[ISN] Windows & .NET Magazine Security UPDATE--Intrusion Prevention Systems--March 17, 2004

From: InfoSec News (isn@private)
Date: Thu Mar 18 2004 - 00:28:28 PST

  • Next message: InfoSec News: "[ISN] SDSU says computer server was infiltrated"

    ====================
    
    ==== This Issue Sponsored By ====
    
    Ecora Software
       http://list.winnetmag.com/cgi-bin3/DM/y/ee3h0CJgSH0CBw0BGNH0AL
    
    Security Administrator
       http://list.winnetmag.com/cgi-bin3/DM/y/ee3h0CJgSH0CBw0BFMs0A1
    
    
    ====================
    
    * In Focus: Evaluating Intrusion Prevention Systems
    
    * Security News and Features
       - News: XP SP2 Training for Developers
       - News: Sober.D Poses as Microsoft Patch
       - News: Ethereal 0.10.2 Released
       - News: Certified Ethical Hacking
    
    * New and Improved
       - Protect Your Online Privacy
    
    ====================
    
    ==== Sponsor: Ecora Software ====
       Patch Management is a series of best practices that must be
    repeated to assure the security and integrity of your environment.
    This FREE webinar covers key topics including Patch Management
    Implementation, Applying Patch Management Techniques Best Patch
    Practices, and Increasing the Effectiveness and Security of Your
    Environment NOW!! Sign up today for this FREE March 24 webinar.
       http://list.winnetmag.com/cgi-bin3/DM/y/ee3h0CJgSH0CBw0BGNH0AL
    
    ====================
    
    ==== In Focus: Evaluating Intrusion Prevention Systems ====
       by Mark Joseph Edwards, News Editor, mark at ntsecurity dot net
    
    Last September, I wrote about an evaluation of Intrusion Detection
    Systems (IDSs) conducted by the UK-based NSS Group. If you missed that
    edition of this newsletter or want to review it, you can read it at
    the following URL:
       http://www.winnetmag.com/article/articleid/40339/40339.html
    
    Recently, Bob Walder (director of The NSS Group) wrote to let me know
    that his organization has recently published a set of test results for
    Intrusion Prevention Systems (IPSs). The NSS Group defines an IPS as a
    proactive defense mechanism that detects attacks and stops them before
    they can do any damage.
    
    You might recall that last year, Gartner claimed that IDSs/IPSs were
    no longer useful and that "deep inspection firewalls" were the wave of
    the future. Walder said that The NSS Group's test results show that
    Gartner is wrong, and that "deep inspection firewalls may well be
    where the industry ends up, [however] those devices are a long way
    from being ready for prime time right now. Our report shows that IPS
    [is] ready for prime time deployments and as the technology develops
    it will be interesting to see whether those 'deep inspection
    firewalls' actually evolve from present day firewalls ... or whether
    they evolve from current IPS products!"
    
    The NSS Group decided to test IPS products to determine their
    effectiveness, viability, and validity as security solutions. The NSS
    Group invited all major IPS vendors to participate, and five companies
    responded: Internet Security Systems (ISS), NetScreen Technologies,
    Network Associates, TippingPoint Technologies, and Top Layer Networks.
    
    All told, The NSS Group performed more than 750 tests against each of
    the products to determine the performance and reliability, security
    accuracy, and usability of each one. When the tests were complete, the
    group wrote its detailed results and analysis into a 277-page report.
    
    If you use one of the tested products or are considering acquiring an
    IPS to protect your network, you'll probably find this report
    invaluable. Be sure to check it out. It's available online in HTML
    format, or you can purchase a PDF version at The NSS Group's Web site.
       http://www.nss.co.uk/ips
    
    ====================
    
    ==== Sponsor: Security Administrator ====
       Try a Sample Issue of Security Administrator!
       Security Administrator is the monthly newsletter from Windows &
    .NET Magazine that shows you how to protect your network from external
    intruders and control access for internal users. Sign up now to get a
    1-month trial issue--you'll feel more secure just knowing you did.
    Click here!
       http://list.winnetmag.com/cgi-bin3/DM/y/ee3h0CJgSH0CBw0BFMs0A1
    
    ====================
    
    ==== Security News and Features ====
    
    Recent Security Vulnerabilities
       If you subscribe to this newsletter, you also receive Security
    Alerts, which inform you about recently discovered security
    vulnerabilities. You can also find information about these discoveries
    at
       http://www.winnetmag.com/departments/departmentid/752/752.html
    
    News: XP SP2 Training for Developers
       Microsoft said that Windows XP Service Pack 2 (SP2) might break
    functionality of existing applications. In an effort to help
    developers understand the implications of SP2, the company is now
    offering an XP SP2 training course that covers the changes slated for
    the new service pack.
       http://www.winnetmag.com/article/articleid/41957/41957.html
    
    News: Sober.D Poses as Microsoft Patch
       A new worm, Sober.D, is traveling the Internet posing as a patch
    from Microsoft. However, users should be aware that Microsoft doesn't
    issue patches through email messages. The worm targets users who speak
    German and specifically tries to propagate itself to the .nl, .be,
    .at, .ch, .de, and .li top-level domains. The worm arrives with a file
    attachment that might have either an .exe or .zip file extension. If
    you run the attachment, the worm installs a backdoor on your system
    that listens on port 13468. Be sure to update your antivirus software
    to guard against the new worm.
       http://www.winnetmag.com/article/articleid/41956/41956.html
    
    News: Ethereal 0.10.2 Released
       A new version of Ethereal, 0.10.2, is available. The popular
    shareware packet sniffer--often used for security purposes--runs on
    BSD, Linux, Windows, Mac OS, Sun Microsystems' Solaris, and numerous
    other platforms. The latest version includes new support for Cisco
    Systems' Cisco Cast Client Control Protocol as well as updates to a
    long list of other protocols including AppleTalk, ASN.1, HTTP,
    Kerberos, MSN Messenger, PostgreSQL, and more. You can download the
    new version, including the source code, at the Ethereal Web site.
       http://www.winnetmag.com/article/articleid/41958/41958.html
    
    News: Certified Ethical Hacking
       The UK branch of The Training Camp is now offering a Certified
    Ethical Hacker course to qualified individuals. The 5-day course,
    which has been offered in the United States for several months,
    teaches students how to scan and penetrate a network and, once inside,
    how to elevate privileges. The course also teaches social engineering,
    how to defend against intrusion, how to create policies, and more.
    Prerequisites include 2 years' experience with information security, a
    working knowledge of TCP/IP, and a basic familiarity with Linux.
       http://www.winnetmag.com/article/articleid/41959/41959.html
    
    ====================
    
    ==== Sponsor: Virus Update from Panda Software ====
       Are your traditional antivirus solutions really protecting your
    network? Panda Antivirus GateDefender is a dedicated hardware device
    installed at the Internet gateway to block viruses before they
    contaminate your network. It scans 7 different communication
    protocols, achieving optimum protection against external attacks.
    Panda Antivirus GateDefender 7100 (25-500 seats) & Panda Antivirus
    GateDefender 7200 (500 seats+) provide the highest scalability with
    native load balancing that transparently adapts to traffic volume.
       Visit "Panda's GateDefender Stands Guard!" at
    http://list.winnetmag.com/cgi-bin3/DM/y/ee3h0CJgSH0CBw0BEGa0Ab
    for more information.
    
    ====================
    
    ==== Announcements ====
       (from Windows & .NET Magazine and its partners)
    
    Infosecurity Europe 2004 - London, England
       Now in its 9th year, Infosecurity Europe is Europe's number one IT
    Security Exhibition. The event brings together professionals
    interested in IT Security from around the globe with suppliers of
    security hardware, software and consultancy services. Grand Hall at
    Olympia from 27th to the 29th April 2004. Visitors not registered by
    22nd April will be charged a 20 [pounds sterling] entrance fee. Visit:
       http://list.winnetmag.com/cgi-bin3/DM/y/ee3h0CJgSH0CBw0BGMU0AX
    
    Sign Up for 2 New Web Seminars--Business Workflow Process and
    Authenticating Email to Stop Spam and Phishing
       Unmanaged companywide Access reports and spam issues can lead to
    security and performance problems, not to mention use up valuable
    resources. Learn how to consolidate your reports with a reporting
    service and find out how to stop spam and phishing to solve these
    important organizational issues. Register now!
       http://list.winnetmag.com/cgi-bin3/DM/y/ee3h0CJgSH0CBw02lB0AI
    
    Take Our Brief Survey!
       Does your company use third-party management tools to manage your
    Microsoft Windows network? If you do, Windows & .NET Magazine would
    like to hear from you about your preferences. Please respond to our
    short survey regarding Windows management tools and we'll enter you in
    a drawing to win one of two $50 Amazon.com gift certificates.
       http://list.winnetmag.com/cgi-bin3/DM/y/ee3h0CJgSH0CBw0BGAr0Ao
    
    ====================
    
    ==== Security Toolkit ====
    
    Virus Center
       Panda Software and the Windows & .NET Magazine Network have teamed
    to bring you the Center for Virus Control. Visit the site often to
    remain informed about the latest threats to your system security.
       http://www.winnetmag.com/windowssecurity/panda
    
    FAQ: Why can't I search for files in the System32 or SysWow64 folders
    in the 64-bit version of Windows XP?
       by John Savill, http://www.winnetmag.com/windowsnt20002003faq
    
    A. By default, the 64-bit version of XP excludes system folders from
    searches. To search within these folders, open Windows Explorer, click
    Search, select "All files and folders," "More advanced options," and
    the "Search system folders" check box. Also, from the Tools menu in
    Windows Explorer, select Folder Options, go to the View tab, and
    enable "Show hidden files and folders." Then, do your search.
    
    Featured Thread: Discovering Installed Hotfixes
       (One message in this thread)
    Mark is having trouble obtaining an exact list of installed hotfixes
    in Windows XP, Windows 2000, and Windows NT. He's been using VBScript
    scripts and Microsoft Baseline Security Analyzer (MBSA) to examine the
    systems, but each one returns different, noncomprehensive results.
    Mark wants to know how to obtain a complete and comprehensive list so
    that he can plan for appropriate updates to the systems. Lend a hand if 
    you have a suggestion:
    http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=117996
    
    ==== Events Central ====
       (A complete Web and live events directory brought to you by Windows
    & .NET Magazine: http://www.winnetmag.com/events )
    
    New Web Seminar--Realizing the Return on Active Directory
       Join Mark Minasi and Indy Chakrabarti for a free Web seminar and
    discover how to maximize the return on your Active Directory
    investments and cut the cost of security exposures with secure task
    delegation, centralized auditing, and Group Policy management.
    Register now and receive NetIQ's free "Securing Access to Active
    Directory-A Layered Security Approach" white paper.
       http://list.winnetmag.com/cgi-bin3/DM/y/ee3h0CJgSH0CBw0BFE60Ar
    
    ==== New and Improved ====
       by Jason Bovberg, products@private
    
    Protect Your Online Privacy
       SpiDer Software announced MyProxy 6.40, Internet software that
    combines the features of a proxy server, a pop-up/banner-ad filter, a
    dialer, and a DNS cache. MyProxy blocks cookies and referrers, which
    marketers use to track your online behavior. Also, by blocking
    unwanted online ads and caching graphics, the program can increase
    page-loading speeds by as much as five times. To help you calculate
    your expenses, the product's built-in dialer tracks time spent on the
    Internet and bandwidth consumed. And the program comes with password
    protection to prevent unauthorized access. MyProxy 6.40 costs $29.95
    and is available for download at SpiDer Software's Web site.
       http://myproxy.com.ua
    
    Tell Us About a Hot Product and Get a T-Shirt!
       Have you used a product that changed your IT experience by saving
    you time or easing your daily burden? Tell us about the product, and
    we'll send you a Windows & .NET Magazine T-shirt if we write about the
    product in a future Windows & .NET Magazine What's Hot column. Send
    your product suggestions with information about how the product has
    helped you to whatshot@private
    
    ===================
    
    ==== Sponsored Links ====
    
    Microsoft(TM)
       Enter the Microsoft Windows Server 2003 Challenge. Win BIG prizes.
       http://list.winnetmag.com/cgi-bin3/DM/y/ee3h0CJgSH0CBw0BGIT0AS
    
    ===================
    
    ==== Contact Us ====
    
    About the newsletter -- letters@private
    About technical questions -- http://www.winnetmag.com/forums
    About product news -- products@private
    About your subscription -- securityupdate@private
    About sponsoring Security UPDATE -- emedia_opps@private
    
    ====================
    
    ==== Contact Our Sponsors ====
    
    Primary Sponsor: Ecora -- http://www.ecora.com -- 1-877-92-ECORA
    
    ====================
    
    This email newsletter is brought to you by Windows & .NET Magazine,
    the leading publication for IT professionals deploying Windows and
    related technologies. Subscribe today.
       http://www.winnetmag.com/sub.cfm?code=wswi201x1z
    
    You received this email message because you asked to receive
    additional information about products and services from the Windows &
    .NET Magazine Network. To unsubscribe, send an email message to
    mailto:Security-UPDATE_Unsub@private Thank you!
    
    View the Windows & .NET Magazine privacy policy at
    http://www.winnetmag.com/AboutUs/Index.cfm?action=privacy
    
    Windows & .NET Magazine, a division of Penton Media, Inc.
    221 East 29th Street, Loveland, CO 80538
    Attention: Customer Service Department
    
    Copyright 2004, Penton Media, Inc. All rights reserved.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Mar 18 2004 - 02:53:57 PST