[ISN] TCP/IP Changes in Windows Vista and Longhorn

InfoSec News isn at c4i.org
Thu Feb 16 05:41:45 EST 2006


This email newsletter comes to you free and is supported by the 
following advertisers, which offer products and services in which 
you might be interested. Please take a moment to visit these 
advertisers' Web sites and show your support for Security UPDATE. 




1. In Focus: TCP/IP Changes in Windows Vista and Longhorn

2. Security News and Features
   - Recent Security Vulnerabilities
   - Intel Invests in European Linux Solution Provider Collax
   - Sophos to Sell ActiveState
   - Three Products Achieve ICSA Labs Desktop Anti-Spyware Certification

3. Security Toolkit
   - Security Matters Blog
   - FAQ
   - Share Your Security Tips

4. New and Improved
   - Monitor Windows Event Logs for Compliance


==== Sponsor: Bindview ====
Get the tips you need to prepare and comply with PCI-Data Security 
standards, including defining the 12 major requirements, and how those 
requirements affect IT.


==== 1. In Focus: TCP/IP Changes in Windows Vista and Longhorn ====
   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

The upcoming Windows Vista and Longhorn server releases will both use a 
redesigned TCP/IP stack. The new stack will bring several new features, 
including routing compartments, a better host model, better support for 
IP version 6 (IPv6), a new packet-filtering API, and some other changes 
that don't necessarily affect security (you can read about these 
changes at the URL at the end of this editorial). 

The routing compartments feature is really interesting. It lets each 
user logon session have its own routing table and will prevent Internet 
traffic from being routed across a VPN into an intranet. The new host 
model will help defend against attacks on multihomed systems. So for 
example, a packet that reaches a network interface must have a 
destination address that matches the interface's address or the packet 
will be dropped. 

The new packet-filtering API, now known as Windows Filtering Platform 
(WFP), will help developers more easily filter or change packets before 
they're processed further along in the OS. This means that tools such 
as firewalls and antivirus and antispyware products can better control 
which data enters the system. You can learn more about WFP at the 
following URL:

Windows XP and Windows Server 2003 both support IPv6; however 
functionality is somewhat limited because they don't support Internet 
Key Exchange (IKE) and data encryption. The new TCP/IP stack will fix 
this problem by introducing a fully functional IPv6 protocol layer, 
which will be enabled by default. 

However, using IPv6 won't be without problems. Microsoft said that an 
IPv6-enabled system will first request an AAAA record (which is a 
record for IPv6 addresses). If the query fails, the system will request 
an A record (a record for IPv4). Some DNS servers won't answer the A 
record request if the AAAA request fails. If you want to get a head 
start on building IPv6 functionality, make sure your DNS server will 
handle the AAAA, A sequence of requests. 

Another issue with IPv6 is Network Address Translation (NAT), which 
might also break connectivity. To get around that problem, Microsoft 
uses Teredo (also known as Shipworm), which is a method of 
encapsulating IPv6 inside IPv4 UDP packets. Microsoft first released 
Teredo support in its Advanced Networking Pack for Windows XP in XP 
Service Pack 1 (SP1) and later shipped Teredo as part of XP SP2 and 
Windows 2003 SP1. Teredo will be a standard part of Windows Vista and 
Longhorn server.

You can read more about the IPv6 enhancements at the first URL below 
and learn more about other new features of the TCP/IP stack at the 
second URL below. 


==== Sponsor: Thawte ====

The Starter PKI Program
   Do you need to secure multiple domains or host names? In this free 
white paper you'll learn how the Starter PKI Program will benefit your 
company with timesaving convenience. Plus--you'll get the chance to 
actually test the program!


==== 2. Security News and Features ====

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security 
Alerts, which inform you about recently discovered security 
vulnerabilities. You can also find information about these 
discoveries at

Intel Invests in European Linux Solution Provider Collax
   Collax announced that Intel Capital has invested in the company, 
bringing its total Series A funding to $8.4 million. Collax Business 
Server's management interface offers simplified management functions 
for security features including firewalls, proxies, VPNs, antivirus, 
antispam, antiphishing, PKI, and Web content filtering. 

Sophos to Sell ActiveState
   Security solutions provider Sophos will sell its ActiveState unit to 
Canadian venture capital firm Pender Financial Group for $2.25 million. 
Pender Financial intends to acquire ActiveState through a newly 
incorporated company, which will allow ActiveState to become 

Three Products Achieve ICSA Labs Desktop Anti-Spyware Certification
   Three products have earned ICSA Labs Desktop Anti-Spyware 
Certification. ICSA Labs antispyware testing criteria determine whether 
products can defend systems against spyware, keyloggers, password 
stealers, dialers, rootkits, and adware. Find out which products earned 
certification in this article on our Web site. 


==== Resources and Events ====

Let industry expert Brian Moran teach you the tips and tricks he's 
learned in 15 years of experience fine-tuning SQL Server systems. This 
is a web seminar you won't want to miss! Live event: Tuesday, March 21, 
2006, 12:00 EST.

Learn the best ways to manage your email security (and fight spam) 
using a variety of solutions and tips.

Use clustering technology to protect your company against network 
outages, power loss and natural disasters. Live Event: Wednesday, 
February 28, 2006, 12:00 EST

Gain control of your messaging data with step-by-step instructions for 
complying with the law, ensuring your systems are working properly and 
ultimately making your job easier.

Align compliance with business efficiency, and learn how fax-document 
management plays a role in your strategy.


==== Featured White Paper ====

Learn about recovery to virtual computer environments, hardware 
migration strategies, hardware repurposing for optimal resource 
utilization, meeting recovery time objectives, increasing disaster 
tolerance, and more.


==== Hot Spot ====

ThreatSentry--IIS Host IPS & Application Firewall
   Malicious or unauthorized traffic plaguing your Web servers? 
ThreatSentry combines a state-of-the-art Application Firewall and 
advanced behavioral intrusion prevention components to block any 
activity falling outside of trusted parameters. Get enterprise-grade, 
multi-layered protection for Microsoft IIS at a small business price! 
Download free trial today.


==== 3. Security Toolkit ==== 

Security Matters Blog: Wipe Data from Your Old Media
   by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=20EBC:4FB69

I've covered this issue several times in different ways. Now there's 
more help: the National Institute of Standards and Technology (NIST) 
issued a new guide, "Guidelines for Media Sanitization." Find out more 
in the blog article. 

   by John Savill, http://list.windowsitpro.com/t?ctl=20EBB:4FB69 

Q: How can I clear the cache from Microsoft Internet Explorer (IE)?  

Find the answer at http://list.windowsitpro.com/t?ctl=20EB6:4FB69

Share Your Security Tips and Get $100
   Share your security-related tips, comments, or problems and 
solutions in the Windows IT Security print newsletter's Reader to 
Reader column. Email your contributions (500 words or less) to 
r2rwinitsec at windowsitpro.com. If we print your submission, you'll 
get $100. We edit submissions for style, grammar, and length.


==== Announcements ====
   (from Windows IT Pro and its partners)

VIP Subscribers have it all!
   Become a VIP subscriber and get continuous, inside access to ALL of 
the online resources published in Windows IT Pro magazine, SQL Server 
Magazine, and the Exchange and Outlook Administrator, Windows Scripting 
Solutions, and Windows IT Security newsletters--that's more than 26,000 
articles at your fingertips. You'll also get a valuable one-year print 
subscription to Windows IT Pro and two VIP CD-ROMs that include the 
entire article database and are delivered twice per year. Don't miss 
out--sign up now:

Save 44% off the Windows IT Security Newsletter
   For a limited time, order the Windows IT Security Newsletter and 
SAVE up to $30 off the regular price. You'll discover endless 
fundamentals about building and maintaining a secure enterprise, how-to 
coverage of free security tools, and expert advice on the best way to 
implement various security components. You'll also get unlimited access 
to the full online security article database (more than 1900 articles). 
Subscribe now:


==== 5. New and Improved ====
   by Renee Munshi, products at windowsitpro.com

Monitor Windows Event Logs for Compliance
   TNT Software offers ELM Event Log Monitor (EVM), which provides 
monitoring, alerting, reporting, and archiving for Windows event logs. 
TNT says it leveraged specific functionalities of its ELM Enterprise 
Manager to produce a tool to meet companies' compliance and security 
challenges. EVM collects Windows events from hundreds of systems and 
presents the results at a centralized console, triggers real-time 
alerts, stores the event data in a central database, and generates 
audit reports. EVM monitors high-level account changes and logon/logoff 
activity for compliance and security purposes. You can use 
preconfigured or customized monitoring settings. For more information, 
go to http://list.windowsitpro.com/t?ctl=20EBE:4FB69

Tell Us About a Hot Product and Get a T-Shirt!
   Have you used a product that changed your IT experience by saving 
you time or easing your daily burden? Tell us about the product, and 
we'll send you a T-shirt if we write about the product in a future 
Windows IT Pro What's Hot column. Send your product suggestions with 
information about how the product has helped you to 
   whatshot at windowsitpro.com.


==== Contact Us ==== 

About the newsletter -- letters at windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=20EBD:4FB69
About product news -- products at windowsitpro.com
About your subscription -- windowsitproupdate at windowsitpro.com
About sponsoring Security UPDATE -- salesopps at windowsitpro.com


This email newsletter is brought to you by Windows IT Security, 
the leading publication for IT professionals securing the Windows 
enterprise from external intruders and controlling access for 
internal users. Subscribe today.

View the Windows IT Pro privacy policy at

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2006, Penton Media, Inc. All rights reserved.

More information about the ISN mailing list