Forwarded with permission from: Security UPDATE <Security_UPDATE (at) list.windowsitpro.com>
PLEASE VISIT OUR SPONSORS, WHO BRING YOU SECURITY UPDATE FOR FREE:
DR Planning Checklist for Microsoft Exchange
http://list.windowsitpro.com/t?ctl=57FD0:57B62BBB09A69279C554079AB0312932
ESG Lab Validation Study: Polyserve DB Utility
http://list.windowsitpro.com/t?ctl=57FD3:57B62BBB09A69279C554079AB0312932
Messaging Management
http://list.windowsitpro.com/t?ctl=57FCE:57B62BBB09A69279C554079AB0312932
=== CONTENTS ===================================================
IN FOCUS: Enterprise Rollout and Management of Firefox
NEWS AND FEATURES
- nCircle Reconfigures Itself with Acquisition of Cambia Security
- New Microsoft Tool Strips Exploits Out of Office Documents
- Recent Security Vulnerabilities
GIVE AND TAKE
- Security Matters Blog: Yet Another Virus-Writing Class; Wordpress
and Opera Have Vulnerabilities
- FAQ: Fix File Access Problems After Upgrading to Vista
- From the Forum: Controlling Access to a Data Repository on a Cluster
- Product Evaluations from the Real World
- Share Your Security Tips
PRODUCTS
- Internet Appliance Adds Reputation Scoring
RESOURCES AND EVENTS
FEATURED WHITE PAPER
ANNOUNCEMENTS
=== SPONSOR: CA XO Soft ========================================
DR Planning Checklist for Microsoft Exchange
Join Paul Robichaux as he presents a disaster recovery planning
checklist that you can use to help guide your Exchange 2000/2003/2007
DR planning. Learn what you should do first, last, and in between to
solidify your Exchange infrastructure and get the maximum degree of
assurance for your disaster recovery operations. On-Demand Web Seminar.
http://list.windowsitpro.com/t?ctl=57FD0:57B62BBB09A69279C554079AB0312932
=== IN FOCUS: Enterprise Rollout and Management of Firefox =====
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
I'm sure many of you use Mozilla Firefox at least part of the time.
Keeping the browser updated and configured in a secure manner on a few
systems isn't a lot of work. On the other hand, trying to use Firefox
with more than a dozen computers soon becomes a real chore. Installing
Firefox on desktops one by one takes plenty of time. Checking desktops
to make sure the latest updates are loaded is also time consuming, as
is making sure that people don't reconfigure the browser to use
settings and plug-ins that you don't want used.
Did you know that rather than manually performing rollouts and
management, you can use Windows Installer, Group Policy, and Active
Directory (AD) to help automate these tasks? To push out Firefox with
Windows Installer, you of course need to have properly prepared MSI
package files, and to manage configurations, you need Firefox to
interact with AD. I found a company that has a solution to both
problems.
FrontMotion maintains a Web-based tool, Firefox Packaging Service (at
the URL below), that lets you package your choice of the last three
releases of Firefox along with up to 10 plug-ins from a list of 17. The
site will then build an MSI package that you can download to use for
your rollout or upgrade process. Use of the service costs $150 per
year, and that price gives you the ability to build packages as often
as you need to.
http://list.windowsitpro.com/t?ctl=57FE3:57B62BBB09A69279C554079AB0312932
FrontMotion also makes available its free FrontMotion Firefox Community
Edition (at the URL below), which is based on the latest version of
Firefox and has the capability of interacting with AD and Group Policy.
So you can choose to use Firefox Community Edition to build your
package, or if you don't need AD integration, you can choose a standard
version of Firefox.
http://list.windowsitpro.com/t?ctl=57FE0:57B62BBB09A69279C554079AB0312932
Firefox Community Edition not only integrates with AD, it also gives
you the ability to control the desktop icon as well as shell
integration, similar to the way Microsoft Internet Explorer (IE)
integrates with the shell. It also can be set to be the default
browser, handles uninstallation if you need that, comes with Adobe
Flash Player pre-installed, and more.
So with Firefox Community Edition, you can easily use AD and Group
Policy to handle rollout and configuration, and tools from other third
parties accomplish similar tasks. Dion Liddell makes a tool called
WetDog (at the URL below) that lets you control configuration of both
Mozilla and Firefox by using Group Policy in AD. WetDog comes with an
executable file that you put on your domain controllers (DCs) and
insert into user logon scripts.
http://list.windowsitpro.com/t?ctl=57FE6:57B62BBB09A69279C554079AB0312932
Bob Templeton developed a tool, FFDeploy, that lets you build a package
for rolling out Firefox. Development of the tool appears to have
stopped back in 2005, but the tool is written in Visual Basic, so you
could modify it if it doesn't suit your needs.
http://list.windowsitpro.com/t?ctl=57FE8:57B62BBB09A69279C554079AB0312932
And last but not least, Mark Sammons made a tool called FirefoxADM that
helps you integrate and control Firefox by using Group Policy.
http://list.windowsitpro.com/t?ctl=57FDC:57B62BBB09A69279C554079AB0312932
=== SPONSOR: Polyserve =========================================
ESG Lab Validation Study: Polyserve DB Utility
ESG's independent testing lab verified substantial gains in
utilization, availability and database manageability with the use of a
unique approach to virtualization, as presented by Polyserve. Find out
more about this powerful platform for your SQL Server deployments -
saving your department up to 70% of TCO and streamlining management.
http://list.windowsitpro.com/t?ctl=57FD3:57B62BBB09A69279C554079AB0312932
=== SECURITY NEWS AND FEATURES =================================
nCircle Reconfigures Itself with Acquisition of Cambia Security
Cambia CM, an agentless configuration auditing tool, will be
integrated with nCircle products through consolidated reporting.
http://list.windowsitpro.com/t?ctl=57FDB:57B62BBB09A69279C554079AB0312932
New Microsoft Tool Strips Exploits Out of Office Documents
Microsoft released its new Microsoft Office Isolated Conversion
Environment (MOICE), which converts Office 2003's binary format files
into the more secure Office Open XML format used by Office 2007.
http://list.windowsitpro.com/t?ctl=57FD9:57B62BBB09A69279C554079AB0312932
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http://list.windowsitpro.com/t?ctl=57FD4:57B62BBB09A69279C554079AB0312932
=== SPONSOR: Symantec ==========================================
Messaging Management
A secure mail and messaging infrastructure is fundamental to your
business and any organization should plan for the appropriate message
hygiene, availability, and control services from the start. This eBook
introduces three fundamental mail and messaging management services -
security, availability and control services - and how you can implement
them in a Microsoft-centric mail and messaging environment. Download
Now!
http://list.windowsitpro.com/t?ctl=57FCE:57B62BBB09A69279C554079AB0312932
=== GIVE AND TAKE ==============================================
SECURITY MATTERS BLOG: Yet Another Virus-Writing Class; Wordpress and
Opera Have Vulnerabilities
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=57FE2:57B62BBB09A69279C554079AB0312932
Another university is reportedly going to begin offering a virus-
writing class. What's the purpose of such a class? Also, have you
upgraded to Wordpress 2.2 and Opera 9.21 yet? If not, your system
running these applications is exposed to potentially dangerous security
risks.
http://list.windowsitpro.com/t?ctl=57FD2:57B62BBB09A69279C554079AB0312932
FAQ: Fix File Access Problems After Upgrading to Vista
by John Savill, http://list.windowsitpro.com/t?ctl=57FDF:57B62BBB09A69279C554079AB0312932
Q: For some reason, I can't access certain files on my Windows Vista
machine following an upgrade. How can I get to them?
Find the answer at
http://list.windowsitpro.com/t?ctl=57FDA:57B62BBB09A69279C554079AB0312932
FROM THE FORUM: Controlling Access to a Data Repository on a Cluster
A forum participant is building a repository on a server cluster to
store all of the company's secure documents. The company will have
customers from various locations accessing the repository. He wonders
how to control access so that no information is leaked to people not
authorized to access the repository and its files.
http://list.windowsitpro.com/t?ctl=57FCC:57B62BBB09A69279C554079AB0312932
PRODUCT EVALUATIONS FROM THE REAL WORLD
Share your product experience with your peers. Have you discovered a
great product that saves you time and money? Do you use something you
wouldn't wish on anyone? Tell the world! If we publish your opinion,
we'll send you a Best Buy gift card! Send information about a product
you use and whether it helps or hinders you to
whatshot@private
SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and
solutions in Security Pro VIP's Reader to Reader column. Email your
contributions to r2r@private If we print your submission,
you'll get $100. We edit submissions for style, grammar, and length.
=== PRODUCTS ===================================================
by Renee Munshi, products@private
Internet Appliance Adds Reputation Scoring
Secure Computing announced SnapGear with TrustedSource, a new
version of its Internet appliance for small-to-midsized businesses
(SMBs). SnapGear provides networking, firewall, intrusion prevention,
and VPN services. TrustedSource provides behavior-based reputation
scores for IPs, domains, URLs, and email messages so that organizations
can drop connections from malicious sources at the gateway. SnapGear
with TrustedSource also delivers enhanced VoIP capabilities, VPN
offloading, connection tracking snapshots, and improved performance.
For a limited time, all SnapGear customers can receive a six-month
trial license for SnapGear with TrustedSource for free. SnapGear
appliances start at $249. For more information, go to
http://list.windowsitpro.com/t?ctl=57FDD:57B62BBB09A69279C554079AB0312932
=== RESOURCES AND EVENTS =======================================
For more security-related resources, visit
http://list.windowsitpro.com/t?ctl=57FDE:57B62BBB09A69279C554079AB0312932
How do you manage security vulnerabilities? If you depend on
vulnerability assessments to determine the state of your IT security
systems, you can't afford to miss this Web seminar. Special research
from Gartner indicates that deeper penetration testing is needed to
augment your existing vulnerability management processes. Learn more
today!
http://list.windowsitpro.com/t?ctl=57FCF:57B62BBB09A69279C554079AB0312932
Examine the threats of allowing unwanted or offensive content into your
network and learn about the technologies and methodologies to defend
against inappropriate content, spyware, IM, and P2P in this white paper
report.
http://list.windowsitpro.com/t?ctl=57FCD:57B62BBB09A69279C554079AB0312932
IT Pro Connections--Amsterdam, 19-20 June, 2007, offers the deepest and
most relevant education for Microsoft IT professionals, especially in
this time of important new products and technologies. Now is the time
for you to quickly come up to speed. Get prepared for the newest
technologies and products through the real-world experience of our
expert presenters. "Insider" details help you make sense of new
technologies, apply them to your environment, and master them faster
and more effectively. Immerse yourself in the latest Microsoft
technologies--PowerShell, Exchange Server 2007, Vista, Longhorn,
SharePoint Server and Communications Server, System Center Family, XP,
Forefront, and more--with experts from Microsoft and world-renowned
subject matter experts! Post-Conference Workshops 21 June 2007
http://list.windowsitpro.com/t?ctl=57FE5:57B62BBB09A69279C554079AB0312932
=== FEATURED WHITE PAPER =======================================
Before you undertake the expense and effort of a major upgrade, you
want to know that the new platform will meet or exceed important
business requirements. In his new white paper, SQL Server expert Kevin
Kline shows the value and viability of SQL Server 2005 through the
results of benchmarking tests. This paper also offers advice to help
you assess the business value of an upgrade and ensure that you
properly benchmark and load test your upgrade.
http://list.windowsitpro.com/t?ctl=57FD1:57B62BBB09A69279C554079AB0312932
=== ANNOUNCEMENTS ==============================================
Introducing a Unique Security Resource
Security Pro VIP is an online information center that delivers new
articles every week on topics such as perimeter security,
authentication, and system patches. Subscribers also receive tips,
cautionary advice, direct access to our editors, and a host of other
benefits! Order now at an exclusive charter rate and save up to $50!
http://list.windowsitpro.com/t?ctl=57FD6:57B62BBB09A69279C554079AB0312932
Introducing a Unique Exchange and Outlook Resource
Exchange & Outlook Pro VIP is an online information center that
delivers new articles every week on messaging topics such as
administration, migration, security, and performance. Subscribers also
receive tips, cautionary advice, direct access to our editors, and a
host of other benefits! Order now at an exclusive charter rate and save
up to $50!
http://list.windowsitpro.com/t?ctl=57FD5:57B62BBB09A69279C554079AB0312932
================================================================
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).
http://list.windowsitpro.com/t?ctl=57FE1:57B62BBB09A69279C554079AB0312932
http://list.windowsitpro.com/t?ctl=57FE7:57B62BBB09A69279C554079AB0312932
Subscribe to Security UPDATE at
http://list.windowsitpro.com/t?ctl=57FD8:57B62BBB09A69279C554079AB0312932
Be sure to add Security_UPDATE@private
to your antispam software's list of allowed senders.
To contact us:
About Security UPDATE content -- letters@private
About technical questions -- http://list.windowsitpro.com/t?ctl=57FE4:57B62BBB09A69279C554079AB0312932
About your product news -- products@private
About your subscription -- windowsitproupdate@private
About sponsoring Security UPDATE -- salesopps@private
View the Windows IT Pro privacy policy at
http://list.windowsitpro.com/t?ctl=57FD7:57B62BBB09A69279C554079AB0312932
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2007, Penton Media, Inc. All rights reserved.
_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas,
the world's premier technical event for ICT security
experts. Featuring 30 hands-on training courses and
90 Briefings presentations with lots of new content
and new tools. Network with 4,000 delegates from
70 nations. Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on
June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Wed May 30 2007 - 22:22:10 PDT