[ISN] Windows & .NET Magazine Security UPDATE--October 15, 2003

From: InfoSec News (isn@private)
Date: Wed Oct 15 2003 - 23:19:13 PDT

  • Next message: InfoSec News: "[ISN] Stolen Computer Search"

    ====================
    
    ==== This Issue Sponsored By ====
    
    Protocom Development Systems
       http://list.winnetmag.com/cgi-bin3/DM/y/edCG0CJgSH0CBw0BC8w0AO
    
    Exchange & Outlook Administrator
       http://list.winnetmag.com/cgi-bin3/DM/y/edCG0CJgSH0CBw078G0AI
    
    ====================
    
    1. In Focus: Upcoming Security Improvements from Microsoft
    
    2. Announcements
         - Microsoft IT Forum 2003, November 11-14, Copenhagen, Denmark
         - COMDEX Las Vegas 2003
    
    3. Security News and Features
         - Recent Security Vulnerabilities
         - News: NetScreen Technologies Acquires Neoteris
         - News: Check Point Introduces VPN Appliances
         - Feature: The Hidden Threat of SNMP
    
    4. Instant Poll
         - Results of Previous Poll: Protecting the Infrastructure
         - New Instant Poll: OS Use
    
    5. Security Toolkit
         - Virus Center
             - Virus Alert: Istbar.H
         - FAQ: How can I automate registry settings across my entire
           domain?
         - Featured Thread: Port Filtering on Windows NT Server 4.0
    
    6. Event
         - "Plan, Migrate, Manage: Shifting Seamlessly from NT4 to Windows
           2003"
    
    7. New and Improved
         - Protection Against Identity Theft
         - Tell Us About a Hot Product and Get a T-Shirt
    
    8. Contact Us
       See this section for a list of ways to contact us.
    
    ====================
    
    ==== Sponsor: Protocom Development Systems ====
       Single sign-on does exist, even for heterogeneous environments,
    with SecureLogin Single Sign-On or SecureLogin Password Management
    Suite. Increase security while enhancing the end-user experience. It
    is possible. SecureLogin was named TechEd Best of Show in the security
    category. Request your evaluation copy of SecureLogin Single Sign-On.
       http://list.winnetmag.com/cgi-bin3/DM/y/edCG0CJgSH0CBw0BC8w0AO
    
    ====================
    
    ==== 1. In Focus: Upcoming Security Improvements from Microsoft ====
       by Mark Joseph Edwards, News Editor, mark@private
    
    In a speech at the Microsoft Worldwide Partner Conference 2003 last
    week, Microsoft CEO Steve Ballmer outlined some actions Microsoft will
    take in the company's continuing effort to better secure Windows
    platforms. Ballmer accurately pointed out that many people are
    dissatisfied with the company's patching tools and patch rollout
    process. Microsoft will now issue patches on a monthly basis instead
    of irregularly, with the exception of critical patches, which the
    company will release as soon as possible. Microsoft is also working on
    consolidating its patches at a central location on its Web site so
    that users don't have to search numerous places for patches for
    different software packages.
    
    Microsoft will also release a new version of Software Update Services
    (SUS) in the near future. Ballmer didn't say what new features SUS 2.0
    would provide, but he did say it would be released sometime in the
    first half of 2004. If you haven't tried SUS, be sure to check it out.
    The current version--SUS Server 1.0 with Service Pack 1 (SP1)--can
    pull down patches and service packs and roll them out to systems on
    your network.
       http://www.microsoft.com/windowsserversystem/sus/default.mspx
    
    In addition, Ballmer said that the company will develop some new
    features for Windows XP systems that won't be available for Windows
    2000 platforms. The company will try to develop technology that
    inspects mobile systems for possible infections picked up on another
    network (such as a wireless or dial-up connection) before letting them
    connect to the local network.
    
    Microsoft also plans to improve its Internet Connection Firewall (ICF)
    technology and will expand administrators' ability to centrally manage
    ICF. Regarding Microsoft Internet Explorer (IE), the company will
    provide better control over ActiveX controls and provide some sort of
    sandbox for scripts to help prevent them from gaining too much access
    to the local system. In addition, Microsoft is working on ways to
    better protect memory from buffer-overrun problems.
    
    Ballmer said Microsoft will release these improvements as part of XP
    SP2. The service pack will be released to the public sometime in the
    first part of 2004.
    
    If you run Win2K platforms and wonder how long Microsoft will continue
    to support them, the answer is the middle of next year. The company
    will support Win2K SP2 and Windows NT Workstation 4.0 SP6a systems
    until June 2004.
    
    If you're interested in reading Ballmer's entire speech, you can find
    it at the Microsoft PressPass Web site.
       http://www.microsoft.com/presspass/exec/steve/2003/10-09wwpc.asp
    
    ====================
    
    ==== Sponsor: Exchange & Outlook Administrator ====
       Get a Sample Issue of Exchange & Outlook Administrator
       Exchange & Outlook Administrator, the monthly print newsletter from
    Windows & .NET Magazine, gives you the in-depth articles you need to
    secure, maintain, and troubleshoot your messaging environment. Try an
    issue of Exchange & Outlook Administrator, and discover for yourself
    what our expert authors know that you don't. Click here!
       http://list.winnetmag.com/cgi-bin3/DM/y/edCG0CJgSH0CBw078G0AI
    
    ====================
    
    ==== 2. Announcements ====
       (from Windows & .NET Magazine and its partners)
    
    Microsoft IT Forum 2003, November 11-14, Copenhagen, Denmark
       Explore best practices for managing your systems and strengthening
    your security, gain effective guidance for planning and implementing
    rollouts of a host of Microsoft products and technologies, including
    Exchange Server 2003, Windows Server 2003, and others in the Windows
    Server System. Save 300 EUROS, register today.
       http://list.winnetmag.com/cgi-bin3/DM/y/edCG0CJgSH0CBw0BC5I0AZ
    
    COMDEX Las Vegas 2003
       With more hackers and security threats emerging on a daily basis,
    secure networked computing has never been more important. At COMDEX
    Las Vegas 2003, you'll find everything your business needs to attain
    ironclad security for your business from deploying wireless LANs to
    secure access with SSL VPNs. Take charge this November 16-20 in Las
    Vegas at COMDEX.
       http://list.winnetmag.com/cgi-bin3/DM/y/edCG0CJgSH0CBw0BC8x0AP
    
    ====================
    
    ==== Sponsor: Virus Update from Panda Software ====
       Check for the latest anti-virus information and tools, including
    weekly virus reports, virus forecasts, and virus prevention tips, at
    Panda Software's Center for Virus Control.
       http://list.winnetmag.com/cgi-bin3/DM/y/edCG0CJgSH0CBw0BBlT0Ae
       Viruses routinely infect "fully protected" networks. Is total
    protection possible? Find answers in the free guide HOW TO KEEP YOUR
    COMPANY 100% VIRUS FREE from Panda Software. Learn how viruses enter
    networks, what they do, and the most effective weapons to combat them.
    Protect your network effectively and permanently - download today!
       http://list.winnetmag.com/cgi-bin3/DM/y/edCG0CJgSH0CBw0BBDp0AS
    
    ====================
    
    ==== 3. Security News and Features ====
    
    Recent Security Vulnerabilities
       If you subscribe to this newsletter, you also receive Security
    Alerts, which inform you about recently discovered security
    vulnerabilities. You can also find information about these discoveries
    at
       http://www.secadministrator.com/articles/index.cfm?departmentid=752
    
    News: NetScreen Technologies Acquires Neoteris
       NetScreen Technologies announced that it has signed an agreement to
    acquire Neoteris, makers of Secure Sockets Layer (SSL) VPN and
    application security gateway appliances. NetScreen will pay
    approximately $245 million in stock and $20 million in cash at the
    closing and up to another $30 million in cash when the company
    achieves revenue milestones.
       http://secadministrator.com/articles/index.cfm?articleid=40480
    
    News: Check Point Introduces VPN Appliances
       Check Point Software Technologies announced the release of its new
    appliance-based VPN-1 Edge solution. The new line of appliances
    provides VPN and firewall features along with centralized management.
    VPN-1 Edge is based on the company's VPN-1 NG software.
       http://secadministrator.com/articles/index.cfm?articleid=40479
    
    Feature: The Hidden Threat of SNMP
       If you have an Internet-connected network, you're taking calculated
    risks. You're dealing with the potential for attacks and exploits on
    your Web server, and you have a separate set of considerations for
    your mail server. In addition, another vulnerability that you might
    not be aware of is probably lurking in your network. Most networks
    have SNMP running on some devices, often unnecessarily and sometimes
    without the knowledge of system personnel. Learn about this threat in
    Tony Howlett's article on our Web site.
       http://secadministrator.com/articles/index.cfm?articleid=26440
    
    ====================
    
    ==== Hot Release: FaxBack ====
    Tackling the FCC's New FAX Regulations (Technical Whitepaper)
       Ready or not, the FCC's regulations regarding FAX are here. Think
    they don't affect you -- think again. If you are sending anything via
    FAX these regulations impact your organization. Register for a
    whitepaper:
       --> http://list.winnetmag.com/cgi-bin3/DM/y/edCG0CJgSH0CBw0BClj0A2
       Designed to be a guide for companies needing to adapt their fax
    communications to ensure FCC compliance, the whitepaper provides an
    overview to the July 2003 FCC rules and discusses tools to help
    companies fax responsibly.
    
    ====================
    
    ==== 4. Instant Poll ====
    
    Results of Previous Poll: Protecting the Infrastructure
       The voting has closed in Windows & .NET Magazine's Security
    Administrator Channel nonscientific Instant Poll for the question,
    "Does your company use firewalls and Intrusion Detection Systems
    (IDSs) to protect the infrastructure?" Here are the results from the
    226 votes.
       - 41% Yes, we use both firewalls and IDSs
       - 57% No, we only use firewalls
       - 2% Not sure
    
    New Instant Poll: OS Use
       The next Instant Poll question is, "What is your company's primary
    OS?" Go to the Security Administrator Channel home page and submit
    your vote for
       - Windows Server 2003
       - Windows XP Professional
       - Windows 2000 Server or Professional
       - Windows NT Server or Workstation
       - Windows 9x or Me
       http://www.secadministrator.com
    
    ==== 5. Security Toolkit ====
    
    Virus Center
       Panda Software and the Windows & .NET Magazine Network have teamed
    to bring you the Center for Virus Control. Visit the site often to
    remain informed about the latest threats to your system security.
       http://www.secadministrator.com/panda
    
    Virus Alert: Istbar.H
       Istbar.H is a Trojan horse that installs several spyware programs
    and dialers without the user's permission and displays advertisements
    from adult sites. It also adds a toolbar to the Microsoft Internet
    Explorer (IE) browser. For complete details on Istbar.H, see Panda
    Software's report:
       http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=41127
    
    FAQ: How can I automate registry settings across my entire domain?
       contributed by Randy Franklin Smith, rsmith@private
    
       You can automate registry settings that aren't already part of a
    group policy by creating a new administrative template in the Default
    Domain Policy Group Policy Object (GPO). For step-by-step instructions
    on how to accomplish this task, see Randy Franklin Smith's complete
    answer to this question.
       http://secadministrator.com/articles/index.cfm?articleid=26447
    
    Featured Thread: Port Filtering on Windows NT Server 4.0
       (Four messages in this thread)
       A user writes that he has enabled port filtering on a Windows NT
    Server 4.0 system. He permits access to certain TCP ports (80, 110,
    137, 138, 139, 2028, 20, 21, 25) and certain UDP ports (53, 137, 138,
    2028). With these ports enabled, he can't browse the Internet and his
    antivirus software can't connect to obtain virus definition updates.
    If he removes the port filtering settings, his system works as it
    should. He wants to know why the port filtering, as he has defined it,
    doesn't work the way he wants it to. Lend a hand or read the
    responses:
       http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=64163
    
    ==== 6. Event ====
    
    "Plan, Migrate, Manage: Shifting Seamlessly from NT4 to Windows 2003"
       Your Active Directory environment can make or break your entire
    Windows NT 4.0 to Windows Server 2003 migration project. This free Web
    seminar features best practices for migration planning and
    administration, tips and tricks for ensuring Exchange Server and
    Active Directory health, and guidance for managing your directory for
    maximum availability and performance during migration and beyond.
    Register now!
       http://list.winnetmag.com/cgi-bin3/DM/y/edCG0CJgSH0CBw0BC5K0Ab
    
    ==== 7. New and Improved ====
       by Jason Bovberg, products@private
    
    Protection Against Identity Theft
       MeterNet announced BankALARM, a security software and update
    service that helps you protect your personal identity online by
    providing real-time network monitoring, program filtering, spyware
    detection, and port control. BankALARM lets you establish a Client
    Intruder Detection System for a PC with optional lock-down and
    cloaking. BankALARM protects in the background from an easy-to-read
    control panel with click-on, click-off navigation. Available by annual
    subscription, BankALARM costs $49 per computer. For purchase
    information, contact MeterNet on the Web.
       http://bankalarm.com
    
    Tell Us About a Hot Product and Get a T-Shirt!
       Have you used a product that changed your IT experience by saving
    you time or easing your daily burden? Tell us about the product, and
    we'll send you a Windows & .NET Magazine T-shirt if we write about the
    product in a future Windows & .NET Magazine What's Hot column. Send
    your product suggestions with information about how the product has
    helped you to whatshot@private
    
    ===================
    
    ==== Sponsored Links ====
    
    CrossTec
       Free Download - NEW NetOp 7.6 - faster, more secure, remote support
       http://list.winnetmag.com/cgi-bin3/DM/y/edCG0CJgSH0CBw0BBnb0Au
    
    Microsoft
       Attend a Microsoft(R) Office System Launch Event -- Get a FREE Eval
     Kit
       http://list.winnetmag.com/cgi-bin3/DM/y/edCG0CJgSH0CBw0BCqD0AU
    
    ===================
    
    ==== 8. Contact Us ====
    
    About the newsletter -- letters@private
    About technical questions -- http://www.winnetmag.com/forums
    About product news -- products@private
    About your subscription -- securityupdate@private
    About sponsoring Security UPDATE -- emedia_opps@private
    
    This email newsletter is brought to you by Security Administrator, the
    print newsletter with independent, impartial advice for IT
    administrators securing Windows and related technologies. Subscribe
    today.
       http://www.secadministrator.com/sub.cfm?code=saei25xxup
    
    
    To make other changes to your email account such as change your email
    address, update your profile, and subscribe or unsubscribe to any of
    our email newsletters, simply log on to our Email Preference Center.
       http://www.winnetmag.com/email
    
    __________________________________________________________
    Copyright 2003, Penton Media, Inc.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Oct 16 2003 - 02:33:07 PDT