News

Wednesday, November 21, 2007

Snort 3.0 to Get a Major Overhaul

PLEASE VISIT OUR SPONSORS, WHO BRING YOU SECURITY UPDATE FOR FREE:

Messaging Management

http://list.windowsitpro.com/t?ctl=6EBAC:4160B336D0B60CB14AA6B63E5FB46741

Using SharePoint 2007 as a Platform for Managing Information Across the
Enterprise

http://list.windowsitpro.com/t?ctl=6EBAE:4160B336D0B60CB14AA6B63E5FB46741

The Essential Guide to E-Discovery & Recovery for Microsoft Exchange

http://list.windowsitpro.com/t?ctl=6EBB1:4160B336D0B60CB14AA6B63E5FB46741


=== CONTENTS ===================================================

IN FOCUS: Snort 3.0 to Get a Major Overhaul

NEWS AND FEATURES
- Mobile Workforces and a Recipe for Disaster
- Install a Botnet, Get Slapped with Wiretap Charges
- Malware Infects Visitors to NHL and MLB Web Sites
- Recent Security Vulnerabilities

GIVE AND TAKE
- Security Matters Blog: Perl Bot Infecting Web Servers
- FAQ: How Does Windows Server 2008 Replicate SYSVOL?
- From the Forum: Minimum Permissions to Change Proxy Settings
- Share Your Security Tips

PRODUCTS
- Email Security Service Adds Content Analysis Features
- Product Evaluations from the Real World

RESOURCES AND EVENTS

FEATURED WHITE PAPER

ANNOUNCEMENTS


=== SPONSOR: Symantec ==========================================

Messaging Management
Guarding against the growing threats to the corporate email and IM
environment has become an ever-consuming task of the IT professional.
Now is the turning point for IT security professionals to look at their
mainstays in their defense strategy and make sure they are pulling
their weight. In scrutinizing your messaging management solutions, this
valuable guide shows that securing a mail and messaging infrastructure
should not be an afterthought. A secure mail and messaging
infrastructure is fundamental to your business, and any organization
should plan for the appropriate message hygiene, availability, and
control services from the start.
Download this free resource before evaluating message management
solutions.

http://list.windowsitpro.com/t?ctl=6EBAC:4160B336D0B60CB14AA6B63E5FB46741


=== IN FOCUS: Snort 3.0 to Get a Major Overhaul ================
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Just about every network administrator on the planet knows about Snort.
It's probably the most popular intrusion detection system in use today.
It's been around since 1998, when Martin Roesch wrote the original 1200
lines of code over the course of one week.

The first version was basically just a packet sniffer. From there,
Snort quickly grew into the high-powered intrusion detection and
prevention system that it is today. It became so popular and so
important that by 2001, Roesch had parlayed his original idea into not
only a hugely popular open source project but also a commercial product
under the Sourcefire brand.

Snort turns nine years old this month, and it's in the process of
getting a major overhaul. Roesch, who is lead architect for the rewrite
process, said that Snort 3.0 will have a new architecture and
streamlined code base. One of the major features that's being designed
into the new architecture is contextual awareness. Administrators will
be able to give Snort data about the network it runs on and the systems
that reside on the network. This feature will help minimize tuning,
prioritize events, and guard against evasion techniques used by
intruders.

The new streamlined code base will allow developers to more easily
create specialized traffic analyzer components. Another major
improvement will be better support for multi-core CPUs, which will let
Snort run parallel analysis on network traffic. Roesch said that the
idea with parallel analysis is to put all of Snort's detection logic
into modules so that the modules can be run as separate threads. A new
analytic subsystem is being designed to handle all of the parallel
threads.

In the big picture, traffic will flow into Snort from various sources,
which include the OS's network layer, an IP defragmenter, a TCP stream
reassembler, packet and data decoders, a flow management component, and
possibly other hardware and software that communicate with Snort
through a data source API. A dispatcher handles data flow to and from
the various other components of Snort, such as the analytic system, the
action system, and the Snort command shell.

Overall, the redesign effort is a tremendous undertaking, and it should
be worth the brain power expense. Roesch said that he believes
"ultimately our users will benefit tremendously from the design of the
new engine and that it will be a platform that will work well for at
least the next 9 years."

Snort 3.0 is due out sometime in the latter part of 2008 with a public
beta slated for sometime during the first half of the year. If you're
interested in the nitty gritty details of the new design, then be sure
to keep an eye on Roesch's Security Sauce blog (at the URL below) where
he'll give more details as the weeks roll on.

http://list.windowsitpro.com/t?ctl=6EBC1:4160B336D0B60CB14AA6B63E5FB46741


=== SPONSOR: CorasWorks ========================================

Using SharePoint 2007 as a Platform for Managing Information Across the
Enterprise
Learn the basics of the content management process and understand
how workflow and information management policies are implemented in
Office SharePoint Server 2007 solutions. After listening to this
podcast, you will know how to develop a tactical approach to your own
automated processing solutions with ease of implementation and use as
key components of that solution.

http://list.windowsitpro.com/t?ctl=6EBAE:4160B336D0B60CB14AA6B63E5FB46741


=== SECURITY NEWS AND FEATURES =================================

Mobile Workforces and a Recipe for Disaster
The use of mobile computing is rapidly on the rise. Unfortunately
end user security training is not.

http://list.windowsitpro.com/t?ctl=6EBBA:4160B336D0B60CB14AA6B63E5FB46741

Install a Botnet, Get Slapped with Wiretap Charges
A 26-year old man decided the easiest way to make a fast buck was to
install botnets, illegally use PayPal accounts, and defraud an
advertising company. The end result? Four felony charges, a possible
60-year jail term, and $1.75 million in fines.

http://list.windowsitpro.com/t?ctl=6EBB7:4160B336D0B60CB14AA6B63E5FB46741

Malware Infects Visitors to NHL and MLB Web Sites
Malicious banner ads recently popped up on the National Hockey
League and Major League Baseball sites. Fortunately, the ads
disappeared, but not before infecting the computers of some site
visitors.

http://list.windowsitpro.com/t?ctl=6EBB9:4160B336D0B60CB14AA6B63E5FB46741

Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at

http://list.windowsitpro.com/t?ctl=6EBB2:4160B336D0B60CB14AA6B63E5FB46741


=== SPONSOR: Lucid8 ============================================

The Essential Guide to E-Discovery & Recovery for Microsoft Exchange
With more than 75 percent of business-critical information residing
in e-mail today, you are more likely to find evidence sitting in
someone's inbox than in their filing cabinet or on a file share. The
growing importance of e-mail has not been lost on the lawyers, courts,
or government regulators. In fact, e-mail is being placed at the center
of legal discovery requests and is increasingly used in a variety of
legal and regulatory proceedings, from e-discovery for civil lawsuits
to providing the grounds for prosecuting criminal cases.

http://list.windowsitpro.com/t?ctl=6EBB1:4160B336D0B60CB14AA6B63E5FB46741


=== GIVE AND TAKE ==============================================

SECURITY MATTERS BLOG: Perl Bot Infecting Web Servers
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=6EBBF:4160B336D0B60CB14AA6B63E5FB46741

Looks like the bad guys are still using Perl bots and known exploits
to infiltrate Web servers. I recently found one such script along with
the bot control center on an Internet Relay Chat (IRC) server.

http://list.windowsitpro.com/t?ctl=6EBAF:4160B336D0B60CB14AA6B63E5FB46741

FAQ: How Does Windows Server 2008 Replicate SYSVOL?
by John Savill, http://list.windowsitpro.com/t?ctl=6EBBD:4160B336D0B60CB14AA6B63E5FB46741


Q: Does Windows Server 2008 use File Replication Service (FRS) or
Distributed File System Replication (DFSR) to replicate SYSVOL?

Find the answer at

http://list.windowsitpro.com/t?ctl=6EBB8:4160B336D0B60CB14AA6B63E5FB46741

FROM THE FORUM: Minimum Permissions to Change Proxy Settings
A forum participant writes that he's setting up new machines that
run Windows XP SP2 and Microsoft Internet Explorer (IE) 6.0 SP2, and
the systems have been secured in accordance with his company's
guidelines. A proxy server sits between the users and the Internet, and
IE is configured to use the proxy. However, users must be able to get
to one site that requires them to bypass the proxy server. The forum
participant wants to know what permissions he can give the users that
will allow them to temporarily disable the proxy server.

http://list.windowsitpro.com/t?ctl=6EBAB:4160B336D0B60CB14AA6B63E5FB46741

SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and
solutions in Security Pro VIP's Reader to Reader column. Email your
contributions to r2r@securityprovip.com. If we print your submission,
you'll get $100. We edit submissions for style, grammar, and length.


=== PRODUCTS ===================================================
by Renee Munshi, products@windowsitpro.com

Email Security Service Adds Content Analysis Features
Postini announced new capabilities for its Email Security service
and Message Archiving service. The Email Security service gets content
analysis and policy administration tools. Postini can now examine
messages and attachments for credit card and Social Security numbers
and encrypt or block them. Administrators can create policy rules based
on text patterns and block or quarantine violating messages or send a
copy to supervisors. Postini also has new early-detection capabilities
that allow suspicious content to be automatically quarantined then re-
inspected with updated virus signatures, and new antispam capabilities
to detect and block bot-net attacks. Message Archiving enhancements
give administrators more flexibility for managing mailbox storage and
discovery and a self-serve option for message archive extractions. The
new features are available at no charge for Email Security and Message
Archiving customers. For more information, go to

http://list.windowsitpro.com/t?ctl=6EBC3:4160B336D0B60CB14AA6B63E5FB46741

PRODUCT EVALUATIONS FROM THE REAL WORLD
Share your product experience with your peers. Have you discovered a
great product that saves you time and money? Do you use something you
wouldn't wish on anyone? Tell the world! If we publish your opinion,
we'll send you a Best Buy gift card! Send information about a product
you use and whether it helps or hinders you to
whatshot@windowsitpro.com.


=== RESOURCES AND EVENTS =======================================
For more security-related resources, visit

http://list.windowsitpro.com/t?ctl=6EBBC:4160B336D0B60CB14AA6B63E5FB46741

Don't Miss This Windows Server 2008 Virtual Event!
Get the detailed, real-world insight you need to plan for and
implement the key functionality of Microsoft's newest server release in
this virtual event Dec. 4, 2007.

http://list.windowsitpro.com/t?ctl=6EBBB:4160B336D0B60CB14AA6B63E5FB46741

Enterprise Protection and an Affordable Price
Looking for an alternative to expensive licensed options for
Exchange protection? This white paper discusses continuous data
protection solutions not only for a customer base previously unable to
utilize block-level protection, but also for SAN customers who would
like to have an alternative to expensive licensed options for Exchange
protection.

http://list.windowsitpro.com/t?ctl=6EBB0:4160B336D0B60CB14AA6B63E5FB46741

Protecting Mobile Users' Data
In this Web seminar, David Chernicoff discusses the protection and
backup of data for mobile and casually connected users and provides
ideas, suggestions, and solutions to associated problems.

http://list.windowsitpro.com/t?ctl=6EBAD:4160B336D0B60CB14AA6B63E5FB46741


=== FEATURED WHITE PAPER =======================================

Employees installing and using unauthorized applications such as
Instant Messaging, VoIP, games, and peer-to-peer file-sharing
applications cause many businesses legal concerns, IT support burdens,
network and system overhead, as well as employee productivity issues.
This white paper discusses the various approaches to control
applications and highlights a simple solution that removes cost and
management overhead.

http://list.windowsitpro.com/t?ctl=6EBB4:4160B336D0B60CB14AA6B63E5FB46741


=== ANNOUNCEMENTS ==============================================

EXCHANGE 2007 Mastery Series--January 28, 2008
3 Info-packed eLearning seminars for only $99!
Hosted by Windows IT Pro
Join Mark Arnold--MCSE+M, Microsoft MVP--as he coaches you through
Exchange 2007: planning for archiving and compliance, optimizing your
iSCI network storage, finding the sweet spot between memory and
spindles.

http://list.windowsitpro.com/t?ctl=6EBB3:4160B336D0B60CB14AA6B63E5FB46741


================================================================

Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).

http://list.windowsitpro.com/t?ctl=6EBBE:4160B336D0B60CB14AA6B63E5FB46741

http://list.windowsitpro.com/t?ctl=6EBC2:4160B336D0B60CB14AA6B63E5FB46741

Subscribe to Security UPDATE at

http://list.windowsitpro.com/t?ctl=6EBB6:4160B336D0B60CB14AA6B63E5FB46741

Unsubscribe by clicking

http://list.windowsitpro.com/u?id=4160B336D0B60CB14AA6B63E5FB46741

Be sure to add Security_UPDATE@list.windowsitpro.com
to your antispam software's list of allowed senders.

To contact us:
About Security UPDATE content -- letters@windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=6EBC0:4160B336D0B60CB14AA6B63E5FB46741

About your product news -- products@windowsitpro.com
About your subscription -- windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- salesopps@windowsitpro.com

View the Windows IT Pro privacy policy at

http://list.windowsitpro.com/t?ctl=6EBB5:4160B336D0B60CB14AA6B63E5FB46741

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2007, Penton Media, Inc. All rights reserved.

No comments:

Blog Archive