Forwarded with permission from: Security UPDATE <Security_UPDATE (at) list.windowsitpro.com> PLEASE VISIT OUR SPONSORS, WHO BRING YOU SECURITY UPDATE FOR FREE: Ensuring Protection and Availability for Microsoft Exchange http://list.windowsitpro.com/t?ctl=624B9:57B62BBB09A69279A28782D07A346BFF Eliminate the Achilles Heel of the Desktop - Admin Rights http://list.windowsitpro.com/t?ctl=624B8:57B62BBB09A69279A28782D07A346BFF Gain Control of Software Usage and Reduce Audit Risks http://list.windowsitpro.com/t?ctl=624B7:57B62BBB09A69279A28782D07A346BFF === CONTENTS =================================================== IN FOCUS: BotHunter: Another Useful Linux Tool NEWS AND FEATURES - RSA Expands Security Offerings with Tablus Acquisition - Symantec's New Evidence Collection and Transfer Tools - Oracle Expands Its Middleware with More Security - Recent Security Vulnerabilities GIVE AND TAKE - Security Matters Blog: Cisco and Google Both Inflict DoS Upon Themselves - FAQ: How to List a User's SMTP Email Addresses - From the Forum: Object Access Logging - Share Your Security Tips PRODUCTS - Zip and Encrypt Outlook Email Attachments - Product Evaluations from the Real World RESOURCES AND EVENTS FEATURED WHITE PAPER ANNOUNCEMENTS === SPONSOR: Double-Take Software ============================== Ensuring Protection and Availability for Microsoft Exchange Microsoft Exchange is integral to an organization's day-to-day operation. For many companies, an hour of Exchange downtime can cost hundreds of thousands of dollars in lost productivity. This paper discusses new ways to maintain Exchange uptime by using data protection, failover, and application availability. When recoverability matters, depend on Double-Take Software to protect and recover business critical data and applications. http://list.windowsitpro.com/t?ctl=624B9:57B62BBB09A69279A28782D07A346BFF === IN FOCUS: BotHunter: Another Useful Linux Tool ============= by Mark Joseph Edwards, News Editor, mark at ntsecurity / net BotHunter is a passive traffic monitoring system that can locate bot activity on your network, but you need Linux to use it. Nevertheless, it'll help protect your Windows-based network against bot infiltration. The tool, which was recently released to the public, was developed by the Cyber-Threat Analytics (Cyber-TA) Project. Extensive details about BotHunter were presented at the 16th annual USENIX Security Symposium, which took place August 6-10. The white paper prepared for the symposium is available online and describes the technology used by the tool. According to the white paper, BotHunter tracks communication between internal network devices and systems external to the local network. The data exchanges are compared to a state-based infection model that can detect a malware infection process and identify both the target and the source of the attack. Under the hood, BotHunter uses Snort along with custom malware-focused rule sets. Added to Snort are two custom plug-ins called SLADE and SCADE that were developed especially for BotHunter. SLADE performs payload analysis, and SCADE performs port scan analyses of inbound and outbound traffic. It might sound somewhat simple on the surface, but it's actually complex and quite effective. The BotHunter developers, Phillip Porras of SRI International and Wenke Lee of Georgia Institute of Technology, established a honeynet that uses BotHunter. The developers wrote that "Over a 3-week period between March and April 2007, we analyzed a total of 2,019 successful Windows XP and Windows 2000 remote-exploit bot or worm infections." BotHunter detected 1,920 of those 2,019 infections, which is roughly a 95 percent success rate. Not bad, especially for a free tool! A really slick feature of BotHunter is its integrated support for "large-scale privacy-preserving data sharing." The feature lets BotHunter operators send bot profiles to a central repository operated by Cyber-TA, which is then made available to all who provide BotHunter data and other researchers. The feature sends data by using Transport Layer Security (TLS) over a TOR (The Onion Router) network to keep reports reasonably anonymous and lets operators selectively obfuscate IP addresses and other sensitive information before they share their data. As with many excellent security tools, BotHunter runs on Linux. If you're not familiar with Linux, know that it's not so hard to use, so consider building a system and learning the ins and outs. You'll find that the OS comes in very handy. BotHunter requires Fedora, Debian, or SUSE Linux, plus Sun Microsystems' Java 2 Platform, Standard Edition (J2SE) 1.4.2 or later Java Runtime Environment (JRE), which is used to read alert streams from Snort. Of course, you'll also need a spunky system to run the platform, so be sure that you use a system with a fast CPU, fast hard drives, and plenty of RAM. You might also need other tools, such as VMware, depending on how you plan to implement a test platform. You can download the BotHunter source code at the Cyber-TA Web site at the first URL below, and you can read the extensive white paper about BotHunter at the second URL below. The white paper explains exactly how the platform works and details the hardware that's running the honeynet that the development team is currently using to test BotHunter. http://list.windowsitpro.com/t?ctl=624C4:57B62BBB09A69279A28782D07A346BFF http://list.windowsitpro.com/t?ctl=624BF:57B62BBB09A69279A28782D07A346BFF === SPONSOR: BeyondTrust ======================================= Eliminate the Achilles Heel of the Desktop - Admin Rights BeyondTrust enables users without administrative privileges to run all required applications, processes and ActiveX controls. By removing the need to grant end users administrative rights, IT departments can eliminate what is otherwise the Achilles heel of the desktop - end users with administrative power that can be exploited by malware and malicious users to change security settings, disable other security solutions such as anti-virus and more. Free Download! http://list.windowsitpro.com/t?ctl=624B8:57B62BBB09A69279A28782D07A346BFF === SECURITY NEWS AND FEATURES ================================= RSA Expands Security Offerings with Tablus Acquisition RSA said the acquisition will allow it to add data discovery and classification, monitoring, and data loss prevention capabilities to its existing portfolio of solutions. http://list.windowsitpro.com/t?ctl=624C5:57B62BBB09A69279A28782D07A346BFF Symantec's New Evidence Collection and Transfer Tools Symantec announced the release of new connectors for its Enterprise Vault platform that help automate the collection and transfer of electronic evidence. http://list.windowsitpro.com/t?ctl=624C6:57B62BBB09A69279A28782D07A346BFF Oracle Expands Its Middleware with More Security Oracle recently launched a beta preview of its Oracle Authentication Services for Operating Systems, a new component of its Identity Management offering, which is part of Oracle Fusion Middleware. http://list.windowsitpro.com/t?ctl=624C7:57B62BBB09A69279A28782D07A346BFF Recent Security Vulnerabilities If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at http://list.windowsitpro.com/t?ctl=624BD:57B62BBB09A69279A28782D07A346BFF === SPONSOR: Macrovision ======================================= Gain Control of Software Usage and Reduce Audit Risks Most organizations face serious challenges, including understanding vendor licensing models, cost overruns, missed deadlines, business opportunities, and lost user productivity. Learn to address these challenges, and prepare for audits. Register for the free Web seminar, available now! http://list.windowsitpro.com/t?ctl=624B7:57B62BBB09A69279A28782D07A346BFF === GIVE AND TAKE ============================================== SECURITY MATTERS BLOG: Cisco and Google Both Inflict DoS Upon Themselves by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=624CC:57B62BBB09A69279A28782D07A346BFF In what must be embarrassing moments for Cisco and Google, both companies managed to inflict Denial of Service (DoS) upon themselves last week. You can read about those incidents and about how hackers have cracked AT&T's lock on the new iPhone. Check out the Security Matters blog on our Web site. http://list.windowsitpro.com/t?ctl=624BA:57B62BBB09A69279A28782D07A346BFF FAQ: How to List a User's SMTP Email Addresses by John Savill, http://list.windowsitpro.com/t?ctl=624CA:57B62BBB09A69279A28782D07A346BFF Q: How can I generate a list of all the SMTP mail addresses a user has? Find the answer at http://list.windowsitpro.com/t?ctl=624C8:57B62BBB09A69279A28782D07A346BFF FROM THE FORUM: Object Access Logging A forum participant wants to know if there's any value in having auditing turned on for failures for Audit Object Access if there's nothing turned on at the folder level. http://list.windowsitpro.com/t?ctl=624B6:57B62BBB09A69279A28782D07A346BFF SHARE YOUR SECURITY TIPS AND GET $100 Share your security-related tips, comments, or problems and solutions in Security Pro VIP's Reader to Reader column. Email your contributions to r2r@private If we print your submission, you'll get $100. We edit submissions for style, grammar, and length. === PRODUCTS =================================================== by Renee Munshi, products@private Zip and Encrypt Outlook Email Attachments WinZip Computing, a Corel Company, announced the public beta of WinZip E-Mail Companion 2.0, which lets you compress outgoing email attachments and, if desired, use advanced AES encryption to protect them. WinZip E-Mail Companion 2.0 Beta is the follow-up to WinZip Companion for Outlook 1.0, adding support for Microsoft Outlook Express, Microsoft Windows Mail (Windows Vista), and Outlook 2007 to existing support for Outlook 2002 and 2003. WinZip E-Mail Companion 2.0 also includes new compression options, the ability to zip and encrypt from within Microsoft Office applications, and improved file naming. For more information or to download the beta, go to http://list.windowsitpro.com/t?ctl=624CF:57B62BBB09A69279A28782D07A346BFF PRODUCT EVALUATIONS FROM THE REAL WORLD Share your product experience with your peers. Have you discovered a great product that saves you time and money? Do you use something you wouldn't wish on anyone? Tell the world! If we publish your opinion, we'll send you a Best Buy gift card! Send information about a product you use and whether it helps or hinders you to whatshot@private === RESOURCES AND EVENTS ======================================= For more security-related resources, visit http://list.windowsitpro.com/t?ctl=624C9:57B62BBB09A69279A28782D07A346BFF Getting the Most from DFS This Web seminar covers DFS: what it is, how it works, the server and client OS versions that support it, how to configure it, its limitations, using DFS-N and DFS-R, and how to manage DFS. Learn the basics and get a quick "how-to" on implementing DFS-N and DFS-R in your Windows Server 2003 environment. Don't miss this Web seminar. http://list.windowsitpro.com/t?ctl=624BC:57B62BBB09A69279A28782D07A346BFF Don't miss Fall Connections 2007, the premier event for Microsoft developers and DBAs, November 5-8, 2007, in Las Vegas. It will impact how you build solutions, increase your productivity, and enhance your development skills to give your company the competitive edge! http://list.windowsitpro.com/t?ctl=624CD:57B62BBB09A69279A28782D07A346BFF File fragmentation is a serious problem. As a disk becomes fragmented, the workload on the OS and hardware increases, making it more difficult for applications to read and write data. File corruption becomes a distinct possibility, the computer's performance degrades, and its reliability is endangered. This white paper looks at the effect of disk defragmentation on your users. http://list.windowsitpro.com/t?ctl=624BB:57B62BBB09A69279A28782D07A346BFF === FEATURED WHITE PAPER ======================================= KVM over IP in Distributed IT Environments Keyboard/video/mouse (KVM) switches are a valuable management tool, but they have weaknesses in distributed environments. This white paper presents the complexities of managing the distributed data center and highlights the advantages of using a KVM-over-IP solution for flexible, scalable, affordable CAT5-based remote access. http://list.windowsitpro.com/t?ctl=624BE:57B62BBB09A69279A28782D07A346BFF === ANNOUNCEMENTS ============================================== Search Thousands of SQL Articles Online and on CD A SQL Server Magazine Master CD subscription buys you portable, lightning-fast access to the entire SQL Server article database on CD, plus exclusive, up-to-the-minute access to the new articles we publish on SQLMag.com every day. Order your subscription now! http://list.windowsitpro.com/t?ctl=624C1:57B62BBB09A69279A28782D07A346BFF Save 1/2 Off Security Pro VIP Security Pro VIP is an online resource that delivers new articles every week to help you defend your network. Subscribers also receive tips, cautionary advice, direct access to our editors for technical Q&As, and a host of other benefits! Order now, and save up to 50 percent! http://list.windowsitpro.com/t?ctl=624C0:57B62BBB09A69279A28782D07A346BFF ================================================================ Security UDPATE is brought to you by the Windows IT Pro Web site's Security page (first URL below) and Security Pro VIP (second URL below). http://list.windowsitpro.com/t?ctl=624CB:57B62BBB09A69279A28782D07A346BFF http://list.windowsitpro.com/t?ctl=624D0:57B62BBB09A69279A28782D07A346BFF Subscribe to Security UPDATE at http://list.windowsitpro.com/t?ctl=624C3:57B62BBB09A69279A28782D07A346BFF Be sure to add Security_UPDATE@private to your antispam software's list of allowed senders. To contact us: About Security UPDATE content -- letters@private About technical questions -- http://list.windowsitpro.com/t?ctl=624CE:57B62BBB09A69279A28782D07A346BFF About your product news -- products@private About your subscription -- windowsitproupdate@private About sponsoring Security UPDATE -- salesopps@private View the Windows IT Pro privacy policy at http://list.windowsitpro.com/t?ctl=624C2:57B62BBB09A69279A28782D07A346BFF Windows IT Pro, a division of Penton Media, Inc. 221 East 29th Street, Loveland, CO 80538 Attention: Customer Service Department Copyright 2007, Penton Media, Inc. All rights reserved. ____________________________________ Attend HITBSecConf2007 - Malaysia Taking place September 3-6 2007 featuring seven tracks of technical training and a dual-track security conference with keynote speakers Lance Spitzner and Mikko Hypponen! - Book your seats today! http://conference.hitb.org/hitbsecconf2007kl/
This archive was generated by hypermail 2.1.3 : Wed Aug 15 2007 - 23:34:46 PDT