Security Pro VIP Update--July 5, 2007

In this Issue:

  • Perspective: Summertime Is Hacking Time
  • Win a Black Hat Briefings Pass!
  • Coming this Month
  • June 2007 Articles in Print-Friendly Format
  • Share Your Security Tips and Get $100


Perspective: Summertime Is Hacking Time

About this time, your thoughts might turn to hacking, especially if you're planning to attend one or both of the upcoming hacking conferences Black Hat USA 2007 and DEFCON 15 held July 28 - Aug. 2 and Aug. 3-5, respectively, in Las Vegas.

** Security Pro VIP is offering two lucky winners free registration to this year's Black Hat Briefings. See how to enter below.**

If you're going to protect your company's network and computers, you have to think like a hacker and put your systems to the same tests a hacker would. To do that, you need some hacking tools, many of which are available free on the Internet. One of the most popular is Nmap, an open-source network port scanner. Jeff Fellinge has written about Nmap several times in his Toolbox column in Security Pro VIP:

Toolbox: "Nmap 4.0 Does Windows" introduces Nmap 4.0, which provides 11 scan techniques and many scan customization features to help you discover and identify the applications installed on your network as well as test firewall and intrusion detection system (IDS) configurations.

Toolbox: "Nmap" shows how to leverage Nmap and its flexible output features to quickly determine whether antivirus software is installed on the computers within a subnet.

Toolbox: "Nmap Output" follows up on the previous "Nmap" article, using Nmap's XML output feature and custom Extensible Style Language Transformations (XSLT) program code to tailor the output exactly as you want it.

Here are descriptions of a few other free hacking tools that might help you protect your environment:

"Audit Your Passwords" explains how to use the powerful password-cracking tool Cain & Abel to test your passwords before a hacker can.

Toolbox: "The Paros Proxy Server" is a Java application that uncovers the behind-the-scenes communication between your Web browser and a Web site and stores the data for analysis. Use it to see exactly how users interact with a Web site and how attackers could exploit the site.

Toolbox: "Sam Spade on the Spam Case" introduces a suite of well-known and separately available network-investigation tools—including IP block, reverse DNS lookups, Ping, Traceroute, and Whois—packaged with a common GUI that lets you easily feed one tool's results to another tool for further analysis.

That's just a sampling of tools that Security Pro VIP has covered within the last year or so. For more, see "Nmap Hackers Pick Top 100 Security Tools," which points to a list compiled in 2006 by Fyodor, who asked users from his nmap-hackers mailing list to share their favorite tools.

If you'd like a little training to go with the tools, "Train to Be a Certified Ethical Hacker" describes a certification program by New Horizons that aims to certify individuals in ethical hacking from a vendor-neutral perspective. The article also links to the New Horizons Web site.

Or, of course, you can attend Black Hat USA 2007 and/or DEFCON 15. Black Hat has three days of hands-on Training sessions before Briefings start on Aug. 1. DEFCON 15's Web site says it will provide some training and demonstration sessions in addition to its other presentations.

If you want to get a flavor for what Black Hat is like, check out "Black Hat Briefly," which describes a couple of notable hacking presentations from Black Hat USA 2006. And don't forget—you could win free registration to this year's Black Hat Briefings. Find out the details below.

Renee Munshi, Security Pro VIP Editor


Win a Black Hat Briefings Pass! A $1495 Value!

Includes: Full Briefings delegate package for Black Hat USA 2007 as a guest of Security Pro VIP. Your Briefings credentials include all conference sessions, meals, receptions, and materials Aug. 1-2 at Black Hat USA 2007, Caesar's Palace, Las Vegas. (Travel and hotel costs not included.)

To win: Go to the Security Pro VIP forum and post a question, comment, or tip by July 9. You also need to fill out the entry form at We'll pick two top forum posts—and the posters will be on their way to Black Hat!


Coming this Month

"Microsoft Office SharePoint Server 2007 and RMS" by John Howie
MOSS's Information Rights Management (IRM) feature gives administrators and users control over how others can use Office files within SharePoint and after they're downloaded.
This article is now live on the Web.

Toolbox: "KeePass" by Jeff Fellinge
KeePass is a lightweight, open-source password manager that security administrators can use to secure passwords to many systems in one encrypted file.
Coming July 12.

"Managing Local Group Policy in Vista" by Russell Smith
Unlike previous Windows versions, Vista gives you the ability to define several Local Group Policy objects. Learn how to configure these policies and how they're processed.
Coming July 19.

Access Denied
Randy Franklin Smith answers your Windows security questions.
Coming July 26.

Reader to Reader:"Don’t Let Your Domain Admins or Enterprise Admins Password Get Hacked"
With Windows' default domain credential caching, passwords are cached locally. This can leave your domain vulnerable to attack if you use a high-level administrative account to log on to a workstation or member server. Here's how to protect your domain.
Coming July 26.


June 2007 Articles in Print-Friendly Format

If you're someone who prefers your newsletters in printed form, check out this .pdf file. It contains all the security articles posted on the Security Pro VIP Web site in June. Print and enjoy!


Share Your Security Tips and Get $100

Share your security-related tips, comments, or problems and solutions in Security Pro VIP's Reader to Reader column. Email your contributions to [email protected]. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.