[ Pobierz całość w formacie PDF ]
.server.OverviewSee Also: public key cryptography, secret key encryp­Secure Windows Initiative (SWI) is part of a broadertion, server certificate, SSL accelerator, Transportsecurity initiative at Microsoft that includes theLayer Security (TLS)Microsoft Security Response Center (MSRC) and the299 Security+ Security Accounts Manager (SAM)Trustworthy Computing Initiative (TCI).The focus of way for individuals to demonstrate a basic level of com­SWI is to help product development teams at Microsoft petency in information systems security by passing adesign and build products that are secure from mali­ standardized exam covering five subject areas:cious attack.The SWI acts as a central security consult­Ï% general security conceptsing arm for developer teams and helps them writesecure code by implementing the following: Ï% communication securityÏ% Periodically running Security Review Days that Ï% infrastructure securityprovide instruction in different aspects of codeÏ% basics of cryptographysecurityÏ% operational/organizational securityÏ% Live and online presentations dealing with threatanalysis, coding practices, and secure application For More Informationconfiguration broadcast over the Microsoft intranet Visit www.comptia.org/certification/Security/ for moreinformation.Ï% Best practice documentation that records any codesecurity issues discovered in existing products and See Also: Certified Information Systems Security Pro­how to fix them fessional (CISSP), Global Information Assurance Cer­tification (GIAC)Ï% Improvements to Microsoft Developer Network(MSDN) and the platform software development kitSecurity Accounts(SDK) to include security issues for function callsManager (SAM)The SWI works together with MSRC to resolve securityThe database of local user accounts on Microsoftvulnerabilities when they are discovered in MicrosoftWindows NT or later.products.The SWI becomes involved at the beginningOverviewof each incident and helps triage the problem to deter-The Security Accounts Manager (SAM) database con­mine whether it is a security bug or some other issuetains security information for local user and groupand helps ensure the problem is addressed properly.accounts on standalone machines running Windows NT,For More InformationWindows 2000, Windows XP, and Windows ServerRead the book Writing Secure Code (Microsoft2003.The SAM database is implemented as a registryPress, 2002) by Michael Howard and David LeBlanc,hive named HKEY_LOCAL_MACHINE\SAM, whoseboth of whom are security experts with Microsoft.contents are not accessible using normal registry edit­ing tools while Windows is running.See Also: Microsoft Security Response Center(MSRC), Trustworthy Computing Initiative (TCI)The SAM database is a common target for attackers try­ing to compromise the security of a Windows machine,SSecurity+ and if they can gain access to the database, they willA vendor-neutral security certification developed by then try to extract password information from it usingthe Computing Technology Industry Association common password-cracking tools such as L0phtcrack(CompTIA).or John the Ripper.Ensuring the security of the data-base is therefore important, and one way of doing this isOverviewby using Syskey, a utility that uses strong encryption forSecurity+ is a widely recognized certification examstrengthening password security.developed in collaboration with IT (information tech­nology) security practitioners from industry, academia, The SAM database is mainly used on standaloneand government.The aim of Security+ is to provide a Windows machines belonging to a workgroup.When300 Security Administrator s Integrated Network Tool (SAINT) Security Auditor s Research Assistant (SARA)a member server is promoted to a domain controller, all For More Informationaccount information stored in the SAM is migrated to Visit www.saintcorporation.com for more information.the Active Directory directory service.The only timeSee Also: CERT Coordination Center (CERT/CC),the SAM is used on a domain controller is when anCommon Vulnerabilities and Exposures (CVE), portadministrator boots the domain controller into Directoryscanning, Security Auditor s Research AssistantServices Restore Mode or uses the Recovery Console.(SARA), System Administrator Tool for Analyzing Net-See Also: John the Ripper, L0phtcrack, password works (SATAN), vulnerabilitycracking, SyskeySecurity Assertion MarkupSecurity Administrator sLanguage (SAML)Integrated NetworkAn Extensible Markup Language (XML) dialect forTool (SAINT) exchanging security information.A tool for assessing the security of a network.OverviewSecurity Assertion Markup Language (SAML) is anOverviewXML language designed to allow Web services plat-Security Administrator s Integrated Network Toolforms from different vendors to interoperate in the area(SAINT) is a security auditing and assessment tool thatof security.Using SAML, a client can be authenticatedcan be used to identify vulnerabilities in networks soand authorized with a Web service using standard XMLthat their security can be enhanced.SAINT works bymessage formats that any SAML-compliant platformscanning networks to find live Internet Protocol (IP)can understand [ Pobierz caÅ‚ość w formacie PDF ]
  • zanotowane.pl
  • doc.pisz.pl
  • pdf.pisz.pl
  • odbijak.htw.pl