[ISN] Security UPDATE -- The Perils of Mobile Computing -- July 13,
2005
InfoSec News
isn at c4i.org
Fri Jul 15 01:30:36 EDT 2005
====================
This email newsletter comes to you free and is supported by the
following advertisers, which offer products and services in which
you might be interested. Please take a moment to visit these
advertisers' Web sites and show your support for Security UPDATE.
Testing Your Security Configuration
http://list.windowsitpro.com/t?ctl=E44A:4FB69
Windows Master CD
http://list.windowsitpro.com/t?ctl=E45A:4FB69
====================
1. In Focus: The Perils of Mobile Computing
2. Security News and Features
- Recent Security Vulnerabilities
- Microsoft Baseline Security Analyzer v2.0 Now Available
- Active Directory Federation Services for Non-Microsoft Platforms
3. Security Toolkit
- Security Matters Blog
- FAQ
- Security Forum Featured Thread
4. New and Improved
- Partnering for Better Security
====================
==== Sponsor: Testing Your Security Configuration ====
Over a decade ago the Department of Defense (DoD) released a
statement saying, "Hack your network, or the hackers will do it for
you. Up until that point, the value of vulnerability scanning and
penetration testing was questionable. Today, vulnerability-scanning
hackers, Internet-traveling worms, and roving bots are common. The
DoD's advice given 10 years ago still holds true: You should conduct
regular vulnerability and penetration testing audits to validate your
security policy. This free white paper will discuss how to identify and
fix vulnerabilities, discover and use vulnerability assessment tools,
evaluate your security investment and more. Download your free copy
now!
http://list.windowsitpro.com/t?ctl=E44A:4FB69
====================
==== 1. In Focus: The Perils of Mobile Computing ====
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
Over the past few years, wireless networks have spread all over the
place. Some cities and towns even provide free Internet access over
public networks. Chances are high that unless you live in a very rural
area, one or more of your neighbors has a home wireless network.
Chances are also high that many of those neighboring wireless networks
are wide open, and anybody can connect without the owner's permission.
And, invariably, sooner or later somebody does just that.
With the proliferation of wireless networks comes the very attractive
opportunity to use mobile computing in all sorts of ways. For example,
many coffee shops offer free wireless access, as do libraries and
restaurants. So if you're a telecommuter working on the road somewhere,
or just want to check your email or do a little Web surfing without
going back to your own network, you can use any number of public
wireless networks.
A problem with the ease-of-use that open wireless networks offer is
that invariably some people can't resist using an open wireless network
even if it's not expressly made open for the public. That's when simple
wardriving can become a criminal act. After all, the unauthorized use
of a network is a crime in most places today. So if you discover a
wireless network and decide to use it, you might be committing a crime.
Last week, a precedent for increased arrests began to develop in
Florida. A man discovered that another man was sitting outside his
house in a vehicle while using a laptop. The man in the house
apparently had an open wireless network, and the man in the vehicle had
connected to the wireless network without permission and was using it
for what are at this time unknown purposes. Eventually, the homeowner
informed the police, who subsequently arrested and charged the man in
the vehicle. He now faces a criminal case.
The man's illegal use of someone else's network is puzzling. If I
understand correctly, the incident took place in St. Petersburg, which
is the fourth largest city in Florida with a population of nearly
250,000. Certainly, there must be many places that offer free public
wireless network access, so why did the man choose to break into
someone else's network? I don't know, but the incident does raise some
interesting questions.
What if that man was using a computer provided by his company? Or what
if he was checking email on his company's mail server? Would that then
make the company liable for the man's actions? If nothing else, the
incident points out that businesses that provide wireless devices to
their employees should probably consider implementing policies that
stipulate acceptable use of those devices. Without such policies,
businesses are more open to potential legal problems if employees
misuse company equipment.
If you're interested in the details of this story, then use your
favorite news site search engine to look for the terms "wireless" and
"Florida," and add the terms "Smith" and "Dinon" if you need to narrow
the search results.
====================
==== Sponsor: Windows Master CD ====
Why Do You Need the Windows IT Pro Master CD?
There are three good reasons to order our latest Windows IT Pro Master
CD. One, because it's lightning-fast, portable tool that let you search
for solutions by topic, author, or issue. Two, because it includes our
Top 100 Windows IT Pro Tips. Three, because you'll also receive
exclusive, subscriber-only access to our entire online article
database. Click here to discover even more reasons:
http://list.windowsitpro.com/t?ctl=E45A:4FB69
====================
==== 2. Security News and Features ====
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http://list.windowsitpro.com/t?ctl=E452:4FB69
Microsoft Baseline Security Analyzer 2.0 Now Available
On July 1, Microsoft released Microsoft Baseline Security Analyzer
(MBSA) 2.0. The new version supports Windows Server Update Services
(WSUS) and includes a new command line interface to perform local and
remote scans.
http://list.windowsitpro.com/t?ctl=E458:4FB69
Active Directory Federation Services for Non-Microsoft Platforms
Windows Server 2003 R2 will support Web-based single-sign-on (SSO)
and federated authentication using Active Directory (AD) as the
backend. Centrify aims to enable the technology on non-Microsoft
platforms.
http://list.windowsitpro.com/t?ctl=E459:4FB69
====================
==== Resources and Events ====
Identify the Key Security Considerations for Wireless Mobility
Wireless and mobile technologies are enabling enterprises to gain
competitive advantage through accelerated responsiveness and increased
productivity. In this free Web seminar, you'll receive a checklist of
risks to factor in when considering your wireless mobility technology
evaluations and design. Sign up today and learn all you need to know
about firewall security, transmission security, OTA management,
management of third-party security applications, and more!
http://list.windowsitpro.com/t?ctl=E450:4FB69
Learn to Sort Through Sarbanes-Oxley, HIPPA, and More Legislation
Quicker and Easier!
In this free Web seminar, get the tips you've been looking for to
save time and money in achieving IT security and regulatory compliance.
Find out how you can simplify these manually intensive, compliance-
related tasks that reduce IT efficiency. Turn these mandates into
automated and cost-effective solutions. Register now!
http://list.windowsitpro.com/t?ctl=E44D:4FB69
New Cities Added--SQL Server 2005 Roadshow in a City Near You
Get the facts about migrating to SQL Server 2005. SQL Server experts
will present real-world information about administration, development,
and business intelligence to help you implement a best-practices
migration to SQL Server 2005 and improve your database computing
environment. Attend and receive a 1-year membership to PASS and 1-year
subscription to SQL Server Magazine. Register now!
http://list.windowsitpro.com/t?ctl=E451:4FB69
Integrate Your Compliance System With Backup and Recovery
Discover the issues involved with integrating your compliance system
with backup and recovery, including backup schedules, pros and cons of
outsourcing backup media storage and management, the DR implications of
backing up compliance data, the possibility of using alternative backup
methods to provide backup and compliance in a single system, and more.
You'll learn what to watch out for when combining the two functions and
how to assess whether your backup/restore mechanisms are equal to the
challenge.
http://list.windowsitpro.com/t?ctl=E44E:4FB69
Influencers 2005: Thriving In The Face Of Regulation: How to
Accommodate the New Corporate Governance Regime and Achieve Optimum
Financial Performance
Join Arthur Levitt, former chairman of the SEC, Arnold Hanish, and
Scott Mitchell as they discuss the most important management challenge
facing businesses today--Wednesday, July 20 at 11:00 a.m. EDT.
Register here:
http://list.windowsitpro.com/t?ctl=E44C:4FB69
You Could Win An iPod Mini!
Your expert opinion makes a difference--tell us what you think about
industry conferences and events. Your feedback is very valuable to us.
Take this short survey today!
http://list.windowsitpro.com/t?ctl=E453:4FB69
==== Featured White Papers ====
Is Your Company Legally Required to Have an Email Compliance and
Retention Policy?
Gain an understanding of general retention and compliance issues and
Microsoft Exchange Server's built-in archiving and compliance features
and get guidance on the first steps to take when starting an archiving
regime. Plus--discover how to analyze trends and usage across your
messaging store.
http://list.windowsitpro.com/t?ctl=E44B:4FB69
====================
==== 3. Security Toolkit ====
Security Update for Internet Explorer
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=E45E:4FB69
Microsoft released a security update for Internet Explorer (IE) 5.x
and 6.0. Microsoft article 903235 discusses the matter.
http://list.windowsitpro.com/t?ctl=E457:4FB69
FAQ
by John Savill, http://list.windowsitpro.com/t?ctl=E45C:4FB69
Q: How can I enable the Anonymous SID to be part of the Everyone group
in Windows XP and later?
Find the answer at http://list.windowsitpro.com/t?ctl=E456:4FB69
Audit File Access
(Two messages in this thread)
A reader wants to know whether there are any third-party tools to
implement domain-wide file auditing. He needs to be able to dump log
data into a database, including which files were accessed, when they
were accessed, the name of the user who accessed the files, and the
computer that the files were accessed from.
Join the discussion at
http://list.windowsitpro.com/t?ctl=E44F:4FB69
====================
==== Announcements ====
(from Windows IT Pro and its partners)
Check Out the New Windows IT Security Newsletter!
Security Administrator is now Windows IT Security. We've expanded
our content to include even more fundamentals on building and
maintaining a secure enterprise. Each issue also features product
coverage of the best security tools available and expert advice on the
best way to implement various security components. Plus, paid
subscribers get online access to our entire security article database
(over 1900 security articles)! Order now:
http://list.windowsitpro.com/t?ctl=E455:4FB69
Exclusive Content for VIP Subscribers!
Get inside access to all of the content and vast resources from
Windows IT Pro, SQL Server Magazine, Exchange & Outlook Administrator,
Windows Scripting Solutions, and Windows IT Security, with over 26,000
articles at your fingertips. Your VIP subscription also includes a 1-
year print subscription to Windows IT Pro and a VIP CD (includes entire
article database). Sign up now:
http://list.windowsitpro.com/t?ctl=E45B:4FB69
====================
==== 4. New and Improved ====
by Dustin Ewing, products at windowsitpro.com
Partnering for Better Security
Apani Networks announced that its In-depth Network Security (INS)
system is available from HP. HP will provide first-line support for
customers around the world, as well as security-compliance consulting
and onsite services as needed. INS provides complete network-access
control, dynamic implementation of network security policies, and
point-to-point encryption. It will allow organizations to manage
security relationships for an entire network from a centralized point.
This centralization reduces infrastructure costs and provides a
security audit trail, which is essential for compliance regulation
requirements. For more information, visit the company's Web site
http://list.windowsitpro.com/t?ctl=E460:4FB69
Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a T-shirt if we write about the product in a future
Windows IT Pro What's Hot column. Send your product suggestions with
information about how the product has helped you to
whatshot at windowsitpro.com.
Editor's note: Share Your Security Discoveries and Get $100
Share your security-related discoveries, comments, or problems and
solutions in the Windows IT Security print newsletter's Reader to
Reader column. Email your contributions (500 words or less) to
r2rwinitsec at windowsitpro.com. If we print your submission, you'll
get $100. We edit submissions for style, grammar, and length.
====================
==== Sponsored Link ====
Argent versus MOM 2005
Experts Pick the Best Windows Monitoring Solution
http://list.windowsitpro.com/t?ctl=E449:4FB69
==== Contact Us ====
About the newsletter -- letters at windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=E45F:4FB69
About product news -- products at windowsitpro.com
About your subscription -- windowsitproupdate at windowsitpro.com
About sponsoring Security UPDATE -- emedia_opps at windowsitpro.com
====================
This email newsletter is brought to you by Windows IT Security,
the leading publication for IT professionals securing the Windows
enterprise from external intruders and controlling access for
internal users. Subscribe today.
http://list.windowsitpro.com/t?ctl=E454:4FB69
View the Windows IT Pro privacy policy at
http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2005, Penton Media, Inc. All rights reserved.
More information about the ISN
mailing list