Notice: This information
is provided free of charge. The idea behind this is for this site to be my
private personal technical resource when I am teaching on the road. Some site
may link you to immoral, pornographic or objectionable web pages or images. I do
not support or endorse these sites in any way. Visit these sites at your own
risk. Dan Shea, or agents and associate companies or organizations will not be
responsible in any way for incidents that may occur because of you visiting these
site. These web site links presented here are for information use only. In order
for you to educate your self on how the computers, networks, and security work.
I am not here to teach you how to hack. My purpose is to help you as administer
of your network to the do do your job. Good luck. Use at your own risk.
WARNING: These are NOT my ideas or words. The Information gathered here
is from many different e-mail articles, news list, and other documents. I have
not tested all of these ideas or web sites. The sites you are about to see, and
utilities available to you may cause damage to your computer and your network.
Some of these sites may have viruses, Trojans, intrusion software, java scripts,
and informational revealing software. Some of the Utilities or Software may be
against the law and/or illegal to down load and/or use. These sites my expose the
vulnerabilities of your network, servers and workstations to hackers. There is
no guarantee to the accuracy of this information. You need to try these changes
out on a test computer or Test server first, and not on your live network. It is
best if you visit these sites on a computer behind a firewall, with virus
checking software and not connected to your live network. You must back up all
data prior to implementing any of these changes. Use this information at your
own risk.
Limitation of Liability. Under no circumstances including
negligence, shall Dan Shea, or agents, be liable to you for any incidental, indirect,
special or consequential damages (including damages for loss of business profits,
business interruption, loss of business information, and the like) arising out of
the use, misuse or inability to use this technical information documentation,
breach or default, including those arising from infringement or alleged
infringement of any patent, trademark, copyright or other intellectual property
right, by Dan Shea, even if Dan Shea or authorized representative has been advised
of the possibility of such damages. Dananne Enterprises Inc. will not be liable for
1) loss of, or damage to, your records or data or
2) any damages claimed by you based on any third party claim. In no event shall
Dan Shea total liability to you for all damages, losses, and causes of action
whether in contract, tort (including negligence) or otherwise) will not exceed
the amount of $1.00 Canadian funds.
* * I hope this helps your computer learning experience
* *
Extra Stuff Not Classified
3) Tecrepublic list of security white papers
4) - Kerberos in win2k winnetmag.com doc ID 7193
6) www.softwarebybay.com/product.asp?pid=50 The Information Security Course is the principle curriculum in this education series
8) Merak = mail server
9) FAQ: How Can I Ensure That Our Web Servers Aren't Enabled for IP Routing Between the Demilitarized Zone (DMZ) and the Internal Network? contributed by Jan De Clercq
A. On Windows NT systems, IP routing is disabled by default. To enable IP routing in NT, go to Network Settings, TCP/IP Properties. On the Routing tab, select the Enable IP Forwarding check box. You can also enable the feature from the registry. Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters registry subkey, and set the EnableIPRouter value (of type REG_DWORD) to 1. Reboot the system to effect the change.
14) The best way to block ad sites is to send the ad request from your Web browser to the host machine's loop-back address. To do this, add a 127.0.0.1 bad_ad_site.com entry in the host file of every machine on your network.
Then, when a Web page contains a reference to an ad located on the bad_ad_site.com server, your browser will first consult the hosts file to locate the IP address before sending a DNS request for the ad site content. The request for content will appear blank in the browser, so no cookies or spyware will be loaded or accessed.
Rather than spending months developing your own list of ad servers to
enter into your hosts file, you can use Gorilla Design Studio's list,
www.accs-net.com/hosts
which contains over 17,000 entries.
someonewhocares.org/hosts
18)
MCP Artical
on Security Audits 22 things to do.
20) Q. How can I create a Windows Server 2003 bootable CD-ROM that has
Service Pack 1 (SP1) slipstreamed into it?
A. To create a bootable Windows 2003 CD-ROM, you first need to extract
the boot sector of an existing Windows 2003 installation CD-ROM. (This
procedure should also work to create a Windows XP bootable CD-ROM;
simply capture the boot sector of an XP CD-ROM.) To extract the boot
sector, I used the IsoBuster CD-ROM and DVD data-recovery tool, which
you can download at
list.windowsitpro.com
.
After you install IsoBuster, perform these steps:
1. Insert the Windows 2003 CD-ROM that you want to integrate with SP1.
2. Open IsoBuster and select Bootable CD from the left pane, right-
click the Microsoft Corporation.img file, and select Extract Microsoft
Corporation.img from the context menu, as the figure at
list.windowsitpro.com/t?ctl=8E2F:2E97
3. Enter a name for the boot sector you're extracting and click Save.
4. Exit IsoBuster.
Alternatively, you can use a pre-extracted Windows 2003 boot sector
file called Windows2003StdCDBootSector.img , which you can download at
list.windowsitpro.com/t?ctl=8E28:2E97F
Next, you'll create the new structure for the Windows 2003 with
integrated SP1 CD-ROM by performing these steps:
1. Create a new folder on a local file system, and name the folder windows2003sp1.
2. Copy the contents of the existing Windows 2003 CD-ROM to the new folder.
3. Create an extracted version of the service pack that you want
to slipstream (in this example, SP1). To do so, download the service
pack, then execute it with the /x switch, as in the following example:
[name of service pack file] /x
4. Open the extracted service pack, navigate to the "update"
subfolder, and run this command:
update /integrate: [path to copy of the Windows 2003 CD-ROM]
as in this example
update /integrate:D:\temp\windows2003stdsp1
You can also choose to not extract the service pack first and instead
simply add the /integrate switch to the downloaded SP1 file, as in this
example:
[name of downloaded SP1 file] /integrate: [path to copy of the Windows
2003 CD=ROM].
The integrate switch tells the update command to integrate the service
pack files into an existing Windows 2003 installation source.
5. You can also update the support tools and deployment tools with
their SP1 versions. (For download information, see the FAQ "Where can I
get the updated support tools and deployment tools for Windows Server
2003 Service Pack 1 (SP1)?" at
list.windowsitpro.com/t?ctl=8E2E:2E97F
Rename the downloaded deployment tools .cab file to deploy.cab and
place the file in the \support\tools subfolder of the Windows 2003 CD-
ROM folder that has the slipstreamed SP1 (replacing the existing
deploy.cab file). To update the SP1 support tools, extract them to a
new folder using the command
\c \t [location to extract to]
as in this example:
D:\temp\windowsserver2003-kb892777-supporttools-x86-enu.exe /c
/t:d:\temp\2003sp1suptools
Copy the four extracted files (sup_pro.cab, sup_srv.cab, support.cab,
and suptools.msi) to the \support\tools folder of the Windows 2003
folder.
You're now ready to burn this new structure and the boot sector you
extracted earlier to a CD-ROM to make a bootable Windows 2003 CD-ROM
that has SP1 slipstreamed into it. For this example, I used the Nero
6.6 CD-ROM burning software, but you can use any CD-ROM burner software
that lets you create a bootable CD-ROM. To create the Windows 2003 CD-
ROM, perform these steps:
1. Start the Nero or other CD-ROM burning application.
2. From the File menu, select New.
3. From the list of CD type options, select CD-ROM (Boot).
4. Select the Boot tab, then select "Image file" and enter the
location of your boot sector image file. Check the "Enable expert
settings" and set the emulation to "No Emulation." Set the load segment
to 07C0 and the number of sectors to 4, as the figure at
list.windowsitpro.com/t?ctl=8E2C:2E97F
5. Select the Label tab and enter the volume label of the original
CD-ROM (e.g., NRMSFPP_EN for Windows 2003 Standard Server).
6. Under Burn CD, select the "Finalize CD (No further writing
possible!)" option.
7. Click New.
8. Drag all the files from the Windows 2003 with slipstreamed SP1
folder to the CD project, as the figure at
list.windowsitpro.com/t?ctl=8E2B:2E97F
9. From the Recorder menu, select Burn Compilation.
10. Click Burn.
The application then creates your SP1-integrated bootable Windows 2003
CD-ROM.
Resetting Windows Passwords with Knoppix Linux
Situation:
You have forgotten a local user password on a Microsoft Windows NT, 2000, XP, 2003 computer. This is especially useful if the forgotten password if for the ?Administrator? account.
What you?ll need:
A copy of KNOPPIX Linux. Any version should do fine, in my example I am using KNOPPIX 3.4 which is actually slightly outdated, but we don?t need any of the newer KNOPPIX features for this example.
If you have a Knoppix disc, you can download and use the ?chntpw? tool, which is a small program that lets you eset the local passwords on a Windows system, and return to your system.
First step is, obviously, to boot the computer with Knoppix. There are multiple ways to get chntpw, but luckily for us, it?s now part of Debian?s ?unstable? repositories. Since Knoppix is Debian based, we can get the latest .deb file from http://packages.debian.org/unstable/admin/chntpw. Download the file to your /home/Knoppix folder. Since most of the Knoppix system is read-only, we can?t directly install the .deb package. Instead, you must convert it to a tar file, and then extract out the chntpw utility. Open up a terminal and run the following commands:
Knoppix@ttyp1[knoppix]$ alien ?to-tgz chntpw_.deb
Knoppix@ttyp1[knoppix]$ tar xvzf chntpw.tgz ./usr/sbin/chntpw
Knoppix@ttyp1[knoppix]$ mv ./usr/sbin/chntpw ./
Once you have finished with these commands, the chntpw utility is in /home/Knoppix and ready to use. Now let?s reset the password!
To reset the password, you must have write permissions on the Windows partition. If you have a FAT or FAT32 Windows partition, this is easy. However, the standard and common file system for Windows NT, 2000, and XP is NTFS. So now I will explain how to mount your Windows partition using ?captive-ntfs?. As of Knoppix 3.4, Captive NTFS is included on the CD. Captive NTFS is actually a process that uses the NTFS drivers that Windows itself uses.
Though it has worked for many people, it is still considered somewhat experimental, and anything of great importance should be backed up prior to use.
Knoppix includes an easy-to-use Captive NTFS wizard which will scan the hardrives for the necessary NTFS .dlls. Access the wizard by K-Menu -> KNOPPIX -> Utilities -> Captive NTFS. Click forward to see a list of the system files that Captive NTFS has already located on your Knoppix system. Click forward again, and the wizard mounts and scans your hard drives for the essential files it needs.
Once Captive NTFS has the module it needs, it activates the OK button even though it continues to scan other directories and partitions for drivers. If you are in a hurry, you can click OK to immediately mount the NTFS partitions. If you wait for the scan to finish, you are prompted with an option to specify locations for drivers, such as a USB flash drive, or click forward to download the drivers from the Windows XP service Pack 1.
Once you are finished with the wizard, you are ready to mount an NTFS partition. Open up a terminal and use the following command:
Knoppix@ttyp1[knoppix]$ sudo mount ?t captive-ntfs ?o uid=Knoppix,gid=Knoppix /dev/hda1
Obviously, replace the name of the partition, if it is not correct. The ?t option is used to specify file-system type, use captive-ntfs to use the NTFS drivers that the captive ntfs wizard previously found. The ?o argument tell mount to make user and group ?knoppix? the owner of this drive. Now that this drive is mounted, you have full read/write access to the drive and the possibly to do unlimited good and evil to your drive.
Make sure to unmount the drive after you?re done to be sure that changes are synced!!!!
Knoppix@ttyp1[knoppix]$ sudo umount /mnt/hda1
Now to continue resetting the password. Once the partition is mounted, we must find the directory containing the SAM file. For Windows 2000 and XP systems, this should be under /winnt/system32/config and /windows/system32/config, respectively. In this example, navigate to /mnt/hda1/windows/system32/config directory. You should see a number of files, including SAM, SYSTEM, and SECURITY that may or may not be in all caps.
Now, to reset the ?Administrator? password, do the
Knoppix@ttyp1[config]$ /home/Knoppix/chntpw SAM
You will see a few messages, and at the end should be prompted with an option to enter the new password. It is my strong recommendation that you simple reset(blank) the password by using the asterisk(*). I have not had good luck changing the password to something new, but blanking it works all the time from my experience. So, do the following:
Please enter new password: *
Hit [Enter]
There you go! You should now have a blank password on the local Administrator account of that Windows installation. If you want to reset the password for any account other than ?Administrator? you can use the following commands:
Knoppix@ttyp1[config]$ /home/knoppix/chntpw ?l SAM
To view all user accounts on the system
Knoppix@ttyp1[config]$ /home/knoppix/chntpw/ -u username SAM
To reset the account password for the username of your choice.
Once you have changed the password and saved your changes, unmount the filestem and reboot:
Knoppix@ttyp1[config]$ cd
Knoppix@ttyp1[knoppix]$ sudo umount /dev/hda1
Knoppix@ttyp1[knoppix]$ sudo reboot
As wayoutinva pointed out, renaming the amdin accoutn, give only the most marginal improvement in security. A much better solution is to
create a named admin account (add to the admin group), and then diable the built-in admin account. Then it is not avaiable to be attacked. Don't worry, if you get in trouble and need it, boot to safe mode, and you can log in as the built-in admin account, even though it is disabled.
Microsoft is offering a public beta version of its upcoming Windows
Live OneCare Family Safety, a free Web service that Microsoft says can
help keep children safe from undesirable online content. The current
beta version of the product features Web-content filtering and
activity reports. You can learn more about the OneCare Family Safety Beta at the URL
below.
list.windowsitpro.com/t?ctl=36EF6:25238
Disable NetBIOS and SMB to protect public Web servers
As the connection between your internal network and the rest of the
world, public Web servers always deserve an extra measure of
protection. That's why you need to make sure you've disabled the
services that are specifically for intranets.
The two biggest culprits that you need to worry about are the Server
Message Block (SMB) protocol and NetBIOS over TCP/IP. Both services can
reveal a wealth of security information and are reoccurring vectors for
hacks and attacks.
Find out how to disable NetBIOS over TCP/IP and SMB on your public Web
servers, and learn the consequences of doing so
Serving data to users outside of an internal network, public Web servers are typically the first point of contact for an external attack. In addition, internal networking ports are the most revealing and most often attacked ports on a server. That's why you need to make sure you've disabled the services that are specifically for intranets.
The two biggest culprits that you need to worry about are the Server Message Block (SMB) protocol and NetBIOS over TCP/IP. Both services can reveal a wealth of security information and are reoccurring vectors for hacks and attacks. They're unnecessary for the operation of a public Web server, and you should take steps to shut down both services on these servers.
Disable NetBIOS
NetBIOS was once a useful protocol developed for nonroutable LANs. In this case, it acts as a session-layer protocol transported over TCP/IP to provide name resolution to a computer and shared folders.
NetBIOS uses these ports:
• UDP 137: NetBIOS name service
• UDP 138: NetBIOS datagram service
• TCP 139: NetBIOS session service
Since external users—or hackers—don't need access to shared internal folders, you should turn off this protocol. To disable NetBIOS over TCP/IP, follow these steps:
1. Got to Start | Control Panel, and double-click the System applet.
2. On the Hardware tab, click the Device Manager button.
3. Select Show Hidden Devices from the View menu.
4. Expand Non-Plug And Play Drivers.
5. Right-click NetBios Over Tcpip, and select Disable.
6. Close all dialog boxes and applets.
This disables the Nbt.sys driver, which stops NetBIOS from listening to or initiating sessions over TCP 139. While SMB normally uses this port for communication, it will now switch to TCP 445—also known as the Common Internet File System (CIFS) port. That's why you need to disable SMB next.
Uninstall SMB
SMB uses TCP 139 or TCP 445—depending on which port is available. There's one way to disable SMB on a non-domain controller. However, I recommend completely uninstalling this service to prevent some well-meaning individual (or program) from re-enabling the service.
To uninstall SMB, follow these steps:
1. Go to Start | Control Panel, and double-click the Network Connections applet.
2. Right-click Local Area Connection (i.e., the Internet-facing connection), and select Properties.
3. Select Client For Microsoft Networks, and click the Uninstall button.
4. After the uninstall finishes, select File And Printer Sharing For Microsoft Networks, and click the Uninstall button.
5. Close all dialog boxes and applets.
Understand the ramifications
You've now disabled both SMB and NetBIOS. If an attacker manages to compromise your Web server, he or she won't be able to use NetBIOS or SMB to further explore and exploit your network.
Of course, security measures are often a balancing act of functionality and security. In this case, disabling these services takes away your ability to remotely manage Web servers through Active Directory's Computer Management console. However, you can still connect to and manage these servers through the Remote Desktop Client.
Final thoughts
While it's a common practice to block these ports at security boundaries, nothing beats disabling them on the machines themselves. Remember, as the connection between your internal network and the rest of the world, Web servers always deserve an extra measure of protection.
Rootkit Removal Tools
BitDefender RootkitUncover beta, from SoftWin
This tool is currently available as a free beta and looks promising,
particularly because it's from SoftWin, makers of BitDefender.
list.windowsitpro.com/t?ctl=369CC:2E97F
DarkSpy, from DarkSpy Security Group
This tool is from a group of Chinese security researchers that I'm
unfamiliar with. The download page for the tool says, "Use at your own
risk," and you'd be wise to take that advice; however, it might give
you a little comfort to know that this tool was recently mentioned in
the SANS Internet Storm Center's Handler's Diary. Click the second URL
under the Helios entry below to link to that mention.
list.windowsitpro.com/t?ctl=369DB:2E97F
F-Secure BlackLight
This is a standalone "trialware" tool, meaning that it periodically
expires after a certain date--currently October 1. It's also a standard
component of F-Secure's Internet Security 2006 package.
list.windowsitpro.com/t?ctl=369D6:2E97F
GMER, from an unknown independent Polish developer
Although no information is readily available about who developed
this tool, its Web site has several screenshots and some movies (in
..wmv and .avi format) that show the tool in action. So you can get a
good idea of what it's like before using it.
list.windowsitpro.com/t?ctl=369EB:2E97F
Helios, from MIEL e-Security
This is a new tool, currently in "alpha" development, that looks
promising. For some good insight into Helios, go to the second URL
below to read the SANS Handler's Diary entry for July 26, in which you
can also see some screen shots of the tool in action.
list.windowsitpro.com/t?ctl=369E9:2E97F
list.windowsitpro.com/t?ctl=369DF:2E97F
IceSword, by Xfocus Team
IceSword has proven useful to many security administrators. Xfocus
is a group of Chinese security researchers, and while the site is
written in Chinese, you can use AltaVista's Babel Fish Translation
engine (at the second URL below) to view it in English. You can also
use Babel Fish to translate the Chinese documentation.
list.windowsitpro.com/t?ctl=369E6:2E97F
list.windowsitpro.com/t?ctl=369EC:2E97F
RKDetector, by Miguel Tarasco Acuna
This toolkit comes in two parts: A file system analyzer and an
Import Address Table (IAT) analyzer. The file system analyzer scans the
file system and registry, and the IAT analyzer scans memory space for
alterations that would allow rootkits to hook into the system. Screen
shots are available to give you a good idea of what the tool looks
like.
list.windowsitpro.com/t?ctl=369EA:2E97F
RootKit Hook Analyzer, from Resplendence Software Projects
Although most rootkit detection tools look at kernel hooks, the file
system, the registry, user accounts, and so on, this particular tool
focuses exclusively on kernel hooks.
list.windowsitpro.com/t?ctl=369E1:2E97F
RootkitRevealer, from Sysinternals
A tool written by Mark Russinovich and Bryce Cogswell, two very well
known Windows experts.
list.windowsitpro.com/t?ctl=369D4:2E97F
Rootkit Unhooker, from UG North
Although I have no idea who UG North is, the tool looks promising.
It checks for unwanted processes and system hooks and can help
terminate such processes.
list.windowsitpro.com/t?ctl=369E7:2E97F
Sophos Anti-Rootkit
This standalone tool offers both a GUI and a command line version
and is similar to the antirootkit technology built into the Sophos
Anti-Virus for Windows solution.
list.windowsitpro.com/t?ctl=369D0:2E97F
System Virginity Verifier, FLISTER, and KLISTER, by Joanna Rutkowska
These tools specifically look for hidden files and at various system
components that might be modified by various rootkit techniques. Source
code is included. Rutkowska is a well-known researcher.
ist.windowsitpro.com/t?ctl=369E0:2E97F
UnHackMe, from Greatis Software
While all the other listed tools are free, this tool is priced
starting at $19.95 for a single license. You can view screen shots of
the tool to see what it looks like and download a working demo if
you're interested.
list.windowsitpro.com/t?ctl=369E8:2E97F
Antivirus Programs
Price: Free
Paid upgrade: avast! AntiVirus Professional
Info: www.avast.com
Price: Free
Paid upgrade: AVG Professional Edition
Info: free.grisoft.com
Price: Free
Paid upgrade: AntiVir Personal Edition Premium
Info: www.free-av.com
Anti-Spyware
Spybot Search & Destroy
Price: Free
Paid upgrade: None
Info: www.safer-networking.org
Price:
Paid upgrade: Ad-Aware SE Plus & Pro
Info: www.lavasoft.de
Price: Free
To use the Linux DD function to wipe a hard drive clean, you can utilize the following command:
# > dd if=/dev/urandom of=/dev/hda
where
/dev/hda
is the physical address of the analysis drive, and urandom is the built-in “random” number generator from Linux. This process should be repeated as many times as you desire. Many professionals sanitize their hard drives as many as three to nine times.
You can use CACLS and XCACLS to gather information on files that are a reflection of the NTFS permissions you have configured. These tools will deliver data about the permissions for specific file and folder resources. What's the difference between NTFS permissions and an ACL (access control list)? The NTFS permissions are set in Windows Explorer or via an automated mechanism for files and folders, whereas an ACL (via these tools) is a display or management of allowed or denied file operations for the same resource.
You can use CACLS and XCACLS to add or remove NTFS permissions in a scripted fashion as well. So if you have a great deal of permissions to adjust, a sophisticated script using these tools may be in order.
A good matter of practice for important shared files and folders with unique NTFS permissions is to make a script utilizing the CACLS.EXE tool to document the ACL for individual files and folders (or manually execute the steps to do this). But be careful: You can easily document your NTFS permissions by running "CACLS * /T" from a command prompt and document a folder, its contents, and subdirectories. This is very resource intensive and can require 100% CPU utilization on some systems when traversing extremely large folder paths. Depending on many factors, a large recursive ACL audit can take large amounts of time as well. This is similar to the scenario where new NTFS permissions are propagated to a large folder.
Q. How can I use Group Policy to hide the domain drop down list on the
Windows Logon dialog box?
A. By default, when a user logs on to his or her Windows system, a list
of domains is displayed from which the user can select which domain to
use for account authentication. If you want to hide the list of domains
and force the user to enter the domain as part of the username field,
you can do so via a registry change, but no Group Policy setting exists
by default. However, you can create the following .adm template file
and import it to a Group Policy Object (GPO) to facilitate the
suppression of the domain drop-down list:
CATEGORY "Logon Settings"
KEYNAME "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
POLICY "Hide Domain UI"
VALUENAME "NoDomainUI"
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY
END CATEGORY
After you import the .adm file into a GPO (and ensure that it's visible by turning off the managed only policy view), enable the setting, as the figure at
list.windowsitpro.com/t?ctl=3599A:2E97F
Best of Redmondmag.com: Security Product Reviews
DeviceWall
http://redmondmag.com/reviews/article.asp?EditorialsID=537
* ipMonitor 7.5
http://redmondmag.com/reviews/article.asp?EditorialsID=526
* NetChk Protect
http://redmondmag.com/reviews/article.asp?EditorialsID=531
* Patch Manager 4.0
http://redmondmag.com/reviews/article.asp?EditorialsID=521
* Quest Group Policy Manager 2.5
http://redmondmag.com/reviews/article.asp?EditorialsID=535
* Specops Password Policy
http://redmondmag.com/reviews/article.asp?EditorialsID=538
* ThreatSentry 2.0
http://redmondmag.com/reviews/article.asp?EditorialsID=516
* DeviceLock and Safend Protector
http://redmondmag.com/reviews/article.asp?EditorialsID=530
++++++++++++++++++++++++++++++++++++++++++++++++++++++
• ** Don Jones' Tip Sheet #108: Migrating User Settings
A user on ScriptingAnswers.com recently asked if there was a way to
write a script which would move a user's settings, preferences and
documents from an old PC to a new one. That'd be quite a script to
write: You'd need to scan for the files, export hundreds of registry
keys and do heck knows what else to successfully apply everything to
the new PC. However, a script would be easier than trying to use the
File & Settings Transfer Wizard on a few dozen machines, which is
what the reader was faced with.
Which is proof that VBScript -- or any tool, for that matter -- isn't
the right tool for every job. In this case, the right tool is the
User State Migration Tool (USMT), currently in version 2.6, which is
free from Microsoft. It's usually on the Windows product CDs, but you
can download it from http://tinyurl.com/3swfw for the latest version.
It's essentially two tools, Scanstate and Loadstate, which provide
the same functionality as the File & Settings Transfer Wizard, but in
a scriptable, command-line format. Use Scanstate to bundle a user's
stuff into a migration file, and Loadstate to apply the file to a new
PC. An .INF file provides pretty granular control over what gets
migrated (USMT comes with five sample files for different migration
scenarios), such as applications, system settings and so forth. Best
of all, USMT works on everything back to Windows 95 for source
systems and Win2000 and WinXP for destination systems.
++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++
Renaming the Administrator account in Windows XP
The Administrator account exists on all computers running Windows XP Professional and Home. This gives potential hackers, half the information they need to access your computer—all they have to do is guess your password.
You can make it more difficult for unauthorized persons to get into your system by renaming the Administrator account. Follow these steps for a Windows XP Pro machine:
1. Go to Control Panel and open Administrative Tools. Double-click the Local Security Policy.
2. When the Local Security Settings snap-in appears, open the Local Policies\Security Options branch and double-click the Accounts: Rename Administrator Account policy.
3. When the Accounts: Rename Administrator Account Properties dialog box appears, type a new name in the text box, and click OK.
Follow these steps to rename the Administrator account in Windows XP Home:
1. Press [Windows]R to access the Run dialog box.
2. In the Open text box, type Control userpasswords2 and click OK to access the User Accounts dialog box.
3. Select the Administrator Account from the list and click the Properties button.
4. In the User Name text box, type a new name, and click OK.
Note: This tip applies to both Windows XP Home and Professional editions.
+++++++++++++++++++++++++++++++++++++
An HTTPS Web site may make most users feel relatively secure, but this alone doesn't guarantee secure transactions. To properly protect your organization's users—as well as corporate data that unsecure transactions could leave open to exposure—make sure your users understand how to properly evaluate a Web site's security.
Making the SSL connection
When it comes to online forms, secure servers (from an HTTPS site) do not actually serve most of them. This means that the form data may not be going where users think.
If you view the source HTML code of a Web page that you're entering credit card data into, you should see something like the following: