Roadmap to Email Archiving and Compliance
http://list.windowsitpro.com/t?ctl=51990:4160B336D0B60CB18386BF457CE14076
Guide to SQL Server Backup and Recovery
http://list.windowsitpro.com/t?ctl=5198E:4160B336D0B60CB18386BF457CE14076
Beyond the Buzzword: Demystifying Virtualization
http://list.windowsitpro.com/t?ctl=5198F:4160B336D0B60CB18386BF457CE14076
=== CONTENTS ===================================================
IN FOCUS: More Help Securing PHP Installations
NEWS AND FEATURES
- Scrub Your Ajax Applications to Remove Security Problems
- Wireless Equivalent Privacy Offers No Privacy
- Top 10 Configuration Mistakes and How to Avoid Them
- Recent Security Vulnerabilities
GIVE AND TAKE
- Security Matters Blog: NGSSoftware on Oracle Forensics
- FAQ: View the Full Network Map in Vista
- From the Forum: Why Does Installing Word on a Server Fix EFS
Problems?
- Tell Us About the Products You Love!
- Share Your Security Tips
PRODUCTS
- Enforce Strong Passwords
RESOURCES AND EVENTS
FEATURED WHITE PAPER
ANNOUNCEMENTS
=== SPONSOR: Sherpa Software ===================================
Roadmap to Email Archiving and Compliance
How will compliance regulations affect your IT infrastructure? Help
design your retention and retrieval, privacy and security policies to
make sure that your organization is compliant. Download the free eBook
today!
http://list.windowsitpro.com/t?ctl=51990:4160B336D0B60CB18386BF457CE14076
=== IN FOCUS: More Help Securing PHP Installations =============
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
You probably recall the Month of PHP Bugs (MOPB), which I wrote about
in March (see the first URL below). By the end of the MOPB, 41 bugs had
been published. Jeff Forristal, a senior research and development
engineer at SPI Dynamics, monitored the bug postings, and mid-month, he
wrote an article that offers a general overview and analysis (at the
second URL below).
http://list.windowsitpro.com/t?ctl=51993:4160B336D0B60CB18386BF457CE14076
http://list.windowsitpro.com/t?ctl=5198B:4160B336D0B60CB18386BF457CE14076
Forristal's article offers some interesting information about the
potential impact of the bugs released up to that time. Most notable is
that two of the bugs could lead to a serious server security compromise
for those who allow third parties to upload and run PHP-based scripts
on their servers. Forristal wrote that "Web hosting companies offering
PHP hosting services should be really concerned right now."
Last week, Forristal published a second article regarding MOPB, which
is available at the URL below. Again he offers some very interesting
analysis that gives you plenty of reason to make absolutely certain
that you're using the latest version of PHP 4 or 5. While the analysis
is very helpful, I found the information in the section "Being
proactive with your PHP installation" even more helpful.
http://list.windowsitpro.com/t?ctl=5198A:4160B336D0B60CB18386BF457CE14076
In that section, Forristal offers a lengthy list of various
configuration settings that should be checked. In some cases, you might
find that there are a lot of PHP features that your applications don't
use and that therefore shouldn't be enabled. You can think of securing
your PHP installation as you would any other server hardening process--
if you aren't using a component, it shouldn't be enabled on the system.
The next version of PHP 5--PHP 5.2.2--is under development, and Release
Candidate 1 (RC1) will have been released into testing by the time you
read this or soon will be. While the final version release date isn't
set yet, hopefully it won't be too far in the future. When it becomes
available, make certain that you upgrade as soon as you can.
Unfortunately, there isn't any news as to when a new version of PHP 4
will become available. You can check for news at the PHP.net Web site,
and look for future announcements in the php.internals news group at
the URL below.
http://list.windowsitpro.com/t?ctl=519A7:4160B336D0B60CB18386BF457CE14076
For yet more ways to secure your PHP installation, see my earlier
article at the URL below.
http://list.windowsitpro.com/t?ctl=5199C:4160B336D0B60CB18386BF457CE14076
===
TechX Interoperability Web site and UPDATE email newsletter:
Do you work in a mixed environment? Visit TechX World (at the first
URL below) for information about Windows interoperability. The TechX
World community gives you access to interoperability articles that
aren't available anywhere else; news, tips, and tricks from interop
experts and other users; and forums and blog posts by other community
members. Join the TechX World community and sign up for the TechX
Interoperability UPDATE email newsletter (at the second URL below).
http://list.windowsitpro.com/t?ctl=519A9:4160B336D0B60CB18386BF457CE14076
http://list.windowsitpro.com/t?ctl=519A5:4160B336D0B60CB18386BF457CE14076
=== SPONSOR: Idera =============================================
Guide to SQL Server Backup and Recovery
Maximize uptime by using four high-availability technologies that
are provided by SQL Server 2005: failover clustering, database
mirroring, log shipping and replication. Download this essential guide
now and learn to optimize your SQL Server backup and recovery with
technologies you already have.
http://list.windowsitpro.com/t?ctl=5198E:4160B336D0B60CB18386BF457CE14076
=== SECURITY NEWS AND FEATURES =================================
Scrub Your Ajax Applications to Remove Security Problems
Fortify Software recently released an advisory that discusses what
it calls "a new class of vulnerability: JavaScript Hijacking" that can
affect Web applications written in Asynchronous JavaScript and XML
(Ajax).
http://list.windowsitpro.com/t?ctl=51998:4160B336D0B60CB18386BF457CE14076
Wireless Equivalent Privacy Offers No Privacy
WEP is even less secure than originally thought. New methods can
crack the encryption in a matter of minutes.
http://list.windowsitpro.com/t?ctl=5199A:4160B336D0B60CB18386BF457CE14076
Top 10 Configuration Mistakes and How to Avoid Them
Blake Eno recently spoke with Configuresoft's Technology Strategist,
George Gerchow, and Vice President of Marketing, Andrew Byrd, about the
top 10 configuration mistakes most commonly made and how to avoid them.
Get a rundown in this article on our Web site.
http://list.windowsitpro.com/t?ctl=5199B:4160B336D0B60CB18386BF457CE14076
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http://list.windowsitpro.com/t?ctl=51992:4160B336D0B60CB18386BF457CE14076
=== SPONSOR: HP ================================================
Beyond the Buzzword: Demystifying Virtualization
Total Cost of Ownership--TCO--It's every executive's favorite
buzzword, but what does it really mean and how does it affect you? In
this podcast, Ben Smith explains how your organization can use
virtualization technology to measurably improve the TCO for servers and
clients.
http://list.windowsitpro.com/t?ctl=5198F:4160B336D0B60CB18386BF457CE14076
=== GIVE AND TAKE ==============================================
SECURITY MATTERS BLOG: NGSSoftware on Oracle Forensics
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=519A3:4160B336D0B60CB18386BF457CE14076
If you use Oracle database server, you'll probably find these three new
papers from Next Generation Security Software (NGSSoftware)'s
Databasesecurity.com Web site very useful.
http://list.windowsitpro.com/t?ctl=5199E:4160B336D0B60CB18386BF457CE14076
FAQ: View the Full Network Map in Vista
by John Savill, http://list.windowsitpro.com/t?ctl=519A0:4160B336D0B60CB18386BF457CE14076
Q: How do I enable the "Full Network Map" in Windows Vista when the
machine is part of a domain?
Find the answer at
http://list.windowsitpro.com/t?ctl=5199D:4160B336D0B60CB18386BF457CE14076
FROM THE FORUM: Why Does Installing Word on a Server Fix EFS Problems?
A forum participant writes that he has two computers running Windows
XP Professional SP2. They access Encrypting File System (EFS)-encrypted
files on a Windows Server 2003 computer, which happens to be the domain
controller (DC). Several types of files are encrypted, including .doc,
.xls, .pdf, other Adobe Systems file types, and .txt.
Everything worked fine except that users received an error message
when they tried to save a Word file, even one they just created. The
forum participant installed Word on the server, and the problem went
away. However, the participant notes that Excel, for example, is not on
the server, and Excel operations work fine. The participant wonders if
this is a known issue and if there's a better way of fixing the
problem.
http://list.windowsitpro.com/t?ctl=5198C:4160B336D0B60CB18386BF457CE14076
TELL US ABOUT THE PRODUCTS YOU LOVE!
What products are you using that save you time or make your workload
a little lighter? What hot product discoveries have you made that other
IT pros need to know about? Let the world know about your experiences
in Windows IT Pro's monthly What's Hot department. If we publish your
story in What's Hot, we'll send you a Best Buy gift card! Send
information about your favorite product and how it has helped you to
whatshot@windowsitpro.com.
SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and
solutions in Security Pro VIP's Reader to Reader column. Email your
contributions to r2r@securityprovip.com. If we print your submission,
you'll get $100. We edit submissions for style, grammar, and length.
=== PRODUCTS ===================================================
by Renee Munshi, products@windowsitpro.com
Enforce Strong Passwords
Altus Network Solutions offers Passfilt Pro 3.54, a password
filtering and policy enforcement solution that lets you maintain as
many as six password policies in one Windows domain. A new client
component provides password requirements specific to the end user,
gauges password strength as the user types a new password, and if the
password doesn't meet the requirements, gives the user the reasons for
failure. Passfilt Pro is controlled by Group Policy Objects (GPOs); it
doesn't require a separate password policy server. Passfilt Pro
compares a proposed password against a multilanguage dictionary of more
than 2 million common passwords and rejects any proposed passwords that
are in the dictionary. For more information, go to
http://list.windowsitpro.com/t?ctl=519A1:4160B336D0B60CB18386BF457CE14076
=== RESOURCES AND EVENTS =======================================
For more security-related resources, visit
http://list.windowsitpro.com/t?ctl=5199F:4160B336D0B60CB18386BF457CE14076
Windows + UNIX/Linux = You Need TechX World!
If you work in an environment that includes both Windows and UNIX or
Linux, TechX World is the place to go for practical strategies and
resources to add to your toolkit. This one-day technical training event
will teach you how to make the most of open-source tools on Windows and
how to manage and sync multiple directories. Register today!
http://list.windowsitpro.com/t?ctl=51999:4160B336D0B60CB18386BF457CE14076
Get Ready for the Windows Server Longhorn Roadshow!
Seize control of your Windows infrastructure with Microsoft's
biggest server release since Windows 2003. Get a live, under-the-hood
look at Longhorn virtualization, deployment, Web services, and
breakthroughs in core reliability. This one-day event is filled with
demonstrations and in-depth discussions designed for IT pros who want a
deep understanding of Windows Server Longhorn.
http://list.windowsitpro.com/t?ctl=51996:4160B336D0B60CB18386BF457CE14076
Deploy Exchange Server 2007 Without a Hitch!
This one-day technical training event teaches you how to preempt
pitfalls and avoid corrupting your email infrastructure. Learn how to
effectively install, manage, and secure Exchange Server 2007 in a 64-
bit environment. You'll also get a peek into the integration of
Outlook, SharePoint Server 2007, and Exchange Server 2007. Register
today!
http://list.windowsitpro.com/t?ctl=51991:4160B336D0B60CB18386BF457CE14076
=== FEATURED WHITE PAPER =======================================
Do you want to block unwanted or undesirable email? Download this free
white paper to learn how to manage the content of messages traversing
your network.
http://list.windowsitpro.com/t?ctl=5198D:4160B336D0B60CB18386BF457CE14076
=== ANNOUNCEMENTS ==============================================
Introducing a Unique Security Resource
Security Pro VIP is an online information center that delivers new
articles every week on topics such as perimeter security,
authentication, and system patches. Subscribers also receive tips,
cautionary advice, direct access to our editors, and a host of other
benefits! Order now at an exclusive charter rate and save up to $50!
http://list.windowsitpro.com/t?ctl=51994:4160B336D0B60CB18386BF457CE14076
Grab Your Share of the Spotlight!
Nominate yourself or a peer to become IT Pro of the Month. This is
your chance to get the recognition you deserve! Winners will receive
over $600 in IT resources and be featured in Windows IT Pro. It's easy
to enter--we're accepting June nominations now, but only for a limited
time! Submit your nomination today:
http://list.windowsitpro.com/t?ctl=519A4:4160B336D0B60CB18386BF457CE14076
================================================================
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).
http://list.windowsitpro.com/t?ctl=519A2:4160B336D0B60CB18386BF457CE14076
http://list.windowsitpro.com/t?ctl=519A8:4160B336D0B60CB18386BF457CE14076
Subscribe to Security UPDATE at
http://list.windowsitpro.com/t?ctl=51997:4160B336D0B60CB18386BF457CE14076
Unsubscribe by clicking
http://list.windowsitpro.com/u?id=4160B336D0B60CB18386BF457CE14076
Be sure to add Security_UPDATE@list.windowsitpro.com
to your antispam software's list of allowed senders.
To contact us:
About Security UPDATE content -- letters@windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=519A6:4160B336D0B60CB18386BF457CE14076
About your product news -- products@windowsitpro.com
About your subscription -- windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- salesopps@windowsitpro.com
View the Windows IT Pro privacy policy at
http://list.windowsitpro.com/t?ctl=51995:4160B336D0B60CB18386BF457CE14076
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2007, Penton Media, Inc. All rights reserved.
No comments:
Post a Comment