==================== ==== This Issue Sponsored By ==== Postini Perimeter Manager http://list.winnetmag.com/cgi-bin3/DM/y/efZI0CJgSH0CBw0BHWT0Aq ==================== 1. In Focus: Patches and Risk Management 2. Security News and Features - Recent Security Vulnerabilities - Feature: Tighter Security in Outlook 2002 SP3 - Feature: What's Hot - Buyer's Guide: Web Content-Filtering Solutions - Feature: What You Need to Know About Microsoft SmartScreen Technology and the Exchange Intelligent Message Filter 3. Instant Poll 4. Security Toolkit - FAQ - Featured Thread 5. New and Improved - Protect Your Hard Disk from Unauthorized Access ==================== ==== Sponsor: Postini Perimeter Manager ==== Learn from a real world "Enterprise" case study given by one of your IT colleagues on how he significantly reduced spam and viruses and improved his email security and productivity. You'll get the inside scoop on how Enterprise Rent-A-Car evaluated and selected a managed service solution to protect its email system. Email expert and author Peter Bowyer will describe the merits of the "preemptive" email security approach compared with more traditional approaches. Then hear industry pioneer Scott Petry describe the merits of the "preemptive" email security approach compared with more traditional approaches, as well as the latest trends in spam and virus attacks. Don't miss this opportunity to be smarter when choosing an anti-spam solution that's right for you. http://list.winnetmag.com/cgi-bin3/DM/y/efZI0CJgSH0CBw0BHWT0Aq ==================== ==== 1. In Focus: Patches and Risk Management ==== by Mark Joseph Edwards, News Editor, mark at ntsecurity dot net The four security bulletins that Microsoft released April 13 address some 20 vulnerabilities found in most Windows OSs and in Windows NetMeeting and Microsoft Outlook Express 6.0 and Outlook Express 5.5. If you haven't already inspected the security bulletins to determine how soon you should patch your systems, consider doing so sooner rather than later. Microsoft labeled six of the vulnerabilities critical and the remaining 14 important or lesser risks. Microsoft suggests that you load all critical patches within 24 hours of their release, important patches within a month, moderate patches within four months (using the patch itself, a roll-up package, or a new service pack, depending on availability), and low-importance patches any time during the next 12 months. Of course, you should use the suggested roll-out times only as a guideline--your environment and policies will better suggest your time frames for patch roll-outs. Also last week, Microsoft published the paper "Security Management: Oh Patch How I Hate Thee; Let Me Count the Ways" by Jesper M. Johansson. In it, you'll find a description of Microsoft product patches and severity ratings, the methods Microsoft uses to make patches available, tips about how you might be able to install patches without rebooting a system afterward, and other anecdotal information. The article also mentions Microsoft Virtual PC, which you might be able to use to establish an environment in which you can test patches before rolling them out. http://www.microsoft.com/technet/community/columns/secmgmt/default.mspx http://www.microsoft.com/windowsxp/virtualpc You probably have loads of software from other vendors, and obviously you need to stay informed about any security vulnerabilities this software might have. One tool you might consider using is Cassandra, from the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University. Cassandra lets you establish profiles that contain lists of products you use or are interested in monitoring for new security risks. You can also configure your profiles so that you receive email notifications when new data becomes available about products on your lists. Cassandra searches the National Institute of Standards and Technology's (NIST's) ICAT vulnerability database and vulnerability information from Secunia, which in some cases might be more timely and more inclusive than ICAT's information. You can use a freeware tool such as Sassafras Software's KeyAudit (a software inventory and auditing utility) to help generate and update your profiles. https://cassandra.cerias.purdue.edu/main/index.html http://www.cerias.purdue.edu http://icat.nist.gov http://www.secunia.com http://www.sassafras.com/keyaudit.html Check into Cassandra. It might help automate your current processes or even fill some gaps in your security risk knowledge. ==================== ==== Sponsor: Postini Perimeter Manager ==== Learn from a real world case study given by one of your IT colleagues on how he reduced spam and viruses and improved his email security and productivity. You'll get the inside scoop on how Enterprise Rent-A-Car evaluated and selected a managed service solution to protect its email system. Then hear email expert Scott Petry describe the merits of the "preemptive" email security approach, as well as the latest trends in spam and virus attacks. Register today to learn more about choosing the right anti-spam solution for your organization. http://list.winnetmag.com/cgi-bin3/DM/y/efZI0CJgSH0CBw0BHWT0Aq ==================== ==== 2. Security News and Features ==== Recent Security Vulnerabilities If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at http://www.winnetmag.com/departments/departmentid/752/752.html Feature: Tighter Security in Outlook 2002 SP3 Microsoft caused a commotion when it released Office XP Service Pack 3 (SP3) in March. Along with fixing bugs in Outlook 2002 and other Office programs, this service pack tightens "object model guard" security for programs that access the contents of Outlook messages and other items. The tighter security had an immediate effect on certain antispam applications, PDA-synchronization tools, and other programs that work with Outlook--in some cases triggering a security prompt every few minutes as Outlook downloaded new messages. Users who didn't want to deal with the prompts had to choose between disabling their antispam programs (at least temporarily) or removing both SP3 and Office XP, then reinstalling Office XP and doing without the new security features. http://www.winnetmag.com/article/articleid/42298/42298.html Feature: What's Hot In this article, readers highlight exceptional products that help them do their job. The products are JAM Software's TreeSize Professional, which helps you understand how your disk space is allocated; MailFoundry's MailFoundryEP appliance for filtering email content and thereby increasing overall network security; and Flowerfire's Sawmill log-analysis tool for manipulating huge amounts of log data into more meaningful reports. http://www.winnetmag.com/article/articleid/41975/41975.html Buyer's Guide: Web Content-Filtering Solutions Businesses that want to limit employee Internet access to only business-related content and services have the luxury of choosing from a variety of Web content-filtering solutions. The techniques these products employ range from simple blocked-URL lists to network appliances that "learn" and can make dynamic policy changes. The appropriate Web content-filtering solution for your business depends on factors such as your company's size, type of business, resources, network infrastructure, and corporate culture. Compare your requirements with the product descriptions in the accompanying table and do the necessary research before you buy. http://www.winnetmag.com/article/articleid/41978/41978.html Feature: What You Need to Know About Microsoft SmartScreen Technology and the Exchange Intelligent Message Filter Microsoft has spent several years working on antispam technology, and beginning in 2003, we finally started seeing some results, including a new spam filter that debuted in the company's MSN Hotmail and MSN 8 mail servers. In late 2003, Microsoft added this technology, dubbed SmartScreen Technology, to its Microsoft Office Outlook 2003 email and personal information manager (PIM) client. The company also announced plans to make the technology available to certain Microsoft Exchange Server 2003 customers through a new add-on called the Exchange Intelligent Message Filter. This article tells you what you need to know about SmartScreen Technology and the Exchange Intelligent Message Filter. http://www.winnetmag.com/article/articleid/41970/41970.html ==================== ==== Announcements ==== (from Windows & .NET Magazine and its partners) Complimentary eBook--"The Expert's Guide for Exchange 2003: Preparing for, Moving to, and Supporting Exchange Server 2003" This eBook will educate Exchange administrators and systems managers about how to best approach the migration and overall management of an Exchange 2003 environment. The book will concentrate on core issues such as configuration management, accounting, and monitoring performance with an eye toward migration, consolidation, security, and management. http://list.winnetmag.com/cgi-bin3/DM/y/efZI0CJgSH0CBw0BGSd0A2 Microsoft Tech Ed 2004 Europe, 29 June - 2 July, Amsterdam Get the most out of Microsoft's software and technology at Microsoft's premier European conference for building, deploying, securing and managing connected solutions. Benefit from 400+ sessions packed with technical content covering Microsoft Visual Studio .NET 2003, Windows Server 2003, Exchange Server 2003, SQL Server 2000, and more. Register now and save 300 Euros. http://list.winnetmag.com/cgi-bin3/DM/y/efZI0CJgSH0CBw0zFv0Ar ==================== ==== 3. Instant Poll ==== Results of Previous Poll The voting has closed in the Windows & .NET Magazine Network Security Web page nonscientific Instant Poll for the question, "If you're using Microsoft Software Update Services (SUS) or the new Windows Update Services (WUS), how satisfied with the product are you?" Here are the results from the 71 votes. - 48% Very satisfied - 34% Somewhat satisified - 18% Not satisfied New Instant Poll The next Instant Poll question is, "As a security administrator, what's your most important task?" Go to the Security Web page and submit your vote for - Security monitoring and auditing - Policy management and enforcement - Patch management - End-user education - Other http://www.winnetmag.com/windowssecurity ==== 4. Security Toolkit ==== FAQ: The Microsoft Windows Security Update CD by John Savill, http://www.winnetmag.com/windowsnt20002003faq Q: What's the Microsoft Windows Security Update CD? A. Microsoft has released a CD-ROM that includes all service packs and fixes for Windows XP, Windows 2000, Windows Me, Windows 98, and Win98 SE. The CD-ROM is free (including the cost of postage for US customers), and you don't need to provide a credit card when you place your order. You'll actually receive two CD-ROMs in the mail--the first has all the fixes, and the second has trial antivirus and firewall products. You can learn more about it and order a copy at Microsoft's Web site. http://www.microsoft.com/security/protect/cd/order.asp Featured Thread: GPO Settings vs. User Settings (Four messages in this thread) A reader wonders what happens when users' settings conflict with Group Policy computer settings. Do the users' settings take precedence because they're applied last (after the user logs on), or do the Group Policy settings "win"? Lend a hand or read the responses: http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=119472 ==================== ==== Events Central ==== (A complete Web and live events directory brought to you by Windows & .NET Magazine: http://www.winnetmag.com/events ) New--The Exchange Server Seminar Series Simplify your life with Windows Server 2003 and Exchange Server 2003. Learn the advantages of migrating to an integrated communications environment, consolidating and simplifying implementation of technology, and accelerating worker productivity. Coming to your city soon. Register now for this free event! http://list.winnetmag.com/cgi-bin3/DM/y/efZI0CJgSH0CBw0BG6C0Az ==================== ==== 5. New and Improved ==== by Jason Bovberg, products@private Protect Your Hard Disk from Unauthorized Access Authenex announced Authenex HDLock, a security system that secures PCs and notebooks from unauthorized access. Authenex HDLock uses 128-bit Advanced Encryption Standard (AES) hard-disk encryption and a strong (two-factor) authentication logon process to confirm the identity of the person requesting access to the computer. The software requires the use of a physical A-Key token in combination with a password. Authenex HDLock costs $79.95 per user and is available in quantities of 10. For more information about Authenex HDLock, contact Authenex at 877-288-4363 or on the Web. http://www.authenex.com Tell Us About a Hot Product and Get a T-Shirt! Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows & .NET Magazine T-shirt if we write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions with information about how the product has helped you to whatshot@private ==================== ==== Sponsored Links ==== Argent Comparison Paper: The Argent Guardian Easily Beats Out MOM http://list.winnetmag.com/cgi-bin3/DM/y/efZI0CJgSH0CBw0BDWV0Ao Javelina Software Award-Winning Tools for Active Directory Management. Free Trial! http://list.winnetmag.com/cgi-bin3/DM/y/efZI0CJgSH0CBw0BHRC0AU Microsoft Security Knowledge Improves Security. Visit www.securitywhitepaper.com. http://list.winnetmag.com/cgi-bin3/DM/y/efZI0CJgSH0CBw0BHSy0AP ==================== ==== Contact Us ==== About the newsletter -- letters@private About technical questions -- http://www.winnetmag.com/forums About product news -- products@private About your subscription -- securityupdate@private About sponsoring Security UPDATE -- emedia_opps@private ==================== ==== Contact Our Sponsors ==== Postini, Inc. -– 888-584-3150 or 650-216-3574, http://www.postini.com/go/winnet ==================== This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today. http://www.winnetmag.com/sub.cfm?code=wswi201x1z You received this email message because you asked to receive additional information about products and services from the Windows & .NET Magazine Network. To unsubscribe, send an email message to mailto:Security-UPDATE_Unsub@private Thank you! View the Windows & .NET Magazine privacy policy at http://www.winnetmag.com/AboutUs/Index.cfm?action=privacy Windows & .NET Magazine, a division of Penton Media, Inc. 221 East 29th Street, Loveland, CO 80538 Attention: Customer Service Department Copyright 2004, Penton Media, Inc. All rights reserved. _________________________________________ ISN mailing list Sponsored by: OSVDB.org
This archive was generated by hypermail 2b30 : Thu Apr 22 2004 - 00:57:36 PDT