Brett Hill

Brett
Hill

Brett Hill is technical product manager at Microsoft in charge of technical readiness for Microsoft Partners with Microsoft Business Productivity Online Suite. He operates www.iistraining.com and maintains a blog at brettblog.com.

Articles
Get Started with Microsoft’s Online Services 2
Get a taste of cloud computing by trying out Microsoft's Business Productivity Online Suite. Follow easy steps to set up Exchange Online and SharePoint Online and get some useful pointers for deployment and management of the online services.
Maxthon 2.1 Released 1

Maxthon, a tabbed brower built of IE has released version 2.1. Liked by some geeks because it maximizes the size of the browser window, you can find out more at http://www.maxthon.com

A Guide to Windows Certification and Public Keys
This eBook provides a starting point for understanding the Public Key Infrastructure (PKI) and certificate services available in Windows Server 2003. The eBook will cover topics such as trust relationships, trust management, validating digital certificates, certificate autoenrollment, certificate revocation, and key archival and recovery, as well as the limitations of PKI and certificate services in Windows.
IIS 7.0 Paves the Way to Webgeek Nirvana 1
Take a tour through the exciting features and improvements in IIS 7.0
IIS Application Isolation
Enabling application isolation on an IIS server involves controlling the application's process identity and the user identity, along with expert use of NTFS permissions.
McDonalds China IIS 5 Server defaced

A McDonalds IIS server was defaced by a Chinese hacker angry that Taiwan was listed as a separate country on their server. They were lucky that is all they did. The server reports it is a Windows 2000 server running IIS 5 so I'd be curious as to what the administrators missed that this defacement was possible.

www.mcdonalds.com.cn is the domain.

Other browser "not up top par" with IE 3

Referenencing the firefox thread that was going on earlier, I ran across this article:
http://www.securityfocus.com/archive/1/378632

that concludes " It appears that the overall quality of code, and more importantly, the
  amount of QA, on various browsers touted as "secure", is not up to par
  with MSIE; the type of a test I performed requires no human interaction
  and involves nearly no effort. Only MSIE appears to be able to
  consistently handle \[*\] malformed input well, suggesting this is the

Smart phone device target of Trojan

Toward the issue of using mobile devices as a way into corporate networks, this article about a new trojan targeted for Symbian smart phones is exactly the kind of thing I'm talking about. The trojan is named MetalGear and disables anti virus software when run. While this particular piece of malware does not seem focused on gathering privledged information, it is the kind of thing that could.
http://www.pcworld.com/news/article/0,aid,119035,00.asp

Center for Internet Security Scanning tool

I am frequently asked how people can cost effectively scan and analyze security setups on their servers. Nessus is one way to go for sure, but others are available including the Center for Internet Security scanning tools at http://www.cisecurity.org/. The scanner currently does not scan XP SP2 or W2K3 Server but does Windows 2000. The tool should be updated shortly to bring the most current Microsoft OS's into view.

-brett hill
www.iistraining.com

Apache more secure? 4

In response to the comment about apache on unix being "much more secure", I don't buy it. As far as I'm concerned, it's simply one of those persistant myths that IIS is any less secure than any other web server including Apache. An uniformed adminsitrator is just as likely to deploy an insecure apache server as they are an IIS server.

Oh, BTW, you might enjoy checking out the the 44 security flaws found by graduate students recently.
http://cr.yp.to/2004-494.html

Google exposes information from insecure sites 2
Tips for new IIS admins to secure sites and stay out of problems.
CyberTerroism Threats

Protecting your systems from attack is a key task of course, but I've got serious doubts about the effectiveness of any of the CyberTerror studies etc sponsored by the Federal govt. I can't think of anything that has come out of the boatloads of money spent other than very vauge and broad guidelines that are "suggestions".

The outgoing cyberterror czar had some intresting comments the other day on his way out. "cyberterrorism could be the most devastating weapon of mass destruction yet.

Google Site defaced

A website run by google (picasa.google.com) was defaced using a known exploit of phpbb2.
You can find some info on this at http://www.zone-h.org/en/news/read/id=4436

For me, this highlights that vulnerabilites are more focused on applications these days than anything else.

-brett

Hacking PDA's: Trend Micro Free PDA virus scanner 5

Yes, hacking servers is big news, but gazing into the digital crystal ball, PDA's are sitting ducks for hackers to penetrate corporate networks. Of course, this goes hand in hand with wireless traffic vulnerabilites, which is another topic. I mean, we've got XP pro SP2 with ICF and now Windows Server 2003 with ICF (via SP1) and a very ambitious security wizard that attempts to lockdown a server based on it's installed roles. But a Windows Pocket PC's have nothing at all in terms of security except for the optional up front entry of a pin.

Intelligence Gather Techniques

There is a decent chapter on techniques used by those intrested in gathering information about your systems at http://www.microsoft.com/technet/security/topics/network/intel.mspx. It's from a New Riders book called NEtwork Intrusion Detection: An Analyst's Handbook by Stephen Northcutt. He is a SANS speaker and author, and team leader for the Dept of Defense Shadow Intrusion and Detection team. Sound very stealth, but I have no idea wht that really means.

Master-Level Microsoft Stack Training with John Savill

Get 30 hours of comprehensive training covering the complete Microsoft solution stack. Invest a few hours each week and become the #1 Microsoft expert in your organization.

Past Sessions Available for Instant Access!
Semester 2: January 22nd to February 19th
Access to Recordings through May 20, 2015

John Savill will cover topics including:

* Deploying, Managing, and Maintaining Windows
* Key Features of Active Directory from Windows 2000 to Windows Server 2012
* Key elements of System Center 2012 and System Center 2012 R2
* Deploying, Migrating to and Managing Hyper-V in Your Organization
* Implementing a Private Cloud
* Using PowerShell to Automate Common Tasks
* PLUS a preview of Windows 10

 

Windows Forums

The Windows IT Pro forums are moving to myITforum.com! Get answers to questions, share tips, and engage with the IT professional community.

Sponsored Introduction Continue on to (or wait seconds) ×