[ISN] Security UPDATE -- In Focus: pGina Open Source GINA Replacement -- March 30, 2005

From: InfoSec News (isn@private)
Date: Wed Mar 30 2005 - 22:37:41 PST


This email newsletter comes to you free and is supported by the 
following advertisers, which offer products and services in which 
you might be interested. Please take a moment to visit these 
advertisers' Web sites and show your support for Security UPDATE. 

Free Info Kit on Automating Patch Management

New NetOp Remote Control v 8.0


1. In Focus: pGina Open Source GINA Replacement 

2. Security News and Features
   - Recent Security Vulnerabilities
   - Altiris to Acquire Pedestal Software
   - BMC Acquires OpenNetwork
   - Consolidated Security Event IDs in Windows 2003

3. Security Toolkit
   - Security Matters Blog
   - FAQ
   - Security Forum Featured Thread

4. New and Improved
   - Encryption with Two-Factor Authentication


==== Sponsor: PatchLink====

Free Info Kit on Automating Patch Management
   Now, in a free information kit, learn how easily you can identify, 
deploy, and maintain patches critical to the security and availability of 
your network. You'll also discover how you can maintain bulletproof security 
-- against a range of threats -- at every network endpoint. This 
information-packed kit, from the pros at PatchLink, also shows you how to 
reduce IT workload by automating the installation of critical patches while 
being confident that all installed patches are pre-tested - without having 
to do the testing. Click here to get your Free "Automating Patch Management" 
Kit now, and learn how to ease one of your biggest IT burdens. Download your 
Free Kit at:


==== 1. In Focus: pGina Open Source GINA Replacement ====
   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

You're probably aware that Windows Graphical Identification and 
Authentication (GINA) DLL is the interface used for logons during user 
authentication. You might also be aware that you can install a GINA 
replacement if you need to use nonstandard authentication methods or to 
integrate additional authentication types, such as a fingerprint logon 

It's probably not wise to replace GINA unless you really need to 
because doing so could weaken both your system and network security. 
But in some cases, that might not matter to you as much as the 
management headache that you'd incur if you didn't replace GINA. 

Some vendors--particularly those that make alternative authentication 
systems--offer GINA replacements to help integrate their products into 
a Windows platform. But there are undoubtedly some network 
architectures in which you'd really like to a have a GINA replacement, 
yet haven't found anything suitable that can address all your needs. 

Recently in SecurityFocus's Focus-MS mailing list, someone mentioned an 
open-source GINA replacement, pGina, that seems like it could be 
helpful to those with diverse authentication needs. pGina, from XPA 
Systems, is unique in that it uses a plug-in architecture that lets you 
add just about any kind of authentication mechanism you can imagine. If 
there isn't a plug-in that meets your needs, then you can use the 
source code to develop one or have someone develop a plug-in for you. 
Depending on your needs and network architecture, pGina might let you 
centralize all your user credentials, which could save a lot of time 
and effort in management. 

Numerous plug-ins are already available for pGina. For example, the 
Remote Authentication Dial-in User Service (RADIUS) plug-in lets you 
authenticate users to any RADIUS server. The ACE plug-in lets you use 
RSA Security's RSA SecureID two-factor authentication system for 
Windows logons--although last I heard, RSA does offer its own GINA 
replacement. Another interesting plug-in works with MySQL open-source 
database servers, which could be used to store user credentials. Yet 
another plug-in works with the Bluesocket architecture, which is very 
useful for authenticating mobile users. There are also plug-ins for 
Network Information Service (NIS) servers, Lightweight Directory Access 
Protocol (LDAP) servers, OpenAFS (based on the Andrew File System), and 

GINA replacements are also available from other sources. FrontMotion 
sells source code to a GINA replacement that supports most versions of 
Windows and includes domain support and Active Directory (AD) support. 
Doug Scoular offers a free GINA replacement that helps integrate 
Windows with Unix or Linux platforms by using FTP as an authentication 
mechanism. Deakin University offers free GINA source code that can be 
used to authenticate with NIS servers. 


==== Sponsor: CrossTec ====

FREE Download  The Next Generation of End-Point Security is Available 
   NEW NetOp Desktop Firewall's fast 100% driver-centric design offers 
a tiny footprint that protects machines even before Windows loads - 
without slowing them down. NetOp is also the only solution to provide 
process control as well as application control to give you the highest 
level of security. The NetOp Desktop Firewall utilizes real-time 
centralized management and control, intelligent network detection, 
stateful packet filtering, port blocking, protection from process 
hijacking, and much more. Try it FREE.


==== 2. Security News and Features ====

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security 
Alerts, which inform you about recently discovered security 
vulnerabilities. You can also find information about these 
discoveries at

Altiris to Acquire Pedestal Software
   Altiris announced that it will acquire Pedestal Software in a deal 
valued at $65 million. Altiris further said that after the deal closes 
at the end of March, the company will immediately begin integrating 
Pedestal products into its distribution channels and will continue 
offering Pedestal's SecurityExpressions and AuditExpress products as 
standalone solutions.

BMC Acquires OpenNetwork
   BMC Software announced that it has reached an agreement to acquire 
OpenNetwork, makers of Web application management and single sign-on 
(SSO) technology. BMC said OpenNetwork's solutions will allow BMC to 
expand its browser-based authentication and authorization offerings, 
which compliment its existing offerings for workflow, audit and 
compliance, enterprise-enabled SSO, provisioning, and directory content 

Consolidated Security Event IDs in Windows 2003
   Randy Franklin Smith tells why Windows Server 2003 domain 
controllers (DCs) don't report domain-account authentication failures, 
except for bad password attempts. 


==== Resources and Events ====

The Essential Guide to Active Directory Management
   Migrating from NDS and/or eDirectory to AD means changes in the way 
you manage your network, users, and network resources. Download this 
Essential Guide to Active Directory Management and learn hands-on 
approaches that reduce management complexity, IT workload, and costs 
and improve security--all with minimal impact on your organization. 
Download this guide today.

Get Chapter 2 of "SQL Server Administration for Oracle DBAs"
   Learn the key concepts that give Oracle DBAs a firm foundation in 
mapping Oracle database-management skills, knowledge, and experience to 
SQL Server database management. Chapter 2 of this free eBook discusses 
SQL Server management, including managing memory, processes, storage, 
sessions and transactions, and low-level structures (e.g., locks, 
latches). Download Chapter 2 now!

Attend This Free Web Seminar for a Chance to Win a $1000 American 
Express Gift Check!
   Achieve High Availability and Disaster Recovery for Microsoft 
Servers. In this Web seminar, discover what it takes to minimize the 
likelihood of downtime through reliability and resilience in your 
Microsoft server environment, including Exchange Server, SQL Server, 
File Server, IIS, and SharePoint. Sign up today!

Hey Europe! Get Ready to Become the Next Gatekeeper Champion
   Get a leg up on your fellow European IT pros by getting all the 
study materials you'll need to help you prepare for the next Gatekeeper 
competition on April 4. Windows IT Pro will help you hone your security 
skills and become the ultimate IT security expert. Start preparing now 
by visiting:

Sensible Best Practices for Exchange Availability On-Demand Web Seminar
   If you're discouraged about not having piles of money for improving 
the availability of your Exchange server, join Exchange MVP Paul 
Robichaux for this free Web seminar and learn how to maximize your 
existing configuration. Survive unexpected outages, plan for the 
unplannable, and evaluate what your real business requirements are 
without great expense. Register now!


==== 3. Security Toolkit ==== 

Security Matters Blog 
   by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=650F:4FB69

Patching with WSUS
   If you're interested in using Windows Server Update Services (WSUS--
formerly Windows Update Services), then you might consider watching 
Microsoft's new on-demand TechNet Webcast, "Introduction to Security 
Patching Using Windows Update Services." The Webcast offers insight 
into WSUS's new features and offers planning and deployment guidance. 
Microsoft also released a WSUS release candidate (RC) and said that 
after April 22, WUS beta 2 will no longer receive updates. So if you 
were testing the beta, you need to update your copy to the RC. 

   by John Savill, http://list.windowsitpro.com/t?ctl=650D:4FB69 

Q: How can I deploy missing patches to my Microsoft Systems Management 
Server (SMS) clients?

Find the answer at

Security Forum Featured Thread: Password Control Via IIS
   A forum participant has an intranet that requires domain 
authentication for access to data on one Windows 2000 Server machine. 
He's set a password timeout period for x number of days. But users 
don't see a password expiration warning because they log on via an IIS 
site. In addition, passwords seem to stop working for some time before 
they expire. How can he deliver a password expiration notification to 
the users? Join the discussion at 


==== Announcements ====
   (from Windows IT Pro and its partners)

Get Windows IT Pro at 44% Off!
   Windows & .NET Magazine is now Windows IT Pro! Act now to get an 
entire year for just $39.95--that's 44% off the cover price! Our March 
issue shows you what you need to know about Windows Server 2003 SP1, 
how to get the best out of your IT staff, and how to fight spyware. 
Plus, we review the top 10 features of Mozilla Firefox 1.0. This is a 
limited-time, risk-free offer, so click here now:


==== 4. New and Improved ====
   by Renee Munshi, products@private

Encryption with Two-Factor Authentication
   Mobile Armor announced that its PolicyServer and DataArmor products 
have "RSA SecurID Ready" certification, meaning that they now integrate 
with RSA SecurID two-factor authentication technology. DataArmor 
software provides preboot authentication and high-speed full-device 
encryption, especially for mobile devices; PolicyServer integrates 
DataArmor with other security software such as antivirus solutions, 
VPNs, and firewalls. For more information, go to

Tell Us About a Hot Product and Get a T-Shirt!
   Have you used a product that changed your IT experience by saving 
you time or easing your daily burden? Tell us about the product, and 
we'll send you a T-shirt if we write about the product in a future 
Windows IT Pro What's Hot column. Send your product suggestions with 
information about how the product has helped you to 

Editor's note: Share Your Security Discoveries and Get $100
   Share your security-related discoveries, comments, or problems and 
solutions in the Windows IT Security print newsletter's Reader to 
Reader column. Email your contributions (500 words or less) to 
r2rwinitsec@private If we print your submission, you'll 
get $100. We edit submissions for style, grammar, and length.


==== Contact Us ==== 

About the newsletter -- letters@private
About technical questions -- http://list.windowsitpro.com/t?ctl=6513:4FB69
About product news -- products@private
About your subscription -- windowsitproupdate@private
About sponsoring Security UPDATE -- emedia_opps@private


This email newsletter is brought to you by Windows IT Security, 
the leading publication for IT professionals securing the Windows 
enterprise from external intruders and controlling access for 
internal users. Subscribe today.

View the Windows IT Pro privacy policy at

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2005, Penton Media, Inc. All rights reserved.

Network Security - http://www.auditmypc.com
Free vulnerability test - How secure is your computer?

This archive was generated by hypermail 2.1.3 : Thu Mar 31 2005 - 03:33:10 PST