[ISN] Windows & .NET Magazine Security UPDATE--November 26, 2003

From: InfoSec News (isn@private)
Date: Fri Nov 28 2003 - 01:30:25 PST

  • Next message: InfoSec News: "[ISN] Hatch suspends GOP aide"

    ====================
    
    ==== This Issue Sponsored By ====
    
    VeriSign-The Value Of Trust
       Secure Your Servers
       http://list.winnetmag.com/cgi-bin3/DM/y/edlx0CJgSH0CBw0BDyY0AU
    
       FREE E-COMMERCE SECURITY GUIDE
       http://list.winnetmag.com/cgi-bin3/DM/y/edlx0CJgSH0CBw0BDcP0Ax
    
    ====================
    
    1. In Focus: Microsoft Teaches Security
    
    2. Announcements
         - Quick Answers for Microsoft Small Business Server
         - Are You Ready to Buy Hardware, Software, Networking Products,
           and Accessories?
    
    3. Security News and Features
         - Recent Security Vulnerabilities
         - Feature: First Look at SBS 2003 Security
         - Feature: Tools for Your Security Arsenal
    
    4. Instant Poll
         - Results of Previous Poll: Security Bug Bounty
         - New Instant Poll: Processor-Based Security
    
    5. Security Toolkit
         - Virus Center
             - Virus Alert: Mimail.J
         - FAQ: How can I easily construct the command-line syntax for a
           backup job in Windows XP and later?
         - Featured Thread: NTFS Security Permissions
    
    6. Event
         - New--Microsoft Security Road Show!
    
    7. New and Improved
         - Make Your Private Data Invisible
         - Protect Web Site and Its Visitors from Cyber Thieves
         - Tell Us About a Hot Product and Get a T-Shirt
    
    8. Contact Us
       See this section for a list of ways to contact us.
    
    ====================
    
    ==== Sponsor: Verisign-The Value Of Trust ====
       Secure Your Servers
       Secure your servers with 128-bit SSL encryption! Grab your copy of
    VeriSign's FREE Guide, "Securing Your Web site for Business," and
    you'll learn everything you need to know about using 128-bit SSL to
    encrypt your e-commerce transactions, secure your corporate intranets
    and authenticate your Web sites. 128-bit SSL is serious security for
    your online business. Get it now! Secure your servers with 128-bit SSL
    encryption! Grab your copy of VeriSign's FREE Guide, "Securing Your
    Web site for Business," and you'll learn everything you need to know
    about using 128-bit SSL to encrypt your e-commerce transactions,
    secure your corporate intranets and authenticate your Web sites.
    128-bit SSL is serious security for your online business. Get it now!
       http://list.winnetmag.com/cgi-bin3/DM/y/edlx0CJgSH0CBw0BDyY0AU
    
    ====================
    
    ==== 1. In Focus: Microsoft Teaches Security ====
       by Mark Joseph Edwards, News Editor, mark@private
    
    On November 17, Microsoft Vice President of the Security Business Unit
    Mike Nash gave a Webcast that discussed what Microsoft is doing to
    improve IT security. If you're interested in watching it, you'll find
    it at
    http://msevents.microsoft.com/cui/eventdetail.aspx?eventid=1032240054&culture=en-us
    
    Nash's presentation was a sort of prelude to numerous other Webcasts
    to come. Beginning December 1, Microsoft will present a series of
    Webcasts aimed at helping people better understand and more
    effectively apply and use security with the company's products. So
    far, the company has scheduled more than a dozen Webcasts, each to
    last about 1 1/2 hours. Here's a brief rundown of the scheduled
    programs:
    
       * ShopTalk: IT Security Webcast–-This Webcast discusses how
    Microsoft secures its own IT assets and intellectual property, the
    information security team's functions, and the company's security
    solutions.
    
       * Using Portable Handheld Devices in a Secure Manner–-This Webcast
    discusses how to protect information stored on PDAs as well as
    communication security.
    
       * Secure Network Access–-Learn how to use Windows Server 2003 along
    with Microsoft Internet Security and Acceleration (ISA) Server to
    secure wireless, wired, and remote access connectivity.
    
       * Designing a Secure - Reliable - and Usable Patch Management
    Infrastructure–-Find out how to design and deploy an effective
    patch-management solution. In addition, the company introduces its new
    Microsoft Solution for Patch Management and discusses the solution's
    architecture.
    
       * Securing Your Exchange 2003 Environment–-This Webcast is a review
    of basic security features for servers, messages, and communications
    built into Microsoft Exchange Server 2003. Topics include delegation
    of authority, mitigation of Denial of Service (DoS) attacks and
    viruses, interconnectivity and remote connectivity, and the use of
    encryption for secure transports.
    
       * Effectively Using IIS Security–-Get an overview of Microsoft
    Internet Information Services (IIS) 6.0 security architecture,
    including a review of the improved security features in Secure Sockets
    Layer (SSL), Microsoft .NET Passport authentication, URL
    authorization, and delegation of authority.
    
       * Penetration Testing, Vulnerability Scanning, and Security
    Auditing-–Learn how to plan and conduct audits and determine,
    according to the data gathered, whether your network meets your
    security requirements.
    
       * Using the Microsoft Security Tools-–This Webcast is a review of
    several tools available for free from Microsoft, including the
    Microsoft Baseline Security Analyzer (MBSA), Mbsacli, IISLock,
    URLScan, Qchain, security templates, subsystem auditing features, and
    the Microsoft Solution for Securing Windows 2000 Server.
    
       * Safeguarding Information with Windows Rights Management
    Services–-This Webcast discusses architectural considerations for
    Windows Rights Management Services (RMS), including Active Directory
    (AD) integration, server enrollment, and machine activation.
    
       * Microsoft Windows Server 2003 Security Enhancements--Get an
    overview of Windows 2003's security improvements with regard to Group
    Policy, authentication, object-based access control, security policy,
    auditing, AD, data protection, network data protection, public key
    infrastructure (PKI), and trusts.
    
       * Software and Patch Management with Software Update Service,
    Windows Update, and SMS–-Learn how to install and distribute patches
    by using Microsoft Software Update Services (SUS) and Microsoft
    Systems Management Server (SMS), including the use of automatic
    updates.
    
       * Demystifying IPSec–-Find out how IP Security (IPSec) works to
    protect data and learn about five scenarios in which you can
    effectively use IPSec, including enforcement of domain membership and
    the elimination of man-in-the-middle attacks.
    
       * 10 Things Hackers Don't Want You to Know-–This session actually
    covers 14 things intruders might do to compromise a network.
    
    You can learn more about the Webcasts, including their scheduled
    times, at the first URL below. While you're at it, stop by Microsoft's
    page for "prescriptive guidance" (second URL below), at which you'll
    find documentation that helps you understand how to better secure your
    perimeter, network, hosts, applications, and data.
       http://www.microsoft.com/technet/security/webcasts/default.asp?frame=true
       http://www.microsoft.com/technet/security/bestprac.asp
    
    ====================
    
    ==== Sponsor: VeriSign - The Value of Trust ====
       FREE E-COMMERCE SECURITY GUIDE
       Is your e-business built on a strong, secure foundation? Find out
    with VeriSign's FREE White Paper, "Building an E-Commerce Trust
    Infrastructure." Learn how to authenticate your site to customers,
    secure your web servers with 128-Bit SSL encryption, and accept secure
    payments online. Click here:
       http://list.winnetmag.com/cgi-bin3/DM/y/edlx0CJgSH0CBw0BDcP0Ax
    
    ====================
    
    ==== 2. Announcements ====
       (from Windows & .NET Magazine and its partners)
    
    Quick Answers for Microsoft Small Business Server
       Is Small Business Server right for you? Do you need answers about
    how to set up Small Business Server? Learn about Small Business
    Server's key features, upgrade possibilities, and storage and find
    how-to guides, troubleshooting tips, forums, and more at Windows &
    .NET Magazine online.
       http://list.winnetmag.com/cgi-bin3/DM/y/edlx0CJgSH0CBw0BDuN0AF
    
    Are You Ready to Buy Hardware, Software, Networking Products, and
    Accessories?
       Check out the latest offerings on the IT Buyer's Network. Find
    clearance items and rebates, research products in the solutions
    library, check out reference guides, and learn about the latest
    technology seminar. Easily search the most up-to-date products by
    category and sign up to receive product information from the email
    newsletter.
       http://list.winnetmag.com/cgi-bin3/DM/y/edlx0CJgSH0CBw0KXr0AN
    
    ==== 3. Security News and Features ====
    
    Recent Security Vulnerabilities
       If you subscribe to this newsletter, you also receive Security
    Alerts, which inform you about recently discovered security
    vulnerabilities. You can also find information about these discoveries
    at
       http://www.winnetmag.com/departments/departmentid/752/752.html
    
    Feature: First Look at SBS 2003 Security
       Microsoft is positioning Microsoft Small Business Server (SBS) 2003
    as a one-stop technology solution for the small-business market
    (companies with 75 or fewer workstations). SBS wizards are fine-tuned
    to address common small-business needs, such as connecting to the
    Internet with or without a firewall, running a local mail server,
    providing remote email access, preconfiguring an Internet-accessible
    company Web site, and providing local and remote access to a variety
    of HTML-based collaboration resources. Paula Sharick tested the SBS
    2003 Standard Edition release candidate (RC) to determine the
    product's security strengths and weaknesses and to see how well the
    product meets the goals of Microsoft's Trustworthy Computing
    initiative. Read more about SBS 2003 at
       http://www.winnetmag.com/article/articleid/40830/40830.html
    
    Feature: Tools for Your Security Arsenal
       To better prepare for the inevitable attacks on your systems, keep
    several tools on hand that analyze Windows 2000 Server and later
    systems (some support legacy platforms as well). Start with a
    Microsoft Baseline Security Analyzer (MBSA) report so that you can
    review the security status of the OS and common Microsoft applications
    and install all security updates appropriate for the system. Learn
    about three other tools at
       http://www.winnetmag.com/article/articleid/40831/40831.html
    
    ====================
    
    ==== Hot Release ====
       VeriSign - The Value of Trust
       Secure all your Web servers now - with a proven 5-part strategy.
    The FREE Server Security Guide shows you how:
       * DEPLOY THE LATEST ENCRYPTION and authentication techniques
       * DELIVER TRANSPARENT PROTECTION with the strongest security
    without disrupting users. And more. Get your FREE Guide now:
       http://list.winnetmag.com/cgi-bin3/DM/y/edlx0CJgSH0CBw0BDeV0A6
    
    ====================
    
    ==== 4. Instant Poll ====
    
    Results of Previous Poll: Security Bug Bounty
       The voting has closed in the Windows & .NET Magazine Network
    Security Web page nonscientific Instant Poll for the question,
    "Regarding Microsoft's $5 million bounty to capture and convict
    malicious coders, could the money be better spent?" Here are the
    results from the 43 votes.
       - 28% Yes, by paying non-Microsoft security researchers to find
     bugs
       - 5% Yes, by paying Microsoft programmers to find bugs
       - 44% Yes, by paying both non-Microsoft researchers and Microsoft
     programmers
       - 23% No, it's exactly the thing to do
    
    New Instant Poll: Processor-Based Security
       The next Instant Poll question is, "Does your company intend to
    implement computers and OSs that provide processor-based security?" Go
    to the Security Web page and submit your vote for
       - Yes, as soon as possible
       - Yes, sometime in the near future
       - Yes, sometime in the distant future
       - No
       - Don't know
       http://www.winnetmag.com/windowssecurity
    
    ==== 5. Security Toolkit ====
    
    Virus Center
       Panda Software and the Windows & .NET Magazine Network have teamed
    to bring you the Center for Virus Control. Visit the site often to
    remain informed about the latest threats to your system security.
       http://www.winnetmag.com/windowssecurity/panda
    
    Virus Alert: Mimail.J
       Mimail.J is a worm that spreads through email messages that have a
    subject that contains the text "IMPORTANT" and a file attachment named
    www.paypal.com.pif. When a user opens the file, Mimail.J simulates a
    Web form from PayPal, collects any user information entered in the
    form, stores it in a file that the worm creates, then sends the file
    in an email message. For more details about Mimail.J, visit Panda
    Software's Web site:
       http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=41858
    
    FAQ: How can I easily construct the command-line syntax for a backup
    job in Windows XP and later?
       by John Savill, http://www.winnetmag.com/windowsnt20002003faq
    
    A. Because several switches and commands are available when performing
    a backup from the command line, keeping track of your backup
    configuration can get complex. Fortunately, you can use the Backup
    Wizard to construct a dummy backup job that lets you see the
    equivalent command-line options. To do so, perform the following
    steps:
       1. Start Windows Backup.
       2. Select the Schedule Jobs tab.
       3. Select a day, then click Add Job.
       4. Click Next on the first screen of the Backup Wizard page that
     appears.
       5. Select the files, folders, or drives that you want to back up,
    then click Next. (Depending on which options you select, you might
    have to navigate through additional screens to manually select the
    items you want to back up.)
       6. Select the destination for the backup, then click Next.
       7. Select the type of backup that you want to perform, then click
     Next.
       8. Select any options that you want to be performed during the
    backup (e.g., "Verify data after backup"), then click Next.
       9. Select the backup overwrite options, then click Next.
      10. Select when to run the backup, give it a job name, then click
     Next.
      11. Enter the user account information necessary to perform the
    backup, then click OK.
      12. Click Finish.
      13. Windows Backup will create a new backup job. Right-click the new
    job to display the Properties dialog box, then click Properties.
    Select the Task tab to view the NTBackup command that will be used to
    run the backup job. For example, the Backup Wizard constructed the
    following NTBackup command for my job:
    
    G:\WINDOWS\system32\ntbackup.exe backup "@G:\Documents and
    Settings\savijo\Local Settings\Application Data\Microsoft\Windows
    NT\NTBackup\data\Full system normal backup.bks" /n "backup.bkf created
    13/11/2003 at 13:50" /d "Set created 13/11/2003 at
    13:50" /v:no /r:no /rs:no /hc:off /m normal /j "Full system normal
    backup" /l:s /f "E:\backup.bkf"
    
      14. Click Delete to remove the backup job.
    
    Featured Thread: NTFS Security Permissions
       (Three messages in this thread)
    A user writes that he wants to grant other users the permission to
    add, write, read, and execute (but not to move, overwrite, or delete)
    his files and folders. He also wants to grant users permission to
    delete any files or folders that they created under his shared folder.
    He wonders how to configure NTFS to allow this sort of functionality.
    Lend a hand or read the responses:
       http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=65192
    
    ==== 6. Event ====
    
    New--Microsoft Security Road Show!
       Join industry guru Mark Minasi on this exciting 20-city tour and
    learn more about tips to secure your Windows Server 2003 and Windows
    2000 network. There is no charge for this event, but space is limited,
    so register today! Sign up now for our December events.
       http://list.winnetmag.com/cgi-bin3/DM/y/edlx0CJgSH0CBw0BDuO0AG
    
    ==== 7. New and Improved ====
       by Jason Bovberg, products@private
    
    Make Your Private Data Invisible
       Softbe announced Advanced Hide Folders, software that hides any
    files--for example, files containing financial or tax information,
    passwords, personal letters, email messages, or images--from prying
    eyes. Advanced Hide Folders also lets you hide hard disks and
    removable media. You simply drag the files or folders from Windows
    Explorer to the Advanced Hide Folders window. The software is
    protected by a password and hot key that you can change or remove at
    any time. Advanced Hide Folders costs $39.95 for a single-user
    license. (Volume discounts are available.) For more information about
    Advanced Hide Folders, contact Softbe on the Web.
       http://www.softbe.com
    
    Protect Web Site and Its Visitors from Cyber Thieves
       Teros announced the Teros Gateway, the next generation of the
    company's secure application gateway that prevents malicious users
    from stealing personal information from Web site visitors, jamming
    access to sites, and deciphering URL addresses to break into
    applications. The Teros Gateway offers high security and availability
    standards for operators and users of Web sites that process financial
    transactions, account data, and personal information. Pricing for the
    Teros Gateway starts at $25,000. For more information about the
    product, contact Teros at 408-850-0800 or on the Web.
       http://www.teros.com
    
    Tell Us About a Hot Product and Get a T-Shirt!
       Have you used a product that changed your IT experience by saving
    you time or easing your daily burden? Tell us about the product, and
    we'll send you a Windows & .NET Magazine T-shirt if we write about the
    product in a future Windows & .NET Magazine What's Hot column. Send
    your product suggestions with information about how the product has
    helped you to whatshot@private
    
    ===================
    
    ==== Sponsored Links ====
    
    Sybari Software
       Free! "Admins Shortcut Guide to Email Protection" from Sybari
       http://list.winnetmag.com/cgi-bin3/DM/y/edlx0CJgSH0CBw0BDkY0AG
    
    VMware Inc.
       FREE VMware Workstation for Microsoft Certified Trainers.
       http://list.winnetmag.com/cgi-bin3/DM/y/edlx0CJgSH0CBw0BDmL0A4
    
    ===================
    
    ==== 8. Contact Us ====
    
    About the newsletter -- letters@private
    About technical questions -- http://www.winnetmag.com/forums
    About product news -- products@private
    About your subscription -- securityupdate@private
    About sponsoring Security UPDATE -- emedia_opps@private
    
    This email newsletter is brought to you by Security Administrator, the
    print newsletter with independent, impartial advice for IT
    administrators securing Windows and related technologies. Subscribe
    today.
    https://secure.pentontech.com/nt/security/index.cfm?promocode=00&Code=ei25xxup
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Nov 28 2003 - 03:54:40 PST