Likewise identity 3.0 Security Benefits
http://list.windowsitpro.com/t?ctl=607E5:4160B336D0B60CB187B242CFB6620F77
Stop email threats from attacking your network.
http://list.windowsitpro.com/t?ctl=607FA:4160B336D0B60CB187B242CFB6620F77
ALERT: "How A Hacker Launches A Cross-Site Scripting Attack" White
Paper
http://list.windowsitpro.com/t?ctl=607E7:4160B336D0B60CB187B242CFB6620F77
=== CONTENTS ===================================================
IN FOCUS: Malicious Web Sites Spreading Rapidly
NEWS AND FEATURES
- Aruba Adds Wi-Fi Security Through Acquisition
- Trust Digital Secures Smart Phones
- Secunia Releases Personal Software Inspector Beta
- Recent Security Vulnerabilities
GIVE AND TAKE
- Security Matters Blog: New HTTP Authentication Scanner Tool
- FAQ: Visibility of Shared Drives in Different Security Contexts
- From the Forum: Rights Required to Allow Changing Directory
- Share Your Security Tips
PRODUCTS
- Control Your Email Content
- Reveal Programs Running on Your System
- Product Evaluations from the Real World
RESOURCES AND EVENTS
FEATURED WHITE PAPER
ANNOUNCEMENTS
=== SPONSOR: Centeris ==========================================
Likewise identity 3.0 Security Benefits
Improve the security of Linux and UNIX computers by allowing
computers to authenticate and authorize users through Microsoft Active
Directory. This white paper shows how you can lower costs, improve
security, greatly simplify user account management, and learn how to
demonstrate compliance with regulatory requirements.
http://list.windowsitpro.com/t?ctl=607E5:4160B336D0B60CB187B242CFB6620F77
=== IN FOCUS: Malicious Web Sites Spreading Rapidly ============
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
A few years ago, one of the biggest threats to IT infrastructures was
email-based attacks. In fact, Microsoft Outlook was targeted so often
that many people actually stopped using it completely. These days,
email is much safer thanks to improved email software and robust email-
filtering technologies.
Today, the biggest threat seems to come from Web sites, which of course
means that your users' casual surfing at the office could pose high
risks to your network environment, especially if you don't have
adequate defenses and stern acceptable-use policies in place.
Recently, security product maker Sophos released a report that shows
just how dangerous the problem of malicious Web sites has become. Like
many security companies, Sophos operates a number of globally
positioned monitoring stations that collect and aggregate data. Such
data is invaluable in gaining a broader view of the threats that exist
at any given moment in the Internet landscape.
According to the company's data, from January to May of this year, the
number of new malicious Web pages detected per day was relatively low--
about 5,000 per day--compared to the numbers since May. Beginning in
June, the company saw a huge increase, and as of July 25, approximately
29,700 new malicious Web pages were appearing each day!
Of the malicious Web pages Sophos analyzed, 1 in 5 were established
especially to host malware. The others had been legitimate Web pages
that were somehow vandalized and made to contain malware.
Another very interesting finding is that from January to May, 51
percent of the compromised sites ran on Apache HTTP Server, 43 percent
ran on Microsoft IIS 5.0 or IIS 6.0, and the remainder ran on lesser
known Web platforms, such as Nginx.
The explosion of pages that contain malware seems to coincide with the
emergence of MPack into the public spotlight. You recall that MPack is,
by today's standards, a highly sophisticated Web-based exploit-
deployment platform. I wrote about MPack at the end of June and blogged
about it too. If you missed either of those two articles, you can find
them on our Web site at the URLs below.
http://list.windowsitpro.com/t?ctl=607FB:4160B336D0B60CB187B242CFB6620F77
http://list.windowsitpro.com/t?ctl=607F9:4160B336D0B60CB187B242CFB6620F77
Sophos's data reminds us that strong Web-filtering tools are a vital
component of an overall security strategy. Filters go hand in hand with
diligent patch management and firm company policies that keep employees
aware of your rules.
If you need some data to educate your fellow co-workers as to why your
company has acceptable-use policies, get a copy of the Sophos report at
the URL below. Even if you don't need the statistics to bolster your
position, the report is a good read for all security administrators.
http://list.windowsitpro.com/t?ctl=607FF:4160B336D0B60CB187B242CFB6620F77
Other companies that have published threat reports somewhat recently
include Symantec (at the first URL below), Internet Security Systems
(at the second URL below), the Anti-Phishing Working Group (at the
third URL below), and McAfee (at the fourth URL below).
http://list.windowsitpro.com/t?ctl=607EA:4160B336D0B60CB187B242CFB6620F77
http://list.windowsitpro.com/t?ctl=607F0:4160B336D0B60CB187B242CFB6620F77
http://list.windowsitpro.com/t?ctl=607EE:4160B336D0B60CB187B242CFB6620F77
http://list.windowsitpro.com/t?ctl=607F6:4160B336D0B60CB187B242CFB6620F77
=== SPONSOR: Sentinare =========================================
Stop email threats from attacking your network.
Sign up for a FREE trial of PostGuard. Shield your network from SMTP
attacks and block spam and viruses. PostGuard keeps bad guys out of
your mailbox and away from your public email interface.
http://list.windowsitpro.com/t?ctl=607FA:4160B336D0B60CB187B242CFB6620F77
=== SECURITY NEWS AND FEATURES =================================
Aruba Adds Wi-Fi Security Through Acquisition
Aruba Networks entered into a deal to acquire key security products
from Network Chemistry, thereby adding wireless security to its
offerings.
http://list.windowsitpro.com/t?ctl=607F2:4160B336D0B60CB187B242CFB6620F77
Trust Digital Secures Smart Phones
Trust Digital released version 7.3 of its Smartphone Security
software. The new version introduces smart card logon and secure
messaging controls.
http://list.windowsitpro.com/t?ctl=607F3:4160B336D0B60CB187B242CFB6620F77
Secunia Releases Personal Software Inspector Beta
Secunia's new Personal Software Inspector helps inventory your
systems and determine whether you're running insecure or out-of-date
software.
http://list.windowsitpro.com/t?ctl=607F4:4160B336D0B60CB187B242CFB6620F77
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http://list.windowsitpro.com/t?ctl=607E9:4160B336D0B60CB187B242CFB6620F77
=== SPONSOR: SPI Dynamics ======================================
ALERT: "How A Hacker Launches A Cross-Site Scripting Attack" White
Paper
Cross-site scripting vulnerabilities in web apps allow hackers to
compromise confidential information, steal cookies and create requests
that can be mistaken for those of a valid user!! Download this *FREE*
white paper from SPI Dynamics.
http://list.windowsitpro.com/t?ctl=607E7:4160B336D0B60CB187B242CFB6620F77
=== GIVE AND TAKE ==============================================
SECURITY MATTERS BLOG: New HTTP Authentication Scanner Tool
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=607FD:4160B336D0B60CB187B242CFB6620F77
Fast HTTP Auth Scanner lets you scan a range of addresses and ports
looking for HTTP-enabled devices so that you can then test those
devices for strength in authentication.
http://list.windowsitpro.com/t?ctl=607E4:4160B336D0B60CB187B242CFB6620F77
FAQ: Visibility of Shared Drives in Different Security Contexts
by John Savill, http://list.windowsitpro.com/t?ctl=607F8:4160B336D0B60CB187B242CFB6620F77
Q: I've started a process in another security context, but I can't see
my existing mapped drives. Do you know why?
Find the answer at
http://list.windowsitpro.com/t?ctl=607F5:4160B336D0B60CB187B242CFB6620F77
FROM THE FORUM: Rights Required to Allow Changing Directory
A forum participant writes that he's trying to use xcacls.vbs to
allow his Help desk to change the owner on a user's home directory when
it's being created. The command works fine under his account, which has
Domain Admin rights, but the Help desk techs get an error when they run
it. They have full control on the directories. Join the discussion at
http://list.windowsitpro.com/t?ctl=607E2:4160B336D0B60CB187B242CFB6620F77
SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and
solutions in Security Pro VIP's Reader to Reader column. Email your
contributions to r2r@securityprovip.com. If we print your submission,
you'll get $100. We edit submissions for style, grammar, and length.
=== PRODUCTS ===================================================
by Renee Munshi, products@windowsitpro.com
Control Your Email Content
Nemx Software announced the availability of SecurExchange 2.1,
Microsoft Exchange email content control software designed for large
financial services companies that need to protect sensitive data and
show compliance with regulations. The new version adds improved
administration features, especially for organizations with multiple
Exchange servers. SecurExchange 2.1 stores its policy data at the Admin
Group or Exchange Organization level, so all updates and modifications
are automatically propagated to all Exchange servers. Pricing ranges
from $5 to $25 per mailbox for a one-time license. For more
information, go to
http://list.windowsitpro.com/t?ctl=60802:4160B336D0B60CB187B242CFB6620F77
Reveal Programs Running on Your System
Innovative Solutions' Advanced Task Manager 4.0 shows the programs
that are running on your computer, including hidden processes, and
calculates a security rating for each process that indicates the
likelihood of it being a virus, spyware, or a Trojan horse. Advanced
Task Manager 4.0 also shows important security details such as whether
a program tracks what you type, transmits data over the Internet, is
hidden, is encrypted on disk, has invisible windows, or is an Internet
server. When you discover a rogue program, you can easily stop,
quarantine, or uninstall it. Advanced Task Manager runs on Windows
Vista or Windows XP and costs $29. For more information, go to
http://list.windowsitpro.com/t?ctl=60801:4160B336D0B60CB187B242CFB6620F77
PRODUCT EVALUATIONS FROM THE REAL WORLD
Share your product experience with your peers. Have you discovered a
great product that saves you time and money? Do you use something you
wouldn't wish on anyone? Tell the world! If we publish your opinion,
we'll send you a Best Buy gift card! Send information about a product
you use and whether it helps or hinders you to
whatshot@windowsitpro.com.
=== RESOURCES AND EVENTS =======================================
For more security-related resources, visit
http://list.windowsitpro.com/t?ctl=607F7:4160B336D0B60CB187B242CFB6620F77
Taming the Beast: Gain Control of Software Usage and Reduce Audit Risks
Do you have visibility and control over your software license use?
Most organizations face challenges in this area, including
understanding vendor licensing models, cost overruns, missed deadlines,
business opportunities, and lost user productivity. Learn to address
these challenges and prepare for audits in this on-demand Web seminar,
available now!
http://list.windowsitpro.com/t?ctl=607E3:4160B336D0B60CB187B242CFB6620F77
File Area Networks: Your First Look at FAN Technology
Regain control over the growing amount of file data in your
enterprise. Learn how file area networks can help you centralize file
consolidation, migration, replication, and failover. Download this
eBook and start streamlining your file management projects today!
http://list.windowsitpro.com/t?ctl=607E6:4160B336D0B60CB187B242CFB6620F77
KVM over IP in the Distributed IT Environment
Keyboard/video/mouse (KVM) switches are a valuable management tool,
but they have weaknesses in distributed environments. This white paper
presents the complexities of managing the distributed data center and
highlights the advantages of using a KVM over IP solution for flexible,
scalable, affordable CAT5-based remote access.
http://list.windowsitpro.com/t?ctl=607EB:4160B336D0B60CB187B242CFB6620F77
=== FEATURED WHITE PAPER =======================================
The Web Isn't Fun Anymore: How Websense Technology Protects Against
Internet-Based Threats
With its wealth of information, the Internet has become integrated
into our personal lives as well as being a necessary business tool.
However, it does have a dark side. This white paper examines
technologies that will help guard against Internet-based threats.
http://list.windowsitpro.com/t?ctl=607E8:4160B336D0B60CB187B242CFB6620F77
=== ANNOUNCEMENTS ==============================================
Search Thousands of SQL Articles Online and on CD
A SQL Server Magazine Master CD subscription buys you portable,
lightning-fast access to the entire SQL Server article database on CD,
plus exclusive, up-to-the-minute access to the new articles we publish
on SQLMag.com every day. Order your subscription now!
http://list.windowsitpro.com/t?ctl=607ED:4160B336D0B60CB187B242CFB6620F77
Save 1/2 Off Security Pro VIP
Security Pro VIP is an online resource that delivers new articles
every week to help you defend your network. Subscribers also receive
tips, cautionary advice, direct access to our editors for technical
Q&As, and a host of other benefits! Order now, and save up to 50%!
http://list.windowsitpro.com/t?ctl=607EC:4160B336D0B60CB187B242CFB6620F77
================================================================
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).
http://list.windowsitpro.com/t?ctl=607FC:4160B336D0B60CB187B242CFB6620F77
http://list.windowsitpro.com/t?ctl=60800:4160B336D0B60CB187B242CFB6620F77
Subscribe to Security UPDATE at
http://list.windowsitpro.com/t?ctl=607F1:4160B336D0B60CB187B242CFB6620F77
Unsubscribe by clicking
http://list.windowsitpro.com/u?id=4160B336D0B60CB187B242CFB6620F77
Be sure to add Security_UPDATE@list.windowsitpro.com
to your antispam software's list of allowed senders.
To contact us:
About Security UPDATE content -- letters@windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=607FE:4160B336D0B60CB187B242CFB6620F77
About your product news -- products@windowsitpro.com
About your subscription -- windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- salesopps@windowsitpro.com
View the Windows IT Pro privacy policy at
http://list.windowsitpro.com/t?ctl=607EF:4160B336D0B60CB187B242CFB6620F77
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2007, Penton Media, Inc. All rights reserved.
No comments:
Post a Comment