Archive for the ‘IT Security’ Category

Status Code 451: New Bradbury-Inspired HTTP Error

On December 18, 2015, the Internet Engineering Steering Group (IESG) approved HTTP Status Code Error 451 “Unavailable For Legal Reasons”. This code is a more specific version of the existing 403 “Forbidden” code. The new 451 code is intended to be displayed when accessing a web page that is blocked by government or ISP. In…
Read On…

How To Create And Manage Password Settings Objects (PSO)

With Windows Server 2008, Microsoft introduced Fine-Grained Password policies which utilizes a new Active Directory object called Password Settings Object (PSO). These objects allow you to more easily create and assign password policies to subsets of users, albeit with a bit of an unpolished implementation method compared to the old method via group policy (GPO). If…
Read On…

Verify That Short Link Address With Unshorten.It!

Are you tempted to click on a shortened link in your Twitter feed or a discussion forum, but you are unsure of the trustworthiness of the person who posted it? Usually when that happens, I simply move on. I’ve got more important things to do anyway, so I might as well avoid landing on a…
Read On…

Exercise In Cracking: Choosing A Secure Password For The Real World

A few weeks ago, David K. Sutton posted his thoughts on passwords on this blog, and since I had coincidentally just finished trying to hack a password around that same time, I thought I might add and/or elaborate a little on what he said, and offer some real world context and numbers. WORKPLACE CRACK Someone…
Read On…

DBA: SQL Audit Checklist For Internal Security Review

To stay on top of security you need to regularly review your server configurations. It’s helpful to build a checklist to be used as part of an internal security audit review. Below is just such a checklist, specifically tailored to audit a SQL 2008 Server running on Windows Server 2008. Most of what’s in this…
Read On…

DBA: SQL Server Security Best Practices

As part of an internal security review, I put together the following best practices guideline to secure SQL servers. This is just an example, and is not meant to be a comprehensive list of SQL server security parameters. DATABASE CREATION AND CHANGES New databases must be requested using a SQL database request form with proper…
Read On…

Secure Passwords: What You’ve Been Taught Is Wrong

A guide for LAN Administrators who want to secure their systems without a user revolt. GOLDEN RULE OF PASSWORD CREATION: length + the uniqueness of your brain More on that in a moment. But first, if only we could trust our fellow human beings, there would be no need to secure our sensitive data. No need…
Read On…