[ISN] Windows & .NET Magazine Security UPDATE--November 5, 2003

From: InfoSec News (isn@private)
Date: Thu Nov 06 2003 - 01:20:41 PST

  • Next message: InfoSec News: "[ISN] Brazil police bust gang of Internet hackers"

    ====================
    
    ==== This Issue Sponsored By ====
    
    Shavlik HFNetChkPro AdminSuite
       http://list.winnetmag.com/cgi-bin3/DM/y/edVd0CJgSH0CBw076e0AY
    
    NetIQ
       http://list.winnetmag.com/cgi-bin3/DM/y/edVd0CJgSH0CBw0BDZP0A7
    
    ====================
    
    1. In Focus: Spreading Use of Personal Firewalls
    
    2. Announcements
         - New Windows & .NET Magazine Web Site Unveiled!
         - Readers' Choice and Best of Show Nominees and Winners
    
    3. Security News and Features
         - Recent Security Vulnerabilities
         - News: Infonetics Projects Massive Growth for Wireless and
           Security
         - News: Verizon Offers Managed Security Services
         - News: NetScreen Announces Deep Inspection Firewall
    
    4. Security Toolkit
         - Virus Center
             - Virus Alert: Sober.A
         - FAQ: What permissions do I need to install the Windows 2000
           Server Terminal Services client on Windows Server 2003 and 
           Windows XP?
         - Featured Thread: Disable Modem on LAN-Connected Computer
    
    5. Event
         - Don't Miss Our 4 New Web Seminars
    
    6. New and Improved
         - Simple File Security
         - Remote Access for Small to Midsized Businesses
         - Tell Us About a Hot Product and Get a T-Shirt
    
    7. Contact Us
       See this section for a list of ways to contact us.
    
    ====================
    
    ==== Sponsor: Shavlik HFNetChkPro AdminSuite ====
       As you prepare to roll out the next critical security patch, don't
    be sour. For a limited time, Shavlik is offering an exclusive
    opportunity to purchase HFNetChkPro AdminSuite for the price of
    HFNetChkPro. With a savings of over $1,000 and three notable security
    tools - patch management, assessment and account and password
    evaluation - it's a "suite" deal. Go to 
    http://list.winnetmag.com/cgi-bin3/DM/y/edVd0CJgSH0CBw076e0AY 
    for details.
    
    ====================
    
    ==== 1. In Focus: Spreading Use of Personal Firewalls ====
       by Mark Joseph Edwards, News Editor, mark@private
    
    Microsoft recently announced its campaign to "secure the perimeter" of
    Windows networks. We conducted a poll about Microsoft's campaign that
    asked the question, "Do you think Microsoft's 'Secure the Perimeter'
    strategy will significantly reduce the company's security problems?"
    The vast majority of respondents answered "No, Microsoft needs to
    address the underlying security of its products."
       http://www.winnetmag.com/poll/index.cfm?action=pollresults&q_id=1496
    
    The impetus for securing the perimeter is obvious: If the perimeter is
    well secured, intrusion into vulnerable Windows systems is less likely
    and the stress on network administrators, the businesses they work
    for, and of course Microsoft's overall reputation is reduced.
    Interestingly enough, part of Microsoft's campaign to secure network
    perimeters involves securing machines that are inside the perimeter.
    The company plans modifications for Windows XP in the upcoming Service
    Pack 2 (SP2) that will make the built-in Internet Connection Firewall
    (ICF) technology more manageable--which might make administrators more
    inclined to use it.
    
    How many people use ICF technology now or might use it in the future
    is unknown. What is known is that a huge number of people rely on
    third-party desktop firewall products to protect their systems,
    especially mobile computers and pre-XP systems. Such products are
    typically more powerful than XP's built-in ICF, and Microsoft doesn't
    provide any kind of reasonable firewall technology for any Windows
    version earlier than XP.
    
    Even though many people use desktop firewall technology, many more
    Windows users probably don't. If they did use personal firewalls and
    locked them down properly, we wouldn't have to endure such nuisances
    as the MSBlaster worm, which affected hundreds of thousands of Windows
    systems around the world. An effort to get as many people as possible
    to load desktop firewalls would benefit everyone because Windows is
    buggy and has long remained the favorite target of large-scale
    attacks.
    
    One way to help expand the use of desktop firewalls is by spreading
    the word about how important they are. At the recent NTBugtraq
    conference in Canada, Paul Robertson (moderator of the
    firewall-wizards mailing list) discussed the possibility of a
    "personal firewall day"--a 1-day blitz aimed at enticing users
    everywhere into obtaining and installing personal firewalls.
    
    Whether such an effort would work remains to be seen, but the idea
    seems useful. NTBugtraq moderator Russ Cooper has put together a Web
    page (see the URL below) that contains a list of personal firewall
    software products and is working with Robertson to further develop the
    "personal firewall day" idea. Cooper said that we can expect more
    information about the project in the near future. Meanwhile, Cooper
    intends to conduct a poll to see which personal firewall products are
    the most popular.
       http://www.ntbugtraq.com/pfp.asp
    
    Public participation would obviously be necessary for the "personal
    firewall day" to succeed. If you're interested in the idea, be sure to
    read the NTBugtraq archives to watch for more details as they become
    available.
       http://www.ntbugtraq.com/default.asp?pid=36&sid=1
    
    ====================
    
    ==== Sponsor: NetIQ ====
       Security Event Management Made Easy
       If you're drowning in a flood of data, you're probably having a
    hard time identifying and responding to security threats? As threats
    become more sophisticated and "blended" in nature, intelligent event
    correlation becomes a necessity to identify attack or policy violation
    patterns. Get the answers you need to deploy an effective Security
    Event Management solution. Download NetIQ's free white paper,
    "Security Event Management Made Easy." Discover how you can protect
    against inconsistency in policy execution and what every organization
    must consider when thinking about Security Event Management.
       http://list.winnetmag.com/cgi-bin3/DM/y/edVd0CJgSH0CBw0BDZP0A7
    
    ====================
    
    ==== 2. Announcements ====
       (from Windows & .NET Magazine and its partners)
    
    New Windows & .NET Magazine Web Site Unveiled!
       We are proud to announce the new and improved Windows & .NET
    Magazine Web site. Discover the fresh, new look and a more simplified
    way to find answers, news, strategic guidance, and how-to information.
    Check out our new Web site at
       http://list.winnetmag.com/cgi-bin3/DM/y/edVd0CJgSH0CBw0owX0AM
    
    Readers' Choice and Best of Show Nominees and Winners
       The votes are in! We asked you, our readers, to give us your
    opinions about the latest industry products and services. Find out who
    is the best of the best!
       http://list.winnetmag.com/cgi-bin3/DM/y/edVd0CJgSH0CBw0BDBp0AG
    
    ====================
    
    ==== Sponsor: Virus Update from Panda Software ====
       Check for the latest anti-virus information and tools, including
    weekly virus reports, virus forecasts, and virus prevention tips, at
    Panda Software's Center for Virus Control.
       http://list.winnetmag.com/cgi-bin3/DM/y/edVd0CJgSH0CBw0BBlT0AS
       Viruses routinely infect "fully protected" networks. Is total
    protection possible? Find answers in the free guide HOW TO KEEP YOUR
    COMPANY 100% VIRUS FREE from Panda Software. Learn how viruses enter
    networks, what they do, and the most effective weapons to combat them.
    Protect your network effectively and permanently - download today!
       http://list.winnetmag.com/cgi-bin3/DM/y/edVd0CJgSH0CBw0BBDp0AG
    
    ====================
    
    ==== 3. Security News and Features ====
    
    Recent Security Vulnerabilities
       If you subscribe to this newsletter, you also receive Security
    Alerts, which inform you about recently discovered security
    vulnerabilities. You can also find information about these discoveries
    at
       http://www.winnetmag.com/departments/departmentid/752/752.html
    
    News: Infonetics Projects Massive Growth for Wireless and Security
       Infonetics Research said that it expects to see considerable growth
    in both wireless solutions and security solutions between 2003 and
    2007. Based on studies of 225 European companies, Infonetics expects
    European spending on security and VPN technology to grow from $10.7
    billion to $18.1 billion by 2007.
       http://www.winnetmag.com/article/articleid/40665/40665.html
    
    News: Verizon Offers Managed Security Services
       Verizon announced a new group of managed security solutions,
    Business Internet Security Services, aimed at small businesses. The
    services are the first in a series of managed services the company
    plans to offer to small and midsized businesses.
       http://www.winnetmag.com/article/articleid/40664/40664.html
    
    News: NetScreen Announces Deep Inspection Firewall
       NetScreen Technologies announced a new type of firewall, which the
    company has named the Deep Inspection firewall. The firewall provides
    application-level intrusion protection along with stateful inspection
    capabilities.
       http://www.winnetmag.com/article/articleid/40658/40658.html
    
    ====================
    
    ==== Hot Release ====
       Free Trial SSL Certificate from Thawte
       Take your first step towards giving your online business a
    competitive advantage. Test-drive a Thawte SSL certificate - our easy
    online guide will show you how. Click here to get started:
       http://list.winnetmag.com/cgi-bin3/DM/y/edVd0CJgSH0CBw0BC140Aw
    
    ====================
    
    ==== 4. Security Toolkit ====
    
    Virus Center
       Panda Software and the Windows & .NET Magazine Network have teamed
    to bring you the Center for Virus Control. Visit the site often to
    remain informed about the latest threats to your system security.
       http://www.winnetmag.com/windowssecurity/panda
    
    Virus Alert: Sober.A
       Sober.A reaches victims' computers in an email message with
    variable subjects, text, and attachment names in English or German. If
    the attached file containing Sober.A is run, a false error message is
    displayed. At the same time, the worm uses its own SMTP engine to send
    itself to all the addresses it finds in multiple files on the
    computer. One of the main dangers of Sober.A is that it leaves two
    resident copies of itself running continually. If a user terminates or
    deletes one of the copies, the other will create it again. For
    complete details on the worm, be sure to read Panda's report:
       http://www.pandasoftware.com/about/press/viewnews.aspx?noticia=4311
    
    FAQ: What permissions do I need to install the Windows 2000 Server
    Terminal Services client on Windows Server 2003 and Windows XP?
       by John Savill, http://www.winnetmag.com/windowsnt20002003faq
    
    A: Windows 2003 and XP both ship with Remote Desktop Connection, which
    is the latest Terminal Services client. However, you might have a
    reason to install a previous version of the client. To do so, you must
    be a local administrator or have Write and Modify permissions on the
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSLicensing\Store\MSLicensing
    registry value.
    
    Featured Thread: Disable Modem on LAN-Connected Computer
       (Three messages in this thread)
    A forum reader writes that his site uses Windows 2000 and Active
    Directory (AD) in one native mode domain, and all servers, desktops,
    and laptops in the domain use Windows 2000 with Service Pack 3 (SP3).
    He wants to know whether he can use group policies, registry hacks, or
    some other technique to disable the use of dial-up modems on any
    computer that's connected to or at least logged on to the domain.
    However, laptop computers would need to be able to dial when not
    connected to the LAN. Lend a hand or read the responses:
       http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=64393
    
    ==== 5. Event ====
    
    Don't Miss Our 4 New Web Seminars
       Sign up today for these upcoming Web seminars: How to Pick the
    Right Anti-Spam Solution, Assessing IM Risks on Your Network, Choosing
    the Right Patch Management Solution, and the Costs of Spam. Don't miss
    these free events!
       http://list.winnetmag.com/cgi-bin3/DM/y/edVd0CJgSH0CBw02lB0Am
    
    ==== 6. New and Improved ====
       by Jason Bovberg, products@private
    
    Simple File Security
       Inv Softworks released Kryptel Encryption Suite 5.0, a single-click
    solution that simplifies file and folder encryption. Although the
    product strives for simplicity, it also offers advanced features that
    let you create encrypted filesets and perform batch-mode processing.
    You can use Kryptel's encrypted backup feature and efficient data
    compression to archive sensitive data. Kryptel uses the Advanced
    Encryption Standard (AES), but you can select other strong ciphers
    from the software's Crypto Settings panel. Kryptel Encryption Suite
    5.0 costs $39.95 for a single-user license. Significant discounts are
    available for multiuser licenses. To download a free trial version,
    contact Kryptel on the Web.
       http://www.kryptel.com
    
    Remote Access for Small to Midsized Businesses
       AEP Systems announced AEP SureWare A-Gate AG-600, an advanced
    version of its Secure Sockets Layer (SSL) VPN appliance that offers
    secure access to company applications and resources. The product lets
    employees and partners access email and other Web-enabled or Terminal
    Services applications from any PC running a standard browser. The
    company is targeting its newly enhanced feature set toward small and
    midsized enterprises. AEP SureWare A-Gate AG-600 costs $8995. For more
    information, contact AEP Systems on the Web.
       http://www.aepsystems.com
    
    Tell Us About a Hot Product and Get a T-Shirt!
       Have you used a product that changed your IT experience by saving
    you time or easing your daily burden? Tell us about the product, and
    we'll send you a Windows & .NET Magazine T-shirt if we write about the
    product in a future Windows & .NET Magazine What's Hot column. Send
    your product suggestions with information about how the product has
    helped you to whatshot@private
    
    ===================
    
    ==== Sponsored Links ====
    
    Argent
       Comparison Paper: The Argent Guardian Easily Beats Out MOM
       http://list.winnetmag.com/cgi-bin3/DM/y/edVd0CJgSH0CBw0BDWV0AB
    
    ===================
    
    ==== 7. Contact Us ====
    
    About the newsletter -- letters@private
    About technical questions -- http://www.winnetmag.com/forums
    About product news -- products@private
    About your subscription -- securityupdate@private
    About sponsoring Security UPDATE -- emedia_opps@private
    
    This email newsletter is brought to you by Security Administrator, the
    print newsletter with independent, impartial advice for IT
    administrators securing Windows and related technologies. Subscribe
    today.
    https://secure.pentontech.com/nt/security/index.cfm?promocode=00&Code=ei25xxup
    
    Copyright 2003, Penton Media, Inc.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Nov 06 2003 - 04:29:08 PST