Microsoft Security Tools and Guidance

Advanced Persistent threats are a hot security topic lately. According to Wikipedia, APT usually refers to a group, with both the capability and the intent to persistently and effectively target a specific entity. The term is commonly used to refer to cyber threats, in particular that of Internet-enabled espionage using a variety of intelligence gathering techniques to access sensitive information.
A modern attack performed by APT is the “Pass the Hash”. According to a whitepaper from Microsoft, while performing a PtH attack, an attacker obtains elevated read/write permission to privileged areas of volatile memory and file systems, which are normally only accessible by system-level processes on at least one computer. Second, the attacker attempts to increase access to other computers on the network by:

1. Stealing one or more authentication credentials (user name and password or password hash belonging to other accounts) from the compromised computer.
2. Reusing the stolen credentials to access other computer systems and services.
   This sequence is often repeated multiple times during an actual attack to progressively increase the level of access that an attacker has to an environment.

Returning to the subject of this post, while going through Microsoft’s community information, I gathered quite interesting resources regarding security tools and guidance.
Regarding free assessment tools from Microsoft, as well as protection software, there’s a really nice compilation on the “Irish IT Professional” technet blog. You get to know tools like Microsoft Security Compliance Manager, Microsoft Baseline Security Analyzer and Microsoft Security Assessment Tool.
Regarding security tools for footprinting, internal auditing anf guidance, you should check out the Security Tools Community Edition page, on Microsoft’s Technet Wiki.
Finally, you might want to follow the Microsoft Security Blog.
Photo Credit: JustEvents via Compfight cc