An Attacker Ebooks Catalog
One of the most commonly used techniques for exploiting vulnerabilities in software is the buffer overflow attack. A buffer overflow occurs when an application attempts to store too much data in a buffer, and memory not allocated to the buffer is overwritten. An attacker might be able to intentionally induce a buffer overflow by entering more data than the application expects. A particularly crafty attacker can even enter data that instructs the operating system to run the attacker's malicious code with the application's privileges . The 32-bit versions of Windows Vista and Windows 7 include a software implementation of DEP that can prevent memory not marked for execution from running The 64-bit versions of Windows Vista and Windows 7 work with the 64-bit processor's built-in DEP capabilities to enforce this security at the hardware layer, where it is very difficult for an attacker to circumvent it
Physical Theft of a Mobile Computer or a Hard Disk or Recovering Data from a Recycled or Discarded Hard Disk
Operating systems can provide active protection for the data stored on your hard disk only while the operating system is running. In other words, file access control lists (ACLs), such as those provided by the New Technology File System (NTFS), cannot protect data if an attacker can physically access a computer or hard disk. In recent years, there have been many cases of stolen mobile computers whose confidential data was extracted from the hard disk. Data is often recovered from computers that are recycled (by assigning an existing computer to a new user) or discarded (at the end of a computer's life), even if the hard disk has been formatted.
Windows Vista and Windows 7 support 802.1X authentication for both wired and wireless networks . Clients can authenticate themselves using a user name and password or a certificate, which can be stored locally on the computer or on a smart card. With compatible network hardware and a Remote Authentication Dial-in User Service (RADIUS) authentication server (such as a computer running Windows Server 2003 or Windows Server 2008), you can control both wired and wireless access to your intranet centrally. This means that an attacker with physical access to your facilities cannot simply plug a computer into an available Ethernet port and gain access to your intranet . When you combine 802.1X authentication with Network Access Protection (NAP), you can ensure that computers have required security updates and meet other system health requirements before allowing them unlimited access to your intranet WARNING 802.1X improves security, but it is not foolproof. An attacker with both physical...
Defense-in-depth is a proven technique of layered protection that reduces the exposure of vulnerabilities. For example, you might design a network with three layers of packet filtering a packet-filtering router, a hardware firewall, and software firewalls on each of the hosts (such as Internet Connection Firewall). If an attacker manages to bypass one or two of the layers of protection, the hosts are still protected. Although most new Windows security features are preventive countermeasures that focus on directly mitigating risk by blocking vulnerabilities from being exploited, your defense-in-depth strategy should also include detective and reactive counter-measures. Auditing and third-party intrusion-detection systems can help to analyze an attack after the fact, enabling administrators to block future attacks and possibly identify the attacker. Backups and a disaster recovery plan enable you to react to an attack and limit the potential data lost.
Encrypting File System (EFS) is a file encryption technology (supported only on NTFS volumes) that protects files from offline attacks, such as hard-disk theft. EFS is entirely transparent to end users because encrypted files behave exactly like unencrypted files. However, if a user does not have the correct decryption key, the file is impossible to open, even if an attacker bypasses the operating system security. EFS is especially useful for securing sensitive data on portable PCs or on computers that several users share. Both kinds of systems are susceptible to attack by techniques that circumvent the restrictions of ACLs . An attacker can steal a computer, remove the hard disk drives, place the drives in another system, and gain access to the stored files . Files encrypted by EFS, however, appear as unintelligible characters when the attacker does not have the decryption key.
Because an external memory device can be stolen by an attacker with nefarious intentions, and because it can be removed without warning to the system, all data cached via Ready-Boost is encrypted and backed up on the hard disk (as well as being compressed). Encryption ensures that the data can't be read on another system, and backup enables Windows to revert to the hard disk cache in the event that the ReadyBoost drive is removed .
You can decommission a drive more securely by removing all key blobs from the disk. By deleting the BitLocker keys from the volume, an attacker needs to crack the encryption a task that is extremely unlikely to be accomplished within anyone's lifetime . As a cleanup task, you should also discard all saved recovery information, such as recovery information saved to AD DS
Historically, many Windows network compromises (especially worms) resulted from attackers exploiting vulnerabilities in Windows services Because many Windows services listen for incoming connections and often have system-level privileges, a vulnerability can allow an attacker to perform administrative tasks on a remote computer. NOTE Windows Service Hardening provides an additional layer of protection for services based on the security principle of defense-in-depth. Windows Service Hardening cannot prevent a vulnerable service from being compromised a task Windows Firewall and Automatic Updates supports. Instead, Windows Service Hardening limits how much damage an attacker can do in the event the attacker is able to identify and exploit a vulnerable service.
As with the MBSA graphical console, you need administrative access to use MBSACLI to scan a computer. In a domain environment, simply log on to your computer using an account that has sufficient privileges. Otherwise, you can provide credentials at the command line by using the u and p parameters . However, you should avoid typing credentials in a script because the script can be compromised, allowing an attacker to gain privileges on remote computers
When you are troubleshooting a problem with your ISP, you may be asked to disconnect your computer temporarily from your router and connect directly to the cable or DSL modem. Before you do this, you should be sure that you have the latest updates to Windows and that your antivirus and antimalware software is up to date. Many of the attackers are actually automated scripts that sweep large chunks of IP addresses at a time, so it is only a matter of time before your computer is probed by one of these scripts. Rootkits also serve as a tool to abuse an infected computer using a program called a backdoor. Backdoors also fall into the category of malware. Backdoors are programs that allow attackers to use a computer for their personal use or profit. Backdoors allow the attacker to manipulate the compromised computer to perform single or even strategic attacks against other people's computers. In addition to allowing remote connectivity to the computer, backdoors may also allow an attacker...
Beginning with Windows Vista, Internet Explorer 7 and later versions run in Protected Mode, which helps protect users from attacks by running the Internet Explorer process with greatly restricted privileges . Protected Mode significantly reduces the ability of an attacker to write, alter, or destroy data on the user's computer or to install malicious code. Protected Mode is not available when Internet Explorer 7 and later versions are installed on Windows XP because it requires several security features unique to Windows Vista and later operating systems . temporary Internet files folder, the History folder, the Cookies folder, the Favorites folder, and the Windows temporary file folders . By preventing unauthorized access to sensitive areas of a user's system, Protected Mode limits the amount of damage that a compromised Internet Explorer process can cause . An attacker cannot, for example, silently install a keystroke logger to the user's startup folder.
When you delete a file, Windows removes the index for the file and prevents the operating system from accessing the file's contents. However, an attacker with direct access to the disk can still recover the file's contents until it has been overwritten by another file which might never happen. Similarly, files that have been EFS-encrypted leave behind the unencrypted contents of the file on the disk
Get All The Support And Guidance You Need To Make Sure You Are Safe In This Crazy World! This Book Is One Of The Most Valuable Resources In The World When It Comes To The Art Of Self Defense The Easy Way! Try not to get ensnared in your own little bubble and be cognizant that there are people outside of your domain. Whether we like it or not there are individuals out there whose aims are not always advantageous.