News

Wednesday, August 06, 2008

Future Security Trends Apparent Today

WIN_SECURITY UPDATE_
A Penton Media Property
August 6, 2008


If you want to view this on the web go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-11803-803-202-62923-1220617-0-0-0-1-2-207

----------------------------------------
ADVERTISEMENT
Windows IT Pro

Are you gambling with disaster?

You need only take a quick look at the news on any given day to remind
you of why your company needs a disaster recovery plan. Chances are, you
won't ever experience a Level Four disaster, but even the smaller-scale
disasters that you'll more likely encounter can paralyze business
operations unless you've developed a plan for rapidly restoring IT
services. This web seminar will help you learn the top factors in a
successful disaster recovery plan.

http://ct.email.windowsitpro.com/rd/cts?d=33-11803-803-202-62923-1220618-0-0-0-1-2-207
----------------------------------------

IN FOCUS

--Future Security Trends Apparent Today
by Mark Joseph Edwards, News Editor
A steady focus on computer industry trends reveals two main areas of
tremendous growth for the future: web applications and
virtualization--which of course means that as a security administrator,
you'll need to place more emphasis on those areas in your own
environment.

Even if you employ those technologies only sparingly, you'll still need
to place a strong focus on related security because researchers and
intruders see these trends and are working to find chinks in the armor.
To give you an idea of what the threat landscape looks like right now,
consider a recently published report by IBM Internet Security Systems
(ISS).

According to the report, in 2000 web application vulnerabilities were
virtually nonexistent---and so were snazzy high-tech websites. But
that's all changed. Here we are 8 years later with a plethora of
powerful web applications all over the Internet, and vulnerabilities in
web applications now account for roughly 51 percent of all
vulnerabilities discovered. That's quite a change from days gone by,
when the majority of vulnerabilities were found in OSs, especially
Windows.

Even the web vulnerability landscape is changing. In the past,
cross-site scripting was one of the biggest problems with web
applications. But since last year, SQL injection attacks have steadily
become the biggest problem and that trend is still increasing in terms
of attacks. For example, according to ISS, in June alone there were tens
of thousands of SQL injection attacks that originated from several
thousand different sources.

Looking at the world of virtual computing reveals similar trends. Over
the past 3 years the amount of research focused on weaknesses in
virtualization technology has increased, and likewise the number of
vulnerabilities discovered has also increased---by about 500 percent!

Complicating matters is the fact that in many instances exploit code
becomes available before patches for vulnerabilities are available or
within a day or two after vulnerabilities become publicly known. This
results in little if any rest for battle-weary security administrators.

Take the recent DNS vulnerability, which was patched by the majority of
DNS software vendors earlier this month (except for a few, such as
Apple, who dragged their feet and left customers exposed to attack).
Within a day of the release of patches, exploit code was already
available to poison DNS caches. Days later a module became available for
Metasploit, which as you know makes attacking a system incredibly
simple. As a result, many businesses and Internet users fell victim to
attack because various DNS server operators didn't patch their systems
quickly enough. Even BreakingPoint Systems, where Metasploit creator HD
Moore works, fell victim because they used an AT&T DNS server as DNS
forwarders and AT&T didn't patch their systems quickly enough.

The 80-page report from ISS is full of excellent information that
reveals many other facts, figures, and trends---all of which you need to
know. You can download a copy in PDF format at the URL below:

http://ct.email.windowsitpro.com/rd/cts?d=33-11803-803-202-62923-1220619-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-11803-803-202-62923-1220620-0-0-0-1-2-207)

Since I brought up this new report it's probably a perfect time to
mention something about these reports in general that I've been thinking
about lately: Many security vendors have taken to publishing regular
reports that offer a lot of very important information, and those
reports are typically based on data vendors are able to collect from
their security solutions, whether inhouse or placed in customer sites.
It would be extremely useful to all security-minded people if vendors
would get together and pool their security statistic information into
one big consolidated report. However, no such report is currently being
produced. Quarterly and annual reports of that nature would be
invaluable, and I'd bet that such a report would be read by a far wider
audience than single reports issued by each company. What do you think?
Send your feedback to me at mje@windowsitpro.com
(mailto:mje@windowsitpro.com).

----------------------------------------
ADVERTISEMENT
Windows IT Pro

The Impact of Messaging and Web Threats

Protect your most critical communication tool in the workplace. This
white paper discusses how employing a layered and integrated defensive
strategy is the most effective approach to dealing with spam, viruses,
Trojans, worms and other forms of malware. Read this paper to learn
about the trends you can anticipate in the messaging threat landscape.

http://ct.email.windowsitpro.com/rd/cts?d=33-11803-803-202-62923-1220621-0-0-0-1-2-207
----------------------------------------


SECURITY NEWS AND FEATURES

--Aladdin Adds Two-Factor Authentication Via Acquisition
Aladdin Knowledge Systems announced that it will acquire Secure
Computing's SafeWord technology, which provides two-factor
authentication for a variety of platforms and applications.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-11803-803-202-62923-1220622-0-0-0-1-2-207

--AirDefense to Join Motorola as Wholly Owned Subsidiary
Privately-held wireless security solution provider AirDefense is set to
become a subsidiary of Motorola, the two companies announced.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-11803-803-202-62923-1220623-0-0-0-1-2-207

--McAfee Expands Into Data Loss Prevention
McAfee agreed to spend $46 million in cash to acquire privately owned
Reconnex, maker of data loss prevention solutions.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-11803-803-202-62923-1220624-0-0-0-1-2-207

--Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security Alerts,
which inform you about recently discovered security vulnerabilities. You
can also find information about these discoveries at

http://ct.email.windowsitpro.com/rd/cts?d=33-11803-803-202-62923-1220625-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-11803-803-202-62923-1220626-0-0-0-1-2-207)


GIVE AND TAKE

--SECURITY MATTERS BLOG: Critical Vulnerability in WebLogic Plug-In for
Apache
by Mark Joseph Edwards
Oracle issued an advisory regarding a critical security problem in its
WebLogic Server. If you're using the platform, then you need to
implement a workaround to gain the necessary protection. Read my blog to
learn about the workarounds.
http://ct.email.windowsitpro.com/rd/cts?d=33-11803-803-202-62923-1220627-0-0-0-1-2-207

--FAQ: Make Windows Server 2008 Ready For Exchange Server 2007
by John Savill
Q. How can I easily install the Windows Server 2008 roles and features
that Exchange Server 2007 requires?

Find the answer at

http://ct.email.windowsitpro.com/rd/cts?d=33-11803-803-202-62923-1220628-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-11803-803-202-62923-1220629-0-0-0-1-2-207)

--SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and solutions.
Email your contributions to r2r@windowsitpro.com
(mailto:r2r@windowsitpro.com). If we print your submission, you'll get
$100. We edit submissions for style, grammar, and length.


PRODUCTS

--Instantaneously View Important Web Activity
by Lavon Peters, Security Editor
For improved web security, Secure Computing released Secure Web
Reporter. This solution focuses on security, compliance monitoring, and
performance assessment to identify trends, investigate potential
problems, and analyze security threats so that organizations can use
this information to enforce their existing security policies or modify
their policies as necessary. Secure Web Reporter displays information
such as desktops infected with spyware, web surfing activity, blocked
malware, and downloading activity. For more information, contact Secure
Computing at 800-379-4944 or visit http://ct.email.windowsitpro.com/rd/cts?d=33-11803-803-202-62923-1220630-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-11803-803-202-62923-1220631-0-0-0-1-2-207.


RESOURCES AND EVENTS

Choose the Right Hosted Email Service for Your Business

Are you considering outsourcing email, arguably your business's most
mission-critical application? A hosted Exchange service can save
companies tens of thousands of dollars. Download this paper for a
complete evaluation checklist for hosted Exchange services.

http://ct.email.windowsitpro.com/rd/cts?d=33-11803-803-202-62923-1220632-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-11803-803-202-62923-1220633-0-0-0-1-2-207)

Regulatory Compliance Needs for the SMB Storage Administrator

In small businesses, data retention can quickly become a big problem.
While retaining small amounts of data over several years may not seem
like a big challenge, try finding a specific email conversation if you
don't have an existing backup and retention policy in place to do that.
In this podcast, David Chernicoff will talk about the regulatory issues
surrounding data storage requirements, such as Sarbanes-Oxley, SEC Rule
17-4, and HIPAA.

http://ct.email.windowsitpro.com/rd/cts?d=33-11803-803-202-62923-1220634-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-11803-803-202-62923-1220635-0-0-0-1-2-207)

A Modern Approach to On-Demand Email and Data Security

Email and data security solutions are available in different deployment
configurations, from hardware and virtual appliances to software. Learn
how Proofpoint delivers a dedicated, hosted email security solution that
combines state-of-the-art anti-spam and virus control with comprehensive
data security and easy-to-use encryption features with all the control
and flexibility that enterprises require. Download this free white paper
today.

http://ct.email.windowsitpro.com/rd/cts?d=33-11803-803-202-62923-1220636-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-11803-803-202-62923-1220637-0-0-0-1-2-207)


FEATURED WHITE PAPER

See How Your Peers Are Prioritizing BI and EPM Software Purchases

Check out the results of the Hyperion 2007 survey on business
intelligence and enterprise performance management. The notion that
emerging businesses have the same BI and EPM requirements as large
enterprises is partly true. See how managers in other organizations are
evaluating their BI and EPM purchases and learn how to get the most for
your evolving requirements.

http://ct.email.windowsitpro.com/rd/cts?d=33-11803-803-202-62923-1220638-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-11803-803-202-62923-1220639-0-0-0-1-2-207)


ANNOUNCEMENTS

Master SharePoint with 3 eLearning Seminars--hosted by Windows IT Pro

Join MVPs Dan Holme and Michael Noel to learn how to build a better
SharePoint infrastructure and enable powerful collaboration. On October
1, 2008, at 11:00 AM EDT, direct from your computer, these SharePoint
gurus will guide you through three info-packed sessions: 21st Century
File Sharing: Configuring & Managing Document Libraries; Building
Code-Free SharePoint Applications and Business Intelligence Lite; and
Forms-Based Authentication and Extranet Deployment Options for
SharePoint 2007. All for only $99! Seats are limited to allow for lots
of live Q&A at the end. Register today!

http://ct.email.windowsitpro.com/rd/cts?d=33-11803-803-202-62923-1220640-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-11803-803-202-62923-1220641-0-0-0-1-2-207)

Know a Developer?

Pass on the SharePoint Mastery series, built especially for developers,
with speaker and Microsoft MVP Andrew Connell!

http://ct.email.windowsitpro.com/rd/cts?d=33-11803-803-202-62923-1220642-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-11803-803-202-62923-1220643-0-0-0-1-2-207)

Access All Our Security Resources!

With the online VIP Monthly Pass, you can have all the security
solutions in Windows IT Pro and SQL Server Magazine right at your
fingertips, PLUS VIP-only content on hot topics such as Vista,
SharePoint, and more. You'll also receive a full digital copy of the
latest issue of Windows IT Pro!

http://ct.email.windowsitpro.com/rd/cts?d=33-11803-803-202-62923-1220644-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-11803-803-202-62923-1220645-0-0-0-1-2-207)


CONTACT US
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).
http://ct.email.windowsitpro.com/rd/cts?d=33-11803-803-202-62923-1220646-0-0-0-1-2-207
http://ct.email.windowsitpro.com/rd/cts?d=33-11803-803-202-62923-1220647-0-0-0-1-2-207

You are subscribed to this newsletter as boy.blogger@gmail.com

Manage your Security UPDATE subscription at
http://ct.email.windowsitpro.com/rd/cts?d=33-11803-803-202-62923-1220648-0-0-0-1-2-207.

To unsubscribe:
http://ct.email.windowsitpro.com/rd/cts?d=33-11803-803-202-62923-1220649-0-0-0-1-2-207&list_id=803&email=boy.blogger@gmail.com&message_id=11803

Be sure to add Security_UPDATE@email.windowsitpro.com
to your spam filter's list of allowed senders.

To contact us:
About Security UPDATE content -- mailto:letters@windowsitpro.com
About technical questions -- http://ct.email.windowsitpro.com/rd/cts?d=33-11803-803-202-62923-1220650-0-0-0-1-2-207
About your product news -- mailto:products@windowsitpro.com
About your subscription -- mailto:windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- mailto:salesopps@windowsitpro.com

View the Windows IT Pro privacy policy at
http://ct.email.windowsitpro.com/rd/cts?d=33-11803-803-202-62923-1220651-0-0-0-1-2-207

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2008, Penton Media, Inc. All rights reserved.

No comments:

Blog Archive