==================== ==== This Issue Sponsored By ==== VeriSign-The Value Of Trust Secure Your Servers http://list.winnetmag.com/cgi-bin3/DM/y/edlx0CJgSH0CBw0BDyY0AU FREE E-COMMERCE SECURITY GUIDE http://list.winnetmag.com/cgi-bin3/DM/y/edlx0CJgSH0CBw0BDcP0Ax ==================== 1. In Focus: Microsoft Teaches Security 2. Announcements - Quick Answers for Microsoft Small Business Server - Are You Ready to Buy Hardware, Software, Networking Products, and Accessories? 3. Security News and Features - Recent Security Vulnerabilities - Feature: First Look at SBS 2003 Security - Feature: Tools for Your Security Arsenal 4. Instant Poll - Results of Previous Poll: Security Bug Bounty - New Instant Poll: Processor-Based Security 5. Security Toolkit - Virus Center - Virus Alert: Mimail.J - FAQ: How can I easily construct the command-line syntax for a backup job in Windows XP and later? - Featured Thread: NTFS Security Permissions 6. Event - New--Microsoft Security Road Show! 7. New and Improved - Make Your Private Data Invisible - Protect Web Site and Its Visitors from Cyber Thieves - Tell Us About a Hot Product and Get a T-Shirt 8. Contact Us See this section for a list of ways to contact us. ==================== ==== Sponsor: Verisign-The Value Of Trust ==== Secure Your Servers Secure your servers with 128-bit SSL encryption! Grab your copy of VeriSign's FREE Guide, "Securing Your Web site for Business," and you'll learn everything you need to know about using 128-bit SSL to encrypt your e-commerce transactions, secure your corporate intranets and authenticate your Web sites. 128-bit SSL is serious security for your online business. Get it now! Secure your servers with 128-bit SSL encryption! Grab your copy of VeriSign's FREE Guide, "Securing Your Web site for Business," and you'll learn everything you need to know about using 128-bit SSL to encrypt your e-commerce transactions, secure your corporate intranets and authenticate your Web sites. 128-bit SSL is serious security for your online business. Get it now! http://list.winnetmag.com/cgi-bin3/DM/y/edlx0CJgSH0CBw0BDyY0AU ==================== ==== 1. In Focus: Microsoft Teaches Security ==== by Mark Joseph Edwards, News Editor, mark@private On November 17, Microsoft Vice President of the Security Business Unit Mike Nash gave a Webcast that discussed what Microsoft is doing to improve IT security. If you're interested in watching it, you'll find it at http://msevents.microsoft.com/cui/eventdetail.aspx?eventid=1032240054&culture=en-us Nash's presentation was a sort of prelude to numerous other Webcasts to come. Beginning December 1, Microsoft will present a series of Webcasts aimed at helping people better understand and more effectively apply and use security with the company's products. So far, the company has scheduled more than a dozen Webcasts, each to last about 1 1/2 hours. Here's a brief rundown of the scheduled programs: * ShopTalk: IT Security Webcast–-This Webcast discusses how Microsoft secures its own IT assets and intellectual property, the information security team's functions, and the company's security solutions. * Using Portable Handheld Devices in a Secure Manner–-This Webcast discusses how to protect information stored on PDAs as well as communication security. * Secure Network Access–-Learn how to use Windows Server 2003 along with Microsoft Internet Security and Acceleration (ISA) Server to secure wireless, wired, and remote access connectivity. * Designing a Secure - Reliable - and Usable Patch Management Infrastructure–-Find out how to design and deploy an effective patch-management solution. In addition, the company introduces its new Microsoft Solution for Patch Management and discusses the solution's architecture. * Securing Your Exchange 2003 Environment–-This Webcast is a review of basic security features for servers, messages, and communications built into Microsoft Exchange Server 2003. Topics include delegation of authority, mitigation of Denial of Service (DoS) attacks and viruses, interconnectivity and remote connectivity, and the use of encryption for secure transports. * Effectively Using IIS Security–-Get an overview of Microsoft Internet Information Services (IIS) 6.0 security architecture, including a review of the improved security features in Secure Sockets Layer (SSL), Microsoft .NET Passport authentication, URL authorization, and delegation of authority. * Penetration Testing, Vulnerability Scanning, and Security Auditing-–Learn how to plan and conduct audits and determine, according to the data gathered, whether your network meets your security requirements. * Using the Microsoft Security Tools-–This Webcast is a review of several tools available for free from Microsoft, including the Microsoft Baseline Security Analyzer (MBSA), Mbsacli, IISLock, URLScan, Qchain, security templates, subsystem auditing features, and the Microsoft Solution for Securing Windows 2000 Server. * Safeguarding Information with Windows Rights Management Services–-This Webcast discusses architectural considerations for Windows Rights Management Services (RMS), including Active Directory (AD) integration, server enrollment, and machine activation. * Microsoft Windows Server 2003 Security Enhancements--Get an overview of Windows 2003's security improvements with regard to Group Policy, authentication, object-based access control, security policy, auditing, AD, data protection, network data protection, public key infrastructure (PKI), and trusts. * Software and Patch Management with Software Update Service, Windows Update, and SMS–-Learn how to install and distribute patches by using Microsoft Software Update Services (SUS) and Microsoft Systems Management Server (SMS), including the use of automatic updates. * Demystifying IPSec–-Find out how IP Security (IPSec) works to protect data and learn about five scenarios in which you can effectively use IPSec, including enforcement of domain membership and the elimination of man-in-the-middle attacks. * 10 Things Hackers Don't Want You to Know-–This session actually covers 14 things intruders might do to compromise a network. You can learn more about the Webcasts, including their scheduled times, at the first URL below. While you're at it, stop by Microsoft's page for "prescriptive guidance" (second URL below), at which you'll find documentation that helps you understand how to better secure your perimeter, network, hosts, applications, and data. http://www.microsoft.com/technet/security/webcasts/default.asp?frame=true http://www.microsoft.com/technet/security/bestprac.asp ==================== ==== Sponsor: VeriSign - The Value of Trust ==== FREE E-COMMERCE SECURITY GUIDE Is your e-business built on a strong, secure foundation? Find out with VeriSign's FREE White Paper, "Building an E-Commerce Trust Infrastructure." Learn how to authenticate your site to customers, secure your web servers with 128-Bit SSL encryption, and accept secure payments online. Click here: http://list.winnetmag.com/cgi-bin3/DM/y/edlx0CJgSH0CBw0BDcP0Ax ==================== ==== 2. Announcements ==== (from Windows & .NET Magazine and its partners) Quick Answers for Microsoft Small Business Server Is Small Business Server right for you? Do you need answers about how to set up Small Business Server? Learn about Small Business Server's key features, upgrade possibilities, and storage and find how-to guides, troubleshooting tips, forums, and more at Windows & .NET Magazine online. http://list.winnetmag.com/cgi-bin3/DM/y/edlx0CJgSH0CBw0BDuN0AF Are You Ready to Buy Hardware, Software, Networking Products, and Accessories? Check out the latest offerings on the IT Buyer's Network. Find clearance items and rebates, research products in the solutions library, check out reference guides, and learn about the latest technology seminar. Easily search the most up-to-date products by category and sign up to receive product information from the email newsletter. http://list.winnetmag.com/cgi-bin3/DM/y/edlx0CJgSH0CBw0KXr0AN ==== 3. Security News and Features ==== Recent Security Vulnerabilities If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at http://www.winnetmag.com/departments/departmentid/752/752.html Feature: First Look at SBS 2003 Security Microsoft is positioning Microsoft Small Business Server (SBS) 2003 as a one-stop technology solution for the small-business market (companies with 75 or fewer workstations). SBS wizards are fine-tuned to address common small-business needs, such as connecting to the Internet with or without a firewall, running a local mail server, providing remote email access, preconfiguring an Internet-accessible company Web site, and providing local and remote access to a variety of HTML-based collaboration resources. Paula Sharick tested the SBS 2003 Standard Edition release candidate (RC) to determine the product's security strengths and weaknesses and to see how well the product meets the goals of Microsoft's Trustworthy Computing initiative. Read more about SBS 2003 at http://www.winnetmag.com/article/articleid/40830/40830.html Feature: Tools for Your Security Arsenal To better prepare for the inevitable attacks on your systems, keep several tools on hand that analyze Windows 2000 Server and later systems (some support legacy platforms as well). Start with a Microsoft Baseline Security Analyzer (MBSA) report so that you can review the security status of the OS and common Microsoft applications and install all security updates appropriate for the system. Learn about three other tools at http://www.winnetmag.com/article/articleid/40831/40831.html ==================== ==== Hot Release ==== VeriSign - The Value of Trust Secure all your Web servers now - with a proven 5-part strategy. The FREE Server Security Guide shows you how: * DEPLOY THE LATEST ENCRYPTION and authentication techniques * DELIVER TRANSPARENT PROTECTION with the strongest security without disrupting users. And more. Get your FREE Guide now: http://list.winnetmag.com/cgi-bin3/DM/y/edlx0CJgSH0CBw0BDeV0A6 ==================== ==== 4. Instant Poll ==== Results of Previous Poll: Security Bug Bounty The voting has closed in the Windows & .NET Magazine Network Security Web page nonscientific Instant Poll for the question, "Regarding Microsoft's $5 million bounty to capture and convict malicious coders, could the money be better spent?" Here are the results from the 43 votes. - 28% Yes, by paying non-Microsoft security researchers to find bugs - 5% Yes, by paying Microsoft programmers to find bugs - 44% Yes, by paying both non-Microsoft researchers and Microsoft programmers - 23% No, it's exactly the thing to do New Instant Poll: Processor-Based Security The next Instant Poll question is, "Does your company intend to implement computers and OSs that provide processor-based security?" Go to the Security Web page and submit your vote for - Yes, as soon as possible - Yes, sometime in the near future - Yes, sometime in the distant future - No - Don't know http://www.winnetmag.com/windowssecurity ==== 5. Security Toolkit ==== Virus Center Panda Software and the Windows & .NET Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security. http://www.winnetmag.com/windowssecurity/panda Virus Alert: Mimail.J Mimail.J is a worm that spreads through email messages that have a subject that contains the text "IMPORTANT" and a file attachment named www.paypal.com.pif. When a user opens the file, Mimail.J simulates a Web form from PayPal, collects any user information entered in the form, stores it in a file that the worm creates, then sends the file in an email message. For more details about Mimail.J, visit Panda Software's Web site: http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=41858 FAQ: How can I easily construct the command-line syntax for a backup job in Windows XP and later? by John Savill, http://www.winnetmag.com/windowsnt20002003faq A. Because several switches and commands are available when performing a backup from the command line, keeping track of your backup configuration can get complex. Fortunately, you can use the Backup Wizard to construct a dummy backup job that lets you see the equivalent command-line options. To do so, perform the following steps: 1. Start Windows Backup. 2. Select the Schedule Jobs tab. 3. Select a day, then click Add Job. 4. Click Next on the first screen of the Backup Wizard page that appears. 5. Select the files, folders, or drives that you want to back up, then click Next. (Depending on which options you select, you might have to navigate through additional screens to manually select the items you want to back up.) 6. Select the destination for the backup, then click Next. 7. Select the type of backup that you want to perform, then click Next. 8. Select any options that you want to be performed during the backup (e.g., "Verify data after backup"), then click Next. 9. Select the backup overwrite options, then click Next. 10. Select when to run the backup, give it a job name, then click Next. 11. Enter the user account information necessary to perform the backup, then click OK. 12. Click Finish. 13. Windows Backup will create a new backup job. Right-click the new job to display the Properties dialog box, then click Properties. Select the Task tab to view the NTBackup command that will be used to run the backup job. For example, the Backup Wizard constructed the following NTBackup command for my job: G:\WINDOWS\system32\ntbackup.exe backup "@G:\Documents and Settings\savijo\Local Settings\Application Data\Microsoft\Windows NT\NTBackup\data\Full system normal backup.bks" /n "backup.bkf created 13/11/2003 at 13:50" /d "Set created 13/11/2003 at 13:50" /v:no /r:no /rs:no /hc:off /m normal /j "Full system normal backup" /l:s /f "E:\backup.bkf" 14. Click Delete to remove the backup job. Featured Thread: NTFS Security Permissions (Three messages in this thread) A user writes that he wants to grant other users the permission to add, write, read, and execute (but not to move, overwrite, or delete) his files and folders. He also wants to grant users permission to delete any files or folders that they created under his shared folder. He wonders how to configure NTFS to allow this sort of functionality. Lend a hand or read the responses: http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=65192 ==== 6. Event ==== New--Microsoft Security Road Show! Join industry guru Mark Minasi on this exciting 20-city tour and learn more about tips to secure your Windows Server 2003 and Windows 2000 network. There is no charge for this event, but space is limited, so register today! Sign up now for our December events. http://list.winnetmag.com/cgi-bin3/DM/y/edlx0CJgSH0CBw0BDuO0AG ==== 7. New and Improved ==== by Jason Bovberg, products@private Make Your Private Data Invisible Softbe announced Advanced Hide Folders, software that hides any files--for example, files containing financial or tax information, passwords, personal letters, email messages, or images--from prying eyes. Advanced Hide Folders also lets you hide hard disks and removable media. You simply drag the files or folders from Windows Explorer to the Advanced Hide Folders window. The software is protected by a password and hot key that you can change or remove at any time. Advanced Hide Folders costs $39.95 for a single-user license. (Volume discounts are available.) For more information about Advanced Hide Folders, contact Softbe on the Web. http://www.softbe.com Protect Web Site and Its Visitors from Cyber Thieves Teros announced the Teros Gateway, the next generation of the company's secure application gateway that prevents malicious users from stealing personal information from Web site visitors, jamming access to sites, and deciphering URL addresses to break into applications. The Teros Gateway offers high security and availability standards for operators and users of Web sites that process financial transactions, account data, and personal information. Pricing for the Teros Gateway starts at $25,000. For more information about the product, contact Teros at 408-850-0800 or on the Web. http://www.teros.com Tell Us About a Hot Product and Get a T-Shirt! Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows & .NET Magazine T-shirt if we write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions with information about how the product has helped you to whatshot@private =================== ==== Sponsored Links ==== Sybari Software Free! "Admins Shortcut Guide to Email Protection" from Sybari http://list.winnetmag.com/cgi-bin3/DM/y/edlx0CJgSH0CBw0BDkY0AG VMware Inc. FREE VMware Workstation for Microsoft Certified Trainers. http://list.winnetmag.com/cgi-bin3/DM/y/edlx0CJgSH0CBw0BDmL0A4 =================== ==== 8. Contact Us ==== About the newsletter -- letters@private About technical questions -- http://www.winnetmag.com/forums About product news -- products@private About your subscription -- securityupdate@private About sponsoring Security UPDATE -- emedia_opps@private This email newsletter is brought to you by Security Administrator, the print newsletter with independent, impartial advice for IT administrators securing Windows and related technologies. Subscribe today. https://secure.pentontech.com/nt/security/index.cfm?promocode=00&Code=ei25xxup - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Nov 28 2003 - 03:54:40 PST