[ISN] Security UPDATE--Security Writers Web Site--July 21, 2004
isn at c4i.org
Thu Jul 22 07:52:49 EDT 2004
==== This Issue Sponsored By ====
Sunbelt Network Security Inspector
Free Security White Paper from Postini
1. In Focus: Security Writers Web Site
2. Security News and Features
- Recent Security Vulnerabilities
- Feature: SUS Implementation Tips
3. Security Toolkit
- Featured Thread
4. New and Improved
- Antivirus Activity Analysis
==== Sponsor: Sunbelt Network Security Inspector ====
A World-Class Scanner that Won't Make a Hole in Your Budget! New
V1.5 Now Multi-Platform; Scan By IP-range! Sunbelt Network Security
Inspector (SNSI) is a low-cost, quick-install, fast-result
vulnerability scanner. It uses a top-quality, commercial-grade
vulnerability database with well over 3,000 ranked vulnerabilities.
SNSI is licensed per Admin. Now you can finally afford a world-class
scanner and be proactive without compromises. Click here for your free
==== 1. In Focus: Security Writers Web Site ====
by Mark Joseph Edwards, News Editor, mark at ntsecurity dot net
I think you'll agree that either being a security administrator or
managing security administrators requires that you continually add new
information to your base of knowledge. Lots of resources are available
for you to use to gather more information. Some of the resources are
well-known and others are either relatively new or remain a bit
obscure for whatever reasons. This week, I want to share with you a
resource that you might not be aware of but that's worth checking
Information Security Writers (Infosec Writers) is a Web site at which
you can find numerous technical papers and essays, all of which of
course pertain to information security. The site was originally
launched in 2000 as the Security Writers Guild. Since that time, the
site has obviously changed names, and the content has grown.
The site hosts a library of technical papers written by various
contributors who want to share their knowledge with the community at
large. Categories in the Web site's Text Library include Email
Security; Exploitation/Vulnerability; Firewall & Perimeter Protection;
Forensics; General Security Concepts & Misc.; Honeypots; Information
Assurance; Intrusion Detection; Malware/Malicious Code; Network
Devices, Protocols & Traffic; Organizational Security; Security Tools;
and Wireless Security.
For some examples of the types of papers that you might find at the
site, check the Latest Articles section of the Infosec Writers home
page. Some recently published papers are "Securing Mac OS X" by
Stephen de Vries, "Shadow Software Attack" by Angelo Rosiello, "The
Increasing Risks of Internet Computing" by Greg Greer, "Information
Systems Misuse--Threats & Countermeasures" by Vijay Gawde, and "Non
Conventional Virus Attack" by Raul Alvarez.
Another item of interest that you can find at the site is
"Hitchhiker's World," which is a Web-based magazine. As far as I can
determine, the magazine isn't published at any particular interval,
however the next version is due to be released July 27. You might want
to read some or all of the previous editions; if you find the content
useful, you can mark your calendar to read the upcoming edition.
If you know of other security-related Web sites that others might not
be aware of and you want to share their names with the readers of this
newsletter, please send me an email and let me know about them.
==== Sponsor: Free Security White Paper from Postini ====
The Shifting Tactics of Spammers: What You Need to Know about New
As the incidence of spam and malicious emails carrying viruses and
worms continues to increase, conventional content filtering anti-spam
solutions fail to keep pace. This paper will describe the latest email
threats, how spam filters typically operate and how spammers are
attempting to defeat conventional software and appliance content
filtering technologies. You'll see how spammers are moving beyond hash
busting and Bayesian poisoning and learn how spammers are stealing
addresses from your email directory with "directory harvest
attacks"--compromising and even bringing down your email servers.
Download this free white paper now!
==== 2. Security News and Features ====
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these discoveries
Feature: SUS Implementation Tips
As you know, Microsoft Software Update Services (SUS) lets you
download (for free) all crucial updates to a Windows 2000 or later
server, then distribute them to your network's Windows servers and
workstations. SUS gives you a way to automate patch management and
eliminates the need to manually download and install critical updates
on individual workstations. In this article, Alan Sugano offers some
tips for SUS implementation.
==== Announcements ====
(from Windows & .NET Magazine and its partners)
Get Subscriber Access to Everything in the Windows & .NET Magazine
Our VIP Web site/Super CD subscribers are used to getting online
access to all of our publications, plus a print subscription to
Windows & .NET Magazine and exclusive access to our banner-free VIP
Web site. Now we've added even more content from the archives of SQL
Server Magazine! You won't find a more complete and comprehensive
resource anywhere--check it out!
Windows Connections, October 24-27, Orlando, FL
Microsoft and Windows & .NET Magazine team up to produce the
essential conference for network administrators and IT managers on
Windows and Exchange technology. Register early and attend sessions
for free at the concurrently run Microsoft Exchange Connections. See
the complete conference brochure online or call 800-505-1201 for more
Free eBook--"The Expert's Guide for Exchange 2003: Preparing for,
Moving to, and Supporting Exchange Server 2003"
This eBook will educate Exchange administrators and systems
managers about how to best approach the migration and overall
management of an Exchange 2003 environment. The book will focus on
core issues such as configuration management, accounting, and
monitoring performance with an eye toward migration, consolidation,
security, and management.
==== Hot Release ====
Need to Secure Multiple Domain or Host Names?
Securing multiple domain or host names need not burden you with
unwanted administrative hassles. Learn more about how the
cost-effective Thawte Starter PKI program can streamline management of
your digital certificates.
Click here to download our free guide:
==== 4. Security Toolkit ====
FAQ: What Causes the Error I Receive in the Event Log When I Attempt
to Replicate the ForestDNSZones Directory Partition?
by John Savill, http://www.winnetmag.com/windowsnt20002003faq
A. The ForestDNSZones directory partition is replicated among all
domain controllers (DCs) in a forest that have the DNS service
installed. When you replicate ForestDNSZones, you might see an error
message that's similar to one posted with this FAQ at the URL below.
This type of error can occur when you have several sites that don't
have site links between them or when site-link bridging is disabled
(and no site-link bridge has been manually created) and when a site
that has DCs running DNS is connected to a site that has DCs that
don't run DNS. The ForestDNSZones partition, which replicates only
between DCs that have DNS installed, can't replicate to the DCs that
don't have DNS installed. Consider a scenario in which sites A and C
have DCs that run DNS and are connected to site B, which has a DC that
doesn't run DNS. The error appears on DCs in sites A and C if
site-link bridging is disabled and no site-link bridge was manually
created between them.
To solve this problem, you must either create a site-link bridge
between sites A and C, or if sites A and C aren't connected because of
routing restrictions, install DNS on a DC at site B. Using either
method allows replication through the DC at site B. You don't need to
configure any zones on the DC; merely having DNS installed is enough
to add the DC to the ForestDNSZones partition's replication set.
Featured Thread: Web Site Access to Internal Databases
(Three messages in this thread)
Gary writes that he has a Web server on a demilitarized zone (DMZ)
that accesses an internal SQL database through Active Server Pages
(ASP). He wants to know the best way to let some of his customers
access certain parts of the database while not allowing public access.
He wonders if he should set up local accounts on the Web server and
use Windows authentication. Lend a hand or read the responses.
==== Events Central ====
(A complete Web and live events directory brought to you by Windows
& .NET Magazine: http://www.winnetmag.com/events )
Going Beyond Blade Server Basics
In this free Web seminar, attendees will learn about the
scalability of blade servers and how the HP BL series of servers work.
And, we'll look at support for remote management, Integrated Lights
Out (ILO) management, automated configuration, and server
provisioning, as well as specialized server designations within a
blade enclosure and more. Register now!
==== 5. New and Improved ====
by Jason Bovberg, products at winnetmag.com
Antivirus Activity Analysis
eIQnetworks announced FirewallAnalyzer Enterprise 3.5, the newest
enterprise version of the company's browser-based firewall/VPN
analysis, reporting, and monitoring solution. FirewallAnalyzer
Enterprise 3.5 correlates antivirus server and firewall/VPN
information and reports on it. The product comes with more than 400
reports to help you take preventive actions against network-perimeter
attacks and viruses. It provides more than 100 reports that identify
virus activity across enterprise networks, delivering such information
as virus type, source, destination, frequency, file type, file
extension, and protocol. Information can be reported hourly, daily,
and monthly from each firewall, as well as across all firewalls and
antivirus servers. The software runs on Windows 2003/XP/2000/NT and
costs $795 per physical firewall. For a free trial, contact
eIQnetworks on the Web.
Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a Windows & .NET Magazine T-shirt if we write about the
product in a future Windows & .NET Magazine What's Hot column. Send
your product suggestions with information about how the product has
helped you to whatshot at winnetmag.com.
==== Sponsored Links ====
Comparison Paper: The Argent Guardian Easily Beats Out MOM
Free Download--New - Launch NetOp Remote Control from a USB Drive
Editor's note: Share Your Security Discoveries and Get $100
Share your security-related discoveries, comments, or problems and
solutions in the Security Administrator print newsletter's Reader to
Reader column. Email your contributions (500 words or less) to
r2rsecadmin at winnetmag.com. If we print your submission, you'll get
$100. We edit submissions for style, grammar, and length.
==== Contact Us ====
About the newsletter -- letters at winnetmag.com
About technical questions -- http://www.winnetmag.com/forums
About product news -- products at winnetmag.com
About your subscription -- securityupdate at winnetmag.com
About sponsoring Security UPDATE -- emedia_opps at winnetmag.com
==== Contact Our Sponsors ====
Sunbelt Software -- http://www.sunbelt-software.com --
Postini -- http://www.postini.com --1-888-584-3150
Hot Release Sponsor:
thawte -- http://www.thawte.com -- 1-650-426-7400
This email newsletter is brought to you by Windows & .NET Magazine,
the leading publication for IT professionals deploying Windows and
related technologies. Subscribe today.
You received this email message because you asked to receive
additional information about products and services from the Windows &
.NET Magazine Network. To unsubscribe, send an email message to
mailto:Security-UPDATE_Unsub at list.winnetmag.com. Thank you!
Windows & .NET Magazine, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2004, Penton Media, Inc. All rights reserved.
More information about the ISN