Authentication
Authentication is arguably the most critical part in IT Security, and the infamous username/password combination dominates that area. Below are How-tos that may help in getting it done right.
- Setting up web authentication with Apache, LDAP and Active Directory [read article]
- Online password generator for random passwords [access pwgen]
- How to create secure password hashes with salts in Java [read article]
- Viper: Brute-force password cracking [read article]
Security Review and Evaluations
- How to identify server console systems with default logins [read article]
- Verifying users in Active Directory Part 1 - Leverage common LDAP access to gather useful data [read article]
- Verifying users in Active Directory Part 2 - Windows tools and VBS script to analyze domain accounts [read article]
- How to identify access rights to network share files and folders from the Windows command prompt [read article]
- How to scan for open Windows network file shares [read article]
- Reverse-engineered: The Nessus client-server communication protocol NTP v1.2 (PDF) [read article]
System and Application Hardening
- Top Ten Steps to secure Apache under Linux [read article]
- Sharing the Root in UNIX: The "bad", the "not-so-good", and the "OK" way [read article]
- Automatic security patch monitoring with Nagios [read article]
- Automatic log monitoring for Windows with Nagios [read article]