A Penton Media Property
July 2, 2008
If you want to view this on the web go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034720-0-0-0-1-2-207
----------------------------------------
ADVERTISEMENT
MessageOne
Critical Challenges of ESI & Email Retention
Are you storing too much electronic information? It's absolutely
essential to implement and automate effective email retention policies
in balance with managing the costs and risks associated with
Electronically Stored Information (ESI). Get expert legal advice and
better understanding of what you are required to do as an IT
professional; also see the options that are out there to aid you in
this
complex endeavor.
http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034721-0-0-0-1-2-207
----------------------------------------
IN FOCUS
--Better Defenses For Your Web Applications And Database Servers
by Mark Joseph Edwards, News Editor
Over the past several months, a number of SQL injection attacks have
been targeted at systems running Microsoft IIS and Microsoft SQL
Server,
and thousands of those systems were victims because of poor Web site
security. Some of the attacks use specialized automation tools that can
query Google for vulnerable Active Server Pages (ASP) and subsequently
attack the sites on which those pages reside.
In April, Bojan Zdrnja posted a fairly detailed analysis of one such
tool in the SANS Handler's Diary blog at
isc.sans.org/diary.html?storyid=4294
(http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034722-0-0-0-1-2-207 ). Then in May,
SecureWorks
said that it had detected a SQL injection exploit tool that was
compounding matters even further. The tool was discovered as it was
being pushed out to a big botnet, and, of course, the tool made all the
bots capable of launching SQL injection attacks. You can read about the
exploit tool at
www.secureworks.com/research/threats/danmecasprox/
(http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034723-0-0-0-1-2-207 ).
It's probably safe to say that just about all of the successful
exploits
were a direct result of poor Web application coding practices, as well
as a lack of adequate failsafe security defenses. Failure to properly
sanitize user-provided input will invariably lead to a security breach.
However, using a strong back-end Web application security system can
help stop malicious code that makes its way past any sanitation code
that's built into your Web applications.
Last week, to help with proper coding practices, Microsoft stepped up
to
offer some advice. The company released the security advisory, "Rise in
SQL Injection Attacks Exploiting Unverified User Data Input"
(www.microsoft.com/technet/security/advisory/954462.mspx
(http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034724-0-0-0-1-2-207 )),
which
outlines three tools that can be used to find and fix coding problems.
One of the tools, Scrawlr, is relatively new and provided by HP. The
tool will crawl a Web site to look for SQL injection attack vectors. In
the security advisory, Microsoft also reminds administrators of its
long-standing UrlScan tool, which is now available as a version 3.0
beta. Both of these tools scan the publicly exposed side of a Web site.
To dig deeper, actual source code can be examined for vulnerabilities
by
using Microsoft's Source Code Analyzer for SQL Injection tool. However,
be aware that the tool can examine only ASP code that's written with
VBScript, and it doesn't parse all types of ASP constructs. In other
words, the tool has its limitations.
Other scanning tools you might consider using to protect your Web site
include Acunetix Web Vulnerability Scanner
(http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034725-0-0-0-1-2-207 ), Cenzic Hailstorm
(http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034726-0-0-0-1-2-207,
N-Stalker Web Application Security Scanner
(http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034727-0-0-0-1-2-207 ), NT OBJECTives NTOSpider
(http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034728-0-0-0-1-2-207 ), WhiteHat
Sentinel
(http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034729-0-0-0-1-2-207 ), IBM
Rational AppScan
(http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034730-0-0-0-1-2-207
),
HP WebInspect
(http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034731-0-0-0-1-2-207
),
Next Generation Security Software NGSSQuirreL
(http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034732-0-0-0-1-2-207 ), and IPLocks
Armour (http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034733-0-0-0-1-2-207 ).
You should also strongly consider using a Web application firewall to
protect your Web site. There are a wide range of choices available
today. Some of the solutions that I'm aware of are AppliCure
dotDefender, ArmorLogic Profense, Barracuda Web Site Firewall, Breach
Security WebDefend and ModSecurity, eEye Digital Security SecureIIS, F5
BIG-IP Application Security Manager, Imperva SecureSphere, Privacyware
ThreatSentry, Protegrity Defiance Threat Management System, Radware
AppXcel with Web Application Firewall, and webScurity webApp.secure.
All
of these products can easily be located using your favorite search
engine.
Keep in mind that Web application firewalls should be considered only
part of an overall security strategy -- even with such a solution in
place you still need to do everything you can to ensure that your code
and your database servers are as secure as they can be.
----------------------------------------
ADVERTISEMENT
Windows IT Pro
Fundamentals CD Registration
Don't miss out on your chance to gain independent, expert advice on the
latest technologies and applications in this free Fundamantals CDs,
written by the experts at Windows IT Pro. Order one or all three CDs on
the following topics: SharePoint, SQL Server, and Exchange. But hurry!
This offer expires soon.
http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034734-0-0-0-1-2-207
----------------------------------------
SECURITY NEWS AND FEATURES
--Fortinet Acquires Database Security Technology
Fortinet is expanding into database vulnerability assessment,
monitoring, and auditing with its recent acquisition and licensing of
technology from IPLocks.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034735-0-0-0-1-2-207
--Privacyware Releases Updated Web Application Firewall
Privacyware released an updated version of ThreatSentry, the company's
IIS ISAPI-based Web application firewall. The latest version has
improved protection against SQL injection and XSS attacks.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034736-0-0-0-1-2-207
--Study Shows Over Half of All Malware Sites Hosted in China
According to a new study by StopBadware.org, approximately 52 percent
of
malware sites are hosted in China. Oddly enough, over 4,200 of those
sites are hosted on Google networks.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034737-0-0-0-1-2-207
--Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security Alerts,
which inform you about recently discovered security vulnerabilities.
You
can also find information about these discoveries at
http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034738-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034739-0-0-0-1-2-207)
GIVE AND TAKE
--SECURITY MATTERS BLOG: Find Hidden Ports and Processes on Linux
by Mark Joseph Edwards
You know you're in for a "fun ride" when you find that there's hidden
ports and processes on your Linux systems. So how do you find out?
Here's a tool that will help.
http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034740-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034741-0-0-0-1-2-207)
Read the details in this blog article on our Web site.
http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034742-0-0-0-1-2-207
--FAQ: Remote Management of Server Core Installations
by John Savill
Q: How do I enable remote management of a Server Core installation?
Find the answer at
http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034743-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034744-0-0-0-1-2-207)
--SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and solutions.
Email your contributions to r2r@windowsitpro.com
(mailto:r2r@windowsitpro.com). If we print your submission, you'll get
$100. We edit submissions for style, grammar, and length.
PRODUCTS
--Expand Networks Adds IPsec to Compass
by Lavon Peters, Security Editor
Expand Networks recently announced that its Compass platform now
integrates standards-based IPsec on all IP traffic. IPsec, one of the
strongest encryption solutions available, ensures data integrity and
authentication between offices. Integrating IPsec into Compass lets
Expand Networks offer complete VPN data protection. The encryption in
Compass supports AES-128, AES-191, and AES-256 encryption standards.
For
more information, contact Expand Networks at 888-892-1250 or visit
http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034745-0-0-0-1-2-207 (http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034746-0-0-0-1-2-207.
RESOURCES AND EVENTS
Web Seminar--Introduction to Identity Lifecycle Manager "2"
Microsoft Identity Lifecycle Manager (ILM) "2" helps you manage
identities through a set of policies across heterogeneous environments.
ILM "2" delivers agility and efficiency through integration, automation
and self-service. This Web seminar will give you an overview of the
features and benefits of ILM "2", a walk-through demonstration
including
real-world examples, and access to the trial of ILM "2".
http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034747-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034748-0-0-0-1-2-207)
Combining Deduplication and VMware Disaster Recovery
DR for VMware Virtual Infrastructure 3 (VI3) requires that all your
virtual machines (VMs) be regularly replicated to a remote site,
consuming significant storage and network bandwidth. Read this white
paper to learn how to substantially reduce the amount of data in your
primary storage environment--a reduction that will result in a
cascading
benefit to your downstream infrastructure, reducing the bandwidth
necessary for replication and the storage necessary at the DR site.
http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034749-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034750-0-0-0-1-2-207)
PCI Compliance Made Simple
Retailers, banks, service providers, and credit card companies have
struggled to secure the personal and financial data entrusted to them.
This has resulted in a single data security standard called the Payment
Card Industry Data Security Standard (PCI DSS). Achieving PCI
compliance may seem like an insurmountable task, however it is actually
rather well defined and represents fundamental security best practices.
Download this white paper today to simplify and get a deeper
understanding of PCI DSS.
http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034751-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034752-0-0-0-1-2-207)
FEATURED WHITE PAPER
Managing VMware Doesn't End with Managing VMware
Virtualization offers numerous business benefits for the enterprise
data
center, including cost savings, server consolidation and resource
utilization, flexible systems management, business continuity, disaster
recovery, and green computing. However, virtualization changes the
systems management paradigm. Download this white paper to learn more
about the complex world of managing a virtualized data center.
http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034753-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034754-0-0-0-1-2-207)
ANNOUNCEMENTS
Get It All with Windows IT Pro VIP
Stock your IT toolbox with every solution ever printed in Windows IT
Pro
and SQL Server Magazine, plus bonus Web-exclusive content on
fundamentals and hot topics. Order today to receive the VIP CD and a
subscription to your choice of Windows IT Pro or SQL Server Magazine!
http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034755-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034756-0-0-0-1-2-207)
Windows IT Pro Master CD: Take the Experts with You!
Find the solutions you need within the thousands of searchable
articles,
helpful bonus content, and loads of expert advice on the Windows IT Pro
Master CD. A Master CD subscription buys you portable access to the
entire Windows IT Pro article database plus access to all the new
articles that we publish exclusively on WindowsITPro.com every day.
It's
like having a team of consultants in your pocket! Get real-world
solutions fast--order the Windows IT Pro Master CD today.
http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034757-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034758-0-0-0-1-2-207)
CONTACT US
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).
http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034759-0-0-0-1-2-207
http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034760-0-0-0-1-2-207
You are subscribed to this newsletter as boy.blogger@gmail.com
Manage your Security UPDATE subscription at
http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034761-0-0-0-1-2-207.
Be sure to add Security_UPDATE@email.windowsitpro.com
to your spam filter's list of allowed senders.
To contact us:
About Security UPDATE content -- mailto:letters@windowsitpro.com
About technical questions -- http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034763-0-0-0-1-2-207
About your product news -- mailto:products@windowsitpro.com
About your subscription --
mailto:windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE --
mailto:salesopps@windowsitpro.com
View the Windows IT Pro privacy policy at
http://ct.email.windowsitpro.com/rd/cts?d=33-10122-803-202-62923-1034764-0-0-0-1-2-207
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2008, Penton Media, Inc. All rights reserved.
No comments:
Post a Comment