[ISN] Windows & .NET Magazine Security UPDATE--Patches and Risk Management--April 21, 2004

From: InfoSec News (isn@private)
Date: Thu Apr 22 2004 - 00:09:54 PDT

  • Next message: InfoSec News: "[ISN] ITL Bulletin for April 2004"

    ====================
    
    ==== This Issue Sponsored By ====
    
    Postini Perimeter Manager
       http://list.winnetmag.com/cgi-bin3/DM/y/efZI0CJgSH0CBw0BHWT0Aq
    
    ====================
    
    1. In Focus: Patches and Risk Management
    
    2. Security News and Features
       - Recent Security Vulnerabilities
       - Feature: Tighter Security in Outlook 2002 SP3
       - Feature: What's Hot
       - Buyer's Guide: Web Content-Filtering Solutions
       - Feature: What You Need to Know About Microsoft SmartScreen
         Technology and the Exchange Intelligent Message Filter
    
    3. Instant Poll
    
    4. Security Toolkit
       - FAQ
       - Featured Thread
    
    5. New and Improved
       - Protect Your Hard Disk from Unauthorized Access
    
    ====================
    
    ==== Sponsor: Postini Perimeter Manager ====
       Learn from a real world "Enterprise" case study given by one of
    your IT colleagues on how he significantly reduced spam and viruses
    and improved his email security and productivity. You'll get the
    inside scoop on how Enterprise Rent-A-Car evaluated and selected a
    managed service solution to protect its email system. Email expert and
    author Peter Bowyer will describe the merits of the "preemptive" email
    security approach compared with more traditional approaches. Then hear
    industry pioneer Scott Petry describe the merits of the "preemptive"
    email security approach compared with more traditional approaches, as
    well as the latest trends in spam and virus attacks. Don't miss this
    opportunity to be smarter when choosing an anti-spam solution that's
    right for you.
       http://list.winnetmag.com/cgi-bin3/DM/y/efZI0CJgSH0CBw0BHWT0Aq
    
    ====================
    
    ==== 1. In Focus: Patches and Risk Management ====
       by Mark Joseph Edwards, News Editor, mark at ntsecurity dot net
    
    The four security bulletins that Microsoft released April 13 address
    some 20 vulnerabilities found in most Windows OSs and in Windows
    NetMeeting and Microsoft Outlook Express 6.0 and Outlook Express 5.5.
    If you haven't already inspected the security bulletins to determine
    how soon you should patch your systems, consider doing so sooner
    rather than later. Microsoft labeled six of the vulnerabilities
    critical and the remaining 14 important or lesser risks. Microsoft
    suggests that you load all critical patches within 24 hours of their
    release, important patches within a month, moderate patches within
    four months (using the patch itself, a roll-up package, or a new
    service pack, depending on availability), and low-importance patches
    any time during the next 12 months. Of course, you should use the
    suggested roll-out times only as a guideline--your environment and
    policies will better suggest your time frames for patch roll-outs.
    
    Also last week, Microsoft published the paper "Security Management: Oh
    Patch How I Hate Thee; Let Me Count the Ways" by Jesper M. Johansson.
    In it, you'll find a description of Microsoft product patches and
    severity ratings, the methods Microsoft uses to make patches
    available, tips about how you might be able to install patches without
    rebooting a system afterward, and other anecdotal information. The
    article also mentions Microsoft Virtual PC, which you might be able to
    use to establish an environment in which you can test patches before
    rolling them out.
    http://www.microsoft.com/technet/community/columns/secmgmt/default.mspx
    http://www.microsoft.com/windowsxp/virtualpc
    
    You probably have loads of software from other vendors, and obviously
    you need to stay informed about any security vulnerabilities this
    software might have. One tool you might consider using is Cassandra,
    from the Center for Education and Research in Information Assurance
    and Security (CERIAS) at Purdue University. Cassandra lets you
    establish profiles that contain lists of products you use or are
    interested in monitoring for new security risks. You can also
    configure your profiles so that you receive email notifications when
    new data becomes available about products on your lists. Cassandra
    searches the National Institute of Standards and Technology's (NIST's)
    ICAT vulnerability database and vulnerability information from
    Secunia, which in some cases might be more timely and more inclusive
    than ICAT's information. You can use a freeware tool such as Sassafras
    Software's KeyAudit (a software inventory and auditing utility) to
    help generate and update your profiles.
       https://cassandra.cerias.purdue.edu/main/index.html
       http://www.cerias.purdue.edu
       http://icat.nist.gov
       http://www.secunia.com
       http://www.sassafras.com/keyaudit.html
    
    Check into Cassandra. It might help automate your current processes or
    even fill some gaps in your security risk knowledge.
    
    ====================
    
    ==== Sponsor: Postini Perimeter Manager ====
       Learn from a real world case study given by one of your IT
    colleagues on how he reduced spam and viruses and improved his email
    security and productivity. You'll get the inside scoop on how
    Enterprise Rent-A-Car evaluated and selected a managed service
    solution to protect its email system. Then hear email expert Scott
    Petry describe the merits of the "preemptive" email security approach,
    as well as the latest trends in spam and virus attacks. Register today
    to learn more about choosing the right anti-spam solution for your
    organization.
       http://list.winnetmag.com/cgi-bin3/DM/y/efZI0CJgSH0CBw0BHWT0Aq
    
    ====================
    
    ==== 2. Security News and Features ====
    
    Recent Security Vulnerabilities
       If you subscribe to this newsletter, you also receive Security
    Alerts, which inform you about recently discovered security
    vulnerabilities. You can also find information about these discoveries
    at
       http://www.winnetmag.com/departments/departmentid/752/752.html
    
    Feature: Tighter Security in Outlook 2002 SP3
       Microsoft caused a commotion when it released Office XP Service
    Pack 3 (SP3) in March. Along with fixing bugs in Outlook 2002 and
    other Office programs, this service pack tightens "object model guard"
    security for programs that access the contents of Outlook messages and
    other items. The tighter security had an immediate effect on certain
    antispam applications, PDA-synchronization tools, and other programs
    that work with Outlook--in some cases triggering a security prompt
    every few minutes as Outlook downloaded new messages. Users who didn't
    want to deal with the prompts had to choose between disabling their
    antispam programs (at least temporarily) or removing both SP3 and
    Office XP, then reinstalling Office XP and doing without the new
    security features.
       http://www.winnetmag.com/article/articleid/42298/42298.html
    
    Feature: What's Hot
       In this article, readers highlight exceptional products that help
    them do their job. The products are JAM Software's TreeSize
    Professional, which helps you understand how your disk space is
    allocated; MailFoundry's MailFoundryEP appliance for filtering email
    content and thereby increasing overall network security; and
    Flowerfire's Sawmill log-analysis tool for manipulating huge amounts
    of log data into more meaningful reports.
       http://www.winnetmag.com/article/articleid/41975/41975.html
    
    Buyer's Guide: Web Content-Filtering Solutions
       Businesses that want to limit employee Internet access to only
    business-related content and services have the luxury of choosing from
    a variety of Web content-filtering solutions. The techniques these
    products employ range from simple blocked-URL lists to network
    appliances that "learn" and can make dynamic policy changes. The
    appropriate Web content-filtering solution for your business depends
    on factors such as your company's size, type of business, resources,
    network infrastructure, and corporate culture. Compare your
    requirements with the product descriptions in the accompanying table
    and do the necessary research before you buy.
       http://www.winnetmag.com/article/articleid/41978/41978.html
    
    Feature: What You Need to Know About Microsoft SmartScreen Technology
    and the Exchange Intelligent Message Filter
       Microsoft has spent several years working on antispam technology,
    and beginning in 2003, we finally started seeing some results,
    including a new spam filter that debuted in the company's MSN Hotmail
    and MSN 8 mail servers. In late 2003, Microsoft added this technology,
    dubbed SmartScreen Technology, to its Microsoft Office Outlook 2003
    email and personal information manager (PIM) client. The company also
    announced plans to make the technology available to certain Microsoft
    Exchange Server 2003 customers through a new add-on called the
    Exchange Intelligent Message Filter. This article tells you what you
    need to know about SmartScreen Technology and the Exchange Intelligent
    Message Filter.
       http://www.winnetmag.com/article/articleid/41970/41970.html
    
    ====================
    
    ==== Announcements ====
       (from Windows & .NET Magazine and its partners)
    
    Complimentary eBook--"The Expert's Guide for Exchange 2003: Preparing
    for, Moving to, and Supporting Exchange Server 2003"
       This eBook will educate Exchange administrators and systems
    managers about how to best approach the migration and overall
    management of an Exchange 2003 environment. The book will concentrate
    on core issues such as configuration management, accounting, and
    monitoring performance with an eye toward migration, consolidation,
    security, and management.
       http://list.winnetmag.com/cgi-bin3/DM/y/efZI0CJgSH0CBw0BGSd0A2
    
    Microsoft Tech Ed 2004 Europe, 29 June - 2 July, Amsterdam
       Get the most out of Microsoft's software and technology at
    Microsoft's premier European conference for building, deploying,
    securing and managing connected solutions. Benefit from 400+ sessions
    packed with technical content covering Microsoft Visual Studio .NET
    2003, Windows Server 2003, Exchange Server 2003, SQL Server 2000, and
    more. Register now and save 300 Euros.
       http://list.winnetmag.com/cgi-bin3/DM/y/efZI0CJgSH0CBw0zFv0Ar
    
    ====================
    
    ==== 3. Instant Poll ====
    
    Results of Previous Poll
       The voting has closed in the Windows & .NET Magazine Network
    Security Web page nonscientific Instant Poll for the question, "If
    you're using Microsoft Software Update Services (SUS) or the new
    Windows Update Services (WUS), how satisfied with the product are
    you?" Here are the results from the 71 votes.
       - 48% Very satisfied
       - 34% Somewhat satisified
       - 18% Not satisfied
    
    New Instant Poll
       The next Instant Poll question is, "As a security administrator,
    what's your most important task?" Go to the Security Web page and
    submit your vote for
       - Security monitoring and auditing
       - Policy management and enforcement
       - Patch management
       - End-user education
       - Other
       http://www.winnetmag.com/windowssecurity
    
    ==== 4. Security Toolkit ====
    
    FAQ: The Microsoft Windows Security Update CD
       by John Savill, http://www.winnetmag.com/windowsnt20002003faq
    
    Q: What's the Microsoft Windows Security Update CD?
    
    A. Microsoft has released a CD-ROM that includes all service packs and
    fixes for Windows XP, Windows 2000, Windows Me, Windows 98, and Win98
    SE. The CD-ROM is free (including the cost of postage for US
    customers), and you don't need to provide a credit card when you place
    your order. You'll actually receive two CD-ROMs in the mail--the first
    has all the fixes, and the second has trial antivirus and firewall
    products. You can learn more about it and order a copy at Microsoft's
    Web site.
       http://www.microsoft.com/security/protect/cd/order.asp
    
    Featured Thread: GPO Settings vs. User Settings
       (Four messages in this thread)
       A reader wonders what happens when users' settings conflict with
    Group Policy computer settings. Do the users' settings take precedence
    because they're applied last (after the user logs on), or do the Group
    Policy settings "win"? Lend a hand or read the responses:
    http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=119472
    
    ====================
    
    ==== Events Central ====
       (A complete Web and live events directory brought to you by Windows
    & .NET Magazine: http://www.winnetmag.com/events )
    
    New--The Exchange Server Seminar Series
       Simplify your life with Windows Server 2003 and Exchange Server
    2003. Learn the advantages of migrating to an integrated
    communications environment, consolidating and simplifying
    implementation of technology, and accelerating worker productivity.
    Coming to your city soon. Register now for this free event!
       http://list.winnetmag.com/cgi-bin3/DM/y/efZI0CJgSH0CBw0BG6C0Az
    
    ====================
    
    ==== 5. New and Improved ====
       by Jason Bovberg, products@private
    
    Protect Your Hard Disk from Unauthorized Access
       Authenex announced Authenex HDLock, a security system that secures
    PCs and notebooks from unauthorized access. Authenex HDLock uses
    128-bit Advanced Encryption Standard (AES) hard-disk encryption and a
    strong (two-factor) authentication logon process to confirm the
    identity of the person requesting access to the computer. The software
    requires the use of a physical A-Key token in combination with a
    password. Authenex HDLock costs $79.95 per user and is available in
    quantities of 10. For more information about Authenex HDLock, contact
    Authenex at 877-288-4363 or on the Web.
       http://www.authenex.com
    
    Tell Us About a Hot Product and Get a T-Shirt!
       Have you used a product that changed your IT experience by saving
    you time or easing your daily burden? Tell us about the product, and
    we'll send you a Windows & .NET Magazine T-shirt if we write about the
    product in a future Windows & .NET Magazine What's Hot column. Send
    your product suggestions with information about how the product has
    helped you to whatshot@private
    
    ====================
    
    ==== Sponsored Links ====
    
    Argent
       Comparison Paper: The Argent Guardian Easily Beats Out MOM
       http://list.winnetmag.com/cgi-bin3/DM/y/efZI0CJgSH0CBw0BDWV0Ao
    
    Javelina Software
       Award-Winning Tools for Active Directory Management. Free Trial!
       http://list.winnetmag.com/cgi-bin3/DM/y/efZI0CJgSH0CBw0BHRC0AU
    
    Microsoft Security
       Knowledge Improves Security. Visit www.securitywhitepaper.com.
       http://list.winnetmag.com/cgi-bin3/DM/y/efZI0CJgSH0CBw0BHSy0AP
    
    ====================
    
    ==== Contact Us ====
    
    About the newsletter -- letters@private
    About technical questions -- http://www.winnetmag.com/forums
    About product news -- products@private
    About your subscription -- securityupdate@private
    About sponsoring Security UPDATE -- emedia_opps@private
    
    ====================
    
    ==== Contact Our Sponsors ====
    
    Postini, Inc. -– 888-584-3150 or 650-216-3574,
       http://www.postini.com/go/winnet
    
    ====================
    
    This email newsletter is brought to you by Windows & .NET Magazine,
    the leading publication for IT professionals deploying Windows and
    related technologies. Subscribe today.
       http://www.winnetmag.com/sub.cfm?code=wswi201x1z
    
    You received this email message because you asked to receive
    additional information about products and services from the Windows &
    .NET Magazine Network. To unsubscribe, send an email message to
    mailto:Security-UPDATE_Unsub@private Thank you!
    
    View the Windows & .NET Magazine privacy policy at
    http://www.winnetmag.com/AboutUs/Index.cfm?action=privacy
    
    Windows & .NET Magazine, a division of Penton Media, Inc.
    221 East 29th Street, Loveland, CO 80538
    Attention: Customer Service Department
    
    Copyright 2004, Penton Media, Inc. All rights reserved.
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org
    



    This archive was generated by hypermail 2b30 : Thu Apr 22 2004 - 00:57:36 PDT