Cyclope Internet Filtering Proxy monitors the entire Internet traffic and blocks the access to websites and files according to the chosen filter. The requested web pages are displayed only if they comply with the specified filters. The Internet Filter allows to specify URL, keywords and file types (application, archive, Shockwave and Flash, audio and video) rules.Version 2.9 features predefined profiles and backup functionality.

nFront Password Filter is a password policy extension and enforcement tool that prevents the use of weak, easily hacked passwords. nFront Password Filter allows network administrators to create and enforce multiple password policies within a single Windows domain. nFront Password Filter can reject non-compliant passwords before they are allowed on the network. nFront Password Filter can scan a new password against over 2 million common passwords in less than 1 second. Also included is a client that lists the users specific password rules, can dynamically gauge password strength and will give exact reasons for a failed password change. All configuration is done via GPO and the design contains no single point of failure and no 'policy server.' Version 4.03 includes optional client that informs the end-user of password rules and lists exact reasons for rejected password changes.

OrgPassword provides a convenient system for storing different kinds of personal information. Using a set of templates, you can create a competently organized catalogues for your passwords, news, software, notes, private calendar, Outlook accounts. Access to all data is provided through a well encrypted password. The interface of the program is both intuitive and easy-to-use. With OrgPassword your personal information will always be at hand. Version 2.2 improves Windows Vista compatibility.

Hide Files & Folders is a password-protected security utility working at the Windows kernel level. You can password-protect certain files and folders or hide them securely with a click of the mouse. Upon accessing any protected file or folder, a dialog box querying the password appears. Hide Files & Folders does not modify your media.This guarantees the program will never lose your data, as may happen if you use other file- and folder-protecting software. The program also lets you protect system files and folders, such as the Windows system, Registry, and swap files. Version 2.8 may include unspecified updates, enhancements, or bug fixes.

ISA Stats is a program for Microsoft ISA Server that allows you to control and block the hosts users are browsing in real time. This software for monitoring the efficiency of your company's Internet bandwidth usage. Using this product you can easily find out who, when, where to, where from and what accessed the Internet. Version 1.1.4.20102 may include unspecified updates, enhancements, or bug fixes.

ISA Stats allows to control Internet usage in your company. Statistics collecting system analyses traffic and summarizes the information about working process. It gives a chance to find out the most active users, to reveal when and which Websites they have seen. If necessary, its possible to gather the information about the most popular and actively used sites. The control over users is made both in real time and on the base of collected data. Statistics gathering. Suitable report system. Monitoring of used Websites in real time. Blocking unwished sites. Remote administration.

The Dr. Preventor Data Recovery Protection program makes your deleted files unrecoverable by systematically writing meaningless numbers everywhere except on the current files. Regular users can get started in two clicks, while the paranoid can choose how many times to overwrite and whether to use zeros, random numbers, or a personal message.

Ensure your computer's security by monitoring all activity on your computer, capturing keystrokes, programs, websites and screenshots. Completely invisible and easy to use, all information captured is stored in an encrypted log file. The log file can be sent secretly at scheduled intervals to any specified email address. All activity in Internet Explorer can be monitored, and Web pages are cached for viewing offline. Screenshots can be taken at given intervals, capturing everything that is currently on the screen. Monitor your computer while you are away, retrieve lost information, monitor your children's activity. Features: capture keystrokes; capture programs used; capture Websites in Internet Explorer; capture screenshots; encrypted log file; secretly e-mail log files; invisible stealth mode; unique playback mode lets you view captured keystrokes/programs/Web pages/screenshots in real time; run silently at startup; auto-capture at startup.

N-Stalker Web Application Security Scanner is a Web security assessment tool. Incorporates well-known N-Stealth HTTP Security Scanner and 35,000 Web attack signature database. Its patent-pending self-owned technology allows to scan Web applications against SQL XSS injection, buffer overflow, parameter tampering and much more. Component-oriented Web Security. Free Edition includes free Cross-site script (XSS) scanning.

IT security training computer-based training course with instructor led videos and live hacking/security demonstrations,50 security/hacking tools including anti virus, anti spyware, anti spam tools. It teaches you how hackers hack passwords, how to secure your PC, sniffer attacks, password cracking including Phishing the latest technique via which passwords are stolen, data security techniques including cryptography and encryption. Secure your system in reality, ensure privacy and prevntion from Hackers on the web. Use Ethical Hacking and Security tools to catch and protect from hackers.

FactotumNOW IAS Reporting imports IAS/RAS (Microsoft VPN) log files through an engine that can be installed onto the VPN/IAS server. IAS (Microsoft Internet Authentication Service) statistics are then updated automatically every two minutes. Reports can be viewed through a comfortable console and exported to Microsoft Excel (if installed). The report viewer can be run remotely from any desktop on the network or on the IAS/RRAS server directly. Version 3.41 added country resolution, multiple IAS servers.

No matter which browser or mail client is used, Microsoft Internet Explorer or Mozilla Firefox, Microsoft Outlook or Outlook Express, BitIdentify can detect unknown phishing attack phenomena and raise alarm immediately to user. Even not only that, BitIdentify is quite more powerful since it is language-independent as well. BitIdentify Professional best matched to technical staffs, who analyze Internet traffic to detect phishing scams from emails, identifying fraudulent Web sites. The professional version will help analyzers pick up all potential scams from Internet flow easier and faster with providing all scams signatures that BitIdentify figured out. BitIdentify tool is designed specially for banks customers to protect them from phishing scams that are deliberately used to steal their credit card numbers, bank account, or personal information. With BitIdentify, users can feel safe and comfortable while doing e-commerce.

ThreatSentry is a Host Intrusion Prevention software application (HIPS), designed to protect Windows Web servers running Microsoft IIS. Comprised of two powerful components: An Application Firewall, pre-configured with a knowledgebase of known exploitive techniques and attack characteristics. Administrator can establish explicit guidelines for permissible and/or denied activity. The application firewall is coupled with an advanced neural-based Behavioral Engine that organizes server requests into a multi-dimensional baseline of typical system activity. Each server connection is scrutinized by the rule-set configured in the application firewall and the behavioral baseline to identify and take action against any activity falling outside trusted parameters. ThreatSentry s intrusion prevention capabilities progressively improve as the baseline evolves automatically or based on input from the system administrator. Version 3 may include unspecified updates, enhancements, or bug fixes.

Data Security Crawler is designed to search for files that contain sensitive data: credit card data, social security numbers, bank account information as well as self defined searches. It allows administrators and security professionals to verify that policies regarding sensitive data are being followed and locate sensitive data that is being collected and saved in unauthorized locations or by individuals collecting the data for fraudulent purposes.

Workstation PolicyShield enforces use-compliance policies for P2P, IM, games, MP3s, media, spyware, or any other file and application. It manages use according to a variety of criteria, to support security, productivity, legal compliance. Use is controlled with enterprise technology that detects the presence and execution of files, and stops the installation of unapproved programs. Files and applications are found even if disguised.

RelayTest Pro is a tool for network administrators, that allows to test a specified mail server for open relays. It runs series of tests designed to detect open relays and create a detailed report of the findings. The test data can be automatically updated from the web to catch-up with the latest tricks used by spammers. RelayTest Pro is not designed to find vulnerable mail servers - it only scans one server at a time. Features: Automatic Web updates for the test data. Auto and manual test mode. Reference numbering for each test. Real time communication report. Result report with comments.

Office Keeper is a complete intrusion detection system for protecting enterprise networks. Monitors systems to detect and act on unauthorized activity. Office Keeper is a product which detects and protects the intrusions into Windows 2000 and Windows XP computers. A Windows NT4 is also available. It includes the following features: Dynamic restriction of the rights, Sound notifications (Wav, Direct Speech), E-mail to your security administrator and/or others addressees, Net Send messages send to intruder and others computers. For every person who wants to protect the distant access to his computer and his data. This includes personal computers and servers as well. Most of the time, the computer access is protected from the external network by a firewall but no protection is at least reliable with the internal network.

HFNetChk.exe v. 3.86 is the latest version of Microsoft's well-known free command-line tool from Shavlik Technologies that enables you to scan your network for missing security patches. HFNetChk.exe is the multi-threaded command-line tool you can use to assess a computer or selected group of computers for the absence of security patches. You can use HFNetChk to assess patch status for the Windows NT 4.0, Windows NT Terminal Server, Windows 2000, Windows XP operating systems, as well as hotfixes and service packs for IIS 4.0, IIS 5.0, SQL Server 7.0, SQL Server 2000 (including MSDE), Exchange Server 5.5, Exchange Server 2000, Windows Media Player, Front Page Server Extensions, Microsoft Java Virtual Machine, Microsoft Data Access Components (MDAC), and Internet Explorer 5.01 or later.

OWA is a service of Exchange 5.5 and 2000 Server that allows users to use a Web browser to access their Exchange mailbox. However, a flaw exists in the interaction between OWA and IE for message attachments. If an attachment contains HTML code including script, the script will be executed when the attachment is opened, regardless of the attachment type. Because OWA requires that scripting be enabled in the zone where the OWA server is located, this script could take action against the user's Exchange mailbox. An attacker could use this flaw to construct an attachment containing malicious script code. The attacker could then send the attachment in a message to the user.

This cumulative update includes all of the updates that have been released for Internet Information Server (IIS) 4.0 since the release of Windows NT 4.0 Service Pack 5, including two new updates. Download now to keep IIS 4.0 updated with the latest security fixes. This update eliminates two new security vulnerabilities: A denial of service vulnerability that could cause IIS 4.0 to stop responding. This vulnerability can be exploited by the 'Code Red' worm. A security vulnerability that could enable a malicious user to gain unauthorized privileges on your Web server.

This cumulative security update includes every update released for Internet Information Server (IIS) 5.0 and is discussed in Microsoft Security Bulletin MS01-044. This update addresses four new vulnerabilities: two security vulnerabilities that could enable a malicious user to temporarily disrupt the service of IIS 5.0; and two security vulnerabilities that could enable a malicious user to gain unauthorized privileges on your Web server.

This update resolves the "Malformed WebDAV Request Can Cause IIS to Exhaust CPU Resources" security vulnerability in Internet Information Services (IIS) 5.0, and is discussed in Microsoft Security Bulletin MS01-016. Download now to prevent a malicious user from temporarily disrupting your Web services.This vulnerability exists because Web distributed authoring and versioning (WebDAV) incorrectly processes specially malformed requests. (WebDAV is a component of IIS 5.0 that enables users to add and manage content on a Web server remotely.) If a malicious user sends a stream of specially malformed requests to an affected server, the Central Processing Unit (CPU) usage will significantly increase, disrupting Web services for as long as the stream of malformed requests continues.

This patch eliminates a security vulnerability in a component that ships as part of Microsoft Internet Information Server. The vulnerability could potentially allow an attacker to prevent an affected web server from providing useful service.The FrontPage Server Extensions (FPSE) ship with and are installed by default as part of IIS 4.0 and 5.0. The most familiar FPSE functions allow Web site and content management; however, FPSE also provides browse-time support functions. Among the functions included in the latter category are ones that help process Web forms that have been submitted by a user. A vulnerability exists in one of these functions. If a malicious user levied a specially-malformed form submission to an affected server, it would cause the IIS service to fail. The vulnerability does not provide the opportunity to misuse any of the FPSE administrative or content management functions.To resume normal operation on an IIS 4.0 server, the operator would need to restart the service. In contrast, if an IIS 5.0 server were attacked via this vulnerability, the IIS service would, by default, automatically restart almost immediately. Although any Web sessions that were in progress at the time of the attack would be lost, the server would be able to accept new connections as soon as the service was restarted. FPSE is installed by default as part of IIS 4.0 and 5.0, but, in keeping with best practices, Microsoft recommends that they be disabled if not needed.Note: Note: This IIS 4.0 patch can be applied atop systems running Windows NT 4.0 Service Pack 6a or 5. It will be included in Windows NT 4.0 Service Pack 7.

Deep Freeze allows administrators to freeze the state of a workstation's operating system and software settings, without restricting user access. With every system restart, Deep Freeze ensures that all settings are restored to their original frozen state, providing workstations with full immunity against software misconfigurations, viruses, malware, and spyware. Computing environments are easier to manage, and expensive computer assets are kept running at 100% capacity. Deep Freeze Enterprise edition can protect a single, hundreds, or thousands of computers across a distributed LAN, WAN, or over the Internet. Deep Freeze protects five million computers worldwide saving countless hours of technical support. Version 6.2 allows administrator to freeze the state of a workstation's operating system and software settings, without restricting user access.

SSX Free v2.0.1 allows individuals and corporations to extend their Secure Trade Link account services to their Linux based servers. Secure Trade Link provides secure document transfer and digital signature services for businesses. Create contracts online under collaborative workgroups, sign with digital signatures, and distribute the final results all in a secure environment. With Secure Trade Link services it's not only secure, it's also easy.

Provides user audit, access, Internet and system security for any computer running Windows 2000, 2003, XP, and Vista. User security is group based and Meets requirements outlined in NISPOM, Chapter 8, as well as Sarbanes-Oxley and HIPPA. Stand-alone, or multi-system network use. Restrict access to file system, including removable media (USB, flash, etc.) on the fly. Restrict printer access in any application. Active Password Monitoring.Version 5.07.0130 adds Windows Vista support, improves compliance to security standards.

Folder Lockit is a powerful security program that can lock and hide any file or folder on any drive on your computer within seconds even if they are gigabytes or terabytes with full password protection and options to make them totally inaccessible, hidden or read only. Folder Lockit provides security in all kinds of situations including blogging, email, file sharing, instant messaging, music, newsgroup, office, p2p, pictures, videos, and Web browsing.Editor's review of Folder Lockit

Proactive Password Auditor is a password security test tool that's designed to allow Windows NT, Windows 2000 and Windows Server 2003-based systems administrators to identify and close security holes in their networks. It helps secure networks by executing an audit of account passwords, and exposing insecure account passwords. A few different methods of obtaining password hashes for further auditing are supported: from pwdump-files, Registry files, and memory of local and remote computers, including ones running Active Directory. The product features brute-force and dictionary attacks on password hashes, effectively optimized for speed (including dual-core processors), plus "rainbow" attack, that uses pre-computed hash tables that allow to find most passwords in minutes instead of days or weeks. Version 1.7 build 3619 adds full Unicode support, supports Rainbow Attack for NTLM hashes, works on machines with DEP feature enabled, and supports Windows Vista.Editor's review of Proactive Password Auditor This reliable program allows you to safeguard your network by attacking user passwords. Proactive Windows Security Explorer lets you attack passwords via brute-force, mask, rainbow, or dictionary methods and can dump password hashes from a PC's Registry. You'll also find a tool for recovering passwords. The interface might confuse people not familiar with this type of software but will be easy enough to use for this application's target audience. In our tests, the utility performed admirably, quickly, and accurately in cracking several passwords. Network administrators concerned about security certainly should take this program for a test drive.

PassX is a simple tool that will allow you to generate completely secure passwords for Windows. You can either create passwords randomly (being any size, include special characters, force stop certain characters), build a password from a string (a sentence, or names, or anything you want) or build a password generated from a list of words that you have specified (which can be customized for how they are used). All settings created can be saved and re-used later to create more passwords and the passwords generated can be saved to a TXT file. You can create any number of passwords you wish and they can be used on other operating systems other than Windows (Linux, MAC-OS).Editor's review of PassX PassX generates unbreakable passwords using user-defined key combinations, but some minor nuances aren't included.The program's window isn't the most exciting to look at, although it's neatly organized and gives several customizations to create random or user-built passwords. We like that we can have a hand in determining the combinations of uppercase/lowercase letters, numbers and character groupings, word length, and excluded characters for created passwords. PassX lets you generate up to 10 passwords at a time, and you can save, copy, or print the list.While some password generators offer full management with log-ins and fast-access links to Web sites, PassX only deals with password creation. That being said, this application is free and does a fine job of producing several password variations.

No matter which browser or mail client is used, Microsoft Internet Explorer or Mozilla Firefox, Microsoft Outlook or Outlook Express, BitIdentify can detect unknown phishing attack phenomena and raise alarm immediately to user. Even not only that, BitIdentify is quite more powerful since it is language-independent as well. BitIdentify Professional best matched to technical staffs who analyze Internet traffic to detect "phishing" scams from emails, identifying fraudulent Web sites. The professional version will help analyzers pick up all potential scams from Internet flow easier and faster with providing all scams signatures that BitIdentify figured out. BitIdentify tool is designed specially for banks customers to protect them from phishing scams that are deliberately used to steal their credit card numbers, bank account, or personal information. With BitIdentify, users can feel safe and comfortable while doing e-commerce.

LanSpy is a network security scanner, which allows getting different information about computer Domain and NetBios names, MAC address, Server information, Domain and Domain controller information, Remote control, Time, Discs, Transports, Users, Global and local users groups, Policy settings, Shared resources, Sessions, Open files, Services, Registry and Event log information. Nothing on the remote computer is hidden from you now.

SoftProbe monitors and records all computer activities and internet use. At the click of a mouse, you get clear and concise reports that give you all the information you want. Monitor all computers connected to your local network. Monitor home PCs. Track Internet use performed on any PC on your office network or at home. Track all PC activities on all applications and display graphs of all websites visited. Remotely install/uninstall the SoftProbe on monitored computers. The SoftProbe provides you with an easy-to-use, user-friendly interface, and performs the analysis, so you don't have to.Version 2.6 build 1.27 features: restricted accounts supported and enhanced remote agent installation.

Outlook Key helps you gain access to password-protected personal storage (PST) files used by MS Outlook and Exchange. The program features instant password recovery, full install and uninstall support, and support for multilingual passwords. It can be used with all versions of MS Outlook, including the most recent (Outlook 2003), and recovers form-design passwords. The software is easy to use: just drag and drop files to the program window. Version 6.1 features unspecified improvements and bug fixes.Editor's review of Outlook Key Solving a real problem with panache, Outlook Key has only one real shortcoming: the limited usefulness of the trial version. The interface is drop-dead simple and our passwords were recovered so quickly we had to question the basic security of our mail accounts. Passwords to PST files also are available here. Unfortunately, the trial version only displays the first two letters of the password. We'd recommend the full version of Outlook Key to system administrators.

Passware Kit Enterprise recovers all kinds of lost or forgotten passwords for the world's most popular office-application files, including Excel, Word, Windows 2003/XP/2K/NT (both local and domain-administrator accounts), Lotus Notes, RAR, WinZip, Access, Outlook, Acrobat, Quicken, QuickBooks, WordPerfect, and VBA. All versions of MS Office are supported, including the most recent Office 2003. Passware Kit can recover passwords for opening applications, for write reservations, and for workbooks, worksheets, templates, documents, personal folders and files, form designs, databases, and user accounts. The Lotus Notes Key module recovers passwords for Lotus Notes user ID files. The ZIP password-recovery module decrypts most WinZip archives in less than an hour with the new SureZip recovery.Editor's review of Passware Kit Enterprise Robust and versatile, Passware Kit Enterprise lacks only an integrated program interface. Instead, a group of standalone utilities are installed to perform a variety of tasks. Fortunately, each of the components is straightforward, allowing you to simply drag and drop files to the program window to begin. The utilities performed well in our tests, cracking a ZIP archive in 10 seconds flat. For more challenging searches, Xieve technology lets you skip nonsense character combinations, and the dictionary search can consider variants with up to two misspellings. You also can prioritize processes to minimize drag on your system. Home users aren't likely to need all the advanced functions here, so Passware Kit Enterprise is more appropriate for support specialists, especially given the price tag.

Powered by a high-tech graphical user interafce, Infiltrator is a network security scanner that can quickly audit your network computers for possible vulnerabilities, exploits, and information enumerations. It comes with a built-in database of know vulnerabilities, that can be updated online and allows you to select the items to scan for or to add custom entries to be included. Infiltrator can reveal and catalog a variety of information, including installed software, shares, users, drives, hotfixes, NetBios and SNMP information, open ports. It can also audit password and security policies, perform HTTP/CGI server auditing, registry auditing In addition, Infiltrator also comes with 18 network utilities for footprinting, scanning, enumerating, and gaining access to machines (ping sweep, whois lookups, e-mail tracing, share scanning). The program can be run from the commandline, allowing for external scheduling and automated scanning.

Employee monitoring software Oleansoft Hidden Camera 250x1 is intended for remote control, webcam monitoring, microphone monitoring, and observation over computers in a local network or via the Internet with or without recording. You can observe up to 250 PCs and rooms via webcams simultaneously in real-time mode. The product makes snapshots from the webcams and screenshots of the PCs monitors and saves them with intervals of 2 secs to 1 hour into an archive that may checked any time you wish. The full-screen mode allows for you to feel as if you are sitting in front of the monitor you observe. The off-line work time counter allows seeing all statistic information about work time of any employee. Also, you can send any text messages to employees or group of employees. Split-screen mode is supported (up to 250 screens in one simultaneously, from 2x2 to 16x16). You can create and sort groups of employees (up to 25 groups). Auto-start mode for the cameras is supported. Version 2.27 adds microphone monitoring.

Net Spy Pro is the ultimate combination network monitoring and remote control software tool. Watch multiple user screens at your workstation in real time. View web sites visited, applications ran and more. Remotely view a workstation's current full-size desktop, send an alert message to a user, end a process and more. Even take complete control of any PC using your keyboard and mouse. How much time are your employees or students wasting?Version 4 adds new interface, new Web server, multiple PC real-time status viewer, multiple PC actual screens viewer, detailed help file.

Spyware Doctor Enterprise offers an effective and powerful purpose-designed spyware removal and real-time malware protection solution for your network. Malware is a critical and constant security risk to corporate networks. Most conventional anti-virus and firewall tools do not offer sufficient protection against malware threats due to the constantly changing and evolving nature of malware. To resolve and successfully manage this security deficiency, protection against malware on a network level is required. Spyware Doctor Enterprise provides a complete, integrated malware protection solution for your network that protects your server and client computers from the many forms of malware including spyware, adware, trojans, keyloggers, spybots, and tracking threats. Version 3 may include unspecified updates, enhancements, or bug fixes. Register at the developer's Web site for a free 500 seat license.Note: This is a very large (123MB) file and may take several hours to download via slow Internet connection.

A quick and easy way to protect sensitive information on your computer from children, employers, and anyone else who uses your computer, including hackers! This software will hide your sensitive files so that they can't be seen or accessed. Files stay hidden even if you turn on "View Hidden Files". Even links in your recent documents menu won't be able to find your hidden files. For extra security, use a password to prevent anyone from accessing your files. You can run this software in stealth mode so that no one knows it's there, and hide or show your sensitive files using hotkeys. There has never been an easier way to keep private files really private. Add as many folders to the program as you want for quick hiding. Hide or Show individual folders or all folders at once. Prevents all file access, even from the command prompt, and even from hackers. Files in folders cannot be accessed, even from shortcuts or recent document lists. Password protection using Stealth Mode.

PC Activity Monitor Professional (PC Acme Professional) is an ultimate invisible and undetectable easy-to-use monitoring and surveillance tool for personal and network PCs. It is professional software that captures all users activity on the PC. It is a powerful management tool for users and companies, which want to increase their productivity and profitability. This is the most remarkable security product for a computer you have seen.

Mandiant Web Historian assists users in reviewing web sites (URLs) that are stored in the history files of the most commonly used browsers including Microsoft Internet Explorer, Mozilla, Firefox, Netscape, Opera and Safari. Mandiant Web Historian is designed primarily as a tool for computer forensic examiners; however, it is simple, intuitive and quite useful for any person who simply wants to review the browser history files on a given system. Mandiant Web Historian allows a user to determine the what, when, where, and how of Web access.Version 1.3 adds support for Firefox 1.5 and 2.0, IE 7, and Opera versions 8 and 9.Editor's review of Web Historian Web Historian gives a detailed report of browser history, although it locked up repeatedly before spitting out the facts. The program needs nearly 20MBs to download, and requires a quick registration during the installation. The small, unimaginative interface cuts to the chase with two simple options: you can search by specific browser history files, or search a directory and its subdirectories.The program froze on more than one occasion during testing, but finally came through with great results. We're pleased to find that it supports multiple browsers: Internet Explorer, Firefox, Mozilla, Netscape Navigator, Opera and Safari. Reports can be saved in an Excel spreadsheet (comma separated or tab delimited values) or our file format of choice here, HTML pages.Web Historian's organizational skills are impressive. The program created a folder to place separate HTML pages for each of our indicated browsers. Free for all, this application is a great way to track the use of your PC.

The course consists of Hacking Stimulators, Hacking games more than 25 Hacking tools including Sniffers, Keyloggers, S-Tools to provide you with hands on practice. 40 Live Hacking Videos take you through this multimedia course while he presentations and tutorials strenghen the theoretical aspects in Network Security. Version 3.1 may include unspecified updates, enhancements, or bug fixes.

IIS Security Audit helps you check your webserver for common vulnerabilities. Unlike other security tools, it checks the configuration of your operating system and webserver to find the most common vulnerabilities that hackers use to exploit websites running Windows 2000 Server and Internet Information Services (IIS). This program checks for vulnerabilities in RDS, ODBC Shell Access, Internet Printing, and IIS App Mappings. In addition, the program warns you to remove certain DOS commands (the ones hackers like).

Microsoft XML Core Services (MSXML) includes the XMLHTTP ActiveX control, which allows web pages rendering in the browser to send or receive XML data via HTTP operations such as POST, GET, and PUT. The control provides security measures designed to restrict web pages so they can only use the control to request data from remote data sources. A flaw exists in how the XMLHTTP control applies IE security zone settings to a redirected data stream returned in response to a request for data from a web site. A vulnerability results because an attacker could seek to exploit this flaw and specify a data source that is on the user's local system. The attacker could then use this to return information from the local system to the attacker's web site. An attacker would have to entice the user to a site under his control to exploit this vulnerability. It cannot be exploited by HTML email. In addition, the attacker would have to know the full path and file name of any file he would attempt to read. Finally, this vulnerability does not give an attacker any ability to add, change or delete data.

This patch eliminates a security vulnerability that could cause an affected system to fail, and depending on the number of affected machines on a network, potentially could be used to flood the network with superfluous data. The affected system component is normally present only if it has been deliberately installed.The Microsoft IPX/SPX protocol implementation (NWLink) includes an NMPI (Name Management Protocol on IPX) listener that will reply to any requesting network address. The NMPI listener software does not filter the requesting computer's network address correctly, and will therefore reply to a network broadcast address. Such a reply would in turn cause other IPX NMPI listener programs to also reply. This sequence of broadcast replies could generate a large amount of unnecessary network traffic. A machine that crashed due to this vulnerability could be put back into service by rebooting.IPX is not installed by default in Windows 98, 98 Second Edition, or Windows Me, and is only installed by default in Windows 95 if there is a network card present in the machine at installation time. Even when IPX is installed, a malicious user's ability to exploit this vulnerability would depend on whether they could deliver a malformed NMPI packet to an affected machine. Routers frequently are configured to drop IPX packets, and if such a router lay between the malicious user and an affected machine, they could not attack it. Routers on the Internet, as a rule, do not forward IPX packets, and this would tend to protect intranets from outside attack, as well as protecting machines connected to the Internet via dial-up connections. As discussed in the FAQ, the most likely scenario in which this vulnerability could be exploited would be one in which a malicious user on an intranet would attack affected machines on the same intranet, or one in which a malicious user on the Internet attacked affected machines on their cable modem or DSL subnet. Read the ""Malformed IPX NMPI Packet"" Vulnerability FAQ.

A remote denial of service vulnerability has been discovered in the Telnet Server that ships with Microsoft Windows 2000. The denial of service can occur when a malicious client sends a particular malformed string to the server. Although the Telnet service is provided as part of Windows 2000 products, the service is not enabled by default, and customers who have not enabled it would not be at risk. Even in affected systems, the effect of the vulnerability is limited to Telnet itself there is no capability to cause other services to fail, or to cause Windows 2000 to fail. Telnet services could be restored after an attack by restarting the Telnet Server.Microsoft has released this patch to eliminate this security vulnerability.

iQSM is a multi-user, enterprise-wide risk management, audit and compliance suite. Full risk lifecycle capability that includes risk identification, risk mitigation and mitigation monitoring. User configurable dashboard to monitor key performance indicators (KPIs) of compliance, risk and audit exceptions as well as audit scheduling and progress. Improved reporting facilities giving user configurable full reports, summary reports and trend analysis. Extended audit properties to allow more detailed audit analysis.

Once PortsLock is installed, administrators can assign permissions to TCP/IP connections, just as they would in managing permissions on an NTFS partition of a hard disk. It lets you control which users can access what TCP/IP based protocols (HTTP, FTP, SMTP, POP3, Telnet) on a local computer, depending on the time of day and day of the week. You can also set allowed/denied TCP/UDP ports and IP addresses for incoming and outgoing connections. PortsLock 1.55 now supports Windows XP Service Pack; has minor changes in the interface.

A critical security issue has been identified that could allow an attacker to remotely compromise a computer running Microsoft Windows and gain complete control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.

Network test tool to analyse network traffic and network content. It examine the network IP addresses, computer names, routes of packets and network interfaces. Securepoint Network Test Tool includes a sniffer and port scanner.