Privacy. Compliance. International Data. Free WP
http://list.windowsitpro.com/t?ctl=410A9:886699
Reducing the Cost of IT Compliance: Streamlining the IT Compliance Life
Cycle
http://list.windowsitpro.com/t?ctl=41092:886699
Liquid Machines and Windows RMS: Rights Management for the Enterprise
http://list.windowsitpro.com/t?ctl=4108F:886699
=== CONTENTS ===================================================
IN FOCUS: SANS Updates Its Annual Top 20 List
NEWS AND FEATURES
- Microsoft Licenses Group Policy Conversion Tool to Ease Vista
Migration
- Forefront Client Beta Available; New Forefront Server Products
Coming Soon
- Web Application Security Report to Debut in January
- Recent Security Vulnerabilities
GIVE AND TAKE
- Security Matters Blog: Windows Vista Security Guide Available
- FAQ: Using FrontPage to Backup or Restore a SharePoint Site
- From the Forum: Setting Up Security Groups
- Know Your IT Security Contest
- SharePoint Pro Online--LIVE! Event
PRODUCTS
- Manage USB Drives for Access and Storage
- Wanted: Your Reviews of Products
RESOURCES AND EVENTS
FEATURED WHITE PAPER
ANNOUNCEMENTS
=== SPONSOR: NetIQ =============================================
Privacy. Compliance. International Data. Free WP
Is your multinational company feeling mounting pressure trying to
meet worldwide compliance regulations that protect personally
identifiable information or PII? The timely Free White Paper: Privacy,
Compliance and International Data Flows presents action steps needed to
avoid legal problems today.
http://list.windowsitpro.com/t?ctl=410A9:886699
=== IN FOCUS: SANS Updates Its Annual Top 20 List ==============
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
In the past, the SANS Institute published an annual list, Top 10
Vulnerabilities, that outlined the most serious vulnerabilities facing
system administrators on a variety of platforms. The list was later
expanded to the top 20 vulnerabilities. This year, SANS has changed the
name of its list to the SANS Top-20 Internet Security Attack Targets.
The list is divided into four categories--OSs, cross-platform
applications, network devices, and security policy and personnel--along
with a special section that discusses zero-day attacks. The OS category
is almost entirely devoted to Windows. Areas that need special
attention on Windows platforms include Internet Explorer (IE), Windows
libraries (DLLs), services, overall system configuration, and Office.
The cross-platform applications category is broad and includes common
targets of attack such as Web applications, database software, P2P and
IM applications, media players, DNS servers, backup software, and
various types of management servers.
As history shows, new targets of attack typically include emerging
technologies, which are usually less mature and thus prone to include
exploitable bugs. VoIP technology is a case in point. SANS points out
that both VoIP servers and phones have become major targets, with no
fewer than four vulnerabilities reported in the hugely popular Asterisk
VoIP server platform, two vulnerabilities in Cisco Call Manager, and at
least seven vulnerabilities in VoIP phones.
Two long-standing information security problems have been the existence
of excessive user rights and the use of unauthorized devices. Both
these problems could be related to insufficient or nonexistent security
policies. Such problems could give rise to situations in which users
inadvertently open security holes into a network or introduce malware.
The problem could also lead to the exposure or theft of sensitive
company information.
Phishing is of course a major problem and makes end users a major point
of attack. Phishing attacks, like other forms of social engineering,
are designed to glean sensitive information from unsuspecting users.
Attacks can be very sophisticated and highly tailored and targeted.
Last, but certainly not least, are the ever-present zero-day exploits
that have plagued security administrators since computers came into
mainstream use. Although historically, most zero-day attacks have
targeted Windows platforms, other OSs aren't immune. The SANS list
points to Windows and Apple OS X as the current major points of attack.
However, zero-day exploits have also turned into attacks against
various Linux platforms, Wi-Fi devices and their drivers, and other
commonly used technologies. In fact, the Kernel Fun blog is currently
hosting a "month of kernel bugs" that affect various platforms,
including BSD and Linux. In some cases, no patch is available for the
bugs posted, which of course puts millions of users and many businesses
at serious risk. How fun is that?
http://list.windowsitpro.com/t?ctl=410A8:886699
The SANS Top-20 Internet Security Attack Targets report is a good
resource for security administrators to use as a means to gain insight
into what others see as the most serious attack vectors. The report is
free at the SANS Web site in HTML or PDF format, and administrators
would do well to carefully review the report to make sure that they've
got all their bases covered.
http://list.windowsitpro.com/t?ctl=410AB:886699
=== SPONSOR: Scalable Software =================================
Reducing the Cost of IT Compliance: Streamlining the IT Compliance Life
Cycle
The average enterprise spends nearly $10 million annually on IT
compliance. Download this free whitepaper today to streamline the
compliance lifecycle, and dramatically reduce your company's costs!
http://list.windowsitpro.com/t?ctl=41092:886699
=== SECURITY NEWS AND FEATURES =================================
Microsoft Licenses Group Policy Conversion Tool to Ease Vista Migration
The ADMX Migrator tool, developed by FullArmor, will be available
for free to convert ADM templates to ADMX.
http://list.windowsitpro.com/t?ctl=4109F:886699
Forefront Client Beta Available; New Forefront Server Products Coming
Soon
Microsoft released the Forefront Client Security public beta and
announced that Forefront Security for Exchange Server and Forefront
Security for SharePoint will be available in December.
http://list.windowsitpro.com/t?ctl=410A1:886699
Web Application Security Report to Debut in January
WhiteHat Security will soon begin offering a quarterly report on the
vulnerabilities affecting enterprise Web sites.
http://list.windowsitpro.com/t?ctl=410A0:886699
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http://list.windowsitpro.com/t?ctl=41094:886699
=== SPONSOR: Liquid Machines ===================================
Liquid Machines and Windows RMS: Rights Management for the Enterprise
Extend Microsoft Windows Rights Management Services (RMS) to support
enterprise requirements for information protection, including
proprietary business data.
http://list.windowsitpro.com/t?ctl=4108F:886699
=== GIVE AND TAKE ==============================================
SECURITY MATTERS BLOG: Windows Vista Security Guide Available
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=410A6:886699
Microsoft published its official Windows Vista Security Guide. It's
available at the TechNet Web site now.
http://list.windowsitpro.com/t?ctl=4109E:886699
FAQ: Using FrontPage to Backup or Restore a SharePoint Site
Q: How can I use Microsoft FrontPage to back up or restore a Microsoft
SharePoint site?
Find the answer at
http://list.windowsitpro.com/t?ctl=4109D:886699
FROM THE FORUM: Setting Up Security Groups
A reader has set up two security groups on a shared folder; one
allows special modify access and the other allows modify access. With
the security setting applied, users can create subfolders but can't
rename files. Is there a solution for this? Join the discussion at
http://list.windowsitpro.com/t?ctl=4108D:886699
KNOW YOUR IT SECURITY Contest
Share your security-related tips, comments, or solutions in 1000
words or less, and you could be one of 13 lucky winners of a Zune media
player. Tell us how you do patch management, share a security script,
or write about a security article you've read or a Webcast you've
viewed. Submit your entry between now and December 13. We'll select the
13 best entries, and the winners will receive a Zune media player--
plus, we'll publish the winning entries in the Windows IT Security
newsletter. Email your contributions to tipswinitsec@windowsitpro.com.
Prizes are courtesy of Microsoft Learning Paths for Security:
http://list.windowsitpro.com/t?ctl=410A2:886699
SharePoint Pro Online--LIVE! will be a premier virtual event for
developers and administrators of SharePoint products and technologies.
Brought to you by MSD2D and the Windows IT Media Community, this event
will demonstrate, showcase, and exhibit the premier companies in the
SharePoint market. The conference will bring industry experts to the
desktops of attendees, educating them on various SharePoint topics.
TO REGISTER: http://list.windowsitpro.com/t?ctl=410A3:886699
=== PRODUCTS ===================================================
by Renee Munshi, products@windowsitpro.com
Manage USB Drives for Access and Storage
RedCannon Security offers KeyPoint Alchemy, which turns USB flash
drives from a variety of manufacturers into corporate storage and
access devices. KeyPoint Alchemy, an appliance-based system with a Web-
based management interface, automatically updates applications,
content, authentication tokens, and security policies on USB drives. It
offers complete USB device lifecycle management, including
provisioning, password reset, and remote destruction. For more
information, go to
http://list.windowsitpro.com/t?ctl=410A7:886699
WANTED: your reviews of products you've tested and used in
production. Send your experiences and ratings of products to
whatshot@windowsitpro.com and get a Best Buy gift certificate.
=== RESOURCES AND EVENTS =======================================
For more security-related resources, visit
http://list.windowsitpro.com/t?ctl=410A4:886699
Can you set up a single sign-on environment for Linux and Windows?
After attending this free seminar from TechX World on December 14,
you'll be able to! We'll discuss the different authentication
mechanisms used by Windows and Linux and show how you can configure
networked Linux systems to accept logons in a secure manner using
Windows AD accounts. Register today!
http://list.windowsitpro.com/t?ctl=4109B:886699
Do you have visibility of and control over your software licenses? Most
organizations face serious challenges, such as understanding vendor
licensing models, cost overruns, missed deadlines and business
opportunities, and lost user productivity. Learn to address these
challenges and prepare for audits. Register for the free Web seminar,
available now!
http://list.windowsitpro.com/t?ctl=4108E:886699
BONUS: Register for any Web seminar--live or on-demand--during the
month of November, and you could win a PS3! View a full list of
eligible seminars at
http://list.windowsitpro.com/t?ctl=41093:886699
Are you an Oracle professional who has cross-platform responsibilities,
or do you need to transfer your skill set to SQL Server? If so,
register for free to attend the Cross Platform Data online event
January 30 and 31 and February 1, 2007. In a seminar featuring SQL
Server/Oracle experts Andrew Sisson from Scalability Experts and
Douglas McDowell from Solid Quality Learning, you'll learn key concepts
about SQL Server 2005, including how to deploy SQL Server's BI
capabilities on Oracle, proof points demonstrating that SQL Server is
enterprise-ready, and how to successfully deploy Oracle on the Windows
platform.
http://list.windowsitpro.com/t?ctl=4109C:886699
After disaster strikes, does recovering your data feel like digging for
buried treasure? Test your disaster recovery skills, and you could win!
Each week we'll give away a USB flash drive to one lucky treasure
hunter. You'll also be entered to win the full treasure chest,
including Bose headphones! Test your skills now!
http://list.windowsitpro.com/t?ctl=41095:886699
In this free podcast, Randy Franklin Smith outlines five evaluation
points to consider when choosing your antispyware solution. Download it
today!
http://list.windowsitpro.com/t?ctl=41091:886699
=== FEATURED WHITE PAPER =======================================
When your email systems go down, do your employees stop communicating?
Of course not--they find alternative methods, which might not be
compliant with your messaging regulations. Download this free Executive
Guide to discover the impact of email outages on compliance and learn
methods for establishing continuity in your corporate messaging
environment.
http://list.windowsitpro.com/t?ctl=41090:886699
=== ANNOUNCEMENTS ==============================================
Special Invitation for VIP Access
Become a VIP subscriber and get continuous, inside access to ALL the
content published in Windows IT Pro, SQL Server Magazine, and the
Exchange and Outlook Administrator, Windows Scripting Solutions, and
Windows IT Security newsletters. Subscribe now and SAVE $100:
http://list.windowsitpro.com/t?ctl=41097:886699
Save $40 off SQL Server Magazine
Subscribe to SQL Server Magazine today and SAVE $40! Along with your
12 issues, you'll get FREE access to the entire SQL Server Magazine
online article archive, which houses more than 2,500 helpful SQL Server
articles. This offer expires on November 30, 2006, so order now:
http://list.windowsitpro.com/t?ctl=41096:886699
================================================================
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and the Windows IT Security newsletter
(subscribe at the second URL below).
http://list.windowsitpro.com/t?ctl=410A5:886699
http://list.windowsitpro.com/t?ctl=41098:886699
Subscribe to Security UPDATE at
http://list.windowsitpro.com/t?ctl=4109A:886699
Unsubscribe by clicking
http://list.windowsitpro.com/u?id=4160B336D0B60CB19EFBC7093CE1B547
Be sure to add Security_UPDATE@list.windowsitpro.com
to your antispam software's list of allowed senders.
To contact us:
About Security UPDATE content -- letters@windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=410AA:886699
About your product news -- products@windowsitpro.com
About your subscription -- windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- salesopps@windowsitpro.com
View the Windows IT Pro privacy policy at
http://list.windowsitpro.com/t?ctl=41099:886699
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2006, Penton Media, Inc. All rights reserved.
No comments:
Post a Comment