A Penton Media Property
January 23, 2008
If you want to view this on the web go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-1537-803-202-62923-115810-0-0-0-1-2-207
IN FOCUS
--Strengthen Your Firewall Defenses Against Bots, Spam, and DoS Attacks
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
Valentine's Day is just around the corner, and you might guess that
there will be an onslaught of social engineering attacks, each designed
to get some sort of malware onto unsuspecting people's systems. In fact,
at least one such attack has already started. Email messages are
floating around whose purpose is to try to bring more computers into
Storm-based botnets.
Last week, I blogged about the attack and mentioned that SANS Internet
Storm Center team member Bojan Zdrnja found that, at the time of his
testing, "only 4 antivirus programs out of 32 on VirusTotal properly
detected [the current variation of the worm, and there is ] virtually no
[detection in] the most popular anti-virus programs." That's a
startlingly low detection rate, even though it's to be expected when new
variants of any type of malware emerge onto the Internet.
Obviously, antivirus software isn't enough protection. We've known that
for that some time, and of course other types of tools can be used to
help protect systems. For example, anti-malware, antispyware, and
antispam tools, and strong firewalls all help.
I recently learned about another tool that can help, which many of you
might not be aware of yet. The tool, ThreatSTOP, is actually an online
service based on DNS that can be added to some types of firewalls to
help block not only bots, but also Denial of Service (DoS) attacks and
spam. The service provides your firewall a set of data that can be used
to build firewall rules automatically. The data includes block lists,
allow lists, and custom combinations of those lists.
ThreatSTOP aggregates its data from three sources: SANS Internet Storm
Center DShield (for malicious sources), TQMcube (for spam-related data),
and Complete Whois (for lists of hijacked IP addresses and IP addresses
not allocated by IANA and RIRs to ISPs). ThreatSTOP then populates its
DNS servers with the data. You configure your firewall (and possibly
supporting systems) to gather IP address data from ThreatSTOP's DNS
servers by using simple TCP-based queries. (UDP won't work because the
DNS answers are too big.) Then you use those IP addresses to generate
rules that work in your preferred manner.
To use the service, you need a somewhat flexible firewall, such as Cisco
PIX, Juniper Networks' NetScreen, Check Point's ZoneAlarm, iptables
running on a Linux system, or Packet Filter (PF) running on BSD UNIX.
You sign up for an account, define the devices that will contact
ThreatSTOP to receive the data (only authorized devices can query
ThreatSTOP DNS servers), add ThreatSTOP DNS servers to your device's
list of name servers, and then configure your firewall to query for data
and build rules. Actual firewall configuration depends on your
particular firewall. For some types of firewalls, you'll need to install
scripts to help download and convert the data properly. For others you
might be able to make simple changes in a GUI.
Right now the service is free to "early adopters." You can find out more
about how the service works by visiting the Web site at the URL below,
where you'll also find useful information about supported firewalls, the
limitations of some types of firewalls (such as Microsoft ISA Server),
and helper scripts for various firewalls.
www.threatstop.com (http://ct.email.windowsitpro.com/rd/cts?d=33-1537-803-202-62923-115811-0-0-0-1-2-207)
----------------------------------------
ADVERTISEMENT
Symantec
Messaging Management
Fundamentals eBook - Best Practices & Service Comparison
Email and messaging infrastructures are the backbone of today's business
operations, they are so essential that if they go down, an
organization's business stops. With this level of importance put on
these systems, protecting your email and messaging infrastructures is
the primary goal of email and messaging management solutions. Email and
management solutions can mitigate the risks related to information loss,
leakage, or unauthorized data access. Read this eBook to learn about the
best practices of designing an email and messaging management
infrastructure in Exchange-centric environments.
http://ct.email.windowsitpro.com/rd/cts?d=33-1537-803-202-62923-115812-0-0-0-1-2-207
----------------------------------------
SECURITY NEWS AND FEATURES
--Novell Extends ZenWorks Endpoint Security with New Features
Novell took its ZenWorks Endpoint Security solution a big step forward
with new encryption capabilities and new password capabilities that help
protect laptops.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-1537-803-202-62923-115813-0-0-0-1-2-207
--Perimeter eSecurity to Offer Outsourced Messaging Compliance Solutions
Perimeter eSecurity announced that it has acquired Secure Electronic
Communication Compliance Archival System (SECCAS), maker of outsourced
messaging compliance solutions. The acquisition brings ePerimeter the
ability to offer companies tools that can help archive email, instant
messages, faxes, and other communications.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-1537-803-202-62923-115814-0-0-0-1-2-207
--$20,000 for Zero-Day Windows Vulnerability
Digital Armaments temporarily upped the ante for paid exploits. Through
the end of February, the company will pay an extra $20,000 for each
report and exploit.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-1537-803-202-62923-115815-0-0-0-1-2-207
--Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security Alerts,
which inform you about recently discovered security vulnerabilities. You
can also find information about these
discoveries at
www.windowsitpro.com/departments/departmentid/752/752.html
(http://ct.email.windowsitpro.com/rd/cts?d=33-1537-803-202-62923-115816-0-0-0-1-2-207)
----------------------------------------
ADVERTISEMENT
Lucid8
The Essential Guide to E-Discovery & Recovery for Microsoft Exchange
E-Discovery & Recovery for Microsoft Exchange
With more than 75 percent of business-critical information residing in
e-mail today, you are more likely to find evidence sitting in someone's
inbox than in their filing cabinet or on a file share. The growing
importance of e-mail has not been lost on the lawyers, courts, or
government regulators. In fact, e-mail is being placed at the center of
legal discovery requests and is increasingly used in a variety of legal
and regulatory proceedings, from e-discovery for civil lawsuits to
providing the grounds for prosecuting criminal cases. Download this
guide to find out how you can be better prepared.
http://ct.email.windowsitpro.com/rd/cts?d=33-1537-803-202-62923-115817-0-0-0-1-2-207
----------------------------------------
GIVE AND TAKE
--SECURITY MATTERS BLOG: Storm Worm Loves You; Google Needs a Good
Security Guru
by Mark Joseph Edwards
Attackers have unleashed a new round of Storm worm infections just in
time for Valentine's Day. And Google is looking for an Investigator /
Threat Analyst. Read all about it in the Security Matters blog.
windowsitpro.com/blog/index.cfm?action=BlogIndex&DepartmentID=949
(http://ct.email.windowsitpro.com/rd/cts?d=33-1537-803-202-62923-115818-0-0-0-1-2-207)
--FAQ: Adding Roles and Features at the Command Line
by John Savill
Q: How do I use the command line to install Windows Server 2008 Roles
and Features?
Find the answer at
www.windowsitpro.com/Article/ArticleID/98051
(http://ct.email.windowsitpro.com/rd/cts?d=33-1537-803-202-62923-115819-0-0-0-1-2-207)
--SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and solutions in
Security Pro VIP's Reader to Reader column. Email your contributions to
r2r@securityprovip.com (mailto:r2r@securityprovip.com). If we print your
submission, you'll get $100. We edit submissions for style, grammar, and
length.
PRODUCTS
--Packet-Capture Engine Gains Speed
by Renee Munshi
MicroOLAP Technologies announced Packet Sniffer SDK 4.0, a library of
objects for capturing traffic in Windows environments. Embedded into an
application, Packet Sniffer provides low-level network access to capture
and transmit network packets bypassing the protocol stack. New features
in Packet Sniffer SDK 4.0 intended to improve performance are an
adjustable packet pool that maps packets from application mode space to
the Packet Sniffer SDK internal driver kernel mode space and back, a
32-/64-bit BSD Packet Filter (BPF) just-in-time (JIT) compiler, and
asynchronous queues for packet sending and receiving. Packet Sniffer SDK
4.0 runs on Windows 98 and later and is compatible with Microsoft Visual
C++, Microsoft Visual Basic .NET, Intel C++, Borland C++ Builder, and
Borland Delphi. For more information, go to
www.microolap.com (http://ct.email.windowsitpro.com/rd/cts?d=33-1537-803-202-62923-115820-0-0-0-1-2-207)
RESOURCES AND EVENTS
Attend Black Hat DC on February 18-21. This Washington, DC, version of
the world's premier technical event for ICT security experts features
lots of new content, including a focus on wireless security.
www.blackhat.com (http://ct.email.windowsitpro.com/rd/cts?d=33-1537-803-202-62923-115821-0-0-0-1-2-207)
How to Archive Effectively, Be Compliant, and Save Money
Compliance is a hot topic in the IT world, but it's a broad topic, too.
Focusing on individual parts of the compliance elephant can be a good
way to start. Archiving email is often desirable or necessary, even for
companies that don't have explicit compliance requirements. In this Web
seminar, Paul Robichaux describes how archiving strategies can help your
business work more effectively and keep IT operating costs under control
while preserving quick access to needed data.
www.windowsitpro.com/go/GFI/Compliance/?partnerref=011608er
(http://ct.email.windowsitpro.com/rd/cts?d=33-1537-803-202-62923-115822-0-0-0-1-2-207)
Three Easy Steps to Disaster-Recovery Planning
Everyone is talking about disaster-recovery planning and how important
it is to be prepared for any emergency that could impact
business-critical operations. But how do you develop a sound disaster
recovery plan? Where do you actually begin? Attend this January 29th
(1:00 PM EST) Web seminar to get practical guidance on developing,
implementing, and testing your disaster recovery plan. Outline the steps
you should follow to ensure that your disaster recovery plan works as
you expect it to and scales as your business and IT needs evolve.
www.windowsitpro.com/go/seminars/XOsoft/DisasterRecovery/?partnerref=011608er
(http://ct.email.windowsitpro.com/rd/cts?d=33-1537-803-202-62923-115823-0-0-0-1-2-207)
FEATURED WHITE PAPER
How to Add Significant Capabilities to All Your Major Application
Development Environments
Organizations seeking to gain competitive advantage in the marketplace
can be derailed when faced with the daunting task of managing and
integrating a large collection of competing application development
technologies. The solution can be the implementation of a single
integrated platform that offers high performance and scalability for the
most popular technologies used by application developers today. This
white paper discusses how certain developmental tools can simplify your
development tasks and enable your organization to reduce application
development time.
www.windowsitpro.com/go/wp/oracle/development/?code=011608er
(http://ct.email.windowsitpro.com/rd/cts?d=33-1537-803-202-62923-115824-0-0-0-1-2-207)
ANNOUNCEMENTS
Exchange 2007 Mastery Series: January 28, 2008
LAST CHANCE TO REGISTER!
Get three info-packed eLearning seminars hosted by Windows IT Pro for
only $99!
Mark Arnold--MCSE+M and Microsoft MVP--will coach you through
Exchange 2007 storage solutions: planning for archiving and compliance,
optimizing your iSCSI network storage, and finding the sweet spot
between memory and spindles.
www.windowsitpro.com/go/elearning/masteringexchange2007
(http://ct.email.windowsitpro.com/rd/cts?d=33-1537-803-202-62923-115825-0-0-0-1-2-207)
CONTACT US
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).
http://ct.email.windowsitpro.com/rd/cts?d=33-1537-803-202-62923-115826-0-0-0-1-2-207
http://ct.email.windowsitpro.com/rd/cts?d=33-1537-803-202-62923-115827-0-0-0-1-2-207
You are subscribed to this newsletter as boy.blogger@gmail.com
Manage your Security UPDATE subscription at
http://ct.email.windowsitpro.com/rd/cts?d=33-1537-803-202-62923-115828-0-0-0-1-2-207.
Be sure to add Security_UPDATE@email.windowsitpro.com
to your spam filter's list of allowed senders.
To contact us:
About Security UPDATE content -- mailto:letters@windowsitpro.com
About technical questions -- http://ct.email.windowsitpro.com/rd/cts?d=33-1537-803-202-62923-115830-0-0-0-1-2-207
About your product news -- mailto:products@windowsitpro.com
About your subscription -- mailto:windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- mailto:salesopps@windowsitpro.com
View the Windows IT Pro privacy policy at
http://ct.email.windowsitpro.com/rd/cts?d=33-1537-803-202-62923-115831-0-0-0-1-2-207
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2008, Penton Media, Inc. All rights reserved.
No comments:
Post a Comment