[ISN] Handheld Security Admin

InfoSec News isn at c4i.org
Thu Mar 16 05:05:06 EST 2006


This email newsletter comes to you free and is supported by the 
following advertisers, which offer products and services in which 
you might be interested. Please take a moment to visit these 
advertisers' Web sites and show your support for Security UPDATE. 

GuardianEdge Technologies

Scalable Software


1. In Focus: Handheld Security Admin

2. Security News and Features
   - Recent Security Vulnerabilities
   - Cisco Moving into Physical Security Arena
   - Firefox 2.0 to Gain Security Improvements
   - Crank Up Security with MBSA 2.0

3. Security Toolkit
   - Security Matters Blog
   - FAQ
   - Security Forum Featured Thread
   - Share Your Security Tips

4. New and Improved
   - Better Security Event Reporting


==== Sponsor: GuardianEdge Technologies ====

Encrypt and Manage Data on Any Platform 
   Sensitive data is everywhere: in email and on hard drives, removable 
storage devices, and PDAs. Encryption is the only way to protect that 
data from criminals and competitors while complying with regulators. 
But encrypting data on all those devices and managing them efficiently 
is a major challenge. Encryption Anywhere solves the problem with a 
single management tool that plugs directly into Microsoft Active 
Directory letting you distribute and manage encrypted Microsoft clients 
without changing your current processes. Click here to find out how you 
can protect corporate data and prevent identity theft.


==== 1. In Focus: Handheld Security Admin ====
   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Laptops are great tools. They've allowed security administrators to 
take their tools on the road and freed them from relying on access to a 
storage server. For some security consultants, it might be nearly 
impossible to get any work done without a laptop.

One downside of laptops is that sometimes they can be bulky to carry 
around. Plus when you need to use a laptop, you must take it out of the 
bag, find a place to set it (on your lap if necessary), and start it 
up. Then when you're done, you must reverse the whole process. A task 
that will take you 5 minutes on the computer winds up taking 10 minutes 

Now, new mobile devices are poised to improve our situation once again. 
New handheld devices are powerful, flexible, and relatively easy to 
use. They can run a full-blown OS (as opposed to a scaled down, limited 
version), provide plenty of storage, are lightweight, and are ready to 
use almost instantly nearly any time and any place. 

New devices are coming to market. One that you might have already heard 
about is Microsoft's Ultra-Mobile PC (UMPC), code-named The Origami 

UMPC runs Windows XP Tablet PC Edition, has a 7-inch display with a 
minimum of 800 x 480 dpi resolution, includes network connectivity, has 
a 40GB hard drive, and weighs about 2 pounds. UMPC won't fit in your 
pocket, but it would fit in some purses, and you'll be able to hold it 
in your hand to get work done when necessary. Microsoft's UMPC will 
cost under $1000. 

Some might think that UMPC is just another tablet PC. While that might 
be true in the most basic sense, tablet PCs have significant advantages 
over laptops, most notably the ease of use. One thing missing from UMPC 
is a keyboard. I must have a keyboard, even though I like handhelds' 
touch screens. A demo at Intel's site (first URL below) shows an ultra-
mobile device that does have a keyboard (second URL below). I want this 

Another new device is the DualCor cPC. This device weighs only 1.1 
pounds and features two processors and two OSs: Windows XP Tablet PC 
Edition and Windows Mobile. The device also has a 40GB hard drive and 
5-inch display with 800 x 480 dpi resolution. The price is $1500 
retail, with discounts for volume purchases. 

Another handheld computer comes from OQO. The OQO model 01+ has a 30GB 
drive, weighs only 14 ounces, and is small enough to put in your 
pocket. The screen size is 5 inches. The model 01+ has a mini-keyboard 
that slides out from under the display. Hold on to your hats for the 
price: the Windows Tablet PC Edition sells for $2099 retail! 

For a decent comparison of several handheld computers, including some 
that I didn't have room to mention here and some that don't run Windows 
Tablet PC Edition, visit the handtops.com Web site at the URL below. 


==== Sponsor: Scalable Software ====

How much are you spending on IT compliance? Streamline and automate the 
compliance life cycle with this FREE white paper, and reduce your costs 


==== 2. Security News and Features ====

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security 
Alerts, which inform you about recently discovered security 
vulnerabilities. You can also find information about these 
discoveries at

Cisco Moving into Physical Security Arena
   With its latest acquisition, Cisco aims to bring its customers IP-
enabled physical security. The company announced an agreement to 
acquire privately held SyPixx Networks, a company founded in 2002 to 
deliver video surveillance systems. 

Firefox 2.0 to Gain Security Improvements
   An alpha release of Firefox 2.0 is due out in the next few days, 
according to meeting minutes posted at Mozilla Foundation. A few 
important new security features will be included in the 2.0 version. 
Read about them in this news story. 

Crank Up Security with MBSA 2.0
   The latest version of Microsoft's popular no-cost MBSA tool is more 
than a simple update; it includes new features and has been designed to 
integrate seamlessly with other update tools such as Windows Server 
Update Services (WSUS) and the Systems Management Server (SMS) 
Inventory Tool for Microsoft Updates (ITMU). Get the details at


==== Resources and Events ====

Windows Connections Conference, April 9-12, 2006
   Don't miss the essential Windows technology conference.

When disaster strikes your servers, whether they are dedicated to 
Windows, SQL, or Exchange, you need answers. Make sure that if an 
emergency occurs, you're prepared. Get the full eBook and get started 
on your recovery plan today!

Learn to gather evidence of compliance across multiple systems and link 
the data to regulatory and framework control objectives. On-demand Web 

Make sure your email server is secure. Learn everything from basic 
techniques to defense-in-depth strategies, including network-level 
access control lists, Web authentication, firewall protocol inspection, 
and perimeter filtering. Live Web seminar Thursday, March 23.

Use Windows Server 2003 R2 as a platform for SQL Server 2005 to support 
large-database requirements, including clustering and multiple 
processors. Register for this free Web seminar today!


==== Featured White Paper ====

Use scripted deployments to ensure that all your Exchange servers are 
configured and deployed with exactly the same options and to maintain a 
record of your installation configurations. Learn how today!


==== Hot Spot ====

Symantec Corporation
   A multi-tier approach to email security prevents unauthorized access 
and can stop spam, viruses, and phishing attacks. Learn to implement 
one today, and protect your network security and business systems!


==== 3. Security Toolkit ==== 

Security Matters Blog: L0phtcrack Retired
   by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=23D98:4FB69

After years as a password-cracking staple, L0phtcrack is apparently 
being put out to pasture--discontinued. However, there are 
alternatives, including Cain & Abel, LCP, Ophcrack 2, and the Openwall 
Project's John the Ripper. Find links to these alternatives in this 
blog article.

   by John Savill, http://list.windowsitpro.com/t?ctl=23D97:4FB69 

Q: Can you use the Microsoft File Server Migration Toolkit (FSMT) to 
migrate shares between servers in different forests? 

Find the answer at http://list.windowsitpro.com/t?ctl=23D96:4FB69

Security Forum Featured Thread: Audit Tools
   Know of any good tools to audit a Windows Server 2003 domain 
environment, including password reports? If so, join the discussion at 

Share Your Security Tips and Get $100
   Share your security-related tips, comments, or problems and 
solutions in the Windows IT Security print newsletter's Reader to 
Reader column. Email your contributions (500 words or less) to 
r2rwinitsec at windowsitpro.com. If we print your submission, you'll 
get $100. We edit submissions for style, grammar, and length.


==== Announcements ====
   (from Windows IT Pro and its partners)

Windows IT Pro Magazine Article Library--access available
   Sign up for a Monthly Online Pass and get INSTANT access to all 
articles, tools, and helpful resources published on WindowsITPro.com, 
including exclusive subscriber-only content. You'll get 24/7 access to 
the full Windows IT article library (which includes more than 9,000 
articles) as well as the latest digital issue of Windows IT Pro 
delivered right to your inbox. Sign up now:

Windows IT Pro Magazine--SAVE 58%
   Windows IT Pro is a must-have in 2006! Subscribe now and plug into 
the largest independent Windows IT community in the world. Along with 
loads of how-to articles, time-saving advice, and expert tips and 
solutions, you'll gain exclusive access to the entire online Windows IT 
Pro article library FREE. This is a limited-time offer, so order now:


==== 4. New and Improved ====
   by Renee Munshi, products at windowsitpro.com

Better Security Event Reporting
   Astaro released Astaro Report Manager 4.2, which lets you collect 
and report on data from Astaro Security Gateway appliances and security 
gateways from other vendors such as Check Point and Cisco. New features 
include a Java-based console that provides information about critical 
security events in real time, a new forensics analysis tool that helps 
you search log data on multiple devices, and new reports designed to 
meet federal regulatory requirements. Pricing starts at $295 for 
systems running Astaro Security Gateway Software and at $395 for Astaro 
Security Gateway appliances. For more information, go to

Tell Us About a Hot Product and Get a T-Shirt!
   Have you used a product that changed your IT experience by saving 
you time or easing your daily burden? Tell us about the product, and 
we'll send you a T-shirt if we write about the product in a future 
Windows IT Pro What's Hot column. Send your product suggestions with 
information about how the product has helped you to 
   whatshot at windowsitpro.com.


==== Contact Us ==== 

About the newsletter -- letters at windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=23D9B:4FB69
About product news -- products at windowsitpro.com
About your subscription -- windowsitproupdate at windowsitpro.com
About sponsoring Security UPDATE -- salesopps at windowsitpro.com


This email newsletter is brought to you by Windows IT Security, 
the leading publication for IT professionals securing the Windows 
enterprise from external intruders and controlling access for 
internal users. Subscribe today.

View the Windows IT Pro privacy policy at

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2006, Penton Media, Inc. All rights reserved.

More information about the ISN mailing list