Security Risk Management PPT

Download Security Risk Management MS PPT here

Download Security Risk Management OCTAVE PPT
here

Download Security Risk Management SCADA PPT
here

Download
Security Risk Management COBRA PPT
here

Many PPT on Risk assessment can be found here and on Risk managment here

The Threats and Countermeasures Guide

Brief Description

Security Settings in Windows Server 2003 and Windows XP
The Threats and Countermeasures guide provides you with a reference to all security settings that provide countermeasures for specific threats against current versions of the Microsoft® Windows® operating systems

Download the guied here


This guide is a companion for two other publications that are available from Microsoft:

• Windows Server 2003 Security Guide, available online at
http://go.microsoft.com/fwlink/?LinkId=14845

• Windows XP Security Guide, available online at
http://go.microsoft.com/fwlink/?LinkId=14839

Additional useful info while Assessing Risk

Asset Classes

For additional information on defining and categorizing information and information systems, refer to National Institute of Standards and Technology (NIST) Special Publication 800-60 workshops, "Mapping Types of Information and Information Systems to Security Categories," and the Federal Information Processing Standards (FIPS) publication 199, "Security Categorization of Federal Information and Information Systems."

for "Common Information System Assets" http://www.microsoft.com/technet/security/guidance/complianceandpolicies/secrisk/srappb.mspx

for "Common Threats"
http://www.microsoft.com/technet/security/guidance/complianceandpolicies/secrisk/srappc.mspx

for examples of "Vulnerabilities"
http://www.microsoft.com/technet/security/guidance/complianceandpolicies/secrisk/srappd.mspx

More info on Security Risk Management

"Microsoft’s approach to risk management and assessment isn’t the only one available to organizations. Some other popular approaches include:

* Risk Management Guide for Information Technology Systems and Security Self-Assessment Guide for Information Technology Systems, both developed by the National Institute for Standards and Technology (NIST)

http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf
http://csrc.nist.gov/publications/nistpubs/800-26/sp800-26.pdf


* Information technology — Code of practice for information security management (ISO 17799), available from the International Standards Organization (ISO).

http://www.iso.org/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=33441&ICS1=35&ICS2=40&ICS3=

* Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) from Computer Emergency Response Team (CERT) at the Software Engineering Institute at Carnegie-Mellon University.

http://www.cert.org/octave

These resources are also useful in helping you plan and implement an effective risk management solution for your company. But in my opinion, Microsoft’s approach is simple and easy to implement, and is a good starting point, especially for IT shops that are strong on Microsoft platforms. For although the Guide is described by Microsoft as being cross-platform and vendor-neutral in its approach, its prescriptive control solutions target Microsoft products in particular. That doesn’t surprise me however, and in no way reduces the usefulness of this excellent Guide."

Read source...

What is my Windows password ?

There are some live CDs that are used to recover the Windows Password (in case you forgot what it is) as well as other things.

One of them is ophcrack
(Remember ERD commander 2005?)

See how it is simple to use Ophcrack in here


More info:
http://home.eunet.no/~pnordahl/ntpasswd/
http://www.jms1.net/ie.shtml
http://geeksaresexy.blogspot.com/2005/12/auditing-your-users-passwords-for.html
http://www.ultimatebootcd.com/
http://sourceforge.net/projects/austrumi/
http://geeksaresexy.blogspot.com/2006/04/cracking-your-windows-sam-database-in.html

Risk Assessment, continue

The sum was sent

More info on "Assessing Risk" can be found here

Risk Assessment part 1

As promised I will publish in the next days the sum of the lecture that I presented on 18/09/2007 at the technion class.

it will include all the links, tools and highlights.
You will be more than welcomed to comment if some thing is missing.

In general , more info can be found on

1.http://www.microsoft.com/technet/security/topics/complianceandpolicies/secrisk/srsgch04.mspx (Security Risk Management Guide )

2. Michael J. Murphy's Web Log

Find security training events:
http://www.microsoft.com/seminar/events/security.mspx
Sign up for security communications:
http://www.microsoft.com/technet/security/signup/ default.mspx
Order the Security Guidance Kit:
http://www.microsoft.com/security/guidance/order/ default.mspx
Get additional security tools and content:
http://www.microsoft.com/security/guidance

Download MSAT ver 3.0 on:
http://www.microsoft.com/downloads/details.aspx?FamilyId=6D79DF9C-C6D1-4E8F-8000-0BE72B430212&displaylang=en

recommnded site of the week

This site was recomended by my friend ^E^.

You can find there some great simple tools for spoofind, port scanning, web security, wireless, honypots ,audits and more

spoofing
http://www.hackerscenter.com/directory.asp?id=18

port scanning
http://www.hackerscenter.com/directory.asp?id=17

web security
http://www.hackerscenter.com/directory.asp?id=16

they have also released their ethical hackers tool kit

enjoy