[ISN] The High Risk of Using Open Networks

From: InfoSec News (alerts@private)
Date: Thu Apr 26 2007 - 01:13:05 PDT


Forwarded with permission from: Security UPDATE <Security_UPDATE (at) list.windowsitpro.com>

=== CONTENTS ===================================================

IN FOCUS: The High Risk of Using Open Networks 

NEWS AND FEATURES
   - Microsoft Adds Live Alerts for MSRC Blog
   - Yahoo! Mail Integrates PhishTank Data for Better Protection
   - New Worms Turn Windows Servers into Botnet Members
   - Recent Security Vulnerabilities

GIVE AND TAKE
   - Security Matters Blog: Security Brief on Oracle's Latest Security 
Patches
   - FAQ: Pushing Out Management Packs
   - Tell Us About the Products You Love!
   - Share Your Security Tips

PRODUCTS
   - Take Control of Endpoints

RESOURCES AND EVENTS

FEATURED WHITE PAPER

ANNOUNCEMENTS


=== SPONSOR: ShoreTel ==========================================

Enterprises Rate Important IP Telephony Features
   This comprehensive guide is invaluable for those evaluating VoIP and 
shows how organizations can reduce cost and improve operations to help 
you to plan and implement an IP phone system. Define system components 
- Identify network requirements - Learn important standards - Learn 
deployment options:
   http://list.windowsitpro.com/t?ctl=53976:57B62BBB09A692797E118E9A78FD9A84


=== IN FOCUS: The High Risk of Using Open Networks =============
   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Open networks are tempting, especially when you really need to send or 
receive messages or gather some data quickly while on the road. But 
don't let your guard down while using open networks (such as those at 
conferences, coffee shops, or hotels), or you might fall victim to an 
intruder. In fact, when using open networks, you should raise your 
guard as high as you can, which might mean deciding not to use a 
certain open network at all. 

The decision whether to use an open network comes down to two simple 
questions: Do you trust that you can get on and off the network safely; 
and do you feel confident that your system is secure enough to 
withstand potential zero-day exploits? 

A good example of how high the risk is happened at the 2006 ShmooCon 
conference. While using the conference's wireless network, a security 
researcher's Mac laptop fell victim to attack. Even though the 
researcher's laptop was secured as well as possible, the system was 
broken into using a zero-day exploit. Unfortunately, the presenter was 
not running any packet-capture tools at the time, so attempts to find 
out how the break-in happened were fruitless. 

Another case in point occurred only last week at the CanSecWest 
conference in Vancouver, B.C., Canada. At the conference, an 
interesting challenge was presented: Break into either of two MacBook 
Pros running OS X and win the computer. TippingPoint (a division of 
3Com) offered a $10,000 cash prize to enhance the challenge further.

Sure enough, someone broke into one of the MacBooks using a zero-day 
exploit against the Safari Web browser. The winning challenger, Shane 
Macaulay, worked with a friend, Dino Dai Zovi, who didn't attend the 
conference. Zovi provided the exploit, and Macaulay executed it at 
the conference by setting up a Mac server on the conference's wireless 
network. He then had one of the conference workers enter a specific URL 
into the MacBook's browser, which in turn connected to the server to 
launch the exploit. That's all that was required for the MacBook to 
become "owned." 

The point of the latter example is that the same thing could be 
accomplished by a bad guy lurking on a conference network or any other 
open network. It doesn't matter what OS you use, the risks are 
basically the same. Said otherwise, zero-day exploits exist for all 
OSs, and it's often incredibly difficult to defend against the unknown. 

If you feel you must use an open network, one way to help avoid falling 
victim--to some extent anyway--is to use a virtual machine (VM) 
configuration to perform whatever tasks you need to do. While a VM 
might not completely protect your system, at least when you restart the 
VM, its OS will come up clean, assuming of course that no one used a 
zero-day exploit to compromise the VM software or OS image. 

Another way to possibly protect your system is to use a bootable Live 
CD, which you might know is basically a CD-ROM with a bootable OS. If 
you're interested in finding a good Live CD, head over to FrozenTech 
(at the URL below) where you'll find dozens that you can choose from.
   http://list.windowsitpro.com/t?ctl=53972:57B62BBB09A692797E118E9A78FD9A84

While neither method I suggested is completely secure, at least both 
methods make it much more difficult for an intruder to "own" your 
computer.

As an aside, since I mentioned OS X in this column, I want to also 
point out that Apple released a batch of 25 security patches last week. 
So if you manage OS X systems, be sure to update them. You can learn 
more about the patches at the Apple site at the URL below. 
   http://list.windowsitpro.com/t?ctl=53969:57B62BBB09A692797E118E9A78FD9A84

===

You can win $100 by voting for the products you find most useful in 
Windows IT Pro's Community Choice Awards! Give us your feedback to 
qualify to win one of twelve $100 Amazon.com gift certificates. Voting 
is open through May 21. Winners will be announced in the August 2007 
issue of Windows IT Pro. Go to 
   http://list.windowsitpro.com/t?ctl=5395F:57B62BBB09A692797E118E9A78FD9A84


=== SPONSOR: nCipher ===========================================

Best Practices for Microsoft PKI & Cert Mgt
 
Please join us for this complimentary Webinar
Thursday, May 10, 2007 11:00 AM EDT
Speaker: Brian Komar, President, IdentIT
 
Mr. Komar will provide a unique overview of the MS PKI and nCipher's 
integrated solutions, which will assist you in streamlining this 
process and reducing your total cost of ownership. 
 
You will learn to:
-  Design a PKI to address business needs and achieve regulatory 
compliance
-  Implement hardware security modules to increase private key 
protection
-  Apply tricks and trips for configuring your CA
-  Manage certificates with ILM 2007
 
http://list.windowsitpro.com/t?ctl=53971:57B62BBB09A692797E118E9A78FD9A84


=== SECURITY NEWS AND FEATURES =================================

Microsoft Adds Live Alerts for MSRC Blog
   Microsoft is conducting a beta program for its new Windows Live 
Alerts service, and the company recently added Microsoft Security 
Response Center (MSRC) blog entries to the list of available content. 
   http://list.windowsitpro.com/t?ctl=5396E:57B62BBB09A692797E118E9A78FD9A84

Yahoo! Mail Integrates PhishTank Data for Better Protection
   PhishTank is a community project that lets people submit links to 
potential phishing sites and vote on whether a site really is a 
phishing scam.
   http://list.windowsitpro.com/t?ctl=5396A:57B62BBB09A692797E118E9A78FD9A84

New Worms Turn Windows Servers into Botnet Members
   Three worms circulating the Internet take advantage of a 
vulnerability in the Windows DNS service to turn a system into a bot. 
Microsoft and security solution providers are working to integrate 
protection against the worms into their offerings.
   http://list.windowsitpro.com/t?ctl=5396D:57B62BBB09A692797E118E9A78FD9A84

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security 
Alerts, which inform you about recently discovered security 
vulnerabilities. You can also find information about these 
discoveries at
   http://list.windowsitpro.com/t?ctl=53962:57B62BBB09A692797E118E9A78FD9A84


=== SPONSOR: Vizioncore ========================================

esxRanger Professional: Hot Backups for VI3 
   Still don't have a reliable disaster recovery plan in place? 
Vizioncore's esxRanger Professional supports a sophisticated, yet cost 
effective DR strategy for your VMware Infrastructure 3 environment. 
Restoring entire virtual machine images -- or just files -- is smooth & 
seamless. Visit http://list.windowsitpro.com/t?ctl=53975:57B62BBB09A692797E118E9A78FD9A84
for a trial download today.


=== GIVE AND TAKE ==============================================

SECURITY MATTERS BLOG: Security Brief on Oracle's Latest Security 
Patches
   by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=53974:57B62BBB09A692797E118E9A78FD9A84

Oracle released its quarterly batch of security updates. Get links to 
information about several of the problems.
   http://list.windowsitpro.com/t?ctl=5396B:57B62BBB09A692797E118E9A78FD9A84

FAQ: Pushing Out Management Packs
   by John Savill, http://list.windowsitpro.com/t?ctl=53970:57B62BBB09A692797E118E9A78FD9A84 

Q: How do I push management packs to System Center Operations Manager 
agents in System Center Configuration Manager 2007?

Find the answer at
   http://list.windowsitpro.com/t?ctl=5396C:57B62BBB09A692797E118E9A78FD9A84

TELL US ABOUT THE PRODUCTS YOU LOVE!
   What products are you using that save you time or make your workload 
a little lighter? What hot product discoveries have you made that other 
IT pros need to know about? Let the world know about your experiences 
in Windows IT Pro's monthly What's Hot department. If we publish your 
story in What's Hot, we'll send you a Best Buy gift card! Send 
information about your favorite product and how it has helped you to 
whatshot@private 

SHARE YOUR SECURITY TIPS AND GET $100
   Share your security-related tips, comments, or problems and 
solutions in Security Pro VIP's Reader to Reader column. Email your 
contributions to r2r@private If we print your submission, 
you'll get $100. We edit submissions for style, grammar, and length.


=== PRODUCTS ===================================================
   by Renee Munshi, products@private

Take Control of Endpoints
   matrix42 introduced Empirum Security Suite, which protects 
workstations and laptops with a firewall, intrusion prevention system 
(IPS), application and file control, removable device control, and 
wireless control.  Empirum Security Suite enforces a workstation's 
specific policies whether the computer is on or off the network. 
According to matrix42, Empirum operates at the kernel level, so after 
you configure it by using the central management console, a user (even 
one with administrator rights) can't disable or reconfigure it. Empirum 
has behavioral technology and defends against information theft via 
keylogging or spyware and other intrusion methods. For more 
information, go to
   http://list.windowsitpro.com/t?ctl=53979:57B62BBB09A692797E118E9A78FD9A84


=== RESOURCES AND EVENTS =======================================
   For more security-related resources, visit
   http://list.windowsitpro.com/t?ctl=5396F:57B62BBB09A692797E118E9A78FD9A84

Web seminar: Managing Change Risk on Critical Windows NT Infrastructure 
   Why choose a change-control approach to solve what is traditionally 
considered a security problem? Come join us for a Web seminar on May 3 
featuring Motorola CISO Bill Boni. Mr. Boni will discuss the problem of 
supporting legacy NT systems at Motorola and the solution requirements, 
evaluation criteria, and decision to adopt a change control approach. 
He'll also describe Motorola's vision for deploying change control on 
other critical systems across the company.  
   http://list.windowsitpro.com/t?ctl=53963:57B62BBB09A692797E118E9A78FD9A84 

Get Ready for Exchange & Office 2007 Roadshow--free! 
   The successful Microsoft-partnered Get Ready for Exchange & Office 
2007 Roadshow is coming to Stockholm! Three independent, respected 
technical speakers--Jim McBee, Mark Arnold, and Ben Schorr--will 
deliver tracks on securing, managing, and deploying Exchange and Office 
2007 and using Exchange Server 2007 capabilities to improve your 
messaging environment. Register today for this free day-long event. 
Your delegate bag will include Microsoft Exchange Server 2007 and 
Office 2007 Beta 2 Software Kits. 
   Venue: Berns Hotel, Stockholm 
   Date: Monday, 14 May 2007 
   http://list.windowsitpro.com/t?ctl=53968:57B62BBB09A692797E118E9A78FD9A84

Did you know that 75 percent of corporate intellectual property resides 
in email? The challenges facing this vital business application range 
from spam to the costly impact of downtime and the need for effective, 
centralized email storage systems. Join us for a free Web seminar and 
learn the key features of a holistic approach to email security, 
availability, and control. Download this on-demand seminar now!
   http://list.windowsitpro.com/t?ctl=53960:57B62BBB09A692797E118E9A78FD9A84


=== FEATURED WHITE PAPER =======================================

ESG's independent testing lab verified substantial gains in 
utilization, availability, and database manageability with the use of a 
unique approach to virtualization, as presented by Polyserve. Find out 
more about this powerful platform for your SQL Server deployments, and 
you can save your department up to 70 percent of TCO and streamline 
management. 
   http://list.windowsitpro.com/t?ctl=53961:57B62BBB09A692797E118E9A78FD9A84


=== ANNOUNCEMENTS ==============================================

Introducing a Unique Security Resource 
   Security Pro VIP is an online information center that delivers new 
articles every week on topics such as perimeter security, 
authentication, and system patches. Subscribers also receive tips, 
cautionary advice, direct access to our editors, and a host of other 
benefits! Order now at an exclusive charter rate and save up to $50! 
   http://list.windowsitpro.com/t?ctl=53965:57B62BBB09A692797E118E9A78FD9A84

Introducing a Unique Exchange and Outlook Resource 
   Exchange & Outlook Pro VIP is an online information center that 
delivers new articles every week on topics such as administration, 
migration, security, and performance. Subscribers also receive tips, 
cautionary advice, direct access to our editors, and a host of other 
benefits! Order now at an exclusive charter rate and save up to $50! 
   http://list.windowsitpro.com/t?ctl=53964:57B62BBB09A692797E118E9A78FD9A84


================================================================

Security UDPATE is brought to you by the Windows IT Pro Web site's 
Security page (first URL below) and Security Pro VIP (second URL 
below).
   http://list.windowsitpro.com/t?ctl=53973:57B62BBB09A692797E118E9A78FD9A84
   http://list.windowsitpro.com/t?ctl=53978:57B62BBB09A692797E118E9A78FD9A84

Subscribe to Security UPDATE at
   http://list.windowsitpro.com/t?ctl=53967:57B62BBB09A692797E118E9A78FD9A84

Be sure to add Security_UPDATE@private 
to your antispam software's list of allowed senders.

To contact us: 
   About Security UPDATE content -- letters@private
   About technical questions -- http://list.windowsitpro.com/t?ctl=53977:57B62BBB09A692797E118E9A78FD9A84
   About your product news -- products@private
   About your subscription -- windowsitproupdate@private
   About sponsoring Security UPDATE -- salesopps@private

View the Windows IT Pro privacy policy at
   http://list.windowsitpro.com/t?ctl=53966:57B62BBB09A692797E118E9A78FD9A84

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2007, Penton Media, Inc. All rights reserved.


__________________________
Subscribe to InfoSec News
http://www.infosecnews.org



This archive was generated by hypermail 2.1.3 : Thu Apr 26 2007 - 01:35:34 PDT