- Training
- Training Live Events
- Training Without Travel
- Security Courses
- Security Curricula
- Certified Instructors
- Training Calendars
- SANS vLive! / SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- Coins
- SANS Onsite
- SANS SelfStudy
- SANS Summit Series
- SANS Partnership Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- List of Resources
- Top 20 List
- Top 25 Programming Errors
- 20 Coolest Jobs
- Application Security Procurement Language
- Top 10 Security Trends
- Top 5 Essential Log Reports
- Reading Room
- Webcasts
- AudioCasts
- WhatWorks
- Newsletters
- RSS Feeds
- Calendar Feeds
- Security Thought Leaders
- Security Policy Project
- Security+ Study Guide
- SANS Buyers Guide
- Security Tool Demos
- 2008 Salary Survey
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
The most trusted source for computer security training, certification and research.
SANS InfoSec Reading Room - Windows Issues
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.
Featuring 43 papers as of Nov 22, 2009
Session Hijacking in Windows Networks- By: Paul Jess (posted on March 28, 2008)
- Windows Remote Desktop Heroes and Villains
- By: Greg Farnham (posted on December 14, 2007)
- Laptop Security: Windows® Vista vs. XP
- By: Gregory Hill (posted on July 26, 2007)
- How to Avoid Information Disclosure when Managing Windows with WMI
- By: Alex Timkov (posted on July 17, 2007)
- This paper provides an introduction to accessing Windows via WMI in a secure manner.
- Windows Security Patch Management Case Study: Using Software Update Services to Deploy Critical Windows Updates
- By: Michael Shepherd (posted on May 5, 2005)
- This paper covers the use of Microsoft Software Update Services (SUS) software to roll out Windows updates at a small office.
- Exploitation of the SSL PCT Overflow
- By: Eric Zielinski (posted on May 5, 2005)
- This document establishes a detailed scenario in which a given exploit is used to gain complete control of a targeted system. The attack will be demonstrated in phases which will include intelligence gathering, network information disclosures, and a vulnerability assessment.
- Exploiting Microsoft Internet Explorer Cursor and Icon File Handling Vulnerability
- By: Jerry Chen (posted on May 5, 2005)
- This paper will focus on Microsoft .ANI file handling vulnerability, which was discovered by eEye Digital Security Company on November 15, 2004.
- Implementing a Secure WebDAV System
- By: Richard Ross (posted on January 18, 2005)
- This paper describes the process of implementing a secure remote file sharing system using WebDAV. It tells why a remote file sharing system is needed, how a secure solution is implemented and assesses the security of the solution.
- Policy and the Windows Server 2003 Group Policy Management Console
- By: Norman Christopher Knight (posted on April 8, 2004)
- Group policy was first introduced with the release of Windows 2000 Server and Active Directory in the year 2000. With the introduction of Windows Server 2003, Microsoft has also released the Group Policy Management Console.
- Highly Available PC First Step in Business Continuity for Executives
- By: Joseph Fraher (posted on March 4, 2004)
- There are many ways to make users adhere to rules that are in their best interest. Local Policies and Domain policies are great for enforcing such rules. Forcing users to save data to a network drive is easily achievable through such policies. Enforcing these policies is another issue.
- An Overview of the Kerberos Authentication Proto
- By: Pam Todaro (posted on December 14, 2003)
- This paper will expound on some of the benefits gained by using the Kerberos authentication protocol rather than the Windows NT LAN Manager protocol.
- Centralized Windows 2000 Event Logging: A Step-by-Step Guide
- By: Scott Richardson (posted on November 5, 2003)
- The purpose of this paper is to show you how to setup a centralized logging system for your Windows 2000 Corporate Network.
- Securing IIS6: From the OS, Up
- By: Joey Peloquin (posted on November 5, 2003)
- This document provides a detailed look at securing Internet Information Services v6.0 (IIS6), using a combination of security templates and manual techniques.
- Using Microsoft Terminal Services and Windows Terminals to Protect Confidentiality, Integrity, and A
- By: Tony Sweeney (posted on October 31, 2003)
- This paper examines Terminal Services with Windows terminals and its range of technical, educational, cultural, political, and internal marketing challenges.
- Microsoft Windows Security Patches
- By: Dan B Rolsma (posted on October 31, 2003)
- This paper is for those who have a Microsoft Windows computer attached to the Internet, and haven't installed the latest Microsoft security patches: the first section is where to get these patches and how to install them, and the second is why.
- Tightening Site Access
- By: Stephen Willis (posted on October 31, 2003)
- This document shows some of the steps one system administrator has taken (albeit gradually) to tighten up access to his organization's IT site.
- Quick Guide to IIS Web Server Security
- By: Brian LeVasseur (posted on October 31, 2003)
- The author describes his experience learning how to secure his organization's systems on the fly.
- NetMeeting Security Concerns
- By: Jody Weiner (posted on October 31, 2003)
- This paper examines how NetMeeting allows a system's firewall perimeter defense to be bypassed in three ways: via social engineering; holes or vulnerabilities created in the firewall configuration; and, bugs in the program itself can cause security issues.
- Windows XP and Full Raw Sockets: A New Security Concern from Home-based PC's or a Desirable N
- By: Jim Kehres (posted on October 31, 2003)
- This paper examines what raw sockets are and how they can be used for malicious intent.
- Introduction to the Microsoft Windows XP Firewall
- By: Matt Snitchler (posted on October 31, 2003)
- This paper examines how Microsoft's Internet Connection Firewall (ICF) functions and reviews its worthiness.
- Event Logs: Defining Their Purpose in Today's Network Security Environment
- By: Steve Meyer (posted on October 31, 2003)
- The purpose of this research topic is to identify the purpose of the event log in today's network security environment.
- An investigation of Microsoft's Passport protocol and issues regarding its security, privacy
- By: Arthur Hermann (posted on October 31, 2003)
- An investigation of Microsoft's Passport protocol and issues regarding its security, privacy standards and utilization in the XP and .Net initiatives
- Three Defenses to a Secure System: Virus Scanning, Applying Patches and System Monitoring
- By: Angelina Lucero (posted on October 31, 2003)
- This document describes issues to consider when setting up virus scanning software, using Microsoft tools to make patching operating systems easier, and a few specific tools that you can use to benchmark or monitor your operating system that might help you spot those abnormalities that should not be there.
- SANS Windows Security Training
- By: Philip Blow (posted on October 31, 2003)
- This paper will suggest a network architecture and installation process that can be used when the inclusion of IIS web servers in a Windows Domain cannot be avoided.
- NT/2000 Security Tool Kit on A Budget
- By: Albert Rice (posted on October 31, 2003)
- This paper will focus on the shareware, freeware and low cost commercial security tools that one security administrator has found useful and has used to solve real time security issues for his company.
- Windows 9X in a Bad Neighborhood
- By: Terry Wehunt (posted on October 31, 2003)
- This paper discusses security of Windows 9X machines under the control of certain registry settings and the impact of malicious code on maintaining registry setting.
- XP - The Future of Secure Operating Systems?
- By: Justin Coburn (posted on October 31, 2003)
- This paper examines why Windows XP is a major step in the direction of more security and fewer vulnerabilities than earlier versions of Windows.
- NULL Sessions In NT/2000
- By: Joe Finamore (posted on October 31, 2003)
- This paper is going to discuss the issue of null sessions in NT 4.0 and Windows 2000. It will investigate the uses and vulnerabilities of such sessions, and will show how to control and/or eliminate those vulnerabilities.
- Configuring Internet Explorer Security Zones: A New Tool for the Security Community
- By: Ken Barber (posted on October 31, 2003)
- This paper reviews the literature on risks inherent in each of the active content technologies, and the very different ways in which they approach security, as well as the meanings and implications of all but one of IE's security zone settings. In addition, Microsoft's System Policy Editor tool for Windows NT is examined and a policy editor template for the IE security zones is suggested.
- Assessing the security of the Windows XP Internet Connection Firewall
- By: David Collins (posted on October 31, 2003)
- This paper describes an empirical evaluation comparing Microsoft's Internet Connection Firewall (ICF) with ZoneAlarm Pro, a popular workstation firewall.
- The Raw And The Uncooked: The Windows XP Raw Sockets Saga, Final Words (Hopefully)
- By: Tony Menzies (posted on October 31, 2003)
- Following the large amount of often emotional debate surrounding the introduction of raw sockets into Microsoft Windows XP, and the relative lack of clarity on the issue, this paper is intended to provide a comprehensive review of all major aspects of the issue so as to permit the reader to formulate their own opinion on the issue. The author's personal conclusion is also included.
- Windows NT/2000 Event Logs
- By: William Mendez (posted on October 31, 2003)
- This paper will help one to completely automate the process of gathering, filtering and alerting when relevant events are found using inexpensive tools and resources already available. The goal is to prevent potential attacks or misusage by making it easy and cost effective to gather and review event logs.
- Vulnerability Risk Mitigation - Patching the Microsoft Windows Environment
- By: Tracy Lynn (posted on October 31, 2003)
- This manuscript discusses procedures for regularly patching a Microsoft Windows environment, beginning with a discussion what vulnerabilities are, how they find their way into developers' code, and why they have become such an issue. The balance of the paper presents a number of options for patching the vulnerabilities, using either freely available tools or products that require purchasing licenses.
- Microsoft .NET - An Overview
- By: Rob McBee (posted on October 31, 2003)
- This paper discusses the Windows .NET Server operating system, purported to provide many important new security features and improve on the ones included in the original Windows 2000 Server.
- NetMeeting 3.01 Remote Desktop Sharing: Security Concerns
- By: Randy Humphrey (posted on October 31, 2003)
- This paper examines the concept of Remote Desktop, in particular analyzing Microsoft's NetMeeting 3.0 Remote Desktop Sharing (RDS) offering.
- Discretionary Access Control Knowledge, a Practical System
- By: Dean Bushmiller (posted on October 31, 2003)
- This paper offers a new solution for administrators to reduce abuse of access controls and simplify permissions management.
- Security-What Does "Trust" Have To Do With It?
- By: Ken Lange (posted on October 31, 2003)
- A large part of the technology industry is concerned with information security and trustworthy computing, and the purpose of this paper is to determine how the infrastructure and relationship between trust and security has evolved in technology.
- IP Security in Windows 2000: Step-by-Step
- By: Timothy J. Rogers (posted on October 31, 2003)
- This paper provides an overview of Internet Protocol Security (IPSec)
- Microsoft Windows XP Home Edition Security Implementation
- By: Dennis Schrader (posted on October 31, 2003)
- This document is designed to guide home users on how to implement sufficient security measures on a home computer running Microsoft Windows XP Home Edition.
- Security Issues For Exchange 2000 Outlook Web Access Implementation
- By: Paula Kohrt (posted on October 31, 2003)
- The purpose of this paper is to cover the fundamental security considerations during the implementation of an Exchange 2000 Outlook Web Access (OWA) Front End (FE) server in a demilitarized zone (DMZ) using secure HTTP access.
- Taking the Confusion Out of Security Templates
- By: Robert Aitken (posted on October 31, 2003)
- This paper will address how security templates are constructed using the Security Templates Snap-in to the Microsoft Management Console (MMC).
- Top 10 Mistakes on Windows Internal Networks
- By: Deirdre Hurley (posted on October 31, 2003)
- In this paper I aim to highlight ten common mistakes on Windows systems, which make the job of a disgruntled employee or a malicious attacker who manages to get past your firewall, far easier.
- Windows Vista: First Steps
- By: Johannes Ullrich (posted on )
- Guide to Microsoft Windows Vista settings. Vista tips for home users and small businesses without a firewall, who rely on downloading patches from Microsoft directly.
Check Them Out!
Best money my company has spent on training or other computer conferences. The extra lunch and nightly seminars are great and push the conference over the top.
-Pat Militzer, MetroMLS Inc.
- © 2000-2009 The SANS™ Institute
- Web Privacy Policy | Web Contact |
- Press Room | Trademark Usage Policy