PLEASE VISIT OUR SPONSORS, WHO BRING YOU SECURITY UPDATE FOR FREE: Are you spending too much time monitoring security logs? http://list.windowsitpro.com/t?ctl=35FCA:7EB890 Clean Up Your Company's Email Act: Using Filters to Block Threats http://list.windowsitpro.com/t?ctl=35FCE:7EB890 Ensure Instant Access To Files at Remote Servers/Offices http://list.windowsitpro.com/t?ctl=35FE0:7EB890 === CONTENTS =================================================== IN FOCUS: Malware Up Close NEWS AND FEATURES - BorderWare Teams Up with Zfone Creator - Darknet Aims to Keep Net Traffic Confidential - Market Watch: Network Quarantine - Recent Security Vulnerabilities GIVE AND TAKE - Security Matters Blog: Hardcore IDS 1.0 - FAQ: Windows Live OneCare and VPNs - From the Forum: Prevent Web Site Defacement - Instant Poll: IPsec Authentication Methods - Share Your Security Tips PRODUCTS - Manage and Secure Remote Systems - Wanted: Your Reviews of Products RESOURCES AND EVENTS FEATURED WHITE PAPER ANNOUNCEMENTS === SPONSOR: CrossTec ========================================== Are you spending too much time monitoring security logs? Research shows that IT Security Managers can spend over four hours a day monitoring various security event logs and chasing after alerts. Activeworx saves you valuable time because it consolidates and manages logs from multiple vendors and devices. Activeworx Security Center is a cost-effective security information management solution that provides real-time security device log monitoring with correlated alerts, audit and compliance reports, and tools for advanced, in-depth forensic analysis. Activeworx reduces the time it takes to analyze event data from multiple sources and produces real-time reports that pinpoint network security breaches and vulnerabilities. These in-depth reports provide the details necessary for regulatory compliance reporting for Sarbanes-Oxley, HIPAA, and the Gramm-Leach-Bliley Act. Try Activeworx for free - fast install and free support. http://list.windowsitpro.com/t?ctl=35FCA:7EB890 === IN FOCUS: Malware Up Close ================================= by Mark Joseph Edwards, News Editor, mark at ntsecurity / net On August 15, Security UPDATE subscribers received the Security Alert "Exploits Attack Windows Server Service," regarding new exploits that install bots onto unprotected systems. You can also find the Alert at the URL below. http://list.windowsitpro.com/t?ctl=35FD8:7EB890 The exploits were reported by LURHQ, a provider of threat and vulnerability management services. A few days after its initial report, LURHQ posted a detailed analysis of one of the exploits, which installs a variant of Mocbot. The analysis goes far beyond the typical level of detail you might expect to see from your antivirus or anti-malware vendor, which makes it both interesting and valuable as an educational expose. LURHQ captured and installed the exploit and set up a small forensics network to investigate the inner workings of the bot and its related botnet. The test network consisted of two systems: One to infect with the bot and one to simulate the Internet in order to gather forensic data. One goal was to discover the command and control center for the botnet. Another goal was to discover logon information for the command and control center so that when the data-collecting system made a manual connection to the center, the connector would appear to be just another bot in the network and not a forensics investigator. Building these two systems required some specialized tools. LURHQ used a Windows system for the client to infect. The second system acted as a "sandnet"--that is, a server in an isolated environment. The sandnet software LURHQ used is a toolkit called The Reusable Unknown Malware Analysis Net (Truman), which you can download at the URL below. Truman is based on a bootable Linux image and includes a collection of scripts that help provide the required interactivity with malware to gather data. http://list.windowsitpro.com/t?ctl=35FE5:7EB890 With the two systems working together, LURHQ discovered that the botnet instructs the bot to join certain Internet Relay Chat (IRC) channels and then download a Trojan horse program that serves as a proxy for sending spam. In this case, the spammers are helping to sell porn, wrist watches, and other popular items. LURHQ's description is a good step-by-step example of what's involved in malware analysis, so be sure to read it if you're interested in doing this sort of thing yourself or are just curious about how experts do it. http://list.windowsitpro.com/t?ctl=35FE3:7EB890 LURHQ credits myNetWatchman with assisting in its analysis process. In a nutshell, myNetWatchman collects security log information from participants and analyzes malicious activity so that it can report that activity to the proper ISP in the hope that the ISP will take action. The goal is to minimize the amount of time a compromised system is exposed to the Internet. To learn more about myNetWatchman, including how you can participate, go the URL below. http://list.windowsitpro.com/t?ctl=35FE1:7EB890 === Roadshow Targets Oracle/SQL Server Interoperability Cross-platform experts from Scalability Experts and Solid Quality Learning will present interoperability tips to IT professionals and DBAs who work with Oracle or SQL Server in a one-day roadshow that kicks off September 7 in Washington, D.C. Sponsored by Oracle Magazine, Windows IT Pro, HP, Intel, and Microsoft, the show will feature information about the Windows 64-bit platform for database computing, an under-the-hood tour of Oracle and SQL Server, an overview of deploying highly available Oracle and SQL Server databases, guidelines for using SQL Server business intelligence on the Oracle platform, and a research-based session about how IT professionals can prepare for the changing database job market. The roadshow will visit 12 cities between September 7 and October 24: Washington, D.C.; Boston; Columbus, Ohio; Chicago; St. Louis; Houston; Irvine, Calif.; San Francisco; Phoenix; New York; Atlanta; and Seattle. Attendees who register before August 25 will enter a drawing for a free iPod nano sponsored by Windows IT Pro. For complete agenda and speaker information, go to http://list.windowsitpro.com/t?ctl=35FDB:7EB890 === SPONSOR: St. Bernard Software ============================== Clean Up Your Company's Email Act: Using Filters to Block Threats Do you want to block unwanted or undesirable email? Download this free whitepaper to learn how to manage the content of information crossing your network. http://list.windowsitpro.com/t?ctl=35FCE:7EB890 === SECURITY NEWS AND FEATURES ================================= BorderWare Teams Up with Zfone Creator BorderWare Technologies will become the first commercial licensee of Phil Zimmermann's Zfone encryption technology. BorderWare intends to integrate the technology into its SIPassure VoIP firewall solution. http://list.windowsitpro.com/t?ctl=35FD4:7EB890 Darknet Aims to Keep Net Traffic Confidential A new "darknet" service launched in Sweden gives people anonymity on the Internet for 5 euros (about $6.50) per month. The service lets customers use a PPTP VPN with 128-bit encryption, which routes their Internet traffic through servers in Sweden. http://list.windowsitpro.com/t?ctl=35FD5:7EB890 Market Watch: Network Quarantine Some vendors now offer simpler, cheaper alternatives in the emerging Network Access Control (NAC) market. Jeff Fellinge tells you all about it in this article on our Web site. http://list.windowsitpro.com/t?ctl=35FD7:7EB890 Recent Security Vulnerabilities If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at http://list.windowsitpro.com/t?ctl=35FD2:7EB890 === SPONSOR: Availl ============================================ Ensure Instant Access To Files at Remote Servers/Offices Confused by WAFS, Wide Area Mirroring, DFS, WAN acceleration, or Replication technologies? Do you have remote sites with common data or file needs? Get a free software trial, and register for the free seminar. http://list.windowsitpro.com/t?ctl=35FE0:7EB890 === GIVE AND TAKE ============================================== SECURITY MATTERS BLOG: Hardcore IDS 1.0 by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=35FDF:7EB890 Based on Snort 2.6, Hardcore IDS 1.0 looks like an easy way to quickly build a new intrusion detection system (IDS). Learn more about it and get a link to download the latest version in the blog article on our Web site. http://list.windowsitpro.com/t?ctl=35FD3:7EB890 FAQ: Windows Live OneCare and VPNs by John Savill, http://list.windowsitpro.com/t?ctl=35FDC:7EB890 Q: I installed Windows Live OneCare and can no longer connect to my workplace via VPN. What's wrong? Find the answer at http://list.windowsitpro.com/t?ctl=35FD6:7EB890 FROM THE FORUM: Prevent Web Site Defacement A forum participant would like to know what steps to take to prevent a Web site defacing attack on Windows 2000 servers. To join the discussion, go to http://list.windowsitpro.com/t?ctl=35FCB:7EB890 INSTANT POLL: IPsec Authentication Methods What is your preferred method of authenticating IPsec connections? - Pre-shared key - Digital certificate - Kerberos Submit your vote at http://list.windowsitpro.com/t?ctl=35FDA:7EB890 SHARE YOUR SECURITY TIPS AND GET $100 Share your security-related tips, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions to r2rwinitsec@private If we print your submission, you'll get $100. We edit submissions for style, grammar, and length. === PRODUCTS =================================================== by Renee Munshi, products@private Manage and Secure Remote Systems Anfibia Software announced the release of Desktop Orbiter 4.1.3, which fixes bugs and adds new features to this remote security and administration tool. Administrators can use Desktop Orbiter to protect and manage multiple computers from a central location. Along with other features, Desktop Orbiter enforces security policies on managed computers, disables access to components such as the Start menu and Control Panel, restricts access to Web sites, keeps track of active connections and open ports used by applications and services, provides reporting tools, and supports 256-bit AES encryption and key-based authentication. Desktop Orbiter is designed for businesses, schools, public libraries, Internet cafes, and other settings. It supports Windows 2003/XP/2000. A 10-user pack costs $399, and volume discounts are available. For more information, go to http://list.windowsitpro.com/t?ctl=35FE4:7EB890 WANTED: your reviews of products you've tested and used in production. Send your experiences and ratings of products to whatshot@private and get a Best Buy gift certificate. === RESOURCES AND EVENTS ======================================= Cross-Platform Data Roadshow Oracle professionals will cover key concepts about Oracle and SQL Server in enterprise database computing. This event provides invaluable information, including benefits of 64-bit computing on the Windows platform, SQL Server BI for Oracle, high-availability proof points for SQL and Oracle, and much more. http://list.windowsitpro.com/t?ctl=35FD1:7EB890 Microsoft TechEd: IT Forum Discover more at Microsoft's premier EMEA conference designed to provide IT professionals with technical training, information, and community resources to build, plan, deploy, and manage the secure connected enterprise. Visit the Website for further information and register before the Early Bird deadline of 29 September 2006 to save 300 euros. http://list.windowsitpro.com/t?ctl=35FDD:7EB890 14 - 17 November 2006, Barcelona, Spain Best Practices for Migrating Applications to a New Operating System Take the necessary steps for application management, from converting legacy applications to MSI to conflict and usability testing. Don't overlook an important component during your OS migration--join us for this free on-demand Web seminar. http://list.windowsitpro.com/t?ctl=35FCC:7EB890 Total Cost of Ownership (TCO). It's every executive's favorite buzzword, but what does it really mean and how does it affect you? In this podcast, Ben Smith explains how your organization can use virtualization technology to measurably improve TCO for servers and clients. http://list.windowsitpro.com/t?ctl=35FCF:7EB890 Ensure that you're being effective with your internal network security. Are your DIY options protecting you against worms, BotNets, Trojans, and hackers? Make sure! On-Demand Web Seminar. http://list.windowsitpro.com/t?ctl=35FCD:7EB890 === FEATURED WHITE PAPER ======================================= Did you know that wasteful processes can drive the cost of document management and output to as high as 10-15% of your company's annual revenues? Download this free white paper today and find out how you can use fax solutions to achieve cost control, security, compliance, increased workflow, and more. http://list.windowsitpro.com/t?ctl=35FD0:7EB890 === ANNOUNCEMENTS ============================================== Monthly Online Pass--only $14.95 per month! Includes instant online access to every article ever written in the Windows IT Security newsletter, your #1 resource for everything security. Order now: https://store.pentontech.com/index.cfm?s=1&promocode=eu2568um Save $40 off Windows IT Pro Subscribe to Windows IT Pro magazine today and SAVE up to $40! Along with your 12 issues, you'll get FREE access to the entire Windows IT Pro online article archive, which houses more than 9,000 helpful IT articles. This is a limited-time offer, so order now: https://store.pentontech.com/index.cfm?s=1&promocode=eu2068uw ================================================================ Security UDPATE is brought to you by the Windows IT Pro Web site's Security page (first URL below) and the Windows IT Security newsletter (subscribe at the second URL below). http://list.windowsitpro.com/t?ctl=35FDE:7EB890 https://store.pentontech.com/index.cfm?s=1&promocode=eu255xsb Subscribe to Security UPDATE at http://list.windowsitpro.com/t?ctl=35FD9:7EB890 Be sure to add Security_UPDATE@private to your antispam software's list of allowed senders. To contact us: About Security UPDATE content -- letters@private About technical questions -- http://list.windowsitpro.com/t?ctl=35FE2:7EB890 About your product news -- products@private About your subscription -- windowsitproupdate@private About sponsoring Security UPDATE -- salesopps@private View the Windows IT Pro privacy policy at http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy Windows IT Pro, a division of Penton Media, Inc. 221 East 29th Street, Loveland, CO 80538 Attention: Customer Service Department Copyright 2006, Penton Media, Inc. All rights reserved. _________________________________ HITBSecConf2006 - Malaysia The largest network security event in Asia 32 internationally renowned speakers 7 tracks of hands-on technical training sessions. Register now: http://conference.hitb.org/hitbsecconf2006kl/
This archive was generated by hypermail 2.1.3 : Wed Aug 23 2006 - 22:35:09 PDT