[ISN] Security UPDATE--Email Filtering--June 2, 2004

From: InfoSec News (isn@private)
Date: Thu Jun 03 2004 - 00:32:26 PDT

  • Next message: InfoSec News: "[ISN] [Vmyths.com ALERT] mi2g predicts ''catastrophic'' attack in 2004"

    Make sure your copy of Security UPDATE doesn't get mistakenly blocked
    by antispam software! Be sure to add
    Security-UPDATE@private to your list of allowed senders and
    ==== This Issue Sponsored By ====
    Windows & .NET Magazine
    1. In Focus: Want A Junk-Free Inbox? Then Filter It
    2. Security News and Features
       - Recent Security Vulnerabilities
       - Feature: Coping with Today's Killer App
       - News: Report from the Phishing Spot
       - Feature: A First Look at the New MBSA
       - News: Microsoft Partnering to Sell ISA Server Appliances
    3. Instant Poll
    4. Security Toolkit
       - FAQ
       - Featured Thread
    5. New and Improved
       - Monitor Your Server from Anywhere in the World
    ==== Sponsor: OpenNetwork ====
       Wondering where to start your Identity Management implementation?
    Find out more by reading the free whitepaper: Understanding the
    Identity Management Roadmap. Get your copy today at
    ==== 1. In Focus: Want A Junk-Free Inbox? Then Filter It ====
       by Mark Joseph Edwards, News Editor, mark at ntsecurity dot net
    Last week, I wrote about DomainKeys, Sender Policy Framework (SPF),
    and CallerID for E-Mail. All three technologies have been submitted to
    the Internet Engineering Task Force (IETF) as draft proposals. Since
    then, the developers of SPF and Microsoft (the developer of CallerID)
    have agreed to merge the two technologies into one. A new draft
    proposal will be created and submitted to the IETF; however, the name
    for the new technology has yet to be formalized.
    If you're interested in some of the ideas regarding how the two
    technologies will operate after they're merged, be sure to read Meng
    Weng Wong's outline of how things might pan out. Wong is one of the
    SPF developers, and you can find his outline in the SPF mailing list
    Last week, I pointed out that people who intend to use any or all of
    the three new technologies to help filter unwanted email will also
    need to use other technologies in combination with them because none
    of the three new technologies, not even all of them together, will
    completely stop unwanted email. A reader of this newsletter who also
    participates in the SPF mailing list asked SPF mailing list members
    whether my statement was true. The short answer is "yes," and another
    list member explains why.
    Another reader of this newsletter wrote to tell me that his Hotmail
    account is spam free. That may be true; however, I doubt that all
    other Hotmail accounts are in the same situation. Regardless, the way
    Hotmail (or any technology, for that matter) eliminates junk mail is
    to filter it by any of the available various methods, because that's
    the only way to do it without resorting to short-term disposable email
    addresses. Of course, such filtering relies on a variety of
    parameters, including known junk-mail-message content, known domains
    and networks that service spammers, open mail relays, keywords, key
    phrases, content types, block lists, allow lists, and so on. In the
    near future, DomainKeys and the combined SPF/CallerID will be a couple
    of additional mechanisms that will definitely be used for mail
    filtering. As you may know, the current rendition of SPF is already
    part of several mail-filtering packages; undoubtedly, such integration
    will continue. If you intend to curb unwanted email, you'll need to
    adapt to a method of filtering and tune that method as necessary.
    ==== Sponsor: Windows & .NET Magazine ====
       Get 2 Sample Issues of Windows & .NET Magazine!
       Every issue of Windows & .NET Magazine includes intelligent,
    impartial, and independent coverage of security, Active Directory,
    Exchange, scripting, and much more. Our expert authors deliver how-to
    articles and product evaluations that will help you do your job
    better. Try two, no-risk sample issues today, and find out why 100,000
    IT professionals rely on Windows & .NET Magazine each month!
    ==== 2. Security News and Features ====
    Recent Security Vulnerabilities
       If you subscribe to this newsletter, you also receive Security
    Alerts, which inform you about recently discovered security
    vulnerabilities. You can also find information about these discoveries
    Feature: Coping with Today's Killer App
       Some people are still waiting for the next killer app to emerge.
    But in my view, email is the killer app and has been for the past
    several years. Email has opened up easy communication for people both
    inside and outside an organization. It's a fast and convenient
    transport and distribution mechanism for vital information and enables
    an organization to operate smoothly. For many companies, email is a
    mission-critical component: If email is down, the business
    suffers--sometimes dramatically. In this article, Michael Otey
    discusses the need to treat email as the vital company resource it is
    and protect it.
    News: Report from the Phishing Spot
       According to the Anti-Phishing Working Group, in April, 1125 unique
    scams tried to obtain sensitive information from customers of 12
    well-known companies, including Citibank, U.S. Bank, eBay, PayPal, and
    Federal Deposit Insurance Corporation (FDIC). In March, the group
    tracked 402 scams against 18 companies. As of the last week in May,
    half as many companies had been targeted as in April, but the total
    number of scams for the month was unreported.
    Feature: A First Look at the New MBSA
       Microsoft recently released a new version of Microsoft Baseline
    Security Analyzer (MBSA), a free security auditing and reporting tool.
    MBSA 1.2 has many enhancements that improve its functionality for
    system and security administrators. In addition to the ability to scan
    10,000 machines in one run, MBSA now audits against a Microsoft
    Software Update Services (SUS) server and, when run locally, reports
    on macro settings in Microsoft Office products, the state of the
    Automatic Updates client, and the state of the Internet Connection
    Firewall (ICF). Paula Sharick gives an overview of the more notable
    new features in MBSA 1.2 in this article on our Web site.
    News: Microsoft Partnering to Sell ISA Server Appliances
       Microsoft announced at the Tech Ed 2004 conference in San Diego
    last week that it will team with hardware vendors to begin selling
    security appliances. The company aims to provide customers with a
    dedicated hardware solution that runs Internet Security and
    Acceleration Server (ISA) 2004, which is currently in beta testing.
    The solution will become available in the third quarter of this year
    from HP, Network Engines, Celestix Networks, and Avantis. The starting
    price will be $1499 per CPU, per server.
    ==== Announcements ====
       (from Windows & .NET Magazine and its partners)
    New Chapter Available--"The Expert's Guide for Exchange 2003:
    Preparing for, Moving to, and Supporting Exchange Server 2003"
       Chapter 4 is now available, "Database Strategies and Server
    Sizing." This free eBook will educate Exchange administrators and
    systems managers about how to best approach the migration and overall
    management of an Exchange 2003 environment. You'll learn about core
    issues such as configuration management, accounting, monitoring
    performance, and more. Get the latest chapter now!
    Chapter 2 Available Now--"Preemptive Email Security and Management"
       This free eBook will offer a preventive approach to eliminating
    spam and viruses, stopping directory harvest attacks, guarding
    content, and improving email performance. In this new chapter, learn
    evolving techniques for eliminating spam, email virus, and worm
    threats. Download this eBook today!
    Windows & .NET Magazine Announces Best of Tech Ed Winners!
       Windows & .NET Magazine and SQL Server Magazine announced the
    winners of the Best of Tech Ed 2004 Awards. The field included more
    than 260 entries in 10 categories. Winners were announced at a private
    awards ceremony on Wednesday, May 26 at Tech Ed. Click here to find
    out the winners:
    ==== 3. Instant Poll ====
    Results of Previous Poll
       The voting has closed in the Windows & .NET Magazine Network
    Security Web page nonscientific Instant Poll for the question, "Which
    wireless intrusion prevention system do you use?" Here are the results
    from the 9 votes.
       - 11% AirDefense products
       - 0% AirMagnet products
       - 0% Red-M products
       - 11% Aruba Wireless Networks products
       - 78% Other products
    New Instant Poll
       The next Instant Poll question is, "Does your company intend to
    implement Windows XP Service Pack 2 (SP2)?" Go to the Security Web
    page and submit your vote for
       - Yes, as soon as it's available
       - Yes, within 3 months of its release
       - Yes, within 6 months of its release
       - Yes, but we're not sure when
       - No
    ==== 4. Security Toolkit ====
    FAQ: How can I enable forms-based authentication for an Exchange
    Server 2003 system that hosts Microsoft Outlook Web Access (OWA)?
       by John Savill, http://www.winnetmag.com/windowsnt20002003faq
    A. After you enable Secure Sockets Layer (SSL) on a Microsoft Internet
    Information Services 5.0 (IIS) server (as I describe in the FAQ "How
    can I obtain a certificate so that I can enable Secure Sockets Layer
    (SSL) on my Microsoft Internet Information Services 5.0 (IIS)
    server?"), you can enable forms-based authentication on the server by
    performing these steps:
       1. Start the Exchange System Manager (ESM) utility (click Start,
    Programs, Microsoft Exchange, System Manager).
       2. Navigate to the OWA server (Administrator Groups,
    &ltAdministrative group name>, Servers, &ltServer name>).
       3. Expand Protocols and expand HTTP.
       4. Right-click the HTTP virtual server and click Properties.
       5. Click the Settings tab of the displayed dialog box.
       6. Select the "Enable Forms Based Authentication" check box and
    click OK.
    If you want to stop non-SSL connections to your Exchange server, you
    can modify the Exchange virtual directory through the Microsoft
    Management Console (MMC) IIS snap-in as follows:
       1. Access the Exchange virtual directory's Properties page.
       2. Click the Directory Security tab.
       3. Click Edit, and in the Secure Communication section, select the
    "Require secure channel (SSL)" check box.
    Featured Thread: Port Scanning a Windows Server 2003 System
       (Seven messages in this thread)
       A reader writes that he recently downloaded a simple port scanner
    program and scanned his Windows Server 2003 test server. He found that
    the server is running the following services: Domain Controller for
    his test Active Directory (AD), DHCP, DNS, FTP, File/Print Server, and
    RRAS with 2 NICs--one connected to a cable modem and the other to the
       After the port scanner has scanned all the ports of the WAN IP, its
    report shows that numerous other ports are open. The reader wants to
    know how to find out which programs are listening on each of the ports
    and how worms work (because he suspects that a worm might be able to
    infiltrate his system on one of the listening ports). Lend a hand or
    read the responses:
    ==== Events Central ====
       (A complete Web and live events directory brought to you by Windows
    & .NET Magazine: http://www.winnetmag.com/events )
    New Web Seminar--Shrinking the Server Footprint: Blade Servers
       In this free Web seminar, you'll learn how blade servers provide
    native hot-swappable support, simplified maintenance, modular
    construction, and support for scalability. And we'll talk about why
    you should be considering a blade server as the backbone of your next
    hardware upgrade. Register now!
    ==== 5. New and Improved ====
       by Jason Bovberg, products@private
    Monitor Your Server from Anywhere in the World
       GFI Software announced GFI Network Server Monitor 5.5, the most
    recent version of its automatic network and server monitoring tool.
    The upgraded version includes a remote Web monitor, which lets you
    check network and server status from anywhere in the world from a Web
    browser, a mobile phone, or any handheld device. GFI Network Server
    Monitor 5.5 costs $699 for unlimited monitoring of all workstations
    and servers or $375 for a five-server monitoring license. For more
    information about GFI Network Server Monitor 5.5 and to obtain an
    evaluation version, contact GFI on the Web.
    Tell Us About a Hot Product and Get a T-Shirt!
       Have you used a product that changed your IT experience by saving
    you time or easing your daily burden? Tell us about the product, and
    we'll send you a Windows & .NET Magazine T-shirt if we write about the
    product in a future Windows & .NET Magazine What's Hot column. Send
    your product suggestions with information about how the product has
    helped you to whatshot@private
    ==== Sponsored Links ====
       Comparison Paper: The Argent Guardian Easily Beats Out MOM
    ==== Contact Us ====
    About the newsletter -- letters@private
    About technical questions -- http://www.winnetmag.com/forums
    About product news -- products@private
    About your subscription -- securityupdate@private
    About sponsoring Security UPDATE -- emedia_opps@private
    ==== Contact Our Sponsors ====
    Primary Sponsor:
       OpenNetwork -- http://www.opennetwork.com
    This email newsletter is brought to you by Windows & .NET Magazine,
    the leading publication for IT professionals deploying Windows and
    related technologies. Subscribe today.
    You received this email message because you asked to receive
    additional information about products and services from the Windows &
    .NET Magazine Network. To unsubscribe, send an email message to
    mailto:Security-UPDATE_Unsub@private Thank you!
    View the Windows & .NET Magazine privacy policy at
    Windows & .NET Magazine, a division of Penton Media, Inc.
    221 East 29th Street, Loveland, CO 80538
    Attention: Customer Service Department
    Copyright 2004, Penton Media, Inc. All rights reserved.
    ISN mailing list
    Sponsored by: OSVDB.org

    This archive was generated by hypermail 2b30 : Thu Jun 03 2004 - 02:41:23 PDT