Online Seminar: Data Security, Encryption & Recovery
http://list.windowsitpro.com/t?ctl=6C135:4160B336D0B60CB12127F23D3FA992BA
AD and PCI DSS in Heterogeneous Environments
http://list.windowsitpro.com/t?ctl=6C145:4160B336D0B60CB12127F23D3FA992BA
Whole Server Protection from a Single Solution
http://list.windowsitpro.com/t?ctl=6C136:4160B336D0B60CB12127F23D3FA992BA
=== CONTENTS ===================================================
IN FOCUS: Controlling Network Access Control
NEWS AND FEATURES
- Big Business Slow to Adopt Network Access Control
- Surprise: Major VoIP Providers Are Insecure
- Microsoft Says Vulnerabilities Are Up, Exploits Are Down
- Recent Security Vulnerabilities
GIVE AND TAKE
- Security Matters Blog: Ubuntu 7.10 Wi-Fi Quirks
- FAQ: Installing Printer Drivers on Vista
- Share Your Security Tips
PRODUCTS
- New Filter Analyzes Attachments for Spam
- Product Evaluations from the Real World
RESOURCES AND EVENTS
FEATURED WHITE PAPER
ANNOUNCEMENTS
=== SPONSOR: Kroll Ontrack =====================================
Online Seminar: Data Security, Encryption & Recovery
If you are responsible for protecting your organization's critical
electronic data, attend this free online seminar to learn how data
recovery can be achieved without compromising data security. Kroll
Ontrack security and data recovery experts will help you answer
questions, such as:
* How should I determine if data is worth recovering?
* How can I ensure my data is safe during the data recovery process?
* Can encrypted data be recovered?
* What questions should I ask a recovery service provider before
sending my data?
Date: Wednesday, November 7, 2007
Time: 1:00 PM Central Standard Time
Register today - space is limited!
http://list.windowsitpro.com/t?ctl=6C135:4160B336D0B60CB12127F23D3FA992BA
=== IN FOCUS: Controlling Network Access Control =============
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
The story "Big Business Slow to Adopt Network Access Control" (link to
it from the Security News and Features section of this newsletter,
below) reveals that big businesses are slow to adopt Network Access
Control (NAC) for a few reasons.
As you might know, NAC allows you to check for endpoint policy
compliance and provides some form of quarantine and remediation path.
So, for example, if NAC determines that a PC doesn't have certain
security patches installed or isn't running specific antivirus
software, NAC can prevent the PC from accessing network resources. NAC
technology sounds like a good idea for internal private networks. But
bigger implications need to be considered before the technology starts
being deployed rampantly.
I read another story in the news last week about an antivirus company
(that shall remained unnamed by me) that released a new solution aimed
at online businesses, such as banks and other merchants of products and
services. The solution is a form of NAC that would prevent someone from
accessing certain areas of a Web site unless the person's computer
passes a security scan.
If your bank decided to use the solution, you wouldn't be able to
conduct online banking without first proving compliance with the bank's
idea of proper security. That would of course include letting the bank
download an ActiveX control onto your computer that would scan your
system for various forms of malware. The same would hold true for any
business that decided to use the technology for its Internet-facing Web
site.
I think a lot of you will agree that such a scenario is a major
problem. First and foremost, letting some relatively untrusted third
party install software on your computers is a big risk. Second, letting
someone else dictate how you handle system security is outright
ludicrous. Third, ActiveX controls are notoriously targeted by
intruders looking for weaknesses. And finally, not all platforms
support the use of ActiveX controls, so any site that enforces the use
of this particular solution would necessitate the use of particular
platforms, which runs counter to the concept of an open cross-platform
World Wide Web.
This is where NAC seems to be headed, and it seems like a very
dangerous path to me. It's probably a good idea to keep your eye on NAC
product developments to see what the key players are up to. At the same
time, keep an eye on smaller players, which seek to compete by offering
niche solutions that target existing problems, such as the theft of
credentials, as a means of quicker market penetration.
=== SPONSOR: Centrify Corporation ==============================
AD and PCI DSS in Heterogeneous Environments
Download this white paper that examines the compelling business and
technical case for centralizing administration in Microsoft's Active
Directory, outlines how Centrify DirectControl's integrated
architecture enables you to extend Active Directory to your UNIX, Linux
and Mac OS systems and applications, and describes how Active Directory
and DirectControl address specific PCI DSS requirements.
http://list.windowsitpro.com/t?ctl=6C145:4160B336D0B60CB12127F23D3FA992BA
=== SECURITY NEWS AND FEATURES =================================
Big Business Slow to Adopt Network Access Control
A new study conducted by TheInfoPro reveals that the majority of
Fortune 1000 companies don't use NAC and 24 percent have no plans to do
so in the future.
http://list.windowsitpro.com/t?ctl=6C142:4160B336D0B60CB12127F23D3FA992BA
Surprise: Major VoIP Providers Are Insecure
A Texas company claims that people using Vonage, Global7, and
Grandstream for VoIP service are vulnerable to several different types
of attacks, including having their phone accounts hijacked.
http://list.windowsitpro.com/t?ctl=6C141:4160B336D0B60CB12127F23D3FA992BA
Microsoft Says Vulnerabilities Are Up, Exploits Are Down
A new report from Microsoft reveals that disclosure of high risk
vulnerabilities is steadily increasing. However, public availability of
associated exploit code for Microsoft products is declining.
http://list.windowsitpro.com/t?ctl=6C140:4160B336D0B60CB12127F23D3FA992BA
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http://list.windowsitpro.com/t?ctl=6C13B:4160B336D0B60CB12127F23D3FA992BA
=== SPONSOR: Double-Take Software ==============================
Whole Server Protection from a Single Solution
The complexity of traditional recovery solutions compounds an
already difficult situation, and heightens the opportunity for human
error. Speed and quality of recovery are extremely important when
customers and employees are relying on access to critical data, but the
average restoration takes hours at best. Check out this paper to learn
about a whole-server data protection solution that simplifies the
restoration process and reduces the time and effort involved with
server recovery.
http://list.windowsitpro.com/t?ctl=6C136:4160B336D0B60CB12127F23D3FA992BA
=== GIVE AND TAKE ==============================================
SECURITY MATTERS BLOG: Ubuntu 7.10 Wi-Fi Quirks
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=6C148:4160B336D0B60CB12127F23D3FA992BA
Ubuntu 7.10 is available, and its out-of-the-box hardware support is
stellar. Even so, I had a little trouble getting a Wi-Fi card with the
Broadcom 4311 chipset to work. Here's how I solved the problem.
http://list.windowsitpro.com/t?ctl=6C137:4160B336D0B60CB12127F23D3FA992BA
FAQ: Installing Printer Drivers on Vista
by John Savill, http://list.windowsitpro.com/t?ctl=6C146:4160B336D0B60CB12127F23D3FA992BA
Q: With Windows Vista, can users without administrative credentials on
their computer install printer drivers?
Find the answer at
http://list.windowsitpro.com/t?ctl=6C143:4160B336D0B60CB12127F23D3FA992BA
SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and
solutions in Security Pro VIP's Reader to Reader column. Email your
contributions to r2r@securityprovip.com. If we print your submission,
you'll get $100. We edit submissions for style, grammar, and length.
=== PRODUCTS ===================================================
by Renee Munshi, products@windowsitpro.com
New Filter Analyzes Attachments for Spam
MX Logic announced that it's added a filter specifically for email
attachment-based spam to its MX Logic Email Defense Service. The new
Deep Content Analysis filter was developed in response to the PDF spam
attacks. MX Logic expects more attachment spam attacks in the future
and designed the new filter to look at attachment content along with
the email message body to determine whether the message constitutes
spam. The Deep Content Analysis filter is part of the MX Logic Stacked
Classification Framework spam-detection algorithms in the managed
service. For more information, go to
http://list.windowsitpro.com/t?ctl=6C14B:4160B336D0B60CB12127F23D3FA992BA
PRODUCT EVALUATIONS FROM THE REAL WORLD
Share your product experience with your peers. Have you discovered a
great product that saves you time and money? Do you use something you
wouldn't wish on anyone? Tell the world! If we publish your opinion,
we'll send you a Best Buy gift card! Send information about a product
you use and whether it helps or hinders you to
whatshot@windowsitpro.com.
=== RESOURCES AND EVENTS =======================================
For more security-related resources, visit
http://list.windowsitpro.com/t?ctl=6C144:4160B336D0B60CB12127F23D3FA992BA
PCI Requirements for Windows and Active Directory: Straight from a
Certified Auditor
The final PCI compliance deadline is December 31, 2007 ... are you
ready? Is your organization still struggling to figure out how to
prepare for a PCI audit? In this Web seminar, hear directly from a VISA
Qualified Data Security Professional (QDSP) on what the PCI DSS
requirements are, who needs to comply, what systems are involved, and
what an auditor wants to see. Register now, don't miss this October 31
Web seminar.
http://list.windowsitpro.com/t?ctl=6C139:4160B336D0B60CB12127F23D3FA992BA
Improving Backup and Recovery
Explore SAN copy and replication methodologies in conjunction with
backup and restore to deliver more efficient operations and
dramatically improve overall business continuity. View this Web seminar
to learn current commonly used backup/restore methodologies, SAN copy
and replication methodologies, and inherent strengths and weaknesses of
various solution designs along with requirements to enable these
designs.
http://list.windowsitpro.com/t?ctl=6C134:4160B336D0B60CB12127F23D3FA992BA
11 Reasons to Upgrade to Backup Exec 11d
Register for this free Web seminar and learn 11 key benefits of
upgrading your current backup software to Symantec Backup Exec 11d,
such as cost-effectiveness, high performance, certified disk-to-disk-
to-tape backup and recovery, continuous data protection, fast recovery,
and scalable management of local and remote server backups. To learn
the remaining 5 reasons to upgrade to Symantec Backup Exec 11d and to
take advantage of special upgrade pricing, register now.
http://list.windowsitpro.com/t?ctl=6C138:4160B336D0B60CB12127F23D3FA992BA
=== FEATURED WHITE PAPER =======================================
Protecting Microsoft SQL Server
Your company relies on its databases. How are you protecting them?
Imagine the data that would be lost if one container were damaged or
corrupted. Imagine how the failure of one system could impair your
ability to do business for hours, days, even permanently. This white
paper discusses data protection strategies for Microsoft SQL Server,
including options for database protection solutions and the advantages
of these different solutions. View this white paper to ensure you don't
lose valuable information that could drastically impair your business.
http://list.windowsitpro.com/t?ctl=6C13A:4160B336D0B60CB12127F23D3FA992BA
=== ANNOUNCEMENTS ==============================================
Discover the New SQL Server Magazine
Don't miss the relaunched SQL Server Magazine, coming this month!
Besides a new look, we have even more coverage of administration and
performance, development and Web apps, BI and Reporting Services, and
SQL Server fundamentals. Subscribe now and save 58% off the cover
price.
http://list.windowsitpro.com/t?ctl=6C13C:4160B336D0B60CB12127F23D3FA992BA
Packed with thousands of articles, bonus content, and loads of expert
advice--the Windows IT Pro Master CD is like your very own team of
professional SQL Server consultants. Get real-world solutions in
lightning-fast time--order the Windows IT Pro Master CD today. Includes
a 1-year subscription to all online content at WindowsITPro.com!
http://list.windowsitpro.com/t?ctl=6C13F:4160B336D0B60CB12127F23D3FA992BA
================================================================
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).
http://list.windowsitpro.com/t?ctl=6C147:4160B336D0B60CB12127F23D3FA992BA
http://list.windowsitpro.com/t?ctl=6C14A:4160B336D0B60CB12127F23D3FA992BA
Subscribe to Security UPDATE at
http://list.windowsitpro.com/t?ctl=6C13E:4160B336D0B60CB12127F23D3FA992BA
Unsubscribe by clicking
http://list.windowsitpro.com/u?id=4160B336D0B60CB12127F23D3FA992BA
Be sure to add Security_UPDATE@list.windowsitpro.com
to your antispam software's list of allowed senders.
To contact us:
About Security UPDATE content -- letters@windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=6C149:4160B336D0B60CB12127F23D3FA992BA
About your product news -- products@windowsitpro.com
About your subscription -- windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- salesopps@windowsitpro.com
View the Windows IT Pro privacy policy at
http://list.windowsitpro.com/t?ctl=6C13D:4160B336D0B60CB12127F23D3FA992BA
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2007, Penton Media, Inc. All rights reserved.
No comments:
Post a Comment