Messaging Management
http://list.windowsitpro.com/t?ctl=6CEE5:4160B336D0B60CB150ED5BE0FC23954B
Using SharePoint 2007 as a Platform for Managing Information Across the
Enterprise
http://list.windowsitpro.com/t?ctl=6CEE6:4160B336D0B60CB150ED5BE0FC23954B
The Essential Guide to E-Discovery & Recovery for Microsoft Exchange
http://list.windowsitpro.com/t?ctl=6CEEA:4160B336D0B60CB150ED5BE0FC23954B
=== CONTENTS ===================================================
IN FOCUS: Web Security Scanning: David vs. Goliath
NEWS AND FEATURES
- Cisco Adds Policy Management with Securent Acquisition
- Majority of Marketers Don't Consult Execs Regarding Private Data
- McAfee Latest Acquisition: ScanAlert
- Recent Security Vulnerabilities
GIVE AND TAKE
- Security Matters Blog: Laptops Phone Home
- FAQ: Local Continuous Replication on Exchange Server 2007
- Share Your Security Tips
PRODUCTS
- Security Information Management Solution Adds Compliance Features
- Product Evaluations from the Real World
RESOURCES AND EVENTS
FEATURED WHITE PAPER
ANNOUNCEMENTS
=== SPONSOR: Symantec ==========================================
Messaging Management
Guarding against the growing threats to the corporate email and IM
environment has become an ever-consuming task of the IT professional.
Now is the turning point for IT security professionals to look at their
mainstays in their defense strategy and make sure they are pulling
their weight. In scrutinizing your messaging management solutions, this
valuable guide shows that securing a mail and messaging infrastructure
should not be an afterthought. A secure mail and messaging
infrastructure is fundamental to your business and any organization
should plan for the appropriate message hygiene, availability, and
control services from the start.
Download this free resource before evaluating message management
solutions.
http://list.windowsitpro.com/t?ctl=6CEE5:4160B336D0B60CB150ED5BE0FC23954B
=== IN FOCUS: Web Security Scanning: David vs. Goliath =========
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
It's glaringly obvious that Web technology is getting more popular by
the minute. I think it's safe to assume that the majority of companies
with one or more network-enabled products are looking at how they can
leverage the Web to increase the revenues generated from those
products--if they haven't already jumped into the Web services market.
Add to that lot the huge number of e-commerce sites, toss in all the
new so-called Web 2.0 sites that are popping up, and we find ourselves
at a new level of frenzy in technological evolution. Naturally, one
issue on nearly everyone's mind is Web security.
In the News and Features section of this newsletter, you'll find a
story about McAfee acquiring ScanAlert, a company that provides Web
security scanning services to e-commerce sites. Those who pass muster
get to display ScanAlert's logo, which helps builds consumer
confidence. McAfee will pay around $51 million in cash for ScanAlert,
if that gives you any idea how important the Web application security
market has become.
Recently, I was made aware of an interesting comparative review
conducted by Larry Suto, an application security consultant. Suto
examined three commercially available Web application scanners: NT
OBJECTives' NTOSpider (at the first URL below), Watchfire's AppScan (at
the second URL), and SPI Dynamic's WebInspect (at the third URL). As
you might know, NT OBJECTives is an independent company--"David" when
compared to "Goliaths" Watchfire, which is owned by IBM, and SPI
Dynamics, which is owned by HP.
http://list.windowsitpro.com/t?ctl=6CEFD:4160B336D0B60CB150ED5BE0FC23954B
http://list.windowsitpro.com/t?ctl=6CEF2:4160B336D0B60CB150ED5BE0FC23954B
http://list.windowsitpro.com/t?ctl=6CEFC:4160B336D0B60CB150ED5BE0FC23954B
The review results stirred quite a bit of debate. According to Suto's
test results, NTOSpider outperformed the two other tools by a country
mile. NTOSpider crawled more links, found more vulnerabilities, and
returned zero false positives in terms of vulnerability detection. In
short, David beat Goliath quite convincingly.
Suto tested the scanners against three applications: a closed-source
application, an open-source blogging platform, and an open-source
customer management platform. He also used Fortify Software's Fortify
Tracer (at the URL below) to determine how effective the scanners were
in exercising the tested applications. Suto said that during his tests,
"Each scanner was run in default mode and not tuned in any capacity to
the application. The importance of this lies in how effective the
default mode [is] so that scalability of scanning is not limited by
manual intervention and setup procedures which can be very time
consuming."
http://list.windowsitpro.com/t?ctl=6CEFB:4160B336D0B60CB150ED5BE0FC23954B
That aspect of the tests is what stirred so much debate. Some people
argued that fine-tuning each scanner before conducting tests would
yield better results. Others agreed with Suto's methodology. Still
others had a lot of "sacred cows" that skewed their perspective.
Regardless of the various opinions, the test results are useful. In
addition to the real surprise--that NTOSpider beat both AppScan and
WebInspect--the tests reveal once again (as other independent tests
have shown) that AppScan is most likely better than WebInspect.
More good news for NTOSpider is that Veracode, which offers a Web
security rating service (at the URL below), recently chose it as the
company's tool of preference after closely examining many competing
tools. Veracode was cofounded by Chris Wysopal, formerly at L0pht and
@stake, aka "Weld Pond."
http://list.windowsitpro.com/t?ctl=6CF02:4160B336D0B60CB150ED5BE0FC23954B
You can get a copy of Suto's entire report (in PDF format) over at
ha.ckers.org. Be sure to read the comments at the site too (at the
first URL below). You can also read a bit more at Jeremiah Grossman's
blog, at the second URL below.
http://list.windowsitpro.com/t?ctl=6CEE9:4160B336D0B60CB150ED5BE0FC23954B
http://list.windowsitpro.com/t?ctl=6CEE4:4160B336D0B60CB150ED5BE0FC23954B
=== SPONSOR: CorasWorks ========================================
Using SharePoint 2007 as a Platform for Managing Information Across the
Enterprise
Learn the basics of the content management process and understand
how workflow and information management policies are implemented in
Office SharePoint Server 2007 solutions. After listening to this
podcast, you will know how to develop a tactical approach to your own
automated processing solutions with ease of implementation and use as
key components of that solution.
http://list.windowsitpro.com/t?ctl=6CEE6:4160B336D0B60CB150ED5BE0FC23954B
=== NEWS AND FEATURES ==========================================
Cisco Adds Policy Management with Securent Acquisition
Cisco is set to acquire Securent, a policy management solution
provider, for $100 million in cash. Securent solutions help ease policy
enforcement through the use of a centralized policy management system
and work with commonly used platforms such as Microsoft SharePoint, BEA
WebLogic Portal, IBM WebSphere Portal, JBoss Portal, and Documentum.
http://list.windowsitpro.com/t?ctl=6CEF8:4160B336D0B60CB150ED5BE0FC23954B
Majority of Marketers Don't Consult Execs Regarding Private Data
A study sponsored by Microsoft revealed that a whopping 70 percent
of marketing personnel do not consult their company's security and
privacy executives before collecting or using personal information.
http://list.windowsitpro.com/t?ctl=6CEF7:4160B336D0B60CB150ED5BE0FC23954B
McAfee's Latest Acquisition: ScanAlert
McAfee is about to enter the Web site security scanning market. The
company announced plans to acquire ScanAlert, a company that certifies
sites as safe if they can pass baseline vulnerability audits.
http://list.windowsitpro.com/t?ctl=6CEF6:4160B336D0B60CB150ED5BE0FC23954B
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http://list.windowsitpro.com/t?ctl=6CEEB:4160B336D0B60CB150ED5BE0FC23954B
=== SPONSOR: Lucid8 ============================================
The Essential Guide to E-Discovery & Recovery for Microsoft Exchange
With more than 75 percent of business-critical information residing
in e-mail today, you are more likely to find evidence sitting in
someone's inbox than in their filing cabinet or on a file share. The
growing importance of e-mail has not been lost on the lawyers, courts,
or government regulators. In fact, e-mail is being placed at the center
of legal discovery requests and is increasingly used in a variety of
legal and regulatory proceedings, from e-discovery for civil lawsuits
to providing the grounds for prosecuting criminal cases.
http://list.windowsitpro.com/t?ctl=6CEEA:4160B336D0B60CB150ED5BE0FC23954B
=== GIVE AND TAKE ==============================================
SECURITY MATTERS BLOG: Laptops Phone Home
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=6CEFF:4160B336D0B60CB150ED5BE0FC23954B
I read a very interesting story about how a laptop thief operated
and how he got caught, thanks to a tracking device in a computer. The
guy was a smooth operator, but not smooth enough. Learn more about this
story, plus get some tips about buying laptops on eBay.
http://list.windowsitpro.com/t?ctl=6CEF5:4160B336D0B60CB150ED5BE0FC23954B
FAQ: Local Continuous Replication on Exchange Server 2007
by John Savill, http://list.windowsitpro.com/t?ctl=6CEFA:4160B336D0B60CB150ED5BE0FC23954B
Q: How do I enable Local Continuous Replication (LCR) on Exchange
Server 2007?
Find the answer at
http://list.windowsitpro.com/t?ctl=6CEF3:4160B336D0B60CB150ED5BE0FC23954B
SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and
solutions in Security Pro VIP's Reader to Reader column. Email your
contributions to r2r@securityprovip.com. If we print your submission,
you'll get $100. We edit submissions for style, grammar, and length.
=== PRODUCTS ===================================================
by Renee Munshi, products@windowsitpro.com
Security Information Management Solution Adds Compliance Features
eIQNetworks announced the availability of SecureVue 3.0, which adds
governance, risk management, and compliance (GRC) features; network
anomaly detection; and 3-D illustration to the product's existing
security information management (SIM) capabilities. SecureVue
integrates GRC functionality with SIM to support a company's adherence
to regulations, best practices, and internal policies. In addition to
providing tools to help define and monitor controls and policies, the
GRC module provides reports for auditing purposes. The SIM module's new
anomaly detection looks for incongruities based on resource
utilization, application usage, and behavioral patterns. The 3-D
capability shows log data, security incidents, access control list
effectiveness, profiler data, and traffic patterns. SecureVue 3.0 is
available on Windows and Linux, starting at $47,995. For more
information, go to
http://list.windowsitpro.com/t?ctl=6CEF4:4160B336D0B60CB150ED5BE0FC23954B
PRODUCT EVALUATIONS FROM THE REAL WORLD
Share your product experience with your peers. Have you discovered a
great product that saves you time and money? Do you use something you
wouldn't wish on anyone? Tell the world! If we publish your opinion,
we'll send you a Best Buy gift card! Send information about a product
you use and whether it helps or hinders you to
whatshot@windowsitpro.com.
=== RESOURCES AND EVENTS =======================================
For more security-related resources, visit
http://list.windowsitpro.com/t?ctl=6CEF9:4160B336D0B60CB150ED5BE0FC23954B
Comparing Email Management Systems that Protect Against Spam, Viruses,
Malware, & Phishing
As a systems administrator, you're tasked with determining which
email security tool is the best fit for your company. Sunbelt Software
engaged Osterman Research to survey enterprises that use one of the
five leading email management systems that protect against spam,
viruses, malware, and phishing attacks. This white paper presents the
results of this survey and is a must-read for any administrator
researching email security tools for Microsoft Exchange.
http://list.windowsitpro.com/t?ctl=6CEED:4160B336D0B60CB150ED5BE0FC23954B
Protecting Mobile Users' Data
In this Web seminar, David Chernicoff discusses the protection and
backup of data for mobile and casually connected users and provides
ideas, suggestions, and solutions to associated problems.
http://list.windowsitpro.com/t?ctl=6CEE7:4160B336D0B60CB150ED5BE0FC23954B
Learn the Fundamentals of Messaging Management Systems
Now is the time for IT security professionals to look at the
mainstays of their defense strategy and make sure they pull their
weight. A secure mail and messaging infrastructure is fundamental to
your business, and every organization needs to plan for appropriate
message hygiene, availability, and control services from the start.
Download this free resource before evaluating message management
solutions.
http://list.windowsitpro.com/t?ctl=6CEE8:4160B336D0B60CB150ED5BE0FC23954B
=== FEATURED WHITE PAPER =======================================
Compliance Mythbusters: The Truth About Common Myths and Misconceptions
of Email Archiving
Learn from other people's mistakes, not your own! This Web seminar
reveals the common mistakes and misconceptions about message archiving,
regulations, and e-discovery. You'll learn how these misconceptions
came about, how to avoid common mistakes, and what to do to meet
today's email archiving and e-discovery needs.
http://list.windowsitpro.com/t?ctl=6CEEC:4160B336D0B60CB150ED5BE0FC23954B
=== ANNOUNCEMENTS ==============================================
Discover the New SQL Server Magazine
Don't miss the relaunched SQL Server Magazine, coming this month!
Besides a new look, we have even more coverage of administration and
performance, development and Web apps, BI and Reporting Services, and
SQL Server fundamentals. Subscribe now and save 58% off the cover
price.
http://list.windowsitpro.com/t?ctl=6CEEE:4160B336D0B60CB150ED5BE0FC23954B
Packed with thousands of articles, bonus content, and loads of expert
advice, the Windows IT Pro Master CD is like having your very own team
of professional SQL Server consultants in your pocket. Get real-world
solutions lightning-fast--order the Windows IT Pro Master CD today.
Includes a one-year subscription to all online content at
WindowsITPro.com!
http://list.windowsitpro.com/t?ctl=6CEF1:4160B336D0B60CB150ED5BE0FC23954B
================================================================
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).
http://list.windowsitpro.com/t?ctl=6CEFE:4160B336D0B60CB150ED5BE0FC23954B
http://list.windowsitpro.com/t?ctl=6CF01:4160B336D0B60CB150ED5BE0FC23954B
Subscribe to Security UPDATE at
http://list.windowsitpro.com/t?ctl=6CEF0:4160B336D0B60CB150ED5BE0FC23954B
Unsubscribe by clicking
http://list.windowsitpro.com/u?id=4160B336D0B60CB150ED5BE0FC23954B
Be sure to add Security_UPDATE@list.windowsitpro.com
to your antispam software's list of allowed senders.
To contact us:
About Security UPDATE content -- letters@windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=6CF00:4160B336D0B60CB150ED5BE0FC23954B
About your product news -- products@windowsitpro.com
About your subscription -- windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- salesopps@windowsitpro.com
View the Windows IT Pro privacy policy at
http://list.windowsitpro.com/t?ctl=6CEEF:4160B336D0B60CB150ED5BE0FC23954B
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2007, Penton Media, Inc. All rights reserved.
No comments:
Post a Comment