Windows Security

You may need to do a quick third-party registration to access certain ones. Resources without a hyperlink are no longer published/posted.

Articles
  • Using Modern.ie to test Web browser compatibility with applications
  • Managing Windows Server audit logs to cover your assets
  • Six endpoint management lessons from POS security breaches
  • Steering your career as a desktop admin in the mobility age
  • Don’t ignore Windows 8 security when reviewing desktop vulnerabilities
  • IT can tackle Windows configuration with a well-planned desktop audit
  • Windows Server Update Services weaknesses you may not know about
  • Why a Windows security scan is not enough to protect your workstations
  • Five steps to successful bot removal from enterprise desktops
  • Whitelisting can complement Windows 8 malware removal and prevention
  • Malware detection questions for IT to answer for desktop security
  • New Windows 8.1 features can boost mobile device management
  • Don’t ignore mobile security effects on enterprise desktop management
  • IT needs to keep up with workers who use desktop cloud backup
  • Enterprises can’t afford a half-baked mobile security strategy
  • Windows Phone 8 security should be part of any mobile device strategy
  • Locking down Internet Explorer settings with Group Policy in IE 11
  • Beat bad browser behavior by troubleshooting IE 10
  • Microsoft Office 2013 crackable, so look to Office password recovery
  • What you need to know about the Windows Security Accounts Manager
  • Bring some control to cloud file sharing with Windows 8.1 Work Folders
  • The biggest obstacle to securing Windows Server 2012
  • Hidden vulnerabilities on your IIS 8 servers
  • Tighten Windows 8.1 security in five simple steps
  • What’s old, what’s new for the enterprise with Windows 8.1
  • Understanding why Windows 8 for mobile is perfectly viable for enterprise use
  • Don’t forget enterprise password protection in a merger or acquisition
  • Three ways Sysinternals Process Explorer reveals system usage
  • Ease Windows 8 frustration by focusing on what the OS actually does
  • Looking at Windows 8 BitLocker full-disk encryption and alternatives
  • Desktop backup oversights that can get you into a bind
  • Free open source security tools for finding and fixing Windows flaws
  • Mobile security and how you can no longer ignore its impact on enterprise desktop management
  • Why locking down applications at the desktop can provide you with great returns
  • FAQ: Hardening Windows servers
  • Thoughts and considerations around the forthcoming System Center 2012 Configuration Manager
  • Why the simple Windows 8 Metro interface may not benefit users
  • Microsoft Security Compliance Manager enhances desktop security
  • A first look at Microsoft Office 15 features
  • BitLocker’s improvements leave gaps to be aware of
  • How Windows Server 8 can help with compliance
  • Patching and continuous availability in Windows Server 8
  • SharePoint security should not be an afterthought
  • Exploiting Windows vulnerabilities with Metasploit
  • Five Windows environment security flaws you may be forgetting
  • Preparing for an incident at the workstation level
  • Using Windows 7 management tools to your advantage
  • Getting to know Security Compliance Manager
  • Why aren’t you using Metasploit to expose Windows vulnerabilities?
  • The APT threat to Windows environments
  • Why you need address space layout randomization in Windows Server 2008 R2
  • Are you properly protecting your Windows servers against malware?
  • Windows server patching gaps you can’t afford to miss
  • 10 most common security mistakes people are still making
  • Securing the new desktop: enterprise mobile devices
  • Security tools that can boost Windows Mobile and Windows Phone 7 security
  • Whole disk encryption gotchas to look out for
  • Security considerations for Windows Phone 7
  • Should you use third-party patching tools to keep Windows 7 secure?
  • Weighing Windows Firewall for enterprise desktop protection
  • How vulnerable is Microsoft IIS 7.5 to attacks?
  • Pros and cons of Windows Server drive encryption
  • Weighing MBSA against paid vulnerability scanners
  • Devise a Windows XP end-of-life strategy before migrating to Windows 7
  • Troubleshooting Windows 7 with built-in tools and online resources
  • Using Windows 7’s built-in features to keep your desktops secure
  • Windows 7 doesn’t end the need to monitor passwords
  • Are identity and access management payoffs worth the fuss?
  • The compliance benefits of Windows identity and access management
  • Six ways to improve identity and access management (IAM) for Windows
  • Finding the value in Microsoft Forefront Identity Manager 2010
  • Step-by-step guide: Hacking Windows file servers
  • The very best Sysinternals tools for Windows server security
  • Windows 7 vulnerabilities you won’t hear about
  • Metasploit Express eases Windows penetration testing
  • Should Windows users have full administrative rights?
  • Properly analyzing your Windows server vulnerability scan results
  • Using BitLocker in Windows 7
  • Cracking passwords in Windows 7
  • Using Windows XP Mode for security testing in Windows 7
  • How Windows Servers Get Hacked
  • Security testing: Finding the best method for your Windows servers
  • The right security tools for finding Windows desktop weaknesses
  • Web server security practices for Windows environments
  • How Windows Server 2008 R2 stands up to security checks
  • Tests for securing the internal Windows network
  • Using Windows 7’s DirectAccess to enhance the mobile user experience
  • Securing removable media with BitLocker To Go
  • Balancing Windows security with reasonable password policies
  • Nine common password oversights to avoid
  • Secure your Windows systems with proper password practices
  • Secure Windows XP before a Windows 7 upgrade
  • Common causes of Windows server security vulnerabilities
  • Managing multiple passwords in Windows
  • How Windows 7 stands up to security tests go to article
  • Gathering and documenting your Windows desktop security policies
  • Security essentials for Active Directory on Linux
  • Windows server hardening: How much is enough?
  • Top Windows server hardening standards and guidelines
  • Common Active Directory security oversights
  • Windows desktop security standards documentation best practices
  • Desktop security preparation for a new wave of Windows apps
  • Why should Windows shops use Microsoft Baseline Security Analyzer?
  • Using Sysinternals tools in security management scenarios
  • Sysinternals tools: A must-have for every Windows security toolbox
  • How to strike a balance between Windows security and business needs
  • Managing single sign-on burdens in Windows
  • Enhancing patch management with NAP
  • How to exploit two common Windows vulnerabilities
  • The 10 most common Windows security vulnerabilities
  • Security tools that can boost Windows Mobile security
  • Vista SP1 vs. XP SP3 — upgrade or business as usual?
  • Free security testing tools for Windows handheld devices
  • Windows Mobile OS security: Get it locked down
  • Metasploit 3.1 updates improve Windows penetration testing
  • Security tools that limit user logons in Windows
  • Cheap Microsoft licenses for security pros: the Microsoft Action Pack
  • The importance of managing unpatched third-party software
  • Find Windows vulnerabilities with a hex editor
  • Secret Windows command line tools can boost security
  • Metasploit 3.0 security testing tool – free easy and improved
  • Controlling Windows Executables
  • Hack into Windows Vista to test security features
  • Safe and secure Windows logging practices
  • Step-by-step guide: Laptop hacking
  • Domain controller penetration testing
  • How to (really) harden Windows clients
  • Securing the internal Windows network
  • Top five Windows threats
  • Securing legacy NT and Win2k servers
  • Step-by-step guide: Cracking network passwords
  • Remote user security checklist
  • Windows password management myths
  • Testing Group Policy security
  • Five steps to lock down peer-to-peer Windows networks
  • How to Google hack Windows servers
  • Google your Windows security vulnerabilities
  • How to prevent null session attacks
  • Null session attacks: Who’s still vulnerable?
  • Windows Firewall: Love it or hate it
  • Tiptop Windows systems for SMBs
  • XP SP2: Nothing more than security best practices?
  • Pros and cons of XP SP2’s isolation and resiliency enhancements
Whitepapers
  • FAQ: Windows 7 Migrations Provide the Ideal Time to Lock Down Endpoints
Podcasts
  • How ethical hacking fits into Windows security tests
  • Security Policies for Windows Systems
  • DNS flaw threatens Windows shops
  • New service packs for Windows Vista and XP
  • What’s hot in Windows security: Ins and outs of Windows Server 2008
Screencasts
  • Hacking Windows Vista
  • Sniffing Out Security Problems on Your Windows Network
  • Essential Tools and Techniques for Cracking Windows Passwords
Videocasts
  • Securing Endpoints the Right Way – Securing your endpoints is not a one time deal but rather a part of a larger strategy for improving service, lowering costs, and minimizing business risks. View this videocast to learn the steps you must take secure your endpoints. Topics covered include real world endpoint vulnerabilities, misconceptions and oversights related to endpoint security, security dos and don’ts regarding technology and operations, and three pillars of endpoint security: Vulnerability management, data protection, and compliance
Webcasts
  • Windows network vulnerability assessment: From A to Z – So, either you – as a security administrator – or an executive has decided your company needs to do a vulnerability assessment. Maybe compliance restrictions are necessitating more proven security, or maybe you’ve just decided to be proactive. Either way it is a daunting task. From inventorying your network to ensuring management approval and budgeting to actually performing the testing to analyzing the results, a thorough plan is a must. This webcast lays out the requirements of a good Windows network vulnerability assessment plan from the beginning to end and covers reasons to do a vulnerability assessment, how to get management approval, legal issues, possible tools to use, and how to analyze the results.
  • Deadly Windows security mistakes- This webcast outlines various security omissions in Windows-based networks that can have a serious impact on your organization. I cover mistakes network administrators make that leave their systems open to hackers and malicious insiders, how systems vulnerabilities are often exploited, and associated negative consequences of exploited systems. I also take this discussion beyond the common issues of weak passwords, missing patches and loose security policies to share common problems I finds while performing security assessments that are exploited much more easily – and more often – than the highly technical vulnerabilities
    we hear so much about.
  • Hands-on techniques for testing Windows security – In this webcast, I outline practical, low-cost tests you can perform on your systems to check for common security vulnerabilities. I also discuss other critical ethical hacking elements such as creating a testing plan, selecting the proper tools and how to determine which vulnerabilities need to be addressed first to ensure maximize return on your information security efforts.

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)

 

I’ve written/co-written 12 books on information security including: