[ISN] Windows & .NET Magazine Security UPDATE--Patch Management Resources--April 7, 2004

From: InfoSec News (isn@private)
Date: Wed Apr 07 2004 - 07:06:23 PDT

  • Next message: William Knowles: "[ISN] Arrests key win for NSA hackers"

    ====================
    
    ==== This Issue Sponsored By ====
    
    Windows Scripting Solutions
       http://list.winnetmag.com/cgi-bin3/DM/y/efMq0CJgSH0CBw0BFyu0AO
    
    New Web Seminar--Preemptive Email Security: How Enterprise Rent-A-Car
    Eliminates Spam
       http://list.winnetmag.com/cgi-bin3/DM/y/efMq0CJgSH0CBw0BGhc0Ao
    
    ====================
    
    1. In Focus: Resources for Patch Management
    
    2. Security News and Features
       - Recent Security Vulnerabilities
       - News: Open Source Vulnerability Database Online
       - News: New Forensics Tool: Port Reporter
       - News: WinBlox Monitors and Prevents I/O
       - Feature: Honeypots for Windows
    
    3. Instant Poll
    
    4. Security Toolkit
    
    5. New and Improved
       - Prevent Identity Theft
    
    ====================
    
    ==== Sponsor: Windows Scripting Solutions ====
       Try a Sample Issue of Windows Scripting Solutions
       Windows Scripting Solutions is the monthly newsletter from Windows
    & .NET Magazine that shows you how to automate time-consuming,
    administrative tasks by using our simple downloadable code and
    scripting techniques. Sign up for a sample issue right now, and find
    out how you can save both time and money. Click here!
       http://list.winnetmag.com/cgi-bin3/DM/y/efMq0CJgSH0CBw0BFyu0AO
    
    ====================
    
    ==== 1. In Focus: Resources for Patch Management ====
       by Mark Joseph Edwards, News Editor, mark at ntsecurity dot net
    
    Keeping systems up to date and thus protected against various attack
    methods is sometimes difficult. You're aware that many
    patch-management solutions are available, including solutions from
    Microsoft as well as third-party software vendors. You need
    information about the available patch-management solutions to
    determine which might best fit your needs. In addition, you probably
    sometimes need to discuss your particular patch-management solution
    with other people to help better understand its problems or quirks.
    Numerous resources are available that can help.
    
    If you're shopping for a patch-management solution, remember that Mark
    Burnett and some of his associates recently tested seven
    patch-management solutions to gauge their effectiveness. Those
    solutions include BigFix Patch Manager, Ecora Patch Manager, Gravity
    Storm Software's Service Pack Manager, PatchLink Update,
    SecurityProfiling's SysUpdate, Shavlik Technologies' HFNetChkPro, and
    St. Bernard Software's UpdateExpert. Burnett's findings are available
    in his article on our Web site.
       http://www.winnetmag.com/article/articleid/40710/40710.html
    
    Patch management is the primary focus of the April issue of Windows &
    .NET Magazine. Mark Burnett discusses advanced patch-management
    techniques and resources that can assist in your efforts. Of course,
    before you roll out a patch to your enterprise, you'll probably want
    to test it to ensure that it works properly in your environment. Jason
    Fossen discusses patch testing and offers tips and scripting ideas.
    You can read the articles in the print magazine, or if you subscribe
    to the print magazine or our VIP program, you can access the articles
    on our Web site.
       http://www.winnetmag.com/windows/issues/issueid/688/index.html
       http://www.winnetmag.com/article/articleid/41980/41980.html
       http://www.winnetmag.com/article/articleid/41979/41979.html
    
    Another April issue article you might find interesting is Michael
    Otey's commentary "Unreasonable Expectations." In Otey's opinion,
    Microsoft needs to fix its patching process. You don't need to be a
    subscriber to read what Otey has to say.
       http://www.winnetmag.com/article/articleid/41987/41987.html
    
    If you'd like to discuss patch-management solutions with other network
    administrators, a relatively new resource is available: the Patch
    Management mailing list. I've been a subscriber since its inception
    and can say that the list is a valuable resource. Shavlik Technologies
    hosts the related Web site, but the list is vendor neutral--there's no
    slant toward one product or another. Conversation about any topic
    regarding any Windows or Linux patch or any patch solution is
    welcome--regardless of the vendor. You can subscribe to the mailing
    list by going to the first URL below. At the Web site, you'll also
    find articles related to patch management, including a list of product
    comparisons from a variety of mainstream publishers. And be sure to
    check out Jason Chan's informative article "Essentials of Patch
    Management Policy and Practice" at the second URL below.
       http://www.patchmanagement.org
       http://www.patchmanagement.org/pmessentials.asp
    
    ====================
    
    ==== Sponsor: New Web Seminar--Preemptive Email Security: How
    Enterprise Rent-A-Car Eliminates Spam ====
       Get the inside scoop on how Enterprise Rent-A-Car eliminated spam
    and viruses, improved their email security, and increased
    productivity. Don't miss this opportunity to educate yourself and
    become a smarter customer when it comes to choosing an antispam
    solution that best fits your organization's needs. Sign up for this
    free Web seminar today!
       http://list.winnetmag.com/cgi-bin3/DM/y/efMq0CJgSH0CBw0BGhc0Ao
    
    ====================
    
    ==== 2. Security News and Features ====
    
    Recent Security Vulnerabilities
       If you subscribe to this newsletter, you also receive Security
    Alerts, which inform you about recently discovered security
    vulnerabilities. You can also find information about these discoveries
    at
       http://www.winnetmag.com/departments/departmentid/752/752.html
    
    News: Open Source Vulnerability Database Online
       The Open Source Vulnerability Database (OSVDB), provided by the
    Open Security Foundation (OSF), is now online and available to the
    public. OSVDB is an archive of known vulnerabilities and includes
    vulnerability data pertaining to all platforms.
       http://www.winnetmag.com/article/articleid/42218/42218.html
    
    News: New Forensics Tool: Port Reporter
       Can you ever have enough tools to assist with troubleshooting and
    forensic analysis? Probably not, and that's a good reason to add the
    new Port Reporter to your toolkit. Port Reporter is free from
    Microsoft and logs TCP and UDP port activity to a text file.
       http://www.winnetmag.com/article/articleid/42212/42212.html
    
    News: WinBlox Monitors and Prevents I/O
       Liu Die Yu released source code for his WinBlox tool, a
    command-line utility that can record, filter, and prevent file I/O
    operations. Yu hopes people will download the source code and help
    find bugs. Although you can download WinBlox and test it, Yu cautions
    that the utility is still under development and might not be suitable
    for production environments.
       http://www.winnetmag.com/article/articleid/42219/42219.html
    
    Feature: Honeypots for Windows
       Long thought of as toys for security administrators who have too
    much time on their hands, honeypots are gaining an increased presence
    on corporate networks. Honeypots are nonproduction computer assets set
    up for the express purpose of being a potential target for
    unauthorized activities. Roger A. Grimes offers a look at four
    honeypots (Honeyd-WIN32 0.5, KeyFocus's KFSensor, Network Security
    Software's SPECTER 7.0, and VMware Workstation 4.0) in this article on
    our Web site.
       http://www.winnetmag.com/article/articleid/41976/41976.html
    
    ==== Announcements ====
       (from Windows & .NET Magazine and its partners)
    
    The Windows & .NET Magazine Network VIP Web Site/Super CD Has It All!
       With a VIP Web Site/Super CD subscription, you'll get online access
    to all of our publications, a print subscription to Windows & .NET
    Magazine, and a subscription to our VIP Web site, a banner-free
    resource loaded with articles you can't find anywhere else. Click here
    to find out how you can get it all:
       http://list.winnetmag.com/cgi-bin3/DM/y/efMq0CJgSH0CBw0BGza0A5
    
    Register today for Microsoft Tech Ed 2004
       Don't miss Tech Ed 2004 -- May 23-28, 2004 in San Diego, CA -- the
    definitive Microsoft conference for building, deploying, securing and
    managing connected solutions. You'll find 11 conference tracks and
    over 400 sessions. Get answers to your technical questions, meet
    industry experts, evaluate new products, and take advantage of
    extensive networking opportunities. Register today.
       http://list.winnetmag.com/cgi-bin3/DM/y/efMq0CJgSH0CBw0BGE40AS
    
    ==== 3. Instant Poll ====
    
    Results of Previous Poll
       The voting has closed in the Windows & .NET Magazine Network
    Security Web page nonscientific Instant Poll for the question, "Does
    your company use or intend to use Voice over IP (VoIP) technology?"
    Here are the results from the 89 votes.
       - 40% Yes, we use it now
       - 31% Yes, we intend to use it
       - 22% No, we don't plan to use it
       -  6% Not sure
       (Deviations from 100 percent are due to rounding.)
    
    New Instant Poll
       The next Instant Poll question is, "If you're using Microsoft
    Software Update Services (SUS) or the new Windows Update Services
    (WUS), how satisfied with the product are you?" Go to the Security Web
    page and submit your vote for
       - Very satisfied
       - Somewhat satisfied
       - Not satisfied
       http://www.winnetmag.com/windowssecurity
    
    ==== 4. Security Toolkit ====
    
    Virus Alert: Netsky.R
       Netsky.R spreads through an email message with variable
    characteristics. However, the message subject always includes the text
    "Re: Document." The worm deletes several other worms, including
    Mydoom.A, Mydoom.B, and Mimail.T. Netsky.R will also attempt to launch
    Denial of Service (DoS) attacks against several Web pages between
    April 12 and 16.
    http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=45991
    
    Virus Alert: Netsky.Q
       Netsky.Q spreads through an email message with variable
    characteristics. The worm exploits a Microsoft Internet Explorer (IE)
    vulnerability to automatically run a message attachment when a user
    views the message through Microsoft Outlook's preview pane.
       Netsky.Q deletes several other worms including Mydoom.A, Mydoom.B,
    Mimail.T, and several Bagle variants. The worm will attempt to launch
    Denial of Service (DoS) attacks against several Web pages between
    April 8 and 11. When the system date and time is March 30, 2004
    between 5:00 a.m. and 10:59 a.m., the worm emits random tones through
    the internal speakers.
    http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=45926
    
    FAQ: How can I use Group Policy to disable System Restore in Windows
    XP and later?
       by John Savill, http://www.winnetmag.com/windowsnt20002003faq
    
    A. System Restore is a systemwide setting. As a result, you must
    disable it at the Computer Configuration level by performing the
    following steps:
    
       1. Load the Group Policy Object (GPO) that you want to modify. For
    example, go to Start, Programs, Administrative Tools, Active Directory
    Users and Computers; right-click a domain; select Properties; select
    the Group Policy tab; then create a new GPO or edit an existing GPO.
       2. Navigate to Computer Configuration, Administrative Templates,
    System, System Restore.
       3. Double-click "Turn off System Restore," set it to Enabled, then
    click OK.
       4. Close the GPO.
    
    The change will take effect at the next refresh.
    
    Featured Thread: ISA Server SMTP Filter
       (Three messages in this thread)
       Jack is using ISA Server to reverse-cache some services for outside
    users at his organization. He also uses the SMTP filter so that he can
    prevent certain email messages and attachments from entering his
    organization. However, he's seeing errors in the ISA Server Event
    Viewer that indicate invalid SMTP commands, and the email filters
    don't seem to work when he applies them. Lend a hand or read the
    responses:
    http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=118824
    
    ==== Events Central ====
       (A complete Web and live events directory brought to you by Windows
    & .NET Magazine: http://www.winnetmag.com/events )
    
    New Web Seminar--The Spam Problem Solved: Hensel Phelps Construction
    Company Case Study
       Find out how Hensel Phelps Construction, a multibillion-dollar
    national contractor, has implemented a multilayered antispam solution
    to increase user productivity and decrease the burden on IT staff
    resources, infrastructure, and budget. Sign up now for this free Web
    seminar!
       http://list.winnetmag.com/cgi-bin3/DM/y/efMq0CJgSH0CBw0BGzb0A6
    
    ==== 5. New and Improved ====
       by Jason Bovberg, products@private
    
    Prevent Identity Theft
       FSPro Lab announced Identity Knight, software that prevents the
    theft of personal information when users use Microsoft Internet
    Explorer (IE) 5.0's AutoComplete option to fill out online forms.
    Identity Knight deletes any data that users don't want to be stored in
    Windows Protected Storage, which AutoComplete uses for data storage.
    FSPro Lab also offers Credit Card Knight, which works exclusively with
    credit card numbers. You can download Identity Knight and Credit Card
    Knight from the company's Web site; free demo versions are available.
    Identity Knight costs $34.95, and Credit Card Knight costs $24.95. For
    more information about these products, contact FSPro Lab on the Web.
       http://www.fspro.net
    
    Tell Us About a Hot Product and Get a T-Shirt!
       Have you used a product that changed your IT experience by saving
    you time or easing your daily burden? Tell us about the product, and
    we'll send you a Windows & .NET Magazine T-shirt if we write about the
    product in a future Windows & .NET Magazine What's Hot column. Send
    your product suggestions with information about how the product has
    helped you to whatshot@private
    
    ===================
    
    ==== Sponsored Links ====
    
    Argent
       Comparison Paper: The Argent Guardian Easily Beats Out MOM
       http://list.winnetmag.com/cgi-bin3/DM/y/efMq0CJgSH0CBw0BDWV0AH
    
    Microsoft(R) TechNet
       Microsoft(R) TechNet Webcasts: essential guidance, industry experts
       http://list.winnetmag.com/cgi-bin3/DM/y/efMq0CJgSH0CBw0BG360AC
    
    ===================
    
    ==== Contact Us ====
    
    About the newsletter -- letters@private
    About technical questions -- http://www.winnetmag.com/forums
    About product news -- products@private
    About your subscription -- securityupdate@private
    About sponsoring Security UPDATE -- emedia_opps@private
    
    ====================
    
    This email newsletter is brought to you by Windows & .NET Magazine,
    the leading publication for IT professionals deploying Windows and
    related technologies. Subscribe today.
       http://www.winnetmag.com/sub.cfm?code=wswi201x1z
    
    You received this email message because you asked to receive
    additional information about products and services from the Windows &
    .NET Magazine Network. To unsubscribe, send an email message to
    mailto:Security-UPDATE_Unsub@private Thank you!
    
    View the Windows & .NET Magazine privacy policy at
    http://www.winnetmag.com/AboutUs/Index.cfm?action=privacy
    
    Windows & .NET Magazine, a division of Penton Media, Inc.
    221 East 29th Street, Loveland, CO 80538
    Attention: Customer Service Department
    
    Copyright 2004, Penton Media, Inc. All rights reserved.
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org
    



    This archive was generated by hypermail 2b30 : Wed Apr 07 2004 - 08:35:36 PDT