News

Wednesday, December 05, 2007

Tightening Software Restriction Policies

PLEASE VISIT OUR SPONSORS, WHO BRING YOU SECURITY UPDATE FOR FREE:

Crashed server? You have a need for speed!

http://list.windowsitpro.com/t?ctl=6FD46:4160B336D0B60CB1CA584EA1D7EA8E8D

Problems removing Admin Rights? Best practices

http://list.windowsitpro.com/t?ctl=6FD4B:4160B336D0B60CB1CA584EA1D7EA8E8D

Migrating from Tape to Disk Backups

http://list.windowsitpro.com/t?ctl=6FD49:4160B336D0B60CB1CA584EA1D7EA8E8D


=== CONTENTS ===================================================

IN FOCUS: Tightening Software Restriction Policies

NEWS AND FEATURES
- Webroot Merges with Email Systems
- FBI Shut Down Botnets; Arrested Participants
- It's Official: Hormel Isn't a Spam Fighter
- Recent Security Vulnerabilities

GIVE AND TAKE
- Security Matters Blog: Firefox 2.0.0.10 Available
- FAQ: Certificates and Terminal Services
- Share Your Security Tips

PRODUCTS
- Block or Track Data Copied from PC to USB Device
- Product Evaluations from the Real World

RESOURCES AND EVENTS

FEATURED WHITE PAPER

ANNOUNCEMENTS


=== SPONSOR: Kroll Ontrack =====================================

Crashed server? You have a need for speed!
Ontrack Data Recovery services provide the fastest, most cost-
effective recovery solutions available utilizing the industry's only
lab-quality, remote data recovery service.
* No need to ship any equipment
* Fast, secure connection allows engineers to begin data recovery work
in minutes
Special Offer: For a limited time, if you need data recovery service
on any server or RAID system, you will receive:
* Free initial consultation with a data recovery engineer to help you
determine the fastest, most cost-effective course of action
* Free service upgrade to our Priority-level Service
* Free comprehensive, remote evaluation of your storage media
For immediate assistance, call 800 872 2599 - or visit:

http://list.windowsitpro.com/t?ctl=6FD46:4160B336D0B60CB1CA584EA1D7EA8E8D


=== IN FOCUS: Tightening Software Restriction Policies =========
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Group Policy is an excellent tool for controlling various aspects of
client computers. However it's not foolproof. Users could circumvent
various aspects of Group Policy, such as Software Restriction Policies
(SRPs). Doing so is possible as a regular user without the need for
administrator-level access, which of course means that you need to be
on the lookout for such activity.

Back in early 2004, Kamal Shankar wrote an article (at the first URL
below) about ways to bounce specific program function calls to a
different function over which the developer has more control. The
technique can be used as a way to bypass aspects of Group Policy,
including SRPs. Interestingly enough, Shankar's method uses Microsoft's
Detours API (at the second URL below), which is meant to let developers
extend application functionality.

http://list.windowsitpro.com/t?ctl=6FD45:4160B336D0B60CB1CA584EA1D7EA8E8D

http://list.windowsitpro.com/t?ctl=6FD5E:4160B336D0B60CB1CA584EA1D7EA8E8D

Then in late 2005, Mark Russinovich wrote an entry in his Sysinternals
blog (at the URL below) that explains why and how it's possible to
bypass aspects of Group Policy. As part of his research on the topic,
Russinovich wrote a small tool called Gpdisable that demonstrated the
technique. But the tool disappeared sometime after Microsoft bought
Russinovich's company.

http://list.windowsitpro.com/t?ctl=6FD44:4160B336D0B60CB1CA584EA1D7EA8E8D

In April 2006, Russinovich wrote a bit more about the subject in an
article on our Web site at the URL below. Russinovich wrote that "most
of the settings in the Windows Components area of the Group Policy
Editor's (GPE's) Administrative Templates node can be circumvented in
environments in which end users can run arbitrary applications such as
Gpdisable. Notably, IE configuration, including security zones, falls
into this area, as do Windows Explorer, Windows Media Player (WMP), and
Windows Messenger settings." He also pointed out that this isn't a bug
in Windows; Windows was intentionally designed this way.

http://list.windowsitpro.com/t?ctl=6FD4F:4160B336D0B60CB1CA584EA1D7EA8E8D

Well Gpdisable isn't available anymore, but last week another tool
debuted that can be used to bypass Group Policy and SRPs. Eric Rachner
released GPCul8r (at the URL below), which is a ready-to-use compiled
executable that comes with two associated DLLs. The tool will
undoubtedly be put into action on various corporate networks, so you
should keep an eye out for it on your systems.

http://list.windowsitpro.com/t?ctl=6FD60:4160B336D0B60CB1CA584EA1D7EA8E8D

If you haven't done so already, check into tightening any SRPs you have
in place. Microsoft has an article on Technet called "Using Software
Restriction Policies to Protect Against Unauthorized Software" that
applies to Windows XP, Windows Vista, and Windows Server 2003. The
article is a good place to start when looking for ways to minimize the
programs that can run on your desktops (at the first URL below).
Another helpful reference is the Security Pro VIP article "Stay Safer
with Software Restriction Policies" (at the second URL below).

http://list.windowsitpro.com/t?ctl=6FD51:4160B336D0B60CB1CA584EA1D7EA8E8D

http://list.windowsitpro.com/t?ctl=6FD4E:4160B336D0B60CB1CA584EA1D7EA8E8D


=== SPONSOR: BeyondTrust =======================================

Problems removing Admin Rights? Best practices
Removing Admin Rights and applying the principle of least privilege
will decrease security breaches by malicious users and malware, and
reduce IT costs. However certain users require elevated rights in order
to run required applications, ActiveX controls and more.
Read this white paper to discover best practices for removing admin
rights.

http://list.windowsitpro.com/t?ctl=6FD4B:4160B336D0B60CB1CA584EA1D7EA8E8D


=== SECURITY NEWS AND FEATURES =================================

Webroot Merges With Email Systems
Webroot has entered the software as a service (SaaS) market space by
merging with Email Systems. The combined company will offer Web and
email security solutions for businesses.

http://list.windowsitpro.com/t?ctl=6FD57:4160B336D0B60CB1CA584EA1D7EA8E8D

FBI Shut Down Botnets; Arrested Participants
The FBI said that the second phase of its operation Bot Roast
resulted in the shutdown of more botnets and the indictment or
conviction of eight men.

http://list.windowsitpro.com/t?ctl=6FD59:4160B336D0B60CB1CA584EA1D7EA8E8D

It's Official: Hormel Isn't a Spam Fighter
After years of court battles over trademark issues related to the
name "SPAM," a ruling has been made that states the obvious: Consumers
don't confuse Hormel's famous meat product with computer software that
fights junk mail.

http://list.windowsitpro.com/t?ctl=6FD58:4160B336D0B60CB1CA584EA1D7EA8E8D

Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at

http://list.windowsitpro.com/t?ctl=6FD4D:4160B336D0B60CB1CA584EA1D7EA8E8D


=== SPONSOR: Revinetix =========================================

Migrating from Tape to Disk Backups
Discover a Better Backup Strategy for Small to Medium-Sized
Business. As backup software breaks away from its historically tight
integration with tape, IT administrators are implementing disk-based
backup products that are optimized to address new priorities. The new
disk-based backup products geared to SMBs are being enhanced with
enterprise-class product features and come with prices that are getting
less and less expensive, making it feasible to back up from disk to
removable disks and do away with tape backups altogether. Download this
free white paper today and learn how you can break away from tape and
move to disk-based data protection.

http://list.windowsitpro.com/t?ctl=6FD49:4160B336D0B60CB1CA584EA1D7EA8E8D


=== GIVE AND TAKE ==============================================

SECURITY MATTERS BLOG: Firefox 2.0.0.10 Available
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=6FD5D:4160B336D0B60CB1CA584EA1D7EA8E8D

Mozilla released Firefox 2.0.0.10 to fix three dangerous
vulnerabilities. Read this blog item on our site to learn more.

http://list.windowsitpro.com/t?ctl=6FD55:4160B336D0B60CB1CA584EA1D7EA8E8D

FAQ: Certificates and Terminal Services
by John Savill, http://list.windowsitpro.com/t?ctl=6FD5B:4160B336D0B60CB1CA584EA1D7EA8E8D


Q: Can I use wildcard certificates with Terminal Services?

Find the answer at

http://list.windowsitpro.com/t?ctl=6FD56:4160B336D0B60CB1CA584EA1D7EA8E8D

SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and
solutions in Security Pro VIP's Reader to Reader column. Email your
contributions to r2r@securityprovip.com. If we print your submission,
you'll get $100. We edit submissions for style, grammar, and length.


=== PRODUCTS ===================================================
by Renee Munshi, products@windowsitpro.com

Block or Track Data Copied from PC to USB Device
CoSoSys announces Secure it Easy 1.2, which ensures that external
devices such as USB thumb drives, portable drives, and iPods can't be
connected to a PC unless they're authorized by an administrator.
Unauthorized devices are blocked from reading or writing data. New in
version 1.2 is the ability to trace files copied between a PC and a
storage device. Secure it Easy is recommended for small office/home
office (SOHO) use. The new version is available for a free 30-day trial
from

http://list.windowsitpro.com/t?ctl=6FD62:4160B336D0B60CB1CA584EA1D7EA8E8D

PRODUCT EVALUATIONS FROM THE REAL WORLD
Share your product experience with your peers. Have you discovered a
great product that saves you time and money? Do you use something you
wouldn't wish on anyone? Tell the world! If we publish your opinion,
we'll send you a Best Buy gift card! Send information about a product
you use and whether it helps or hinders you to
whatshot@windowsitpro.com.


=== RESOURCES AND EVENTS =======================================
For more security-related resources, visit

http://list.windowsitpro.com/t?ctl=6FD5A:4160B336D0B60CB1CA584EA1D7EA8E8D

Attend the Power Up! With Virtualization online conference on Dec. 12.
Learn how to take virtualization to another level. Whether you're just
getting started or need to more effectively optimize your current
virtual environment, discover how you can take the promise of
virtualization and turn it into reality. Join Windows IT Pro and key
independent virtualization experts for powerful tips, such as how to
create a virtual machine (VM), ways to properly size VMs for server
consolidation, and system factors that affect performance.

http://list.windowsitpro.com/t?ctl=6FD48:4160B336D0B60CB1CA584EA1D7EA8E8D

Today's hackers are after your enterprise data, and the tools and
services they employ to get at it are provided by a sophisticated,
fast-growing criminal support industry. Even more surprising--and
worrying--is how ineffective today's standard enterprise security
practices are at stopping these sophisticated attacks. Attend this Web
seminar to learn how high-tech criminals compromise your computers and
profit from your data by putting confidential info up for sale.

http://list.windowsitpro.com/t?ctl=6FD47:4160B336D0B60CB1CA584EA1D7EA8E8D

With more than 75% of business-critical information residing in email
today, you're more likely to find evidence in users' inboxes than in
filing cabinets or on a file share--a fact that hasn't been lost on
lawyers, courts, or government regulators. Do you know what the email
retention, discovery, and recovery requirements are for your business?
Applications that archive mail are an invaluable resource for complying
with those requirements. Download this essential guide about retention,
discovery, and recovery for email and IM.

http://list.windowsitpro.com/t?ctl=6FD4C:4160B336D0B60CB1CA584EA1D7EA8E8D


=== FEATURED WHITE PAPER =======================================

Unified Communications: What Is It? Why Should You Care? And How to Get
There
Unified communications (UC) helps you manage voice, email, fax, and
phone communications from one set of management controls. But from a
practical standpoint, how do you get started? This white paper breaks
the move to UC down into a manageable 3-phase process that starts with
unified messaging (UM). Learn practical tips and a phased approach for
getting started with UM as the first step toward a UC environment in
the future.

http://list.windowsitpro.com/t?ctl=6FD4A:4160B336D0B60CB1CA584EA1D7EA8E8D


=== ANNOUNCEMENTS ==============================================

Exchange 2007 Mastery Series: January 28, 2008
Three info-packed eLearning seminars for only $99 ($79 before
December 15)!
Hosted by Windows IT Pro
Mark Arnold--MCSE+M, Microsoft MVP--will coach you through Exchange
2007 storage solutions: planning for archiving and compliance,
optimizing your iSCSI network storage, and finding the sweet spot
between memory and spindles.

http://list.windowsitpro.com/t?ctl=6FD50:4160B336D0B60CB1CA584EA1D7EA8E8D

Packed with thousands of articles, bonus content, and loads of expert
advice, the Windows IT Pro Master CD is like having your very own team
of professional Windows consultants in your pocket. Get real-world
solutions lightning-fast--order the Windows IT Pro Master CD today.
Includes a one-year subscription to all online content at
WindowsITPro.com!

http://list.windowsitpro.com/t?ctl=6FD54:4160B336D0B60CB1CA584EA1D7EA8E8D


================================================================

Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).

http://list.windowsitpro.com/t?ctl=6FD5C:4160B336D0B60CB1CA584EA1D7EA8E8D

http://list.windowsitpro.com/t?ctl=6FD61:4160B336D0B60CB1CA584EA1D7EA8E8D

Subscribe to Security UPDATE at

http://list.windowsitpro.com/t?ctl=6FD53:4160B336D0B60CB1CA584EA1D7EA8E8D

Unsubscribe by clicking

http://list.windowsitpro.com/u?id=4160B336D0B60CB1CA584EA1D7EA8E8D

Be sure to add Security_UPDATE@list.windowsitpro.com
to your antispam software's list of allowed senders.

To contact us:
About Security UPDATE content -- letters@windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=6FD5F:4160B336D0B60CB1CA584EA1D7EA8E8D

About your product news -- products@windowsitpro.com
About your subscription -- windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- salesopps@windowsitpro.com

View the Windows IT Pro privacy policy at

http://list.windowsitpro.com/t?ctl=6FD52:4160B336D0B60CB1CA584EA1D7EA8E8D

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2007, Penton Media, Inc. All rights reserved.

No comments:

Blog Archive