[ISN] Inside Windows IT Security UPDATE

InfoSec News isn at c4i.org
Mon Mar 27 04:20:42 EST 2006


This email newsletter comes to you free and is supported by the 
following advertisers, which offer products and services in which you 
might be interested. Please take a moment to visit these advertisers' 
Web sites and show your support for Windows IT Security UPDATE.


SPI Dynamics


1. What's New in the Latest Issue

     April 2006 Issue
     - Focus: Containing Your Wireless Network Signals
     - Feature: 3 Ways to Rein in Your Wireless Signals
     - Access Denied
     - Toolbox: Avoid Risky Rules with Netsh

==== Sponsor: Winternals ====

Winternals Protection Manager
   How will you protect your enterprise from zero-day attacks? Protection 
Manager blocks unknown applications from running until you specifically 
authorize them. No need to wait for an update--you're already protected. Plus, 
Protection Manager enables a secure successful least privilege network without 
compromising legacy applications by decoupling privilege levels of applications 
from users, and promotes culturally acceptable PC lockdown with real-time 
approval or denial of user application requests. Protection Manager forms a 
crucial layer of your defense-in-depth security strategy, helping enforce 
corporate technology policies, ensuring compliance with regulatory acts like 
HIPAA and Sarbanes-Oxley, and dramatically reducing the labor burden on IT.  
Download your 30-day evaluation copy of Protection Manager at:

Windows IT Security is a monthly, paid, print newsletter loaded with 
news and tips to help you manage, optimize, and secure your Web-enabled 

In addition to receiving the monthly print newsletter, subscribers can 
access all the newsletter content, including the most recent issue, at 
the Windows IT Security Web site.

Subscribe today and access all the issues online!


==== 1. What's New in the Latest Issue ====

April 2006 Issue

Focus: Containing Your Wireless Network Signals
   Who knew that adding security to your wireless APs could be as simple as 
adding a reflector to their antennas? Learn about this low-cost safety 
mechanism, get instructions for configuring SSL/TLS, and find out about a new 
password-cracking tool.

The following article is available at no charge to nonsubscribers for a 
limited time:

3 Ways to Rein in Your Wireless Signals
   You can use three basic methods to limit wireless network radio signals. 
Here's how they work.
   --Mark Joseph Edwards

Nonsubscribers now have access to the Access Denied and Toolbox columns: 

Access Denied
   --Randy Franklin Smith

Locating the User Causing Failures on a Folder
   Examining event ID 560 and associated event IDs 528, 540, and 592 will 
give you the answers you need.

Determining Who Enabled an Account
   The answer might lie in the Security event log of your Windows DC.

Distinguishing User Account Reenablements from Creations
   User account creations create a telltale pattern in the Security log of 
event ID 624, followed by several instances of event ID 642 interspersed with 
event IDs 626 and 628.

Viewing the Security Settings on a Computer
   The GPMC Group Policy Results feature lets you obtain a report of all the 
effective Group Policy settings (including security settings) from a system.

The Two "Generate Resultant Set of Policy" Permissions
   Use the "Generate Resultant Set of Policy (Planning)" permission and 
report when you're testing what-if scenarios and the "Generate Resultant Set of 
Policy (Logging)" permission and report when you need to know the actual status 
of a computer or user.


Avoid Risky Rules With Netsh
   You can use Netsh's firewall context to audit Windows Firewall configurations on 
users' computers.
   --Jeff Fellinge

Subscribers have access to the entire contents of the April 2006 
issue. For a list of the other articles available in this issue, go to


==== Sponsor SPI Dynamics ====

ALERT: PENETRATION TEST your Web Applications for FREE! 
   WebInspect is a dynamic web application assessment tool that will 
automatically search for over 4,700 vulnerabilities and attack methods. Learn 
about the top web application Attack Methods and how to combat them with 
WebInspect. Run a FREE Test of your Web Apps via our FREE 15 Day Product Trial 
that delivers a comprehensive vulnerability report

==== Events & Resources ====
   (from Windows IT Pro and its partners)

Windows Connections Conference, April 9-12, 2006     
Don't miss the essential Windows technology conference. 

When disaster strikes your servers, whether they are dedicated to Windows, SQL, 
or Exchange, you need answers. Make sure that if an emergency occurs, you're 
prepared. Get the full eBook and get started on your recovery plan today!

Learn to gather evidence of compliance across multiple systems and link the data 
to regulatory and framework control objectives. On-demand Web seminar.

Make sure your email server is secure. Learn everything from basic techniques to 
defense-in-depth strategies, including network-level access control lists, Web 
authentication, firewall protocol inspection, and perimeter filtering. Live Web 
seminar Thursday, March 23

Use Windows Server 2003 R2 as a platform for SQL Server 2005 to support large-
database requirements, including clustering and multiple processors. Register 
for this free Web seminar today!

==== Featured White Paper ====

Use scripted deployments to ensure that all your Exchange servers are configured 
and deployed with exactly the same options and to maintain a record of your 
installation configurations. Learn how today!


==== Hot Release ====

ALERT: PENETRATION TEST your Web Applications for FREE! 
   WebInspect is a dynamic web application assessment tool that will 
automatically search for over 4,700 vulnerabilities and attack methods. Learn 
about the top web application attack methods and how to combat them. Test your 
Web Apps via our FREE 15 Day WebInspect Product Trial.


==== Announcements ====
(brought to you by Windows IT Pro)

Windows IT Pro Magazine Article Library--access available      
   Sign up for a Monthly Online Pass and get INSTANT access to all articles, 
tools, and helpful resources published on WindowsITPro.com, including exclusive 
subscriber-only content. You'll get 24/7 access to the full Windows IT article 
library (which includes more than 9,000 articles) as well as the latest digital 
issue of Windows IT Pro delivered right to your inbox. Sign up now:

Windows IT Pro Magazine--SAVE 58%         
   Windows IT Pro is a must-have in 2006! Subscribe now and plug into the 
largest independent Windows IT community in the world. Along with loads of how-
to articles, time-saving advice, and expert tips and solutions, you'll gain 
exclusive access to the entire online Windows IT Pro article library FREE. This 
is a limited-time offer, so order now:

==== Contact Us ====

About the newsletter -- letters at windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=24EFD:4FB69
About product news -- products at windowsitpro.com
About your subscription -- securityupdate at windowsitpro.com
About sponsoring UPDATE -- salesopps at windowsitpro.com

Make sure your copy of Inside Windows IT Security UPDATE doesn't get 
mistakenly blocked by antispam software! Be sure to add 
Inside_WindowsITSecurity_Update at list.windowsitpro.com to your list of 
allowed senders and contacts.

   This email newsletter is brought to you by Windows IT Security, the 
leading publication for IT professionals securing the Windows enterprise 
from external intruders and internal users. Subscribe today! 

View the Windows IT Pro Privacy policy at

Windows IT Pro is a division of Penton Media Inc.
221 East 29th Street, Loveland, CO 80538,
Attention: Customer Service Department

Copyright 2006, Penton Media, Inc.  All Rights Reserved.

More information about the ISN mailing list