KVM Over IP for the Distributed IT Environment
http://list.windowsitpro.com/t?ctl=63F10:4160B336D0B60CB1F41C5CDCAEBB076D
Federal Rules of Civil Procedure and Email Discovery
http://list.windowsitpro.com/t?ctl=63F0D:4160B336D0B60CB1F41C5CDCAEBB076D
Ensuring Protection and Availability for Microsoft Exchange
http://list.windowsitpro.com/t?ctl=63F08:4160B336D0B60CB1F41C5CDCAEBB076D
=== CONTENTS ===================================================
IN FOCUS: Security Becoming Increasingly Difficult
NEWS AND FEATURES
- Digital Monsters Unleashed at Monster.com
- Skype Taken Down by Its Own Doing
- China and USA Tops in Malware Storage Sites?
- NetNation Opens Shop in USA, Offers New Domain Security Features
- Recent Security Vulnerabilities
GIVE AND TAKE
- Security Matters Blog: When Honors Aren't Really Honors
- FAQ: No More WINS in Windows 2008
- From the Forum: Restricting Remote Logons to One User
- Share Your Security Tips
PRODUCTS
- Processor Adds Security Features
- Product Evaluations from the Real World
RESOURCES AND EVENTS
FEATURED WHITE PAPER
ANNOUNCEMENTS
=== SPONSOR: Lantronix =========================================
KVM Over IP for the Distributed IT Environment
Keyboard/video/mouse (KVM) switches are a valuable server management
tool. This paper presents the complexities of managing the distributed
data center and highlights the advantages of using a KVM over IP
solution that delivers flexible, scalable and affordable CAT5-based
remote access.
http://list.windowsitpro.com/t?ctl=63F10:4160B336D0B60CB1F41C5CDCAEBB076D
=== IN FOCUS: Security Becoming Increasingly Difficult =========
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
In the news last week were three interesting stories that offer clear
indications that keeping an enterprise secure is becoming more
difficult as services and exploits evolve. You can link to these
stories by going to the SECURITY NEWS AND FEATURES section below.
If you read the story "Digital Monsters Unleashed at Monster.com,"
you'll learn that intruders have switched tactics. Instead of
specifically targeting a single vulnerability, the trend has moved
towards targeting a list of vulnerabilities on a specific platform.
Like MPack, which I wrote about (at the URL below) back in June, the
exploit foisted upon unsuspecting Monster.com visitors was packaged in
an innocuous-looking ad on multiple pages and worked by determining the
visitor's OS and browser type, then delivering corresponding exploit
code.
http://list.windowsitpro.com/t?ctl=63F16:4160B336D0B60CB1F41C5CDCAEBB076D
The Monster.com exploit took advantage of one of the most dangerous
weaknesses in security: The failure to install patches or new versions
of various applications and subsystems. Because many Monster.com
visitors' systems were not up-to-date, the attack was highly
successful. So far, reports indicate that hundreds of thousands of
people had all sorts of private information stolen. The stolen
information is already being used to exploit even more people. The
entire ordeal clearly points to the need to keep systems as up-to-date
as possible at all times, because even users who are very security
savvy and know how to avoid email scams and suspicious Web sites might
still fall victim by simply opening an email message that appears
legitimate or by landing on a well-known Web site.
In the second story, "Skype Taken Down By Its Own Doing," you'll learn
how engineering oversights can readily lead to situations where a
company's own developers take down the company's entire product
infrastructure. Because the engineers at Skype didn't run through
enough "what if" scenarios, the Skype VoIP peer-to-peer (P2P) network
was rendered mostly useless for a significant amount of time. Skype's
entire existence and income flow is based upon its P2P network. So if
that network fails, the company is at risk of failing as an enterprise.
This particular incident points out that security is not just for
security administrators and end users and that secure software
development must include an analysis of any and all potential points of
failure--otherwise a company might wind up instigating a Denial of
Service (DoS) attack against itself unwittingly.
The third story, "China and US Tops in Malware Storage Sites?" ties
into the first story. Cyveillence reports that servers in China and the
US host more malware binaries than any other countries in the world.
The company also reports that US-based Web sites are used more often
than sites in any other country to launch malware attacks against
unsuspecting users.
Even though intruders might be based overseas, they know full well that
online activity is widespread and still growing rapidly in the US and
that the rush to use the Internet has far outrun the population's
general awareness of the dangers involved.
The figures from Cyveillence, which you can learn more about in the
news story, clearly point out why those of you who work as security
administrators in the US need to be far more diligent than your
colleagues in other nations.
=== SPONSOR: Lucid8 ============================================
Federal Rules of Civil Procedure and Email Discovery
Email is increasingly used in court and regulatory proceedings from
e-discovery for civil lawsuits to providing the grounds for prosecuting
criminal cases. In fact, the ePolicy Institute found that 21% of
companies have been required to produce employee email in legal cases.
As a result, the ability to extract content from message stores quickly
and efficiently is becoming increasingly important. Exchange
administrators need an enhanced tool set, one that can provide simple
as well as advanced searching capabilities and also allow for granular
extraction of data while imposing a minimum of disruption on IT staff
and end users. This white paper discusses the key issues involved in
proper data retention and retrieval.
http://list.windowsitpro.com/t?ctl=63F0D:4160B336D0B60CB1F41C5CDCAEBB076D
=== SECURITY NEWS AND FEATURES =================================
Digital Monsters Unleashed at Monster.com
Hundreds of thousands of people who went to Monster.com looking for
jobs or new recruits got more than they bargained for when wily
criminals used the site to silently install Trojans on unsuspecting
users' computers.
http://list.windowsitpro.com/t?ctl=63F18:4160B336D0B60CB1F41C5CDCAEBB076D
Skype Taken Down by Its Own Doing
Millions of Skype users found themselves unable to connect to the
VoIP network due to shortcomings in the company's P2P network
management algorithm.
http://list.windowsitpro.com/t?ctl=63F17:4160B336D0B60CB1F41C5CDCAEBB076D
China and US Tops in Malware Storage Sites?
A new report from Cyveillance suggests that 60 percent of all
malware binary storage sites are hosted in China or the United States--
the two countries with the largest online populations.
http://list.windowsitpro.com/t?ctl=63F15:4160B336D0B60CB1F41C5CDCAEBB076D
NetNation Opens Shop in US, Offers New Domain Security Features
Canadian-based NetNation recently opened shop in the US and launched
a new set of domain security features that help protect against
unauthorized changes.
http://list.windowsitpro.com/t?ctl=63F1A:4160B336D0B60CB1F41C5CDCAEBB076D
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http://list.windowsitpro.com/t?ctl=63F0E:4160B336D0B60CB1F41C5CDCAEBB076D
=== SPONSOR: Double-Take Software ==============================
Ensuring Protection and Availability for Microsoft Exchange
Microsoft Exchange is integral to an organization's day-to-day
operation. For many companies, an hour of Exchange downtime can cost
hundreds of thousands of dollars in lost productivity. This paper
discusses new ways to maintain Exchange uptime by using data
protection, failover, and application availability. When recoverability
matters, depend on Double-Take Software to protect and recover business
critical data and applications.
http://list.windowsitpro.com/t?ctl=63F08:4160B336D0B60CB1F41C5CDCAEBB076D
=== GIVE AND TAKE ==============================================
SECURITY MATTERS BLOG: When Honors Aren't Really Honors
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=63F1E:4160B336D0B60CB1F41C5CDCAEBB076D
Sometimes honors bestow a lot of clout. Other times, honors are
entirely worthless. If you download software because it has a "top
rating," you might be surprised to learn that honorable mentions are
often handed out blindly, so beware!
http://list.windowsitpro.com/t?ctl=63F0A:4160B336D0B60CB1F41C5CDCAEBB076D
FAQ: No More WINS in Windows 2008
by John Savill, http://list.windowsitpro.com/t?ctl=63F1C:4160B336D0B60CB1F41C5CDCAEBB076D
Q: What is GlobalNames in Windows Server 2008?
Find the answer at
http://list.windowsitpro.com/t?ctl=63F19:4160B336D0B60CB1F41C5CDCAEBB076D
FROM THE FORUM: Restricting Remote Logons to One User
A forum participant is using a Windows 2000 Server and Windows
Server 2003 domain environment and wants to know if he can create a
policy, script, or registry tweak that makes it impossible for more
than one user to log on to a remote server at the same time. Join the
discussion at
http://list.windowsitpro.com/t?ctl=63F07:4160B336D0B60CB1F41C5CDCAEBB076D
=== PRODUCTS ===================================================
by Renee Munshi, products@windowsitpro.com
Processor Adds Security Features
Intel's new generation of vPro processor technology (formerly
codenamed Weybridge) adds several security features. Intel Trusted
Execution Technology (TXT--formerly codenamed LaGrande), used with
Intel Virtualization Technology for Directed I/O, isolates assigned
memory to keep data in each virtual partition protected from
unauthorized access by software in another partition. Improved System
Defense Filters can identify more threats in the network traffic flow.
And an embedded trust agent lets Cisco customers manage systems, even
if they're powered off or the OS is down, without lowering the security
on 802.1x networks and Cisco Self-Defending Network products. For more
information, go to
http://list.windowsitpro.com/t?ctl=63F21:4160B336D0B60CB1F41C5CDCAEBB076D
PRODUCT EVALUATIONS FROM THE REAL WORLD
Share your product experience with your peers. Have you discovered a
great product that saves you time and money? Do you use something you
wouldn't wish on anyone? Tell the world! If we publish your opinion,
we'll send you a Best Buy gift card! Send information about a product
you use and whether it helps or hinders you to
whatshot@windowsitpro.com.
=== RESOURCES AND EVENTS =======================================
For more security-related resources, visit
http://list.windowsitpro.com/t?ctl=63F1B:4160B336D0B60CB1F41C5CDCAEBB076D
Keeping Exchange Running--The High Availability Imperative
If there's a "killer app," it's email. Business communications rely
on it, and increasingly mobile users and clients lower the tolerance
for email downtime. Attend this Web seminar and hear from Paul
Robichaux, who will share information to help you meet your
enterprise's HA needs. Tune in for useful tips and a guide to resources
available for disaster recovery planning. Bring your questions to the
lively Q&A session after the presentation. Register now for this
September 26, 2007, live Web seminar.
http://list.windowsitpro.com/t?ctl=63F09:4160B336D0B60CB1F41C5CDCAEBB076D
Effective performance management and financial planning can help you
drive better performance for your business. Come to this one-day launch
event in New York City and learn how companies like yours--and
Microsoft itself--are benefiting from an integrated monitoring,
analysis, and financial planning application.
http://list.windowsitpro.com/t?ctl=63F0F:4160B336D0B60CB1F41C5CDCAEBB076D
File Area Networks: Your First Look at FAN Technology
Regain control over the burgeoning file data in your enterprise.
Learn how FANs can help you centralize file consolidation, migration,
replication, and failover. Download this eBook and start streamlining
your file management today!
http://list.windowsitpro.com/t?ctl=63F0B:4160B336D0B60CB1F41C5CDCAEBB076D
=== FEATURED WHITE PAPER =======================================
The Web Isn't Fun Anymore: How Websense Technology Protects Against
Internet-Based Threats
With its wealth of information, the Internet has become integrated
into our personal lives as well as being a necessary business tool.
However, it has a dark side. This white paper examines technologies
that will help guard against Internet-based threats.
http://list.windowsitpro.com/t?ctl=63F0C:4160B336D0B60CB1F41C5CDCAEBB076D
=== ANNOUNCEMENTS ==============================================
Search Thousands of SQL Articles Online and on CD
A SQL Server Magazine Master CD subscription buys you portable,
lightning-fast access to the entire SQL Server article database on CD,
plus exclusive, up-to-the-minute access to the new articles we publish
on SQLMag.com every day. Order your subscription now!
http://list.windowsitpro.com/t?ctl=63F12:4160B336D0B60CB1F41C5CDCAEBB076D
Save 1/2 Off Security Pro VIP
Security Pro VIP is an online resource that delivers new articles
every week to help you defend your network. Subscribers also receive
tips, cautionary advice, direct access to our editors for technical
Q&As, and a host of other benefits! Order now, and save up to 50
percent!
http://list.windowsitpro.com/t?ctl=63F11:4160B336D0B60CB1F41C5CDCAEBB076D
================================================================
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).
http://list.windowsitpro.com/t?ctl=63F1D:4160B336D0B60CB1F41C5CDCAEBB076D
http://list.windowsitpro.com/t?ctl=63F20:4160B336D0B60CB1F41C5CDCAEBB076D
Subscribe to Security UPDATE at
http://list.windowsitpro.com/t?ctl=63F14:4160B336D0B60CB1F41C5CDCAEBB076D
Unsubscribe by clicking
http://list.windowsitpro.com/u?id=4160B336D0B60CB1F41C5CDCAEBB076D
Be sure to add Security_UPDATE@list.windowsitpro.com
to your antispam software's list of allowed senders.
To contact us:
About Security UPDATE content -- letters@windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=63F1F:4160B336D0B60CB1F41C5CDCAEBB076D
About your product news -- products@windowsitpro.com
About your subscription -- windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- salesopps@windowsitpro.com
View the Windows IT Pro privacy policy at
http://list.windowsitpro.com/t?ctl=63F13:4160B336D0B60CB1F41C5CDCAEBB076D
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2007, Penton Media, Inc. All rights reserved.
No comments:
Post a Comment