|
|
Basic L2TP/IPSec Troubleshooting in Windows - If you're configuring your system to use L2TP/IPSec you might find this article useful. It describes the troubleshooting process related to this protocol, and contains many relevant links.
|
|
Diamond CS - This site has a lot of information and useful free tools, mainly related to networking and security. Examples of tools are OpenPorts, Autostart Viewer, DelLater, etc.
|
|
|
|
EtterCap tutorial - This site is a tutorial of EtterCap - an application for doing arp spoofing, password sniffing, HTTP hijacking, etc.
|
|
Foundstone - Foundstone is a division of McAfee that provides security solutions. Their site holds some good white papers as well as free security tools.
|
|
|
|
|
|
|
|
|
|
|
|
Kerberos Support on Windows 2000-Based Server Clusters - This article describes the Kerberos authentication support for Windows 2000-based server clusters that has been added in Windows 2000 Service Pack 3 (SP3). With versions of Windows 2000 earlier than SP3, the Cluster service does not publish Computer objects for virtual servers in Active Directory. This means that virtual servers authenticate only by using NTLM or NTLM version 2. With Windows 2000 SP3, you can configure virtual servers to permit clients to authenticate by using the Kerberos authentication protocol. If this is enabled, a Computer object is created for each corresponding Network Name resource.
|
|
|
|
MSA: Enterprise Data Center - The Microsoft Systems Architecture guidance addresses fundamental infrastructure issues such as availability, security, scalability, and manageability of the platform. It also supports the IT life cycle stages of plan, build, deploy, and operate. Additionally, the guidance is designed to be used at either a component level or as a comprehensive guide to building a complete infrastructure.
|
|
|
|
NTsecurity.com - Arne Vidstrom's site on NT security. Lots of interesting tools used for testing security and gaining hacker methodology insight.
|
|
|
|
|
|
SynAttackProtect - The SYN flooding attack protection feature of TCP detects symptoms of denial-of-service attacks (also known as SYN flooding), and it responds by reducing the time that the server spends on connection requests that it cannot acknowledge.
|
|
TechNet Virtual Labs - Ever wanted to test Microsoft's newest software in a sandbox environment? Wouldn't it be great to be able to test new servers immediately, without formatting hard drives or dedicating one or more computers to the project? Now you can, with the TechNet Virtual Labs.
|
|
|
|
Unpatched Internet Explorer security holes - This site tries to "put pressure on Microsoft, in the hope that they may patch the listed security holes". They list vulnerabilities on the latest version of IE running the latest hotfixes.
|
|
|
|
Windows Firewall Settings: Server Roles - This site shows details regarding various Microsoft applications and the protocols and ports that need to be added to the Windows Firewall exceptions list.
|
|
Windows Update Catalog - On this site you can search for hotfixes for the different Windows operating systems. Very useful if you're about to reinstall servers or clients and you want to update them to the latest hotfix level during the deployment process.
|
|
|
|
Incident Response: Managing Security at Microsoft - This white paper describes incident response and some best practices to follow for securing various technologies. It is used by the Information Security Organization (InfoSec) within Microsoft IT. It is intended for enterprise-level technology development managers (TDMs) and security managers.
|
|
Microsoft Exchange Server 2003 Security Hardening Guide - This guide is designed to provide you with essential information about how to harden your Microsoft Exchange Server 2003 environment. In addition to practical, hands-on configuration recommendations, this guide includes strategies for combating spam, viruses, and other external threats to your Exchange Server 2003 messaging system.
|
|
NSA Security Configuration Guides - In this collection of pdf files from NSA you can read about generel recommendations on the configuration of Windows servers and others. The guides for Windows Server 2003 are built on the Microsoft Security Guides.
|
|
|
|
Windows 2000 Kerberos Authentication - Microsofts official white paper on Kerberos version 5, the new authentication protocol on Windows 2000. Nice explanation of concepts like Key Distribution Center, Ticket Granting Ticket, etc. 42 pages.
|
|
Windows Server 2003 Security Guide - The Windows Server 2003 Security Guide focuses on providing a set of easy to understand guidance, tools, and templates to help secure Windows Server 2003 in many environments.
|
|
|
|
BootXP v2.25 Final - A nice little tool for "hacking" the boot screen of Windows XP. Much easier to use than the similar "Resource Hacker" tool.
|
|
EBCD – Emergency Boot CD - EBCD is a bootable CD, intended for system recovery in the case of software or hardware faults. It is able to create backup copies of normally working system and restore system to saved state. It is easy to customize the disk for your needs. You can include to CD any program you like, or remake the structure of CD completely. All you need is to change a few lines in configuration XML files.
|
|
Ethereal network protocol sniffer and analyzer - One of the best freeware sniffers on the web, Ethereal is a free network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the captured data, viewing summary and detail information for each packet. Ethereal has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. Requires WinPcap.
|
|
EtterCap - Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis.
|
|
FakeGina - With this modified version of the logon process (msgina.dll) all usernames and passwords are written to a file on the local machine. Is not a hack but expoits a built in feature in Windows 2000 used for expanding the logon component (used with eg. Smart Cards). Administrative rights are necessary for installing the component.
|
|
FileACL - If you need to make more detailed or rigid manipulations with NTFS than those offered by the Explorer GUI then check out this tool. Latest version includes a COM interface for scripting.
|
|
IIS Lockdown Tool (version 2.1) - With this program from Microsoft you can lock down your IIS installation. Disables unnecesary services, creates URL scan and scripts the security configuration of IIS. Lots of templates included.
|
|
LogonSessions - Use this utility to view the currently active logon sessions and the processes running in each session.
|
|
|
|
New Cipher.exe Tool - An improved version of the old cipher tool from Windows 2000. This version makes a cluster wipe of the old, unencrypted file which was a serious security flaw in the implementation of EFS. This version is included in Service Pack 3 on Windows 2000.
|
|
NMap - NMap is one of the most used port scanners available. An excellent portscanning tool that lets you test your systems for open ports. Free software running under GNU Public License. Requires WinPcap.
|
|
Offline NT Password & Registry Editor - Did you loose the password for you NT4/W2K installation? With Petter Nordahl-Hagen's bootdisk you can reset the password on the administrator account whether syskey is enabled or not. The disk does this by a SAM registry hack. Does not work for domain accounts.
|
|
Port Reporter (PortRptr.exe) - Port Reporter logs TCP and UDP port activity on a local Windows system. Port Reporter is a small application that runs as a service on Windows 2000, Windows XP, and Windows Server 2003. On Windows XP and Windows Server 2003 this service is able to log which ports are used, which process is using the port, if the process is a service, which modules the process has loaded and which user account is running the process.
|
|
Resource Hacker - A cool little program that can extract different ressurces (bmp, jpg, wav, tekststrenge, m.v.) from binaries (exe, dll, m.v.). An obvious use of this would be changing the load screen to something of your like and manipulating the default Windows messages.
|
|
Setowner - With this program anyone holding the user right "Restore files and directories" can change ownership of files and folders. And that is not just taking ownership, but also giving ownership to anybody.
|
|
SQL Server 2000 Security Tools - SQL Server 2000 security tools are used to scan instances of Microsoft SQL Server 2000 and Microsoft SQL Server Desktop Engine (MSDE) 2000. The tools help detect instances vulnerable to the "Slammer" worm, and then apply updates to the affected files.
|
|
user2sid and sid2user - Two simple programs that give you the username from a SID vice versa. No special system rights are needed. Source code included.
|
|
WhoAmI - Program from the W2K ressource kit that show the contents of the interactively logged on users access token, including user SID, group SIDs, and user rights. WhoAmI is included in Windows Server 2003.
|
|
Windows Server 2003 Tools - On this page you'll find downloadable tools that will help you support Windows Server 2003 systems.
|
|
Windows Server Update Services - Use WSUS to manage security updates on all your systems. On this site you'll find documentation as well as the download.
|
|
WinPcap - WinPcap is an architecture for packet capture and network analysis for the Win32 platforms. The packet filter is a device driver that adds to Windows 95, 98, ME, NT, 2000 and XP the ability to capture and send raw data from a network card, with the possibility to filter and store in a buffer the captured packets.
|
|
|