Author : Admin
MS SQL Server divides it’s authorization architecture into statement permission and object permission. In the MS SQL Server there are three types of permissions : GRANT, REVOKE AND DENY. With statement permissions allow user to create, alter and drop objects in the database, such as CREATE DATABASE, CREATE FUNCTION, CREATE PROCEDURE and others. In the object permission, allow user to perform operations that use the objects in the dataset such as SELECT, INSERT, DELETE and others.
In the MS SQL Server, each database has a set of ten built-in roles : public, db_owner, db_accessadmin, db_securityadmin, db_ddladmin, db_backupoperator, db_datareader, db_datawriter, db_dennydatareader, db_denydatawriter. … continue reading : Hardening MS SQL Server Security with Database Roles.
Author : Admin
The first step to securing MS SQL server security is Login Security. So, we will spend a lot of time ensuring unauthorized user never log into MS SQL Server successfully. The Login process is comparing account names and password in the list of authorized users, we need to prevent account name and password from being stolen by the wrong people.
In the MS SQL Server, there are some roles that represent server administrator tasks and we more granular control over what the administrator can do. We can classify of the fix role in the MS SQL Server : Primary Server Roles and Secondary Server Roles. … continue reading : Fixed Database Roles in MS SQL Server Security.
Author : Admin
Password are the keys we use to access personal information that we’re stored on our computer and in our online accounts. So it’s very important for our privacy. Therefore, we must not give our password to anyone and write to anything that can be accessed by anyone.
In this discussion, we will talk about how to properly protect our password. This discussion is called : tips and tricks to protect our password. We hope this discussion, we can manage our account more safe and secure.
… continue reading : Tips and Tricks to Protect and Store Password.
Author : Admin
E-mail has become one of the communication tools that it is very important. However, there are several obstacles to make e-mail communication is very safe and secure. So, every organization and company must maintain robust e-mail security defenses. But it’s very harder to do, such as spam volumes are increasing, malware as attachment of e-mail becoming stealthier and more developer of malicious content are developing more effective ways to circumvent e-mail security defenses. So, it’s make e-mail security very expensive and difficult, really ? … continue reading : Tips and Tricks to Improve E-mail Security.
Author : Admin
In August 11, 2009, a vulnerability have been reported in 2Wire Modem Gateway. There is an authentication bypass vulnerability in the web administration that allow an attacker to set new password even if the password was previously set.
2Wire is the leading provider of intelligent service delivery platforms for the DSL broadband market. Its flagship products include the award-winning HomePortal residential gateways, the first to allow broadband subscribers to connect to the high-speed Internet with an integrated DSL modem, … continue reading : 2Wire Gateway Password Reset Vulnerability.
Author : Admin
SquirrelMail is one of the famous webmail package written in pure PHP and support standard e-mail protocol such as IMAP and SMTP protocols. In the SquirrelMain, all pages will render in pure HTML with no JavaScript Script enable required for maximum compatibility in all browsers.
In August 12, 2009, a vulnerability was reported at SquirrelMail which can be exploited by an attacker with Cross Site Request Forgery – CSRF technique. Find more information about this technique at Problem and Solution : Cross Site Request Forgery ( XSRF ). … continue reading : SquirrelMail Cross-Site Request Forgery CSRF Vunerability and Solution.
Author : Admin
In August 10th, 2009, a vulnerability was reported at Wordpress v2.8.3 which can be exploited by an attacker with a special crafted URL to bypass certain security restrictions.
An Attacker can sent request to Wordpress system with a special crafted URL to reset the password of the first user ( usually an Administrator site ) without the correct secret key. … continue reading : Wordpress Admin Password Vulnerability and Solutions.
Author : Admin
Domain concept in the Microsoft Windows was introduced by Microsoft in Windows NT technology such Windows NT 4.0, Windows 2000 and other Microsoft Windows based on NT. A domain defines as the first place a management boundary. It’s an administrative grouping of users, machines and resources that can be managed by the same domain administrator whereby a user may be granted access to a number of machines and resources with the use of a single username and password combination. It’s called single sign on ( SSO ). … continue reading : Basic Concept Domain Security Authority and Active Directory.
Author : Admin
In the Microsoft Windows operating system, there are two types of security authority : the local security authority and the domain security authority. In this discussion, we will explain Local Security Authority ( LSA ). Simple describe of Local Security Authority is a process in Microsoft Windows operating system that is responsible for enforcing the security policy on the system. The Local Security Authority will provides role in the authentication and authorization security process in the local machine, including the auditing policy, user logon, privileges and others rules of security policy. It also describes how to create and call authentication packages and security packages. … continue reading : Windows Security Authority with Local Security Authority LSA.
Author : Admin
In the previous discussion, overview, explanations and solutions malicious code, we already know the definition and types of malicious code and how to prevent this attack with simple solutions. In this discussion, we will discuss how step by step to combat malicious code attacks.
As Administrator or user, we should understand how basic steps contribute to the goal of countering malicious code attacks. See following list below for detail instructions how to combat malicious code. … continue reading : Step by Step to Combat Malicious Code Attacks.
