News

Wednesday, October 24, 2007

Ubuntu's Gutsy Leap Forward

PLEASE VISIT OUR SPONSORS, WHO BRING YOU SECURITY UPDATE FOR FREE:

Online Seminar: Data Security, Encryption & Recovery

http://list.windowsitpro.com/t?ctl=6B374:4160B336D0B60CB1F1327E70B9607B85

AD and PCI DSS in Heterogeneous Environments

http://list.windowsitpro.com/t?ctl=6B381:4160B336D0B60CB1F1327E70B9607B85

Live Virtualization Webinar with Industry Analyst

http://list.windowsitpro.com/t?ctl=6B372:4160B336D0B60CB1F1327E70B9607B85


=== CONTENTS ===================================================

IN FOCUS: Ubuntu's Gutsy Leap Forward

NEWS AND FEATURES
- Webroot Says SMBs Struggling with Security
- McAfee Expands Its Endpoint Security with SafeBoot Acquisition
- Recent Security Vulnerabilities

GIVE AND TAKE
- Security Matters Blog: Tampering with Web Requests Using a Firefox
Plug-in
- FAQ: Restrict User Access to Printers
- From the Forum: Choosing a VPN and Proxy Server Solution
- Share Your Security Tips

PRODUCTS
- Keep an Eye on Your Computer Room
- Product Evaluations from the Real World

RESOURCES AND EVENTS

FEATURED WHITE PAPER

ANNOUNCEMENTS


=== SPONSOR: Kroll Ontrack =====================================

Online Seminar: Data Security, Encryption & Recovery
If you are responsible for protecting your organization's critical
electronic data, attend this free online seminar to learn how data
recovery can be achieved without compromising data security. Kroll
Ontrack security and data recovery experts will help you answer
questions, such as:
* How should I determine if data is worth recovering?
* How can I ensure my data is safe during the data recovery process?
* Can encrypted data be recovered?
* What questions should I ask a recovery service provider before
sending my data?
Date: Wednesday, November 7, 2007
Time: 1:00 PM Central Standard Time
Register today--space is limited!

http://list.windowsitpro.com/t?ctl=6B374:4160B336D0B60CB1F1327E70B9607B85


=== IN FOCUS: Ubuntu's Gutsy Leap Forward =============
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

You've heard it stated that Linux isn't ready for prime time desktops
in enterprise environments, but is that really true? The way I see it,
such blanket statements are essentially harmful misinformation because
how any particular OS is suited to a network environment depends
entirely on the particular network environment and the needs of the
users.

I've been experimenting with Linux for quite a long time and am more
attracted to the free varieties as opposed to the ones from commercial
companies because I don't want to pay to experiment. So my platforms of
choice have typically been Debian or derivatives thereof. So far, my
favorite desktop version of Linux is Ubuntu, which is based on Debian.

I recently stopped by the Ubuntu Web site to see what's happening
because the developers have pledged to release an update at least every
six months. I was pleasantly surprised to see that just last week,
Canonical (the company that sponsors Ubuntu development) released
Ubuntu 7.10, code-named Gutsy Gibbon. I think the code name is fitting
because based on the basic release notes, this latest version makes
some considerable leaps in terms of security and overall manageability.

Before I get to the security aspect, I want to point out that Ubuntu
7.10 now supports writing to NTFS partitions; previous versions
supported only the ability to read NTFS partitions. The new version
also supports fully automatic plug-and-play printer installations and
provides improved thin-client support that offers better compression,
automatic logon, and more. You can manage all clients, including client
installations, configurations, and upgrades, from one system.

Ubuntu 7.10 Desktop Edition now also includes Compiz Fusion, which adds
jazzy 3D effects. Other slick features include fast user switching,
desktop search, a plug-in finder and installer for Mozilla Firefox, and
automated installation of "non-free" driver packages.

That said, the security improvements are what really grabbed my
attention. When you download Ubuntu, you can now choose an alternate
installer that implements either full disk encryption or partition-
based encryption. A new script has been added to the base installation
that helps automate creation and storage of profiles for
authentication. A third new feature of the base installation is the
addition of AppArmor, which helps limit the resources that an
application can access. AppArmor was maintained by Novell until last
month, and now the open-source community has picked up the ball.

Finally, Ubuntu comes prepackaged with OpenOffice, and you can get
Ubuntu in several styles. Kubuntu uses the KDE desktop instead of the
Gnome desktop. Xubuntu is a lighter weight version of Ubuntu that
requires less memory, which is helpful for use on older systems.
Edubuntu is tailored especially for educational environments and
classroom use for children.

So that's it in a nutshell. If you're curious about Linux, seriously
consider taking a good look at Ubuntu (available at the URL below). As
far as I can tell, it's one of the best Linux platforms available.

http://list.windowsitpro.com/t?ctl=6B389:4160B336D0B60CB1F1327E70B9607B85


=== SPONSOR: Centrify ==========================================

AD and PCI DSS in Heterogeneous Environments
Download this white paper that examines the compelling business and
technical case for centralizing administration in Microsoft's Active
Directory, outlines how Centrify DirectControl's integrated
architecture enables you to extend Active Directory to your UNIX, Linux
and Mac OS systems and applications, and describes how Active Directory
and DirectControl address specific PCI DSS requirements.

http://list.windowsitpro.com/t?ctl=6B381:4160B336D0B60CB1F1327E70B9607B85


=== SECURITY NEWS AND FEATURES =================================

Webroot Says SMBs Struggling with Security
Webroot surveyed more than 1,800 small businesses in six countries
and discovered that "most SMB IT groups do not have in-house security
expertise nor policies to manage employees' personal use of work
computers."

http://list.windowsitpro.com/t?ctl=6B37E:4160B336D0B60CB1F1327E70B9607B85

McAfee Expands Its Endpoint Security with SafeBoot Acquisition
McAfee announced that it will acquire security solution provider
SafeBoot for $350 million in cash. The acquisition brings McAfee new
abilities to provide authentication and encryption to endpoints.

http://list.windowsitpro.com/t?ctl=6B37D:4160B336D0B60CB1F1327E70B9607B85

Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at

http://list.windowsitpro.com/t?ctl=6B379:4160B336D0B60CB1F1327E70B9607B85


=== SPONSOR: Double-Take Software ==============================

Live Virtualization Webinar with Industry Analyst
A combination of perspectives on this webinar will offer interesting
and valuable insights on virtual server technologies and disaster
recovery. In addition to answering common questions about disaster
recovery and virtualization, you will learn specifically about
organizations that have successfully leveraged virtualized systems to
reach the highest level of recoverability for critical workloads.

http://list.windowsitpro.com/t?ctl=6B372:4160B336D0B60CB1F1327E70B9607B85


=== GIVE AND TAKE ==============================================

SECURITY MATTERS BLOG: Tampering with Web Requests Using a Firefox
Plug-in
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=6B384:4160B336D0B60CB1F1327E70B9607B85

You probably know that it's easy to fiddle with Web form data and
Web request headers. Intruders do it to find weak spots in your
defenses, so maybe you should do it to test your own systems before the
bad guys do.

http://list.windowsitpro.com/t?ctl=6B375:4160B336D0B60CB1F1327E70B9607B85

FAQ: Restrict User Access to Printers
by John Savill, http://list.windowsitpro.com/t?ctl=6B382:4160B336D0B60CB1F1327E70B9607B85


Q: How can I restrict the print servers that a user can map to?

Find the answer at

http://list.windowsitpro.com/t?ctl=6B37F:4160B336D0B60CB1F1327E70B9607B85

FROM THE FORUM: Choosing a VPN and Proxy Server Solution
A forum participant writes that he's been tasked with implementing a
hardware-based VPN solution. He'll also have to monitor Internet usage,
police certain ports and URLs, and produce reports in a spreadsheet
format. So far, he's looking at the Cisco ASA 5500 series appliance. He
wonders if anyone has suggestions about other all-in-one devices that
might suit his needs.

http://list.windowsitpro.com/t?ctl=6B371:4160B336D0B60CB1F1327E70B9607B85

SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and
solutions in Security Pro VIP's Reader to Reader column. Email your
contributions to r2r@securityprovip.com. If we print your submission,
you'll get $100. We edit submissions for style, grammar, and length.


=== PRODUCTS ===================================================
by Renee Munshi, products@windowsitpro.com

Keep an Eye on Your Computer Room
AVTECH Software introduces Room Alert 26WO, a hardware and software
solution that monitors a computer room or data center for physical
conditions such as extreme temperature or humidity, power failure,
flooding, smoke, and room entry. Room Alert 26WO has built-in sensors
for most of these conditions and allows connection of digital and
switch-based sensors through 26 built-in sensor ports and contact sets.
It also includes a built-in UPS to get alerts out in the event of a
power failure. Room Alert 26WO can be monitored via its built-in Web
server, AVTECH PageR Enterprise software, or SNMP monitoring software.
Alerts can be sent to individuals and groups and to a variety of
devices. For more information, go to

http://list.windowsitpro.com/t?ctl=6B388:4160B336D0B60CB1F1327E70B9607B85

PRODUCT EVALUATIONS FROM THE REAL WORLD
Share your product experience with your peers. Have you discovered a
great product that saves you time and money? Do you use something you
wouldn't wish on anyone? Tell the world! If we publish your opinion,
we'll send you a Best Buy gift card! Send information about a product
you use and whether it helps or hinders you to
whatshot@windowsitpro.com.


=== RESOURCES AND EVENTS =======================================
For more security-related resources, visit

http://list.windowsitpro.com/t?ctl=6B380:4160B336D0B60CB1F1327E70B9607B85

PCI Requirements for Windows and Active Directory: Straight from a
Certified Auditor
The final PCI compliance deadline is December 31, 2007 ... are you
ready? Is your organization still struggling to figure out how to
prepare for a PCI audit? In this October 31, 2007 Web seminar, hear
directly from a VISA Qualified Data Security Professional (QDSP) on
what the PCI DSS requirements are, who needs to comply, what systems
are involved, and what an auditor wants to see. Register now, don't
miss this October 31 Web seminar.

http://list.windowsitpro.com/t?ctl=6B377:4160B336D0B60CB1F1327E70B9607B85

Improving Backup and Recovery
Don't miss this October 26, 2007 Web seminar exploring SAN copy and
replication methodologies, in conjunction with backup and restore,
delivering more efficient operations and dramatically improving overall
business continuity. Join us on October 26 to learn current commonly
used backup/restore methodologies, SAN copies and replication
methodologies, requirements to enable different solution designs, and
inherent strengths and weaknesses of various solution designs.

http://list.windowsitpro.com/t?ctl=6B373:4160B336D0B60CB1F1327E70B9607B85

With increasing concerns about host-based intrusion, IT professionals
need to be equipped with effective security solutions. Attend this
October 30, 2007 (12 p.m. EDT) Web seminar to discover how a multi-
layer security solution for critical systems allows you to effectively
protect critical assets, lower administration costs, ensure server
integrity and compliance across heterogeneous platforms, and provide
advanced exploit prevention techniques through simple, centralized
policy management.

http://list.windowsitpro.com/t?ctl=6B376:4160B336D0B60CB1F1327E70B9607B85


=== FEATURED WHITE PAPER =======================================

Protecting Microsoft SQL Server
Your company relies on its databases; how are you protecting them?
Imagine the data that would be lost if one container were damaged or
corrupted. Imagine how the failure of one system could impair your
ability to do business for hours, days--even permanently. This white
paper discusses data protection strategies for Microsoft SQL Server,
including options for database protection solutions and the advantages
of these different solutions. View this white paper to ensure you don't
lose valuable information that could drastically impair your business.

http://list.windowsitpro.com/t?ctl=6B378:4160B336D0B60CB1F1327E70B9607B85


=== ANNOUNCEMENTS ==============================================

Discover the New SQL Server Magazine
Don't miss the relaunched SQL Server Magazine, coming this month!
Besides a new look, we have even more coverage of administration and
performance, development and Web apps, BI and Reporting Services, and
SQL Server fundamentals. Subscribe now and save 58% off the cover
price.

http://list.windowsitpro.com/t?ctl=6B37A:4160B336D0B60CB1F1327E70B9607B85

SQL Server Performance Tuning Articles and Tips
Check out the Net's largest site dedicated to SQL Server performance
tuning. Get the most out of SQL Server with thousands of performance-
tuning articles/tips/FAQs for SQL Server 2000 and 2005. To join the
forums and chat with more than 18,000 advanced SQL Server DBAs and
developers, click here:

http://list.windowsitpro.com/t?ctl=6B385:4160B336D0B60CB1F1327E70B9607B85


================================================================

Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).

http://list.windowsitpro.com/t?ctl=6B383:4160B336D0B60CB1F1327E70B9607B85

http://list.windowsitpro.com/t?ctl=6B387:4160B336D0B60CB1F1327E70B9607B85

Subscribe to Security UPDATE at

http://list.windowsitpro.com/t?ctl=6B37C:4160B336D0B60CB1F1327E70B9607B85

Unsubscribe by clicking

http://list.windowsitpro.com/u?id=4160B336D0B60CB1F1327E70B9607B85

Be sure to add Security_UPDATE@list.windowsitpro.com
to your antispam software's list of allowed senders.

To contact us:
About Security UPDATE content -- letters@windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=6B386:4160B336D0B60CB1F1327E70B9607B85

About your product news -- products@windowsitpro.com
About your subscription -- windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- salesopps@windowsitpro.com

View the Windows IT Pro privacy policy at

http://list.windowsitpro.com/t?ctl=6B37B:4160B336D0B60CB1F1327E70B9607B85

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2007, Penton Media, Inc. All rights reserved.

No comments:

Blog Archive