never-ever-****-with-my.net

Last Wednesday, Microsoft published Windows Vista Security Guide, which provides recommendations to harden computers that use specific security baselines for the following two environments:

1. Enterprise Client (EC)--client computers in this environment are
   located in a domain that uses Active Directory and only need to
   communicate with systems running Windows Server 2003--implementation of this security baseline is described in Chapter 1;
2. Specialized Security--Limited Functionality (SSLF)--concern for
   security in this environment is so great that a significant loss of
   functionality and manageability is acceptable--implementation of this security baseline is described in Chapter 5.

• Defend Against Malware--Chapter 2 includes information about how to most effectively use User Account Control (UAC), Windows Defender, Windows Firewall, Windows Security Center, Malicious Software Removal Tool, Software Restriction Policies, and Internet Explorer 7 security features (e.g., Protected Mode, ActiveX Opt-in, Cross-domain scripting attack protection, Security Status Bar, Phishing Filter, etc.);
• Protect Sensitive Data--Chapter 3 focuses on encryption and access control technologies that help protect mobile computing environments from potential loss and theft: BitLocker Drive Encryption, Encrypting File System (EFS), Rights Management Services (RMS) and Device control;
• Application Compatibility--Chapter 4 provides guidelines to preserve functionality of existing applications when using the new and enhanced security features of Windows Vista.

End of last week, NIST published four Draft Special Publications on e-mail security, intrusion detection and prevention, web services security, and cell phone forensics.

"This document provides detailed information on developing, implementing, and maintaining effective log management practices throughout an enterprise. It includes guidance on establishing a centralized log management infrastructure, which includes hardware, software, networks, and media. It also discusses the log management processes that should be put in place at an organization-wide level, including the definition of roles and responsibilities, the creation of feasible logging policies, and the division of responsibilities between system-level and organization-level administrators. Guidance is also provided on log management at the individual system level, such as configuring log generating sources, supporting logging operations, performing log data analysis, and managing long-term data storage."

BankInfoSecurity.com published the first part of an article (free registration required) which provides a general overview of the security investigation process, how it fits within the incident response process, the required preparation process, specific issues in banks that need to be considered and the relationship between this process and security intelligence activities.

Update 2006/4/27: Part two has been published.

As reported by Computerworld, Oracle released a tool designed to find default passwords in its database software (among several other critical patches).

While default accounts have been locked down in current versions of the database, Oracle 10g databases that have been upgraded from Oracle 7, Oracle8i, or Oracle9i may include them.

The Oracle Default Password Scanner consists in a SQL script accessible to Oracle customers in MetaLink Note 361482.1.

It should be noted that Cain & Abel carries features to crack and extract Oracle passwords.

This interesting article (in French) outlines best practices to protect Blackberry devices.

As outlined by BankInfoSecurity.com (free registration required), the DoJ issued an interesting guidance on legal aspects of IT forensics investigations: Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations.