML with no JavaScript Script enable required for maximum compatibility in all browsers.

 

In August 12, 2009, a vulnerability was reported at SquirrelMail which can be exploited by an attacker with Cross Site Request Forgery – CSRF technique. Find more information about this technique at Problem and Solution : Cross Site Request Forgery ( XSRF ). … continue reading : SquirrelMail Cross-Site Request Forgery CSRF Vunerability and Solution.

13 August 2009 at 03:48 - Comments

Wordpress Admin Password Vulnerability and Solutions

Author : Admin

In August 10th, 2009, a vulnerability was reported at Wordpress v2.8.3 which can be exploited by an attacker with a special crafted URL to bypass certain security restrictions.

 

An Attacker can sent request to Wordpress system with a special crafted URL to reset the password of the first user ( usually an Administrator site ) without the correct secret key. … continue reading : Wordpress Admin Password Vulnerability and Solutions.

13 August 2009 at 03:03 - Comments

Basic Concept Domain Security Authority and Active Directory

Author : Admin

Domain concept in the Microsoft Windows was introduced by Microsoft in Windows NT technology such Windows NT 4.0, Windows 2000 and other Microsoft Windows based on NT. A domain defines as the first place a management boundary. It’s an administrative grouping of users, machines and resources that can be managed by the same domain administrator whereby a user may be granted access to a number of machines and resources with the use of a single username and password combination. It’s called single sign on ( SSO ). … continue reading : Basic Concept Domain Security Authority and Active Directory.

11 August 2009 at 14:58 - Comments

Windows Security Authority with Local Security Authority LSA

Author : Admin

In the Microsoft Windows operating system, there are two types of security authority : the local security authority and the domain security authority. In this discussion, we will explain Local Security Authority ( LSA ). Simple describe of Local Security Authority is a process in Microsoft Windows operating system that is responsible for enforcing the security policy on the system. The Local Security Authority will provides role in the authentication and authorization security process in the local machine, including the auditing policy, user logon, privileges and others rules of security policy. It also describes how to create and call authentication packages and security packages. … continue reading : Windows Security Authority with Local Security Authority LSA.

4 August 2009 at 01:10 - Comments

Step by Step to Combat Malicious Code Attacks

Author : Admin

In the previous discussion, overview, explanations and solutions malicious code, we already know the definition and types of malicious code and how to prevent this attack with simple solutions. In this discussion, we will discuss how step by step to combat malicious code attacks.

 

As Administrator or user, we should understand how basic steps contribute to the goal of countering malicious code attacks. See following list below for detail instructions how to combat malicious code. … continue reading : Step by Step to Combat Malicious Code Attacks.

3 August 2009 at 16:43 - Comments