Facebook Twitter

Center for Internet Security

The Center for Internet Security (CIS) is a nonprofit organization focused on enhancing the cyber security readiness and response of public and private sector entities, with a commitment to excellence through collaboration. Through its four divisions--Security Benchmarks, Multi-State ISAC, Trusted Purchasing Alliance, and the Integrated Intelligence Center--CIS serves as a central resource in the development and delivery of high-quality, timely products and services to assist our partners in government, academia, the private sector and the general public in improving their cyber security posture. Today's Cyber Security Tip:{*style:<a href=''>*}{*style:<b>*}Shop Safely Online:{*style:</b>*}{*style:</a>*} Shopping online offers lots of benefits that you won't find shopping in ... Center for Internet Security
Computer Cops
TechNet Security
Frequently Asked Questions
Computer Security The web is like a large city, exciting, wonderful, but with a few dangers. Most teachers do not have the time to research and find the best security products to safeguard their computers from attack by vandals, including students. I have attempted to give a few basic recommendations that can help you safeguard your personal computer. Most of these recommendations are for PCs with windows. Computer Security Computer Security
Learn to Manage Default Shares Learn to Manage Default Shares Recently, I received a phone call from a former coworker who left a small Independent Software Vendor (ISV) to take a job in a large corporate IT department. He had some questions about Microsoft Systems Management Server (SMS) that he hoped I could answer. We chatted about the product and his computing environment, then he signed off to install SMS on his test network. Twenty-four hours later, I received a somewhat panicky phone call: SMS wouldn't install on some of the computers on his test network, and my friend couldn't figure out why.
Please note that this document is quite dated (last updated in 2008). Some of the infomation is still of interest so I'm keeping the document up for posterity only. Some of the old links have been removed. Safe Hex - A collection of suggestions intended to help you defend against viruses, worms, trojans (oh my!)

Safe Computing Tips

Safe Computing Tips
ACK Tunneling Trojans Summary A firewall between the attacker and the victim that blocks incoming traffic will usually stop a trojan client on the outside from contacting a trojan server on the inside. ICMP tunneling has existed for quite some time now, but if you block ICMP in the firewall you will be safe from that. This paper describes another concept that I call ACK Tunneling. ACK Tunneling works through firewalls that don't apply their rule sets on TCP ACK segments. ACK Tunneling Trojans
Security Links
NSA Security Recommendation Guides
IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base: ( ) Description of the Microsoft Windows Registry Shortcut and WinHelp Commands in HTML Help Shortcut and WinHelp Commands in HTML Help
Security Notification Service Security Notification Service Help protect your computing environment by keeping up to date on Microsoft technical security notifications. Notifications are available in RSS, mobile device, or e-mail format, and are also available online at the TechNet Security Bulletin Search page. Basic Alerts Microsoft's free monthly Security Notification Service provides links to security-related software updates and notification of re-released Microsoft Security Bulletins.
Information Security Magazine
Internet Storm Center We're getting reports of client applications that are vulnerable to the heartbleed issue. Just as with server applications, these client applications are dependant on vulnerable versions of OpenSSL. Another "patch soon" problem, you say? The patch will be installed when the vendor ... oh, wait a minute. Internet Storm Center