News

Wednesday, September 19, 2007

Tor Experiment Proves You Should Use SSL for Email

PLEASE VISIT OUR SPONSORS, WHO BRING YOU SECURITY UPDATE FOR FREE:

Gain Control of Software Usage and Reduce Audit Risks

http://list.windowsitpro.com/t?ctl=66902:4160B336D0B60CB164157B9DB49E6F6A

Right-Sizing Your Log Management System

http://list.windowsitpro.com/t?ctl=66903:4160B336D0B60CB164157B9DB49E6F6A


Ensuring End User Continuity

http://list.windowsitpro.com/t?ctl=66904:4160B336D0B60CB164157B9DB49E6F6A


=== CONTENTS ===================================================

IN FOCUS: Tor Experiment Proves You Should Use SSL for Email

NEWS AND FEATURES
- eIQnetworks Publishes Open Log Format Specification
- 89 Percent of Those Surveyed Want Use of SSNs Restricted
- PatchLink Becomes Lumension Security
- Recent Security Vulnerabilities

GIVE AND TAKE
- Security Matters Blog: Security Sites Become Targets of DDoS
Attacks
- FAQ: How to Display Windows 2008 Group Policy Settings
- From the Forum: ISA Server and an Exchange Back-End Server
- Share Your Security Tips

PRODUCTS
- Faster, More Manageable Web Filtering
- Product Evaluations from the Real World

RESOURCES AND EVENTS

FEATURED WHITE PAPER

ANNOUNCEMENTS


=== SPONSOR: Macrovision =======================================

Gain Control of Software Usage and Reduce Audit Risks
Most organizations face serious challenges, including understanding
vendor-licensing models, cost overruns, missed deadlines, business
opportunities, and lost user productivity. Learn to address these
challenges, and prepare for audits. Register for the free Web seminar,
available now!

http://list.windowsitpro.com/t?ctl=66902:4160B336D0B60CB164157B9DB49E6F6A


=== IN FOCUS: Tor Experiment Proves You Should Use SSL for Email
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

A few weeks ago, Swedish security aficionado Dan Egerstad published a
list that sent out some big shockwaves. Egerstad set up five The Onion
Router (Tor) exit nodes around the world, put them online for the
public to use, and then sniffed traffic as it left those exit nodes to
look for credentials used for POP3 and IMAP traffic. When his adventure
was over, Egerstad wound up with a lengthy list of logon names and
passwords for high-profile mailboxes, including credentials that belong
to workers at various embassies, consulates, large American companies,
and even the offices of the Dalai Lama.

In case you aren't familiar with Tor, it's basically a network of
independently operated servers that work together to provide an
encrypted VPN. Traffic sent through Tor is moved through at least three
Tor servers in an ever-changing pattern. The premise is to provide some
level of anonymity for Tor users so that they can disguise the origin
of their traffic. Anyone can run a Tor server, and anyone can use the
Tor network as a client.

As Egerstad's adventure reveals, many high-profile people use Tor
without adequate knowledge of how it works, and thus they remain
unaware of the overall risks. The Tor network does encrypt traffic, and
it does make an attempt to randomize the route that the traffic takes
along its way to its destination. Because traffic is encrypted as it
moves through the Tor network, Tor server operators can't easily sniff
traffic as it passes through their Tor server. However, the traffic
must be decrypted before it's sent to its final destination; therefore
Tor exit server operators can sniff traffic if it wasn't encrypted
prior to being sent into the Tor network. Egerstad's adventure was
designed to discover how many people don't encrypt traffic before
sending it to the Tor network.

A similar experiment is conducted each year at the DEFCON security
conference: Sniffers are used to capture the credentials of people who
use the conference wireless network without adequate encryption. The
results are then posted on the Wall of Sheep (sometimes also referred
to as the Wall of Shame). One might think that administrators for
embassies and consulates would be aware of the potential for people to
sniff network traffic, but apparently they aren't as aware as they
ought to be. Some are more aware now after being embarrassed by
Egerstad's findings.

After Egerstad published his list of results on August 30 (at the URL
below), his site was quickly shut down, apparently at the request of
unnamed law enforcement agencies in the United States. Sometime during
the following week, Egerstad's Web site went back online, and he then
posted more details of his adventure. Included in the mix of
information is the fact that there are plenty of suspicious Tor servers
taking part in the overall Tor network, and that fact ought to give
anyone using Tor some amount of pause.

http://list.windowsitpro.com/t?ctl=66918:4160B336D0B60CB164157B9DB49E6F6A

The lesson to be learned from Egerstad's adventure is that all
administrators should seriously consider implementing POP3 and IMAP
over Secure Sockets Layer (SSL). Most email clients and servers support
SSL connectivity, and there's little if any reason not to use it these
days. Even if your users don't use Tor or other anonymizing tools (such
as public proxy servers), it's still a good idea to use SSL--even on
in-house networks, because the threat from company insiders is equal to
the threat from those outside your company. And, with the increasing
trend toward telecommuting, SSL is becoming even more important as a
standard tool that can help guard your private communications.


=== SPONSOR: EventTracker ======================================

Right-Sizing Your Log Management System
Learn how to effectively achieve ROI with your log management system
in a matter of months without costly or daunting investments. This web
seminar addresses how to ensure your organization gets the most out of
its log management investment, key requirements and architectural
differences to consider, and caveats and risks to be on watch for as
you spec out your requirements and design.

http://list.windowsitpro.com/t?ctl=66903:4160B336D0B60CB164157B9DB49E6F6A

=== SECURITY NEWS AND FEATURES =================================

eIQnetworks Publishes Open Log Format Specification
eIQnetworks announced the availability of the new Open Log Format
(OLF) specification, an open source event-logging standard. The company
hopes the new standard will be adopted to facilitate easier aggregation
of security log information.

http://list.windowsitpro.com/t?ctl=66911:4160B336D0B60CB164157B9DB49E6F6A

89 Percent of Those Surveyed Want Use of SSNs Restricted
A recent poll conducted by Consumers Union--publisher of Consumer
Reports--revealed that 89 percent of those surveyed want lawmakers to
create laws that restrict the use of Social Security numbers (SSNs).

http://list.windowsitpro.com/t?ctl=6690F:4160B336D0B60CB164157B9DB49E6F6A

PatchLink Becomes Lumension Security
In June, PatchLink announced that it would merge with SecureWave, a
provider of endpoint security. On the heels of the merger, completed in
mid-July, PatchLink has renamed the newly combined companies Lumension
Security.

http://list.windowsitpro.com/t?ctl=6690E:4160B336D0B60CB164157B9DB49E6F6A

Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at

http://list.windowsitpro.com/t?ctl=66907:4160B336D0B60CB164157B9DB49E6F6A


=== SPONSOR: Neverfail =========================================

Ensuring End User Continuity
When your systems go down, your users' productivity grinds to a
halt. User downtime is one of the fastest growing concerns among
businesses. This free Web seminar teaches you how to keep your users
continuously connected and your business up and running. View the On-
Demand Web seminar now!

http://list.windowsitpro.com/t?ctl=66904:4160B336D0B60CB164157B9DB49E6F6A


=== GIVE AND TAKE ==============================================

SECURITY MATTERS BLOG: Security Sites Become Targets of DDoS Attacks
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=66916:4160B336D0B60CB164157B9DB49E6F6A

Numerous sites that offer security information have come under
sustained Distributed Denial of Service (DDoS )attacks, and some of the
sites remain offline due to traffic overloads.

http://list.windowsitpro.com/t?ctl=66910:4160B336D0B60CB164157B9DB49E6F6A

FAQ: How to Display Windows 2008 Group Policy Settings
by John Savill, http://list.windowsitpro.com/t?ctl=66913:4160B336D0B60CB164157B9DB49E6F6A


Q: Where can I see a list of all the Windows 2008 Group Policy
settings?

Find the answer at

http://list.windowsitpro.com/t?ctl=6690D:4160B336D0B60CB164157B9DB49E6F6A

FROM THE FORUM: ISA Server and an Exchange Back-End Server
A forum participant writes that Microsoft recommends a scenario in
which you put Microsoft ISA Server in a demilitarized zone (DMZ) and
publish Microsoft Outlook Web Access (OWA) from a Microsoft Exchange
front-end server on the inside. Looking at it strictly from a security
point of view, he wonders, is there any difference in publishing the
back-end server instead and skipping the front-end server? If you
manage to hack the front-end server, he says, you're already inside.
Join the discussion at

http://list.windowsitpro.com/t?ctl=66901:4160B336D0B60CB164157B9DB49E6F6A

SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and
solutions in Security Pro VIP's Reader to Reader column. Email your
contributions to r2r@securityprovip.com. If we print your submission,
you'll get $100. We edit submissions for style, grammar, and length.


=== PRODUCTS ===================================================
by Renee Munshi, products@windowsitpro.com

Faster, More Manageable Web Filtering
St. Bernard Software announced the iPrism M11000, a Web filtering
appliance for large and midsized enterprises. St. Bernard also
announced a major software upgrade, version 5.0, for all iPrism
appliances. The iPrism M11000 provides an 80 percent performance
improvement over the existing iPrism M3100 appliance. Version 5.0 of
the iPrism software includes a new Safe Search feature that ensures
that inappropriate Web content doesn't appear in thumbnails generated
by Google search engine results and a new Delegated Administration
feature that lets organizations separate policy-setting responsibility
from technical administration. For more information, go to

http://list.windowsitpro.com/t?ctl=6691A:4160B336D0B60CB164157B9DB49E6F6A

PRODUCT EVALUATIONS FROM THE REAL WORLD
Share your product experience with your peers. Have you discovered a
great product that saves you time and money? Do you use something you
wouldn't wish on anyone? Tell the world! If we publish your opinion,
we'll send you a Best Buy gift card! Send information about a product
you use and whether it helps or hinders you to
whatshot@windowsitpro.com.


=== RESOURCES AND EVENTS =======================================
For more security-related resources, visit

http://list.windowsitpro.com/t?ctl=66912:4160B336D0B60CB164157B9DB49E6F6A

Microsoft TechEd IT Forum
TechEd IT Forum is Microsoft's premier European conference designed
to provide IT professionals with technical training, information, and
community resources for building, planning, deploying, and managing the
secure connected enterprise.

http://list.windowsitpro.com/t?ctl=66914:4160B336D0B60CB164157B9DB49E6F6A

11 Reasons to Upgrade to Backup Exec 11d from Symantec
Download this free on-demand Web seminar to learn about the key
benefits of upgrading your current backup software to Symantec Backup
Exec 11d; discover the latest enhancements in Backup Exec, the gold
standard in Windows data recovery; and find out how you can take
advantage of special upgrade pricing.

http://list.windowsitpro.com/t?ctl=66905:4160B336D0B60CB164157B9DB49E6F6A

Comparing Email Management Systems that Protect Against Spam, Viruses,
Malware, & Phishing
As a systems administrator, you're tasked with determining which
email security tool is the best fit for your company. Sunbelt Software
engaged Osterman Research to survey enterprises that are using five of
the leading email management systems that protect against spam,
viruses, malware, and phishing attacks. This white paper presents the
results of this survey and is a must-read for any administrator
researching email security tools for Microsoft Exchange.

http://list.windowsitpro.com/t?ctl=66908:4160B336D0B60CB164157B9DB49E6F6A


=== FEATURED WHITE PAPER =======================================

The Web Isn't Fun Anymore: How Websense Technology Protects Against
Internet-Based Threats
Thanks to its wealth of information, the Internet has become not
only a vital business tool but also an important part of our personal
lives. However, it does have a dark side. This white paper examines
technologies that will help guard against Internet-based threats.

http://list.windowsitpro.com/t?ctl=66906:4160B336D0B60CB164157B9DB49E6F6A


=== ANNOUNCEMENTS ==============================================

Windows IT Pro: Buy 1, Get 1
With Windows IT Pro's real-life solutions, news, tips and tricks,
and access to over 10,000 articles online, subscribing is like hiring
your very own team of Windows consultants. Subscribe now, and get 2
years for the price of 1!

http://list.windowsitpro.com/t?ctl=66909:4160B336D0B60CB164157B9DB49E6F6A

Save 50% Off Scripting Pro VIP
Scripting Pro VIP is the IT administrator's source for scripting
information, tools, and downloadable code. Subscribers also get access
to our editors to help answer technical questions, as well as a host of
other unique benefits. Order now at an exclusive charter rate and save
$50!

http://list.windowsitpro.com/t?ctl=6690A:4160B336D0B60CB164157B9DB49E6F6A


================================================================

Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).

http://list.windowsitpro.com/t?ctl=66915:4160B336D0B60CB164157B9DB49E6F6A

http://list.windowsitpro.com/t?ctl=66919:4160B336D0B60CB164157B9DB49E6F6A

Subscribe to Security UPDATE at

http://list.windowsitpro.com/t?ctl=6690C:4160B336D0B60CB164157B9DB49E6F6A

Unsubscribe by clicking

http://list.windowsitpro.com/u?id=4160B336D0B60CB164157B9DB49E6F6A

Be sure to add Security_UPDATE@list.windowsitpro.com
to your antispam software's list of allowed senders.

To contact us:
About Security UPDATE content -- letters@windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=66917:4160B336D0B60CB164157B9DB49E6F6A

About your product news -- products@windowsitpro.com
About your subscription -- windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- salesopps@windowsitpro.com

View the Windows IT Pro privacy policy at

http://list.windowsitpro.com/t?ctl=6690B:4160B336D0B60CB164157B9DB49E6F6A

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2007, Penton Media, Inc. All rights reserved.

No comments:

Blog Archive