Forwarded with permission from: Security UPDATE <Security_UPDATE (at) list.windowsitpro.com> PLEASE VISIT OUR SPONSORS, WHO BRING YOU SECURITY UPDATE FOR FREE: Gain Control of Software Usage and Reduce Audit Risks http://list.windowsitpro.com/t?ctl=66902:57B62BBB09A6927966C0B9687E3C8343 Right-Sizing Your Log Management System http://list.windowsitpro.com/t?ctl=66903:57B62BBB09A6927966C0B9687E3C8343 Ensuring End User Continuity http://list.windowsitpro.com/t?ctl=66904:57B62BBB09A6927966C0B9687E3C8343 === CONTENTS =================================================== IN FOCUS: Tor Experiment Proves You Should Use SSL for Email NEWS AND FEATURES - eIQnetworks Publishes Open Log Format Specification - 89 Percent of Those Surveyed Want Use of SSNs Restricted - PatchLink Becomes Lumension Security - Recent Security Vulnerabilities GIVE AND TAKE - Security Matters Blog: Security Sites Become Targets of DDoS Attacks - FAQ: How to Display Windows 2008 Group Policy Settings - From the Forum: ISA Server and an Exchange Back-End Server - Share Your Security Tips PRODUCTS - Faster, More Manageable Web Filtering - Product Evaluations from the Real World RESOURCES AND EVENTS FEATURED WHITE PAPER ANNOUNCEMENTS === SPONSOR: Macrovision ======================================= Gain Control of Software Usage and Reduce Audit Risks Most organizations face serious challenges, including understanding vendor-licensing models, cost overruns, missed deadlines, business opportunities, and lost user productivity. Learn to address these challenges, and prepare for audits. Register for the free Web seminar, available now! http://list.windowsitpro.com/t?ctl=66902:57B62BBB09A6927966C0B9687E3C8343 === IN FOCUS: Tor Experiment Proves You Should Use SSL for Email by Mark Joseph Edwards, News Editor, mark at ntsecurity / net A few weeks ago, Swedish security aficionado Dan Egerstad published a list that sent out some big shockwaves. Egerstad set up five The Onion Router (Tor) exit nodes around the world, put them online for the public to use, and then sniffed traffic as it left those exit nodes to look for credentials used for POP3 and IMAP traffic. When his adventure was over, Egerstad wound up with a lengthy list of logon names and passwords for high-profile mailboxes, including credentials that belong to workers at various embassies, consulates, large American companies, and even the offices of the Dalai Lama. In case you aren't familiar with Tor, it's basically a network of independently operated servers that work together to provide an encrypted VPN. Traffic sent through Tor is moved through at least three Tor servers in an ever-changing pattern. The premise is to provide some level of anonymity for Tor users so that they can disguise the origin of their traffic. Anyone can run a Tor server, and anyone can use the Tor network as a client. As Egerstad's adventure reveals, many high-profile people use Tor without adequate knowledge of how it works, and thus they remain unaware of the overall risks. The Tor network does encrypt traffic, and it does make an attempt to randomize the route that the traffic takes along its way to its destination. Because traffic is encrypted as it moves through the Tor network, Tor server operators can't easily sniff traffic as it passes through their Tor server. However, the traffic must be decrypted before it's sent to its final destination; therefore Tor exit server operators can sniff traffic if it wasn't encrypted prior to being sent into the Tor network. Egerstad's adventure was designed to discover how many people don't encrypt traffic before sending it to the Tor network. A similar experiment is conducted each year at the DEFCON security conference: Sniffers are used to capture the credentials of people who use the conference wireless network without adequate encryption. The results are then posted on the Wall of Sheep (sometimes also referred to as the Wall of Shame). One might think that administrators for embassies and consulates would be aware of the potential for people to sniff network traffic, but apparently they aren't as aware as they ought to be. Some are more aware now after being embarrassed by Egerstad's findings. After Egerstad published his list of results on August 30 (at the URL below), his site was quickly shut down, apparently at the request of unnamed law enforcement agencies in the United States. Sometime during the following week, Egerstad's Web site went back online, and he then posted more details of his adventure. Included in the mix of information is the fact that there are plenty of suspicious Tor servers taking part in the overall Tor network, and that fact ought to give anyone using Tor some amount of pause. http://list.windowsitpro.com/t?ctl=66918:57B62BBB09A6927966C0B9687E3C8343 The lesson to be learned from Egerstad's adventure is that all administrators should seriously consider implementing POP3 and IMAP over Secure Sockets Layer (SSL). Most email clients and servers support SSL connectivity, and there's little if any reason not to use it these days. Even if your users don't use Tor or other anonymizing tools (such as public proxy servers), it's still a good idea to use SSL--even on in-house networks, because the threat from company insiders is equal to the threat from those outside your company. And, with the increasing trend toward telecommuting, SSL is becoming even more important as a standard tool that can help guard your private communications. === SPONSOR: EventTracker ====================================== Right-Sizing Your Log Management System Learn how to effectively achieve ROI with your log management system in a matter of months without costly or daunting investments. This web seminar addresses how to ensure your organization gets the most out of its log management investment, key requirements and architectural differences to consider, and caveats and risks to be on watch for as you spec out your requirements and design. http://list.windowsitpro.com/t?ctl=66903:57B62BBB09A6927966C0B9687E3C8343 === SECURITY NEWS AND FEATURES ================================= eIQnetworks Publishes Open Log Format Specification eIQnetworks announced the availability of the new Open Log Format (OLF) specification, an open source event-logging standard. The company hopes the new standard will be adopted to facilitate easier aggregation of security log information. http://list.windowsitpro.com/t?ctl=66911:57B62BBB09A6927966C0B9687E3C8343 89 Percent of Those Surveyed Want Use of SSNs Restricted A recent poll conducted by Consumers Union--publisher of Consumer Reports--revealed that 89 percent of those surveyed want lawmakers to create laws that restrict the use of Social Security numbers (SSNs). http://list.windowsitpro.com/t?ctl=6690F:57B62BBB09A6927966C0B9687E3C8343 PatchLink Becomes Lumension Security In June, PatchLink announced that it would merge with SecureWave, a provider of endpoint security. On the heels of the merger, completed in mid-July, PatchLink has renamed the newly combined companies Lumension Security. http://list.windowsitpro.com/t?ctl=6690E:57B62BBB09A6927966C0B9687E3C8343 Recent Security Vulnerabilities If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at http://list.windowsitpro.com/t?ctl=66907:57B62BBB09A6927966C0B9687E3C8343 === SPONSOR: Neverfail ========================================= Ensuring End User Continuity When your systems go down, your users' productivity grinds to a halt. User downtime is one of the fastest growing concerns among businesses. This free Web seminar teaches you how to keep your users continuously connected and your business up and running. View the On- Demand Web seminar now! http://list.windowsitpro.com/t?ctl=66904:57B62BBB09A6927966C0B9687E3C8343 === GIVE AND TAKE ============================================== SECURITY MATTERS BLOG: Security Sites Become Targets of DDoS Attacks by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=66916:57B62BBB09A6927966C0B9687E3C8343 Numerous sites that offer security information have come under sustained Distributed Denial of Service (DDoS )attacks, and some of the sites remain offline due to traffic overloads. http://list.windowsitpro.com/t?ctl=66910:57B62BBB09A6927966C0B9687E3C8343 FAQ: How to Display Windows 2008 Group Policy Settings by John Savill, http://list.windowsitpro.com/t?ctl=66913:57B62BBB09A6927966C0B9687E3C8343 Q: Where can I see a list of all the Windows 2008 Group Policy settings? Find the answer at http://list.windowsitpro.com/t?ctl=6690D:57B62BBB09A6927966C0B9687E3C8343 FROM THE FORUM: ISA Server and an Exchange Back-End Server A forum participant writes that Microsoft recommends a scenario in which you put Microsoft ISA Server in a demilitarized zone (DMZ) and publish Microsoft Outlook Web Access (OWA) from a Microsoft Exchange front-end server on the inside. Looking at it strictly from a security point of view, he wonders, is there any difference in publishing the back-end server instead and skipping the front-end server? If you manage to hack the front-end server, he says, you're already inside. Join the discussion at http://list.windowsitpro.com/t?ctl=66901:57B62BBB09A6927966C0B9687E3C8343 SHARE YOUR SECURITY TIPS AND GET $100 Share your security-related tips, comments, or problems and solutions in Security Pro VIP's Reader to Reader column. Email your contributions to r2r@private If we print your submission, you'll get $100. We edit submissions for style, grammar, and length. === PRODUCTS =================================================== by Renee Munshi, products@private Faster, More Manageable Web Filtering St. Bernard Software announced the iPrism M11000, a Web filtering appliance for large and midsized enterprises. St. Bernard also announced a major software upgrade, version 5.0, for all iPrism appliances. The iPrism M11000 provides an 80 percent performance improvement over the existing iPrism M3100 appliance. Version 5.0 of the iPrism software includes a new Safe Search feature that ensures that inappropriate Web content doesn't appear in thumbnails generated by Google search engine results and a new Delegated Administration feature that lets organizations separate policy-setting responsibility from technical administration. For more information, go to http://list.windowsitpro.com/t?ctl=6691A:57B62BBB09A6927966C0B9687E3C8343 PRODUCT EVALUATIONS FROM THE REAL WORLD Share your product experience with your peers. Have you discovered a great product that saves you time and money? Do you use something you wouldn't wish on anyone? Tell the world! If we publish your opinion, we'll send you a Best Buy gift card! Send information about a product you use and whether it helps or hinders you to whatshot@private === RESOURCES AND EVENTS ======================================= For more security-related resources, visit http://list.windowsitpro.com/t?ctl=66912:57B62BBB09A6927966C0B9687E3C8343 Microsoft TechEd IT Forum TechEd IT Forum is Microsoft's premier European conference designed to provide IT professionals with technical training, information, and community resources for building, planning, deploying, and managing the secure connected enterprise. http://list.windowsitpro.com/t?ctl=66914:57B62BBB09A6927966C0B9687E3C8343 11 Reasons to Upgrade to Backup Exec 11d from Symantec Download this free on-demand Web seminar to learn about the key benefits of upgrading your current backup software to Symantec Backup Exec 11d; discover the latest enhancements in Backup Exec, the gold standard in Windows data recovery; and find out how you can take advantage of special upgrade pricing. http://list.windowsitpro.com/t?ctl=66905:57B62BBB09A6927966C0B9687E3C8343 Comparing Email Management Systems that Protect Against Spam, Viruses, Malware, & Phishing As a systems administrator, you're tasked with determining which email security tool is the best fit for your company. Sunbelt Software engaged Osterman Research to survey enterprises that are using five of the leading email management systems that protect against spam, viruses, malware, and phishing attacks. This white paper presents the results of this survey and is a must-read for any administrator researching email security tools for Microsoft Exchange. http://list.windowsitpro.com/t?ctl=66908:57B62BBB09A6927966C0B9687E3C8343 === FEATURED WHITE PAPER ======================================= The Web Isn't Fun Anymore: How Websense Technology Protects Against Internet-Based Threats Thanks to its wealth of information, the Internet has become not only a vital business tool but also an important part of our personal lives. However, it does have a dark side. This white paper examines technologies that will help guard against Internet-based threats. http://list.windowsitpro.com/t?ctl=66906:57B62BBB09A6927966C0B9687E3C8343 === ANNOUNCEMENTS ============================================== Windows IT Pro: Buy 1, Get 1 With Windows IT Pro's real-life solutions, news, tips and tricks, and access to over 10,000 articles online, subscribing is like hiring your very own team of Windows consultants. Subscribe now, and get 2 years for the price of 1! http://list.windowsitpro.com/t?ctl=66909:57B62BBB09A6927966C0B9687E3C8343 Save 50% Off Scripting Pro VIP Scripting Pro VIP is the IT administrator's source for scripting information, tools, and downloadable code. Subscribers also get access to our editors to help answer technical questions, as well as a host of other unique benefits. Order now at an exclusive charter rate and save $50! http://list.windowsitpro.com/t?ctl=6690A:57B62BBB09A6927966C0B9687E3C8343 ================================================================ Security UDPATE is brought to you by the Windows IT Pro Web site's Security page (first URL below) and Security Pro VIP (second URL below). http://list.windowsitpro.com/t?ctl=66915:57B62BBB09A6927966C0B9687E3C8343 http://list.windowsitpro.com/t?ctl=66919:57B62BBB09A6927966C0B9687E3C8343 Subscribe to Security UPDATE at http://list.windowsitpro.com/t?ctl=6690C:57B62BBB09A6927966C0B9687E3C8343 Be sure to add Security_UPDATE@private to your antispam software's list of allowed senders. To contact us: About Security UPDATE content -- letters@private About technical questions -- http://list.windowsitpro.com/t?ctl=66917:57B62BBB09A6927966C0B9687E3C8343 About your product news -- products@private About your subscription -- windowsitproupdate@private About sponsoring Security UPDATE -- salesopps@private View the Windows IT Pro privacy policy at http://list.windowsitpro.com/t?ctl=6690B:57B62BBB09A6927966C0B9687E3C8343 Windows IT Pro, a division of Penton Media, Inc. 221 East 29th Street, Loveland, CO 80538 Attention: Customer Service Department Copyright 2007, Penton Media, Inc. All rights reserved. __________________________________________________________________ CSI 2007 is the only conference that delivers a business-focused overview of enterprise security. It will convene 1,500+ delegates, 80 exhibitors and features 100+ sessions/seminars providing a roadmap for integrating policies and procedures with new tools and techniques. Register now for savings on conference fees and/or free exhibits admission. - www.csiannual.com
This archive was generated by hypermail 2.1.3 : Wed Sep 19 2007 - 23:18:58 PDT