[ISN] Security UPDATE--Blacklists Decrease Spam--November 10, 2004

InfoSec News isn at c4i.org
Thu Nov 11 04:41:29 EST 2004


This email newsletter comes to you free and is supported by the
following advertisers, which offer products and services in which you
might be interested. Please take a moment to visit these advertisers'
Web sites and show your support for Security UPDATE.

Free Patch Management White Paper from St. Bernard Software

The Unofficial Guide to IM for Executives


1. In Focus: Blacklists Decrease Spam

2. Security News and Features
   - Recent Security Vulnerabilities
   - Microsoft Security Bulletin Advance Notification
   - Rights Management Services SP1 Beta
   - Windows XP SP2: 110 Million Users and Counting

3. Security Matters Blog
   - SpoofStick: the Good, the Bad, and the Ugly
   - Mac OS X Security Guide

4. Security Toolkit
   - FAQ
   - Security Forum Featured Thread

5. New and Improved
   - SSL VPN for Small-Scale Deployments
   - Protect Users from Internet Threats


==== Sponsor: St. Bernard Software ====
Free Patch Management White Paper from St. Bernard Software
   Successful patch management is a core component of maintaining a
secure computing environment. With a growing number of patches being
released by Microsoft weekly, IT administrators must be vigilant in
assuring that the machines on their networks are accurately patched.
Although Microsoft offers tools to assist administrators with the
tasks of patching, they are often time-consuming and far from
comprehensive. However there are solutions on the market that can
reliably and accurately automate the tasks involved in successful
patch management. In this free white paper, learn more about the patch
management dilemma and patch management solutions. Download this free
white paper now!


==== 1. In Focus: Blacklists Decrease Spam ====
   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

I'm sure that most, if not all, of you use some sort of mail-filtering
software to help eliminate unwanted email. Some mail-filtering
solutions are server-based, some are desktop-based, and some are a
combination of both.

I use a desktop-based mail-filtering solution on my personal desktop
system, and so far it works fairly well. As with many mail filters,
mine has to be trained to recognize unwanted email messages and
considers any messages that don't meet enough spam requirements to be
legitimate messages. The good thing about this approach is that it
decreases the possibility that I might not see a legitimate message
that I really need.

The downside of the approach is that it takes a while to train the
mail filter to properly filter as much spam as possible. As each
message is processed, more keywords (typically called tokens) are
added to the spam-filtering engine. So naturally the more spam the
engine filters, the better it operates. I receive a lot of junk mail.
For example, in August and September, I received over 28,000 email
messages. Of those, at least 18,090 (more than 64 percent) were spam.

One thing I've found that really helps reduce the amount of spam that
reaches my inbox is that my email filter supports the use of blacklist
services. You might already know that blacklist services track IP
addresses that are known to be used to send spam. So any mail filter
that supports blacklist services can query the services for a given IP
address (the sender's address or any address that might have relayed
the message along the way). If the IP address is on a blacklist, then
it's more probable that a message is spam.

In my testing of mail-filter software, I've found that a mail filter
that uses blacklists should query every mail server found in a
message's "Received:" header. Doing so increases the likelihood of
detecting spam messages. But some mail filters don't query all the
"Received:" headers, so they're less effective.

If your mail filter supports the use of blacklist services and you
aren't using them, consider testing them to see if they help reduce
the amount of unwanted email that you receive on your network.
Blacklist services are somewhat controversial because of complaints
that some services blacklist IP addresses at the drop of a hat without
much, if any, investigation first. In my experience thus far, services
such as SpamCop, Spamhaus, Relay Stop List, and Spam and Open Relay
Blocking System (SORBS) work fairly well. To find other possible
blacklist services, use your favorite search engine to query for
"blacklist services."


==== Sponsor: Akonix Systems ====
The Unofficial Guide to IM for Executives
   This free white paper will help managers, directors and executives
in all types of businesses understand Instant Messaging and the
powerful benefits it brings to the workplace when properly managed and
controlled. According to Giga Information Group, a large majority of
mid- to large-sized organizations have no formal IT support for IM.
This means employees are often logging onto public IM networks without
permission and without protection from viruses and worms, corporate
policy control or the ability to monitor and log conversations. Start
protecting your organization and get the white paper now!


==== 2. Security News and Features ====

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these discoveries

Microsoft Security Bulletin Advance Notification
   Microsoft announced that it will notify all customers of impending
security bulletins three days before it releases the bulletins to help
administrators plan for these security patches.

Rights Management Services SP1 Beta
   The Windows Rights Management Services (RMS) Service Pack 1 (SP1)
beta is on the way. The new service pack will add the ability to
deploy RMS without a connection to the Internet and "without an
operational dependency on an external entity such as Microsoft,"
enhanced authentication with support for smart cards, and the ability
to apply rights based on dynamic groups in Active Directory (AD).

Windows XP SP2: 110 Million Users and Counting
   On November 4, Microsoft announced that it had distributed Windows
XP Service Pack 2 (SP2), released in August, to more than 110 million
customers worldwide. Microsoft also said that 12.5 million users have
used the Windows Security Center introduced by XP SP2 to update their
antivirus software.


==== Announcements ====
   (from Windows IT Pro and its partners)

Subscribe Now to Windows IT Pro with Exclusive Online Access!
   Windows & .NET Magazine is now Windows IT Pro! Act now to get the
November issue, which features a Linux primer for Windows
administrators, the how-tos of making NTBackup work, and a checklist
for Sarbanes-Oxley compliance. You'll save 30% off the cover price and
receive exclusive subscriber-only access to our entire online library
with your paid subscription! This is a limited-time offer, so click
here to order today!

Get the Final Chapter Release--"The Expert's Guide for Exchange 2003:
Preparing for, Moving to, and Supporting Exchange Server 2003"
   Download our final chapter, "Exchange Security," and learn 5 key
strategies to help you secure your environment before vulnerabilities
become a problem, including how to reduce the number of protocols used
and how to partition your environment. Plus, start protecting
authentication credentials, data transmission, and more. Get the
entire eBook now!

Attend and Get a Free Subscription to Windows IT Pro! The Enterprise
Alliance Roadshow
   Come and join us for this free event and find out how a more
strategic and holistic approach to IT planning helps organizations
increase operational efficiency and facilitate the implementation of
new technology. Attend and you could win an iPod! Sign up today. Space
is limited.

Win a Trip to TechEd 2005 Plus iPod and XBox Prizes
   Compete in the first-ever IT Prolympics to test your Active
Directory knowledge against your peers. You could win recognition and
great prizes. The IT Prolympian grand prize is an expense-paid trip to
TechEd 2005. Click here to enter the competition.


==== 3. Security Matters Blog ====
   by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters

Check out these recent entries in the Security Matters blog:

SpoofStick: the Good, the Bad, and the Ugly
   I recently heard about a tool called SpoofStick, which is a browser
extension for Microsoft Internet Explorer (IE) and Mozilla Firefox.
The good thing about this tool is that it shows you the real URL of
the site you're visiting. The tool is designed to help prevent people
from falling victim to URL spoof attacks (which are bad). But there
was an ugly glitch when I tried to use the product.

Mac OS X Security Guide
   If you're using or planning to use Mac OS X, you might want to
review the new "Apple Mac OS X v10.3.x 'Panther' Security
Configuration Guide" from the National Security Agency (NSA).

==== 4. Security Toolkit ====

   by John Savill, http://www.windowsitpro.com/windowsnt20002003faq

Q: How can I install a domain controller (DC) from backup media by
using a DCPromo answer file?

Find the answer at

Security Forum Featured Thread
   A forum participant writes that Microsoft recommends putting
Internet Security and Acceleration (ISA) Server in a demilitarized
zone (DMZ) and publishing Outlook Web Access (OWA) from a Microsoft
Exchange Server front-end server on the inside network. He wonders
whether skipping the front-end server and publishing the back-end
server is any less secure. Join the discussion at


==== Events Central ====
   (A complete Web and live events directory brought to you by Windows
IT Pro at http://www.windowsitpro.com/events )

IT Security Solutions Roadshow--Attend and Get a Free Subscription to
Windows IT Pro
   Take your security to the next level with this free half-day event
covering topics such as antivirus, intrusion prevention, vulnerability
discovery, and more. Get a backstage pass to the ISA Server 2004
Hands-on Lab. Attend and enter to win tickets to a professional sports
game. Register now!


==== 5. New and Improved ====
   by Renee Munshi, products at windowsitpro.com

SSL VPN for Small-Scale Deployments
   AEP Systems offers SureWare A-Gate AG-60, a Secure Sockets Layer
(SSL) VPN designed specifically for small-scale deployments. The
product supports up to 50 concurrent users and sells for $7000 per
appliance with no extra licensing fees. A-Gate AG-60 supports both
clientless Web-enabled applications, including Windows Terminal
Services, and access to client-server applications. For more
information, go to

Protect Users from Internet Threats
   Armor2net released Armor2net Personal Firewall, software that
provides Internet security and privacy for computers. Armor2net
Personal Firewall monitors the computer and tracks all connections,
both incoming and outgoing. The software will show complete details of
each connection and let the user turn off unsafe connections and block
dangerous Internet sites. In addition, Armor2net Personal Firewall can
stop Internet pop-up ads and search for and remove spyware from a
computer. Armor2net Personal Firewall runs on Windows XP/2000/Me/98
and requires 32MB of RAM and 20MB of free hard disk space. It's
available for $19.99 from the Armor2net Web site at

Tell Us About a Hot Product and Get a T-Shirt!
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a T-shirt if we write about the product in a future
Windows IT Pro What's Hot column. Send your product suggestions with
information about how the product has helped you to
 whatshot at windowsitpro.com.

Editor's note: Share Your Security Discoveries and Get $100
   Share your security-related discoveries, comments, or problems and
solutions in the Security Administrator print newsletter's Reader to
Reader column. Email your contributions (500 words or less) to
r2rsecadmin at windowsitpro.com. If we print your submission, you'll get
$100. We edit submissions for style, grammar, and length.


==== Contact Us ====

About the newsletter -- letters at windowsitpro.com
About technical questions -- http://www.windowsitpro.com/forums
About product news -- products at windowsitpro.com
About your subscription -- windowsitproupdate at windowsitpro.com
About sponsoring Security UPDATE -- emedia_opps at windowsitpro.com


This email newsletter is brought to you by Security Administrator, the
leading publication for IT professionals securing the Windows
enterprise from external intruders and controlling access for internal
users. Subscribe today.

View the Windows IT Pro privacy policy at

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2004, Penton Media, Inc. All rights reserved.

More information about the ISN mailing list