Forwarded with permission from: Security UPDATE <Security_UPDATE (at) list.windowsitpro.com> PLEASE VISIT OUR SPONSORS, WHO BRING YOU SECURITY UPDATE FOR FREE: Server Consolidation Essentials http://list.windowsitpro.com/t?ctl=64A64:57B62BBB09A69279AADFACEC30EF4171 SQL Server Optimization & Data Protection w/ Intelligent ISCSI SANs http://list.windowsitpro.com/t?ctl=64A65:57B62BBB09A69279AADFACEC30EF4171 BladeSystem as a Horizontal Technology: WP http://list.windowsitpro.com/t?ctl=64A79:57B62BBB09A69279AADFACEC30EF4171 === CONTENTS =================================================== IN FOCUS: Recent Outages Point to a Sketchy Internet Services Future NEWS AND FEATURES - Teen's Hardware Crack Liberates iPhone - Hackers Team to Donate Technology to Charities - 8 More Absolutely Cool, Totally Free Utilities - Recent Security Vulnerabilities GIVE AND TAKE - Security Matters Blog: When Is a "Rootkit" Not a Rootkit? - FAQ: Installing Kernel-Mode Printer Drivers - From the Forum: Tools to Audit Web Site Access Histories - Share Your Security Tips PRODUCTS - Give Data Owners Control over Data Access - Product Evaluations from the Real World RESOURCES AND EVENTS FEATURED WHITE PAPER ANNOUNCEMENTS === SPONSOR: Microsoft ========================================= Server Consolidation Essentials Discover the benefits of server consolidation using virtualization technologies! Chapter 1 of this free eBook is available now, with details about how server consolidation can help you do more with less. http://list.windowsitpro.com/t?ctl=64A64:57B62BBB09A69279AADFACEC30EF4171 === IN FOCUS: Recent Outages Point to a Sketchy Internet Services Future ========================================================== by Mark Joseph Edwards, News Editor, mark at ntsecurity / net An interesting series of events took place over the past several weeks that should be noted because of the events' similarities, relative closeness in time to each other, and implications for the future. The least important of the events happened in early August. Google somehow mistakenly identified one of its own blogs as spam and deleted it. The blog was related to Google's custom search engine technology, and although deleting the blog didn't have a huge impact on customers, it did come as a surprise that a major technology company--one that considers itself to be on the extreme cutting edge--managed to make such a mistake. Obviously, some of Google's technology is flawed and fortunately it wasn't a heavily relied upon aspect of the company's technology that suffered in this incident. http://list.windowsitpro.com/t?ctl=64A73:57B62BBB09A69279AADFACEC30EF4171 At roughly the same time, Cisco Systems made its entire Web site unavailable through hardware failure. According to the company's blog, "The issue occurred during preventative maintenance of one of our data centers when a human error caused an electrical overload on the systems. This caused Cisco.com and other applications to go down. Because of the severity of the overload, the redundancy measures in some of the applications and power systems were impacted as well, though the system did shut down as designed to protect the people and the equipment. As a result, no data were lost and no one was injured. Cisco has plans already in process to add additional redundancies to increase the resilience of these systems." http://list.windowsitpro.com/t?ctl=64A68:57B62BBB09A69279AADFACEC30EF4171 Cisco's site failure was indeed a serious problem. Imagine the worldwide impact if that outage had occurred while customers were trying to download a recently released security patch for a vulnerability that was being actively exploited. Next on the list is Skype, which managed to take down its entire worldwide peer-to-peer network last month. Because of flaws in its "supernode" software design, the company essentially created a situation in which a Denial of Service (DoS) attack became possible simply because many people were rebooting their computers at about the same time. As a result, Skype's VoIP network--which the company would surely like the majority of us to depend on for day-to-day voice communication--became useless for three days. http://list.windowsitpro.com/t?ctl=64A72:57B62BBB09A69279AADFACEC30EF4171 Yet another outage occurred when an Internet backbone cable was cut. The cut cable took down major portions of networks operated by Level 3, Cogent, and TeliaSonera, all of which provide Internet connectivity to many endpoints. When the cut cable was discovered, repair crews inadvertently repaired the damaged cable with another damaged cable and didn't discover the damage to the second cable until after the repair didn't work. As a result, the outage lasted far longer than it should have. Meanwhile, Internet connectivity for many entities was nonexistent. This particular incident wasn't any one company's fault; however it's noteworthy as yet another outage with considerable impact. http://list.windowsitpro.com/t?ctl=64A61:57B62BBB09A69279AADFACEC30EF4171 If those events weren't strangely coincidental enough already, there's more. Microsoft recently made mistakes that rendered a large number of people's Windows systems nearly useless. According to Microsoft (at the URL below), "preproduction code was accidentally sent to production servers" and the code just happened to handle the company's Windows Genuine Advantage (WGA) technology. The overall effect was that for a short period of time, the affected Windows systems could not be activated, and for a long period of time (nearly 20 hours), Windows systems could not be validated. http://list.windowsitpro.com/t?ctl=64A69:57B62BBB09A69279AADFACEC30EF4171 Think of the implications of these incidents, and ask yourself, "How secure is my enterprise if it relies increasingly on software as a service?" For John Dvorak's take on this issue, see "Don't Trust the Servers" at the following URL. http://list.windowsitpro.com/t?ctl=64A80:57B62BBB09A69279AADFACEC30EF4171 === SPONSOR: EqualLogic ======================================== SQL Server Optimization & Data Protection w/ Intelligent ISCSI SANS More and more companies are deploying storage area networks or SANs as storage needs continue to proliferate. SANs offer many unique capabilities that improve data protection, storage performance and scaling, and reduction in storage management time. This web seminar reviews best practices in deploying SQL Server in an intelligent iSCSI SAN, and shows how this provides dramatic improvements in deploying, optimizing, backing up, and recovering SQL. http://list.windowsitpro.com/t?ctl=64A65:57B62BBB09A69279AADFACEC30EF4171 === SECURITY NEWS AND FEATURES ================================= Teen's Hardware Crack Liberates iPhone In what will most likely go down in history as one of the most sensational hardware cracks ever, a teen finally broke the iPhone's AT&T lock. The phone can now be made to work with other cell phone carriers. http://list.windowsitpro.com/t?ctl=64A76:57B62BBB09A69279AADFACEC30EF4171 Hackers Team to Donate Technology to Charities A new project, ihackcharities.com, was recently launched to help provide technology equipment and services to charitable organizations. http://list.windowsitpro.com/t?ctl=64A71:57B62BBB09A69279AADFACEC30EF4171 8 More Absolutely Cool, Totally Free Utilities We've combed the Web for a brand-new collection of fantastic, free tools that will make your job easier. Download these lifesavers, add them to your USB toolkit, and be a happy administrator! http://list.windowsitpro.com/t?ctl=64A74:57B62BBB09A69279AADFACEC30EF4171 Recent Security Vulnerabilities If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at http://list.windowsitpro.com/t?ctl=64A6A:57B62BBB09A69279AADFACEC30EF4171 === SPONSOR: HP ================================================ BladeSystem as a Horizontal Technology: WP In this brief, IDC describes the importance of manageability in the selection of a blade platform and examines the needs of the market with respect to managing large volumes of homogeneous Linux platforms. Learn the three tenets in the design of HP's Control Suite. Explore automated options. http://list.windowsitpro.com/t?ctl=64A79:57B62BBB09A69279AADFACEC30EF4171 === GIVE AND TAKE ============================================== SECURITY MATTERS BLOG: When Is a "Rootkit" Not a Rootkit? by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=64A7B:57B62BBB09A69279AADFACEC30EF4171 I think every security administrator will agree that a rootkit is actually a program that grants an unauthorized user access to a system--typically administrator- or root-level access. A directory or file hidden on a system does not constitute a rootkit. http://list.windowsitpro.com/t?ctl=64A67:57B62BBB09A69279AADFACEC30EF4171 FAQ: Installing Kernel-Mode Printer Drivers by John Savill, http://list.windowsitpro.com/t?ctl=64A78:57B62BBB09A69279AADFACEC30EF4171 Q: How do I allow the installation of kernel-mode printer drivers? Find the answer at http://list.windowsitpro.com/t?ctl=64A75:57B62BBB09A69279AADFACEC30EF4171 FROM THE FORUM: Tools to Audit Web Site Access Histories A forum participant hosts a Web site on Microsoft IIS that requires people to log on to access confidential information. She's looking for a third-party tool to monitor access attempts on the server and a tool to monitor bandwidth utilization and traffic patterns. Offer suggestions at http://list.windowsitpro.com/t?ctl=64A62:57B62BBB09A69279AADFACEC30EF4171 SHARE YOUR SECURITY TIPS AND GET $100 Share your security-related tips, comments, or problems and solutions in Security Pro VIP's Reader to Reader column. Email your contributions to r2r@private If we print your submission, you'll get $100. We edit submissions for style, grammar, and length. === PRODUCTS =================================================== by Renee Munshi, products@private Give Data Owners Control over Data Access Varonis Systems announced DataPrivilege 2.5, which lets data owners rather than IT address user access requests. The new version offers enhancements in permissions handling, group membership requests, entitlement handling, and reporting. Data users can submit requests to access folders or files, and data owners can grant them by assigning users to a group with permission to the resources or by explicitly giving the users access. Users can ask to be added to specific Active Directory (AD) user groups. A data owner can define rules (e.g., stating that all users who request access to a particular folder will be given read-only permission for a week). DataPrivilege 2.5 pricing is based on the number of users, with licenses starting at $12,800 for 1 to 500 users. For more information, go to http://list.windowsitpro.com/t?ctl=64A7F:57B62BBB09A69279AADFACEC30EF4171 PRODUCT EVALUATIONS FROM THE REAL WORLD Share your product experience with your peers. Have you discovered a great product that saves you time and money? Do you use something you wouldn't wish on anyone? Tell the world! If we publish your opinion, we'll send you a Best Buy gift card! Send information about a product you use and whether it helps or hinders you to whatshot@private === RESOURCES AND EVENTS ======================================= For more security-related resources, visit http://list.windowsitpro.com/t?ctl=64A77:57B62BBB09A69279AADFACEC30EF4171 As file and print servers continue to proliferate, IT is turning to Windows file server and storage consolidation to control management costs. Explore how to save money by leveraging existing hardware, how to implement a scalable NAS cluster based on a shared data framework, and how to get the most out of your existing network infrastructure and management processes by using a shared date architecture. http://list.windowsitpro.com/t?ctl=64A63:57B62BBB09A69279AADFACEC30EF4171 Get the facts about Microsoft Unified Communications, including Exchange Server 2007 and Office Communications Server 2007, at this free virtual event on September 19. Independent Exchange experts will present practical, real-world information about deploying, managing, and securing Exchange Server 2007 and Office Communications Server 2007. http://list.windowsitpro.com/t?ctl=64A6E:57B62BBB09A69279AADFACEC30EF4171 File fragmentation is a serious problem. As a disk becomes fragmented, the workload on the OS and hardware increases, making it more difficult for applications to read and write data. File corruption becomes a distinct possibility, the computer's performance degrades, and its reliability is endangered. This white paper looks at the effect of disk defragmentation on your users. http://list.windowsitpro.com/t?ctl=64A66:57B62BBB09A69279AADFACEC30EF4171 === FEATURED WHITE PAPER ======================================= KVM over IP in Distributed IT Environments Keyboard/video/mouse (KVM) switches are a valuable management tool, but they have weaknesses in distributed environments. This white paper presents the complexities of managing the distributed data center and highlights the advantages of using a KVM-over-IP solution for flexible, scalable, affordable CAT5-based remote access. http://list.windowsitpro.com/t?ctl=64A6B:57B62BBB09A69279AADFACEC30EF4171 === ANNOUNCEMENTS ============================================== Windows IT Pro: Buy 1, Get 1 With Windows IT Pro's real-life solutions, news, tips, and tricks, AND with access to over 10,000 articles online, subscribing is like hiring your very own team of Windows consultants. Subscribe now, and get 2 years for the price of 1! http://list.windowsitpro.com/t?ctl=64A6C:57B62BBB09A69279AADFACEC30EF4171 Save 50% Off Scripting Pro VIP Scripting Pro VIP is the IT administrator's source for scripting information, tools, and downloadable code. Subscribers also get access to our editors to help answer technical questions, as well as a host of other unique benefits. Order now at an exclusive charter rate and save $50! http://list.windowsitpro.com/t?ctl=64A6D:57B62BBB09A69279AADFACEC30EF4171 ================================================================ Security UDPATE is brought to you by the Windows IT Pro Web site's Security page (first URL below) and Security Pro VIP (second URL below). http://list.windowsitpro.com/t?ctl=64A7A:57B62BBB09A69279AADFACEC30EF4171 http://list.windowsitpro.com/t?ctl=64A7E:57B62BBB09A69279AADFACEC30EF4171 Subscribe to Security UPDATE at http://list.windowsitpro.com/t?ctl=64A70:57B62BBB09A69279AADFACEC30EF4171 Be sure to add Security_UPDATE@private to your antispam software's list of allowed senders. To contact us: About Security UPDATE content -- letters@private About technical questions -- http://list.windowsitpro.com/t?ctl=64A7C:57B62BBB09A69279AADFACEC30EF4171 About your product news -- products@private About your subscription -- windowsitproupdate@private About sponsoring Security UPDATE -- salesopps@private View the Windows IT Pro privacy policy at http://list.windowsitpro.com/t?ctl=64A6F:57B62BBB09A69279AADFACEC30EF4171 Windows IT Pro, a division of Penton Media, Inc. 221 East 29th Street, Loveland, CO 80538 Attention: Customer Service Department Copyright 2007, Penton Media, Inc. All rights reserved. ____________________________________ Attend HITBSecConf2007 - Malaysia Taking place September 3-6 2007 featuring seven tracks of technical training and a dual-track security conference with keynote speakers Lance Spitzner and Mikko Hypponen! - Book your seats today! http://conference.hitb.org/hitbsecconf2007kl/
This archive was generated by hypermail 2.1.3 : Wed Sep 05 2007 - 22:19:31 PDT