==================== ==== This Issue Sponsored By ==== Microsoft Security Solutions http://list.winnetmag.com/cgi-bin3/DM/y/eeAN0CJgSH0CBw0BDoI0Ae Exchange & Outlook Administrator http://list.winnetmag.com/cgi-bin3/DM/y/eeAN0CJgSH0CBw0BEf10A7 ==================== 1. In Focus: Patch and Configuration Change Control 2. Announcements - Register for Windows & .NET Magazine Connections! - The Windows & .NET Magazine Network VIP Web Site/Super CD Has It All! 3. Security News and Features - Recent Security Vulnerabilities - Feature: Change and Configuration Management for AD - Feature: Change and Configuration Management Tools - Feature: Microsoft's New Security Update Procedure; Improved Office Update Inventory Tool 4. Security Toolkit - Virus Center - Virus Alert: Bookmark.B - FAQ: What does the infrastructure Flexible Single-Master Operation (FSMO) role do? - Featured Thread: Blocking Specific IP Addresses in ISA Server 5. Event - New--Microsoft Security Strategies Roadshow! 6. New and Improved - Stop Known and Unknown Attacks - VPN Firewall Routers - Tell Us About a Hot Product and Get a T-Shirt 7. Contact Us See this section for a list of ways to contact us. ==================== ==== Sponsor: Microsoft Security Solutions ==== Invest in the best network protection: Readiness. Introducing the Microsoft(R) Security Readiness Kit: This is your source for creating an enhanced risk-management plan. Visit http://list.winnetmag.com/cgi-bin3/DM/y/eeAN0CJgSH0CBw0BDoI0Ae to order your free kit ==================== ==== 1. In Focus: Patch and Configuration Change Control ==== by Mark Joseph Edwards, News Editor, mark@private Unless you were away from your email last week, you're probably aware that we posted a new Instant Poll question on the Windows & .NET Magazine Security Web page that asks which of the following issues you think will have the greatest effect on security in 2004: viruses and worms, junk email, patch management, or managed security services. The poll is still open for votes, but at the time of this writing, it looks like the majority of you think that patch management will be the biggest issue in the security realm this year (with viruses and worms running a close second). Patch management has been in the forefront of security concerns for quite some time and probably will remain so for quite a long time in the future. Managing security isn't always a process of simply loading patches. As you know, Microsoft's and other vendors' security bulletins sometimes include not only patches but also configuration settings that might help better protect your systems. So patch management goes hand in hand with systems change control. To help you with these processes, three recent feature articles related to keeping your systems up-to-date with the latest patches and configuration settings are available on the Windows & .NET Magazine Web site. Jeremy Moskowitz has written two informative articles that cover Change and Configuration Management (CCM) and that have associated Buyer's Guides that help you find third-party CCM solutions. Paula Sharick has written a great article covering two topics: Microsoft's new security update procedure and the improved Office Update Inventory Tool You'll find links to these articles in the "Security News and Features" section below. You're aware by now that Microsoft's new policy regarding security bulletins is to release them only once a month, usually on the second Tuesday of the month. You might be wondering whether Microsoft will be releasing any new security bulletins this month. The answer is definitely yes. On January 13, the company is slated to release its first security bulletins of 2004. Although Microsoft hasn't said precisely what the bulletins pertain to, the company has already scheduled a Webcast to discuss them. On January 14 at 10:00 A.M. Pacific time, the company will give a 1-hour presentation about the technical details involved in the bulletins and outline steps users can take to protect their systems and networks. Mark Miller, Security Incident Response manager for Microsoft Product Support Services (PSS), and Jeff Jones, senior director of Trustworthy Computing, will make the presentation. If you're interested in viewing the Webcast, be sure to visit Microsoft's Web site to register for the event. http://msevents.microsoft.com/cui/eventdetail.aspx?eventid=1032241586&culture=en-us ==================== ==== Sponsor: Exchange & Outlook Administrator ==== Try a Sample Issue of Exchange & Outlook Administrator! If you haven't seen Exchange & Outlook Administrator, you're missing out on key information that will go a long way towards preventing serious messaging problems and down time. Request a sample issue today, and discover tools you won't find anywhere else to help you migrate, optimize, administer, and secure Exchange and Outlook. Order now! http://list.winnetmag.com/cgi-bin3/DM/y/eeAN0CJgSH0CBw0BEf10A7 ==================== ==== 2. Announcements ==== (from Windows & .NET Magazine and its partners) Register for Windows & .NET Magazine Connections! Windows & .NET Magazine Connections will be held April 4-7, 2004, in Las Vegas, Nevada. Complete details about workshops, breakout sessions, and speakers are now online. Save $200 if you hurry and register before the early bird discount expires. Register now on the Web or by calling 203-268-3204 or 800-505-1201. http://list.winnetmag.com/cgi-bin3/DM/y/eeAN0CJgSH0CBw0KXQ0AQ The Windows & .NET Magazine Network VIP Web Site/Super CD Has It All! With a VIP Web site/Super CD subscription, you'll get online access to all of our publications, a print subscription to Windows & .NET Magazine, and a subscription to our VIP Web site, a banner-free resource loaded with articles you can't find anywhere else. Click here to find out how you can get it all at 25% off! http://list.winnetmag.com/cgi-bin3/DM/y/eeAN0CJgSH0CBw0BEMw0Ar ==================== ==== Sponsor: Virus Update from Panda Software ==== Are your traditional antivirus solutions really protecting your network? Panda Antivirus GateDefender is a dedicated hardware device installed at the Internet gateway to block viruses before they contaminate your network. It scans 7 different communication protocols, achieving optimum protection against external attacks. Panda Antivirus GateDefender 7100 (25-500 seats) & Panda Antivirus GateDefender 7200 (500 seats+) provide the highest scalability with native load balancing that transparently adapts to traffic volume. Visit "Panda's GateDefender Stands Guard!" at http://list.winnetmag.com/cgi-bin3/DM/y/eeAN0CJgSH0CBw0BEGa0AP for more information. ==================== ==== 3. Security News and Features ==== Recent Security Vulnerabilities If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at http://www.winnetmag.com/departments/departmentid/752/752.html Feature: Change and Configuration Management for AD Out of the box, Windows Server 2003 and Windows 2000 Server let you perform basic auditing of Active Directory (AD) machines. For example, you can determine who logged on to AD and who manipulated a file on a server. You can even determine when someone created a new Group Policy Object (GPO) or granted AD privileges to a new user. AD's out-of-the-box auditing capabilities come up short, however. The ability to determine when AD changes occur and--more importantly--who made them can help you quickly and easily restore the system should you need to. That's where Change and Configuration Management (CCM) products come in. Read more about them in Jeremy Moskowitz's article and the associated Buyer's Guide on our Web site. http://www.winnetmag.com/article/articleid/41099/41099.html Feature: Change and Configuration Management Tools If you administer a large environment, you need to be able to control your systems centrally without having to visit each desktop. You need a way to report on the current state of affairs and know what happens when someone changes a configuration. Change and Configuration Management (CCM) software gives you those capabilities and helps you get a grip on your sprawling system. If you want to find a third-party CCM solution, start your search with our Buyer's Guide. http://www.winnetmag.com/article/articleid/41097/41097.html Feature: Microsoft's New Security Update Procedure; Improved Office Update Inventory Tool According to the Microsoft Security Bulletin Search site, in 2003, Microsoft published 51 security updates across all product lines, or an average of 4 per month. Of the 51 updates, 25 were for the Windows 2000 Server platform and 15 were for Windows Server 2003 during the 6 months after the product hit the street. During 2003, Microsoft also released 6 cumulative updates for the supported versions of Microsoft Internet Explorer (IE). In case you missed it, Microsoft released the latest security rollup for IE on November 11, 2003. Also in November, Microsoft released an improved version of the Office Update Inventory Tool that audits the hotfix status of Microsoft Office 2003, Office XP, and Office 2000. Office Update Inventory Tool 2.0, which incorporates many of the Microsoft Baseline Security Analyzer (MBSA) self-updating features, automatically downloads new inventory tool components when the existing files are out-of-date, downloads the most current catalog of published hotfixes for each version of Office, and produces an XML report that contains a description of and links to missing hotfixes or hotfixes that have been superceded by more recent updates. Read more about Microsoft's software update tools and procedures in Paula Sharick's article on our Web site. http://www.winnetmag.com/article/articleid/41296/41296.html ==== 4. Security Toolkit ==== Virus Center Panda Software and the Windows & .NET Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security. http://www.winnetmag.com/windowssecurity/panda Virus Alert: Bookmark.B Bookmark.B is a Trojan horse program that changes the home page of Microsoft Internet Explorer (IE), deletes links in the Favorites folder, and adds links to pornographic Web sites. It also overwrites the HOSTS file to redirect the default search page to a specific IP address. For more information about the Trojan horse, be sure to visit Panda Software's Web site. http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=43110 FAQ: What does the infrastructure Flexible Single-Master Operation (FSMO) role do? by John Savill, http://www.winnetmag.com/windowsnt20002003faq A. The infrastructure FSMO role is one of the three "per domain" Operations Masters. The infrastructure FSMO keeps its domain's references to other domains' objects up-to-date by comparing its data with information in the Global Catalog (GC). As a result, the infrastructure FSMO doesn't usually work if it's a GC because the FSMO's information is always the same as the GC's information. If the infrastructure FSMO's data becomes out-of-date, the FSMO will request updated information from the GC, then replicate the update to all domain controllers (DCs) in its domain. Where possible in the same site, the infrastructure FSMO needs to have a good connection to the GC. The infrastructure FSMO can reside on a GC server only when every DC in a domain is a GC (because every DC would have up-to-date information) or when only one domain exists in the forest. The primary purpose of the infrastructure FSMO is to update group memberships for users who reside in domains other than the group's domain. If you rename a user or move a user who belongs to a different domain, the group might exhibit some strange behavior. For example, the group might temporarily appear to not contain the user or the user icon might appear with gray hair because the group contains the user's SID and globally unique identifier (GUID), not just the distinguished name (DN). This collection of attributes is known as a "phantom record" in the group's domain. When you view the group's members, the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in verifies the DN with the user's domain. Because the DN has changed as the result of a rename or move operation, the snap-in doesn't find a match and gives the user's icon gray hair. After the infrastructure FSMO runs and detects the user rename or move (i.e., checks all phantom entries), it updates the group with the correct name and location by querying the GC for the new DN of the stored GUID. Then, the user will again appear as a regular member of the group. Featured Thread: Blocking Specific IP Addresses in ISA Server (Two messages in this thread) A user writes that he has a Microsoft Internet Security and Acceleration (ISA) Server 2000 system as his default network gateway. He wants to know whether he can block specific destination IP addresses by using access lists on the ISA Server 2000 system. He knows how to block TCP ports, but he's not sure how to block destination IP addresses. Lend a hand or read the responses at the following URL: http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=66204 ==== 5. Event ==== New--Microsoft Security Strategies Roadshow! We've teamed with Microsoft, Avanade, and Network Associates to bring you a full day of training to help you get your organization secure and keep it secure. You'll learn how to implement a patch-management strategy; lock down servers, workstations, and network infrastructure; and implement security policy management. Register now for this free, 20-city tour. http://list.winnetmag.com/cgi-bin3/DM/y/eeAN0CJgSH0CBw0BELe0AY ==== 6. New and Improved ==== by Jason Bovberg, products@private Stop Known and Unknown Attacks DeepNines Technologies announced the Sleuth9 Security System, software that stops known viruses and worms and mitigates the effects of zero-day attacks. Sleuth9 sits invisible, in front of the router, to protect corporate networks from known and unknown attacks. For pricing information, contact DeepNines Technologies at 214-273-6996 or on the Web. http://www.deepnines.com VPN Firewall Routers TRENDware announced the expansion of its router family with the addition of two VPN firewall products: the TW100-BRV204 and the TW100-BRV304. These routers let remote PCs and small LANs share a broadband Internet connection with advanced security to protect against intruders. TRENDware's new routers offer Stateful Packet Inspection (SPI) and let you set firewall rules to block or permit specific traffic. The entry-level TW100-BRV204 supports as many as five simultaneous VPN tunnels and costs $79.99. The TW100-BRV304 supports as many as 70 simultaneous VPN tunnels and costs $149.99. For more information about these routers, contact TRENDware on the Web. http://www.trendnet.com Tell Us About a Hot Product and Get a T-Shirt! Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows & .NET Magazine T-shirt if we write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions with information about how the product has helped you to whatshot@private =================== ==== Sponsored Link ==== Microsoft(R) Security Readiness Kit Get your free kit for creating an enhanced risk-management plan. http://list.winnetmag.com/cgi-bin3/DM/y/eeAN0CJgSH0CBw0BDkc0A1 =================== ==== 7. Contact Us ==== About the newsletter -- letters@private About technical questions -- http://www.winnetmag.com/forums About product news -- products@private About your subscription -- securityupdate@private About sponsoring Security UPDATE -- emedia_opps@private To make other changes to your email account such as change your email address, update your profile, and subscribe or unsubscribe to any of our email newsletters, simply log on to our Email Preference Center. http://www.winnetmag.com/email Copyright 2004, Penton Media, Inc. - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Jan 08 2004 - 08:07:21 PST