CONTENTS

• Access Control & OS
  1. Tutorial Overview
  2. Windows Lab Procedures
  3. Unix 's File System
  5. SOLARIS
  6. SOLARIS Lab Procedures
• Apache SSL
  1. Tutorial Overview
  2. Installing Components
  3. Creating a Certificate
  4. Configuring Apache SSL
• Authenticode
  1. Tutorial Overview
  2. Installing .NET Framework SDK
  3. Signing a File
  4. Verifying a Signature
• Common Criteria Methodology
  1. Tutorial Overview
  2. General Evaluation Guidelines
  3. Evaluation of Functional Requirements TOE
  4. Questions
  5. References
• Cryptography with C#
  1. Tutorial Overview
  2. C# .NET Framework Examples
  3. Message Authentication
  4. Digital Signatures
  5. Exercises
  6. Resources
• Cryptographic Libraries
  1. Tutorial Overview
  2. OpnelSSL's Toolkit
  3. Java Cryptography Extension
  4. Exercises
  5. Resources
• Firewall Access Control Lists
  1. Tutorial Overview
  2. Technical Details
  3. Telnet and FTP
  4. Lab Report
• Firewall Configurations & Attacks
  1. Tutorial Overview
  2. Attacking Without a Firewall
  3. Filter an IP Address
  4. Filter TCP Traffic
  5. Misconfigured Firewall Examples
  6. Exercises
• Forensics
  1. Tutorial Overview
  2. Exercises
  3. Hidden Data
  4. Steganography
  5. Viewing IE Cache
  6. Installation Instructions
• IIS & Server 2003
  1. Tutorial Overview
  2. Installing Components
  3. Create a Certificate Request
  4. Submit a Certificate Request
  5. Installing a Certificate
  6. Secure Certificate Services
  7. Secure the Server
  8. Secure IIS
• IPSec and VPN Tunnel
  1. Tutorial Overview
  2. Technical Details
  3. VPN Tunnel Parameters
  4. Lab Report
• Java Code Signing
  1. Tutorial Overview
  2. Installing Java & Signing a File
  3. Verifying a Signature
• Network Protocol Analyzers
  1. Tutorial Overview
  2. TCPDump
  3. Ethereal
  4. Sniffer Distributed System
  5. Telnet Session
• PKI
  1. Tutorial Overview
  2. Installing Thunderbird
  3. Installing GPG and Enigmail
  4. Create and Use Key Pairs
• Secure Cookies
  1. Tutorial Overview
  2. Installing Components
  3. Creating a Secure Cookie
• Three Tier

Tutorial Overview. This tutorial will guide you through the steps required to setup and secure both Microsoft Server 2003 R2 and IIS 6.0. In addition, to securing IIS you will be setting up SSL support for your web server. This tutorial is broken down into six sections. The first section is a brief overview of Server 2003, IIS 6.0, and the tools that will be used throughout this tutorial. The second section will cover to installation of the OS, IIS, and Certificate Services. The next section will cover the process to establish SSL on IIS, which focuses on the creation and management of certificates. The remaining three sections will cover the steps requires to secure Certificate Services, Server 2003, and IIS. These are the basic steps to secure each component. Depending on the configuration and intended use of each will determine the security measures required.  This tutorial is used in Security in E-Commerce IS2771.

Server 2003 R2. Server R2 is an update of Windows Server 2003 that provides many additional features and benefits. The R2 release builds upon the increased security, reliability, and performance provided by Windows Server 2003. This will be the OS that IIS 6.0 is installed on.

IIS 6.0. Internet Information Services 6.0 is a powerful Web server that provides a highly reliable, manageable, and scalable Web application infrastructure for all versions of Windows Server 2003. Microsoft packaged the default installations of their web servers with an array of sample scripts, file handlers and minimal file-system permissions to provide administrators the necessary flexibility and ease of use. However, this approach tended to increase the available attack surface and was the basis of several attacks against IIS. As a result, IIS 6.0 is designed to be more secure out-of-the-box than its precursors.

Certificate Services. Certificate Services provides customizable services for issuing and managing certificates that are used in software security systems that employ public key technology. Certificate Services is available on computers running Microsoft® Windows Server™ 2003. This will be used to manage the certificate that you will generate to operate SSL on IIS.

MBSA. Microsoft Baseline Security Analyzer is an easy-to-use tool designed to assist you in improving your security management process by using and to detect common security misconfigurations and missing security updates on your computer systems. You can use MBSA to scan both your OS and installed components from Microsoft.

SCW. Security Configuration Wizard is an attack-surface reduction tool for the Windows Server 2003 with Service Pack 1 family of products. SCW guides you through the security policy creation process, which is based on the minimum functionality required for a server's role or roles.

Browse Pages << | < | 1 2 3 4 5 6 7 8| > | >>