==================== ==== This Issue Sponsored By ==== Free Security White Paper from Postini http://list.winnetmag.com/cgi-bin3/DM/y/egKh0CJgSH0CBw0BJGU0Au Windows & .NET Magazine http://list.winnetmag.com/cgi-bin3/DM/y/egKh0CJgSH0CBw0BEuX0Ae ==================== 1. In Focus: More About Wi-Fi Security 2. Security News and Features - Recent Security Vulnerabilities - News: New IE Flaws Might Allow Code Injection 3. Instant Poll 4. Security Toolkit - FAQ - Featured Thread 5. New and Improved - Increased Control Over IP Network Access and Security ==================== ==== Sponsor: Postini ==== How to Preemptively Eliminate the Top 5 Email Security Threats Are worries about spam and virus attacks to your enterprise email system keeping you up at night? See why spam and viruses are only the "tip of the iceberg" when it comes to email security threats. Learn how you can eliminate the top 5 security threats to your email system, including the silent killer -- directory harvest attacks. The good news is there's an easy and effective way to arm your organization against all threats, even the latest spam and email attacks. Find out how to completely and preemptively protect against major threats including spam, viruses, directory harvest attacks (DHA), denial-of-service (DoS) attacks, as well as internal policy violations. Download this free white paper today! http://list.winnetmag.com/cgi-bin3/DM/y/egKh0CJgSH0CBw0BJGU0Au ==================== ==== 1. In Focus: More About Wi-Fi Security ==== by Mark Joseph Edwards, News Editor, mark at ntsecurity dot net Last week, I wrote about problems with particular Linksys and NETGEAR wireless Access Points (APs). I suggested that people might consider putting their APs behind a firewall to better protect the systems from access by outsiders who might approach the units from a WAN link. This practice might protect wireless APs against any unknown vulnerabilities that intruders might discover. Even if your APs have built-in firewalls of their own, consider also using a firewall external to them. The approach makes sense, but while cruising the Internet last week, I came across an old, but interesting article, "WiFi Security Checklist," at the Security Technique Web site that made me realize that I had overlooked another potential problem that you might want to consider. http://www.securitytechnique.com/2003/11/wsc.html As you know, wireless protocols are vulnerable to a variety of attacks. APs' very nature makes them prone to granting access to users outside your immediate working environment. And of course, once someone has connected to one of your APs, he or she is part of your network. This situation raises the question of how much of your network is exposed to your APs. If you have no additional barriers in place and your APs are essentially inside your trusted network, an intruder will also be inside your trusted network after he or she connects to one of your APs. I doubt that you want to leave that gaping hole open. So in addition to putting a firewall in between your APs and external networks (whether they be the Internet, partner networks, remote offices, or other networks), you should probably consider putting a firewall behind your APs. In that sort of configuration, you could use some sort of VPN in which wireless clients tunnel back into your private network for access to network resources. That way, if an intruder connects to one of your APs, he or she will have far less to work with when trying to penetrate your overall network. Or, if your environment uses Remote Authentication Dial-In User Service (RADIUS), you might consider using RADIUS to pass routing restrictions to your APs. For example, Randy Franklin Smith explains in "A Secure Wireless Network Is Possible," Windows & .NET Magazine, May 2004, that if a visiting business partner connects to your AP, RADIUS could pass a routing restriction to the AP that allows him or her access only to the Internet and not your internal network. If you subscribe to the print magazine, you can read Smith's article on our Web site. http://www.winnetmag.com/article/articleid/42273/42273.html ==================== ==== Sponsor: Windows & .NET Magazine ==== Get 2 Sample Issues of Windows & .NET Magazine! Every issue of Windows & .NET Magazine includes intelligent, impartial, and independent coverage of security, Active Directory, Exchange, scripting, and much more. Our expert authors deliver how-to articles and product evaluations that will help you do your job better. Try two, no-risk sample issues today, and find out why 100,000 IT professionals rely on Windows & .NET Magazine each month! http://list.winnetmag.com/cgi-bin3/DM/y/egKh0CJgSH0CBw0BEuX0Ae ==================== ==== 2. Security News and Features ==== Recent Security Vulnerabilities If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at http://www.winnetmag.com/departments/departmentid/752/752.html News: New IE Flaws Might Allow Code Injection On June 7, Jelmer Kuperus posted a message to the Full Disclosure mailing list to report the existence of new vulnerabilities in Microsoft Internet Explorer (IE) and exploits that take advantage of those flaws. As a result, we might see Microsoft release at least one new IE patch before its next scheduled security patch release date of July 15. http://www.winnetmag.com/article/articleid/42959/42959.html ==================== ==== Announcements ==== (from Windows & .NET Magazine and its partners) Security Patch Management Tools--Windows and Office Update Web Seminar How are you evaluating, distributing, and installing software patches? This free Webcast discusses the importance of patch management and establishing a patch-management process by using Windows and Office Update as a patch-management tool in your environment. Register now! http://list.winnetmag.com/cgi-bin3/DM/y/egKh0CJgSH0CBw0BJAa0A1 Windows Connections October 24-27, Orlando, Florida. Save these dates for the Fall 2004 Windows Connections conference, which will run concurrently with Microsoft Exchange Connections. Register early and receive admission to both conferences for one low price. Learn firsthand from Microsoft product architects and the best third-party experts. Go online or call 800-505-1201 for more information. http://list.winnetmag.com/cgi-bin3/DM/y/egKh0CJgSH0CBw0KXQ0A3 Attend the Black Hat Briefings & Training USA Event - July 24-29, 2004 This is the world's premier technical IT security conference, hosting 2,000 delegates from 30 nations. Featuring 27 hands-on training courses and 10 conference tracks with presentations by security experts and "underground" security specialists. Early-bird registration deadline is July 1! http://list.winnetmag.com/cgi-bin3/DM/y/egKh0CJgSH0CBw0pHV0AU ==================== ==== Hot Release ==== Ultimate Windows Security Training You've read his articles... Now come to his training! Mind-meld with Windows security expert Randy Franklin Smith and learn his secrets on AD, Group Policy, WiFi Security, VPNs, IPSec, Security Log, EFS, IAS, Software Restrictions, Windows Firewall, etc. Download free security log quick reference chart. http://list.winnetmag.com/cgi-bin3/DM/y/egKh0CJgSH0CBw0BJGV0Av ==================== ==== 3. Instant Poll ==== Results of Previous Poll The voting has closed in the Windows & .NET Magazine Network Security Web page nonscientific Instant Poll for the question, "Does your company intend to implement Windows XP Service Pack 2 (SP2)?" Here are the results from the 134 votes. - 29% Yes, as soon as it's available - 31% Yes, within 3 months of its release - 7% Yes, within 6 months of its release - 19% Yes, but we're not sure when - 13% No (Deviations from 100 percent are due to rounding.) New Instant Poll The next Instant Poll question is, "Where are your wireless Access Points (APs)?" Go to the Security Web page and submit your vote for - Inside the border firewall - Outside the border firewall - Between the border firewall and an internal firewall http://www.winnetmag.com/windowssecurity ==== 4. Security Toolkit ==== FAQ: How Do I Install Microsoft Exchange Server 2003 Service Pack 1 (SP1)? by John Savill, http://www.winnetmag.com/windowsnt20002003faq A. Before you install Exchange 2003 SP1, read the release notes. They contain a number of notices that could apply to your site and might affect the order in which you upgrade servers. You also need to apply the hotfix described by the Microsoft article "FIX: IIS 6.0 compression corruption causes access violations," http://support.microsoft.com/?kbid=831464 before you install the service pack. After you have the SP1 installation files, run the update.exe program as you would for any other service pack. During the installation, the Information Store service, WWW service, and other Exchange processes are stopped, which interrupts service to users. Therefore, you should plan to perform the upgrade at a time when users don't need to access Exchange. A new version of the Exchange Server Deployment Tools is available from the link below. You can use the deployment tools to assist you in the upgrade process. The tools offer new features, including enhanced support for consolidating sites in a mixed-mode environment (i.e., an environment containing a mix of servers running any combination of Exchange 2003, Exchange 2000 Server, and Exchange Server 5.5). http://www.microsoft.com/downloads/details.aspx?familyid=271e51fd-fe7d-42ad-b621-45f974ed34c0&displaylang=en Featured Thread: Extranet Security Setup (One message in this thread) A reader wants to create an Active Server Pages (ASP) extranet application that will give his customers access to information such as the work his company has done for them, the costs, and any scheduled work. Each user should be able to view his or her own information but not other customers' information. All the information is stored in one database, so he's thinking about using views in SQL Server 2000 to ensure that customers see only their own information. You can read the reader's plans for his application and offer advice at http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=122017 ==================== ==== Events Central ==== (A complete Web and live events directory brought to you by Windows & .NET Magazine: http://www.winnetmag.com/events ) New--Shrinking the Server Footprint: Blade Servers In this free Web seminar, you'll learn how blade servers provide native hot swappable support, simplified maintenance, modular construction, and support for scalability. And we'll talk about why you should be considering a blade server as the backbone of your next hardware upgrade. Register now! http://list.winnetmag.com/cgi-bin3/DM/y/egKh0CJgSH0CBw0BJAQ0Ak ==================== ==== 5. New and Improved ==== by Jason Bovberg, products@private Increased Control Over IP Network Access and Security MetaInfo and Perfigo announced a joint marketing and integration alliance in which the companies will provide and support integration between MetaInfo's Meta IP SAFE DHCP and Perfigo's SecureSmart and CleanMachines products. By integrating the companies' complementary technologies, customers will be able to control and protect against unauthenticated access, viruses, worms, and policy noncompliance at the IP layer. While authenticating the machine's identity, the Meta IP SAFE DHCP server simultaneously requests network security validation and policy compliance checks from CleanMachines. CleanMachines conducts administrator-defined network and device-based scans that can find security vulnerabilities, such as viruses, outdated patches, spyware, and worms. For more information about this partnership, contact MetaInfo at 206-674-3700 or on the Web. http://www.metainfo.com Tell Us About a Hot Product and Get a T-Shirt! Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows & .NET Magazine T-shirt if we write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions with information about how the product has helped you to whatshot@private ==================== ==== Sponsored Links ==== Argent Comparison Paper: The Argent Guardian Easily Beats Out MOM http://list.winnetmag.com/cgi-bin3/DM/y/egKh0CJgSH0CBw0BDWV0A6 Microsoft(R) TechNet Microsoft(R) TechNet Webcasts: essential guidance, industry experts http://list.winnetmag.com/cgi-bin3/DM/y/egKh0CJgSH0CBw0BG360A1 ==================== Editor's note: Share Your Security Discoveries and Get $100 Share your security-related discoveries, comments, or problems and solutions in the Security Administrator print newsletter's Reader to Reader column. Email your contributions (500 words or less) to r2rsecadmin@private If we print your submission, you'll get $100. We edit submissions for style, grammar, and length. ==================== ==== Contact Us ==== About the newsletter -- letters@private About technical questions -- http://www.winnetmag.com/forums About product news -- products@private About your subscription -- securityupdate@private About sponsoring Security UPDATE -- emedia_opps@private ==================== ==== Contact Our Sponsors ==== Primary Sponsor: Postini -- http://www.postini.com -- 1-888-584-3150 Hot Release Sponsor: Monterey Technology Group -- http://www.montereytechgroup.com -- 1-864-587-9720 ==================== This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today. http://www.winnetmag.com/sub.cfm?code=wswi201x1z You received this email message because you asked to receive additional information about products and services from the Windows & .NET Magazine Network. To unsubscribe, send an email message to mailto:Security-UPDATE_Unsub@private Thank you! View the Windows & .NET Magazine privacy policy at http://www.winnetmag.com/AboutUs/Index.cfm?action=privacy Windows & .NET Magazine, a division of Penton Media, Inc. 221 East 29th Street, Loveland, CO 80538 Attention: Customer Service Department Copyright 2004, Penton Media, Inc. All rights reserved. _________________________________________ ISN mailing list Sponsored by: OSVDB.org - For 15 cents a day, you could help feed an InfoSec junkie! (Broke? Spend 15 minutes a day on the project!)
This archive was generated by hypermail 2b30 : Thu Jun 17 2004 - 11:36:34 PDT