Kevin Beaver's Security Blog

Windows XP: Goodbye my love…well, not really.

Windows XP...ah, the memories!I wrote many of my books including the first two editions of Hacking For Dummies and the first edition of The Practical Guide to HIPAA Privacy and Security Compliance originally on Windows XP - not to mention countless articles, security assessment reports and more over a 7-8 year span.It was nice working with you XP!I waited to write this post today, the day after all the Windows ...

Windows server and workstation security essentials

Over the past couple of months I was so focused on writing new content that I've been remiss in posting it online. Here are some tips, thoughts and general opinions around Windows server and workstation security:Desktop backup oversights that can get you into a bindFree open source security tools for finding and fixing Windows flawsMobile security and how you can no longer ignore its impact on enterprise desktop management Why ...

With all the recent hype and hoopla over Windows 8 and Server 2012, I thought I'd throw in my two cents into the Microsoft analysis arena...here are some recent pieces I've written that you may be interested in:Thoughts and considerations around the forthcoming System Center 2012 Configuration ManagerWhy the simple Windows 8 Metro interface may not benefit usersMicrosoft Security Compliance Manager enhances desktop securityA first look at Microsoft Office 15 ...

Windows security exploits, all over again

There's a good bit brewing in the Windows world regarding security and I suspect 2012 will make for an interesting year...Here are some new pieces I've written for TechTarget along these lines where I cover Windows 8 and SharePoint security, using Metasploit to exploit flaws as well as some Windows security oversights I see in practically every internal security assessment I do. Enjoy!Patching and continuous availability in Windows Server 8SharePoint ...

Exchange incident response, ASLR & common Windows security mistakes

From Exchange to Windows Server to Windows at the desktop, here are some new pieces I've written about Microsoft security that you may be interested in:Six commonly overlooked Exchange security vulnerabilitiesSolidify Your Exchange Server Incident Response Plan10 most common security mistakes people are still makingWhy you need address space layout randomization in Windows Server 2008 R2Enjoy!As always, be sure to check out www.principlelogic.com/resources.html for links to my 500+ articles, whitepapers, ...

Recap of TechEd 2011: more of the same, but you need to go

Given that TechEd was held in my neck of the woods this year I couldn't resist the opportunity to check it out. It's funny, I've been working with/around Microsoft products for some 22 years now and I've *never* attended this show. Maybe it's my ingrained Novell bigotry that I've yet to shed.My main goal was to catch up with some clients and see the latest happenings with Security Compliance Manager ...

Tidbits on MS security, MBSA vs. the competition & cloud backups

Here are a few new articles I wrote for TechTarget where I talk about IIS 7.5 security, encrypting Windows Server drives, MBSA vs. commercial vulnerability scanners and the dearly beloved cloud backup services. Enjoy!How vulnerable is Microsoft IIS 7.5 to attacks?Pros and cons of Windows Server drive encryptionWeighing MBSA against paid vulnerability scannersPreventing online backup security threats to your network...

Windows and Linux management tips and tricks

From Windows to Linux - desktops to mobile devices - here are some recent pieces I've written for TechTarget that you may be interested in:Devise a Windows XP end-of-life strategy before migrating to Windows 7Troubleshooting Windows 7 with built-in tools and online resourcesSecuring the new desktop: enterprise mobile devicesCommon Linux Security policy management gaps...

New Windows identity & access management resources

Here are some new pieces I wrote for SearchWindowsServer.com on Windows IAM - pros, cons, and considerations:Are identity and access management payoffs worth the fuss?The compliance benefits of Windows identity and access managementSix ways to improve identity and access management (IAM) for WindowsFinding the value in Microsoft Forefront Identity Manager 2010Enjoy!...

Securing and hacking Windows go hand in hand

Computer hacking concepts extend to every nook and cranny of what we work with on a daily basis. Front and center are Windows-based servers. A large part of what I do in my work performing internal security vulnerability assessments - a.k.a. pen tests and audits - involves Windows servers. There's so much you can do to build up Windows server security and so much you can take to bring it ...