[ISN] Security UPDATE -- The Perils of Mobile Computing -- July 13, 2005

From: InfoSec News (isn@private)
Date: Thu Jul 14 2005 - 22:30:36 PDT


====================

This email newsletter comes to you free and is supported by the 
following advertisers, which offer products and services in which 
you might be interested. Please take a moment to visit these 
advertisers' Web sites and show your support for Security UPDATE. 

Testing Your Security Configuration
   http://list.windowsitpro.com/t?ctl=E44A:4FB69 

Windows Master CD
   http://list.windowsitpro.com/t?ctl=E45A:4FB69 

====================

1. In Focus:  The Perils of Mobile Computing

2. Security News and Features
   - Recent Security Vulnerabilities
   - Microsoft Baseline Security Analyzer v2.0 Now Available
   - Active Directory Federation Services for Non-Microsoft Platforms

3. Security Toolkit
   - Security Matters Blog
   - FAQ
   - Security Forum Featured Thread

4. New and Improved
   - Partnering for Better Security

====================

==== Sponsor: Testing Your Security Configuration ====

   Over a decade ago the Department of Defense (DoD) released a 
statement saying, "Hack your network, or the hackers will do it for 
you. Up until that point, the value of vulnerability scanning and 
penetration testing was questionable. Today, vulnerability-scanning 
hackers, Internet-traveling worms, and roving bots are common. The 
DoD's advice given 10 years ago still holds true: You should conduct 
regular vulnerability and penetration testing audits to validate your 
security policy. This free white paper will discuss how to identify and 
fix vulnerabilities, discover and use vulnerability assessment tools, 
evaluate your security investment and more. Download your free copy 
now!
   http://list.windowsitpro.com/t?ctl=E44A:4FB69 

====================

==== 1. In Focus: The Perils of Mobile Computing ====
   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Over the past few years, wireless networks have spread all over the 
place. Some cities and towns even provide free Internet access over 
public networks. Chances are high that unless you live in a very rural 
area, one or more of your neighbors has a home wireless network. 
Chances are also high that many of those neighboring wireless networks 
are wide open, and anybody can connect without the owner's permission. 
And, invariably, sooner or later somebody does just that. 

With the proliferation of wireless networks comes the very attractive 
opportunity to use mobile computing in all sorts of ways. For example, 
many coffee shops offer free wireless access, as do libraries and 
restaurants. So if you're a telecommuter working on the road somewhere, 
or just want to check your email or do a little Web surfing without 
going back to your own network, you can use any number of public 
wireless networks. 

A problem with the ease-of-use that open wireless networks offer is 
that invariably some people can't resist using an open wireless network 
even if it's not expressly made open for the public. That's when simple 
wardriving can become a criminal act. After all, the unauthorized use 
of a network is a crime in most places today. So if you discover a 
wireless network and decide to use it, you might be committing a crime. 

Last week, a precedent for increased arrests began to develop in 
Florida. A man discovered that another man was sitting outside his 
house in a vehicle while using a laptop. The man in the house 
apparently had an open wireless network, and the man in the vehicle had 
connected to the wireless network without permission and was using it 
for what are at this time unknown purposes. Eventually, the homeowner 
informed the police, who subsequently arrested and charged the man in 
the vehicle. He now faces a criminal case. 

The man's illegal use of someone else's network is puzzling. If I 
understand correctly, the incident took place in St. Petersburg, which 
is the fourth largest city in Florida with a population of nearly 
250,000. Certainly, there must be many places that offer free public 
wireless network access, so why did the man choose to break into 
someone else's network? I don't know, but the incident does raise some 
interesting questions. 

What if that man was using a computer provided by his company? Or what 
if he was checking email on his company's mail server? Would that then 
make the company liable for the man's actions? If nothing else, the 
incident points out that businesses that provide wireless devices to 
their employees should probably consider implementing policies that 
stipulate acceptable use of those devices. Without such policies, 
businesses are more open to potential legal problems if employees 
misuse company equipment. 

If you're interested in the details of this story, then use your 
favorite news site search engine to look for the terms "wireless" and 
"Florida," and add the terms "Smith" and "Dinon" if you need to narrow 
the search results. 

====================

==== Sponsor: Windows Master CD ====

   Why Do You Need the Windows IT Pro Master CD?        
There are three good reasons to order our latest Windows IT Pro Master 
CD. One, because it's lightning-fast, portable tool that let you search 
for solutions by topic, author, or issue. Two, because it includes our 
Top 100 Windows IT Pro Tips. Three, because you'll also receive 
exclusive, subscriber-only access to our entire online article 
database. Click here to discover even more reasons:
   http://list.windowsitpro.com/t?ctl=E45A:4FB69 

====================

==== 2. Security News and Features ====

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security 
Alerts, which inform you about recently discovered security 
vulnerabilities. You can also find information about these 
discoveries at
   http://list.windowsitpro.com/t?ctl=E452:4FB69

Microsoft Baseline Security Analyzer 2.0 Now Available
   On July 1, Microsoft released Microsoft Baseline Security Analyzer 
(MBSA) 2.0. The new version supports Windows Server Update Services 
(WSUS) and includes a new command line interface to perform local and 
remote scans. 
   http://list.windowsitpro.com/t?ctl=E458:4FB69

Active Directory Federation Services for Non-Microsoft Platforms
   Windows Server 2003 R2 will support Web-based single-sign-on (SSO) 
and federated authentication using Active Directory (AD) as the 
backend. Centrify aims to enable the technology on non-Microsoft 
platforms.
   http://list.windowsitpro.com/t?ctl=E459:4FB69


====================

==== Resources and Events ====

Identify the Key Security Considerations for Wireless Mobility  
   Wireless and mobile technologies are enabling enterprises to gain 
competitive advantage through accelerated responsiveness and increased 
productivity. In this free Web seminar, you'll receive a checklist of 
risks to factor in when considering your wireless mobility technology 
evaluations and design. Sign up today and learn all you need to know 
about firewall security, transmission security, OTA management, 
management of third-party security applications, and more!  
   http://list.windowsitpro.com/t?ctl=E450:4FB69

Learn to Sort Through Sarbanes-Oxley, HIPPA, and More Legislation 
Quicker and Easier!  
   In this free Web seminar, get the tips you've been looking for to 
save time and money in achieving IT security and regulatory compliance. 
Find out how you can simplify these manually intensive, compliance-
related tasks that reduce IT efficiency. Turn these mandates into 
automated and cost-effective solutions. Register now!  
   http://list.windowsitpro.com/t?ctl=E44D:4FB69

New Cities Added--SQL Server 2005 Roadshow in a City Near You  
   Get the facts about migrating to SQL Server 2005. SQL Server experts 
will present real-world information about administration, development, 
and business intelligence to help you implement a best-practices 
migration to SQL Server 2005 and improve your database computing 
environment. Attend and receive a 1-year membership to PASS and 1-year 
subscription to SQL Server Magazine. Register now!  
   http://list.windowsitpro.com/t?ctl=E451:4FB69

Integrate Your Compliance System With Backup and Recovery  
   Discover the issues involved with integrating your compliance system 
with backup and recovery, including backup schedules, pros and cons of 
outsourcing backup media storage and management, the DR implications of 
backing up compliance data, the possibility of using alternative backup 
methods to provide backup and compliance in a single system, and more. 
You'll learn what to watch out for when combining the two functions and 
how to assess whether your backup/restore mechanisms are equal to the 
challenge.  
   http://list.windowsitpro.com/t?ctl=E44E:4FB69

Influencers 2005:  Thriving In The Face Of Regulation: How to 
Accommodate the New Corporate Governance Regime and Achieve Optimum 
Financial Performance  
   Join Arthur Levitt, former chairman of the SEC, Arnold Hanish, and 
Scott Mitchell as they discuss the most important management challenge 
facing businesses today--Wednesday, July 20 at 11:00 a.m. EDT.  
Register here: 
   http://list.windowsitpro.com/t?ctl=E44C:4FB69

You Could Win An iPod Mini!  
   Your expert opinion makes a difference--tell us what you think about 
industry conferences and events. Your feedback is very valuable to us. 
Take this short survey today!  
   http://list.windowsitpro.com/t?ctl=E453:4FB69  

==== Featured White Papers ====
   Is Your Company Legally Required to Have an Email Compliance and 
Retention Policy?  
   Gain an understanding of general retention and compliance issues and 
Microsoft Exchange Server's built-in archiving and compliance features 
and get guidance on the first steps to take when starting an archiving 
regime. Plus--discover how to analyze trends and usage across your 
messaging store.  
   http://list.windowsitpro.com/t?ctl=E44B:4FB69

====================

==== 3. Security Toolkit ==== 

Security Update for Internet Explorer
   by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=E45E:4FB69

   Microsoft released a security update for Internet Explorer (IE) 5.x 
and 6.0. Microsoft article 903235 discusses the matter.
   http://list.windowsitpro.com/t?ctl=E457:4FB69

FAQ
   by John Savill, http://list.windowsitpro.com/t?ctl=E45C:4FB69 

Q: How can I enable the Anonymous SID to be part of the Everyone group 
in Windows XP and later? 

Find the answer at http://list.windowsitpro.com/t?ctl=E456:4FB69

Audit File Access
   (Two messages in this thread)
   A reader wants to know whether there are any third-party tools to 
implement domain-wide file auditing. He needs to be able to dump log 
data into a database, including which files were accessed, when they 
were accessed, the name of the user who accessed the files, and the 
computer that the files were accessed from.

 Join the discussion at 
   http://list.windowsitpro.com/t?ctl=E44F:4FB69

====================

==== Announcements ====
   (from Windows IT Pro and its partners)

Check Out the New Windows IT Security Newsletter!       
   Security Administrator is now Windows IT Security. We've expanded 
our content to include even more fundamentals on building and 
maintaining a secure enterprise. Each issue also features product 
coverage of the best security tools available and expert advice on the 
best way to implement various security components. Plus, paid 
subscribers get online access to our entire security article database 
(over 1900 security articles)! Order now:
   http://list.windowsitpro.com/t?ctl=E455:4FB69

Exclusive Content for VIP Subscribers!         
   Get inside access to all of the content and vast resources from 
Windows IT Pro, SQL Server Magazine, Exchange & Outlook Administrator, 
Windows Scripting Solutions, and Windows IT Security, with over 26,000 
articles at your fingertips. Your VIP subscription also includes a 1-
year print subscription to Windows IT Pro and a VIP CD (includes entire 
article database). Sign up now:    
   http://list.windowsitpro.com/t?ctl=E45B:4FB69

====================

==== 4. New and Improved ====
   by Dustin Ewing, products@private

Partnering for Better Security
   Apani Networks announced that its In-depth Network Security (INS) 
system is available from HP. HP will provide first-line support for 
customers around the world, as well as security-compliance consulting 
and onsite services as needed. INS provides complete network-access 
control, dynamic implementation of network security policies, and 
point-to-point encryption. It will allow organizations to manage 
security relationships for an entire network from a centralized point. 
This centralization reduces infrastructure costs and provides a 
security audit trail, which is essential for compliance regulation 
requirements. For more information, visit the company's Web site 
   http://list.windowsitpro.com/t?ctl=E460:4FB69

Tell Us About a Hot Product and Get a T-Shirt!
   Have you used a product that changed your IT experience by saving 
you time or easing your daily burden? Tell us about the product, and 
we'll send you a T-shirt if we write about the product in a future 
Windows IT Pro What's Hot column. Send your product suggestions with 
information about how the product has helped you to 
   whatshot@private

Editor's note: Share Your Security Discoveries and Get $100
   Share your security-related discoveries, comments, or problems and 
solutions in the Windows IT Security print newsletter's Reader to 
Reader column. Email your contributions (500 words or less) to 
r2rwinitsec@private If we print your submission, you'll 
get $100. We edit submissions for style, grammar, and length.

====================

==== Sponsored Link ====

Argent versus MOM 2005   
   Experts Pick the Best Windows Monitoring Solution               
   http://list.windowsitpro.com/t?ctl=E449:4FB69

==== Contact Us ==== 

About the newsletter -- letters@private
About technical questions -- http://list.windowsitpro.com/t?ctl=E45F:4FB69
About product news -- products@private
About your subscription -- windowsitproupdate@private
About sponsoring Security UPDATE -- emedia_opps@private

====================

This email newsletter is brought to you by Windows IT Security, 
the leading publication for IT professionals securing the Windows 
enterprise from external intruders and controlling access for 
internal users. Subscribe today.
   http://list.windowsitpro.com/t?ctl=E454:4FB69

View the Windows IT Pro privacy policy at
   http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2005, Penton Media, Inc. All rights reserved.



_________________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 23-28 - 
2,000+ international security experts, 
10 tracks, no vendor pitches.
www.blackhat.com 



This archive was generated by hypermail 2.1.3 : Thu Jul 14 2005 - 22:54:32 PDT