Security UPDATE--The High Risk of Using Open Networks--April 25, 2007

IN FOCUS: The High Risk of Using Open Networks

NEWS AND FEATURES

- Microsoft Adds Live Alerts for MSRC Blog

- Yahoo! Mail Integrates PhishTank Data for Better Protection

- New Worms Turn Windows Servers into Botnet Members

- Recent Security Vulnerabilities

GIVE AND TAKE

- Security Matters Blog: Security Brief on Oracle's Latest Security Patches

- FAQ: Pushing Out Management Packs

- Tell Us About the Products You Love!

- Share Your Security Tips

PRODUCTS

- Take Control of Endpoints

RESOURCES AND EVENTS

FEATURED WHITE PAPER

ANNOUNCEMENTS

=== SPONSOR: ShoreTel

Enterprises Rate Important IP Telephony Features

This comprehensive guide is invaluable for those evaluating VoIP and shows how organizations can reduce cost and improve operations to help you to plan and implement an IP phone system. Define system components - Identify network requirements - Learn important standards - Learn deployment options:

http://findtechinfo.com/penton/nl/264

=== IN FOCUS: The High Risk of Using Open Networks

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Open networks are tempting, especially when you really need to send or receive messages or gather some data quickly while on the road. But don't let your guard down while using open networks (such as those at at conferences, coffee shops, or hotels), or you might fall victim to an intruder. In fact, when using open networks, you should raise your guard as high as you can, which might mean deciding not to use a certain open network at all.

The decision whether to use an open network comes down to two simple questions: Do you trust that you can get on and off the network safely; and do you feel confident that your system is secure enough to withstand potential zero-day exploits?

A good example of how high the risk is happened at the 2006 ShmooCon conference. While using the conference's wireless network, a security researcher's Mac laptop fell victim to attack. Even though the researcher's laptop was secured as well as possible, the system was broken into using a zero-day exploit. Unfortunately, the presenter was not running any packet-capture tools at the time, so attempts to find out how the break-in happened were fruitless.

Another case in point occurred only last week at the CanSecWest conference in Vancouver, B.C., Canada. At the conference, an interesting challenge was presented: Break into either of two MacBook Pros running OS X and win the computer. TippingPoint (a division of 3Com) offered a $10,000 cash prize to enhance the challenge further.

Sure enough, someone broke into one of the MacBooks using a zero-day exploit against the Safari Web browser. The winning challenger, Shane Macaulay, worked with a friend, Dino Dai Zovi, who didn't attend the conference. Zovi provided the exploit, and Macaulay executed it at the conference by setting up a Mac server on the conference's wireless network. He then had one of the conference workers enter a specific URL into the MacBook's browser, which in turn connected to the server to launch the exploit. That's all that was required for the MacBook to become "owned."

The point of the latter example is that the same thing could be accomplished by a bad guy lurking on a conference network or any other open network. It doesn't matter what OS you use, the risks are basically the same. Said otherwise, zero-day exploits exist for all OSs, and it's often incredibly difficult to defend against the unknown.

If you feel you must use an open network, one way to help avoid falling victim--to some extent anyway--is to use a virtual machine (VM) configuration to perform whatever tasks you need to do. While a VM might not completely protect your system, at least when you restart the VM, its OS will come up clean, assuming of course that no one used a zero-day exploit to compromise the VM software or OS image.

Another way to possibly protect your system is to use a bootable Live CD, which you might know is basically a CD-ROM with a bootable OS. If you're interested in finding a good Live CD, head over to FrozenTech (at the URL below) where you'll find dozens that you can choose from.

http://www.frozentech.com/content/livecd.php

While neither method I suggested is completely secure, at least both methods make it much more difficult for an intruder to "own" your computer.

As an aside, since I mentioned OS X in this column, I want to also point out that Apple released a batch of 25 security patches last week. So if you manage OS X systems, be sure to update them. You can learn more about the patches at the Apple site at the URL below.

http://docs.info.apple.com/article.html?artnum=305391

===

You can win $100 by voting for the products you find most useful in Windows IT Pro's Community Choice Awards! Give us your feedback to qualify to win one of twelve $100 Amazon.com gift certificates. Voting is open through May 21. Winners will be announced in the August 2007 issue of Windows IT Pro. Go to

http://forums.windowsitpro.com/web/forum/messageview.aspx?catid=96&threadid=84652&enterthread=y

=== SPONSOR: nCipher

Best Practices for Microsoft PKI & Cert Mgt Please join us for this complimentary Webinar

Thursday, May 10, 2007 11:00 AM EDT

Speaker: Brian Komar, President, IdentIT Mr. Komar will provide a unique overview of the MS PKI and nCipher's integrated solutions, which will assist you in streamlining this process and reducing your total cost of ownership. You will learn to:

- Design a PKI to address business needs and achieve regulatory compliance

- Implement hardware security modules to increase private key protection

- Apply tricks and trips for configuring your CA

- Manage certificates with ILM 2007 http://www.ncipher.com/seminars/seminars5.php

=== SECURITY NEWS AND FEATURES

Microsoft Adds Live Alerts for MSRC Blog

Microsoft is conducting a beta program for its new Windows Live Alerts service, and the company recently added Microsoft Security Response Center (MSRC) blog entries to the list of available content.

http://www.windowsitpro.com/Article/ArticleID/95838

Yahoo! Mail Integrates PhishTank Data for Better Protection

PhishTank is a community project that lets people submit links to potential phishing sites and vote on whether a site really is a phishing scam.

http://www.windowsitpro.com/Article/ArticleID/95835

New Worms Turn Windows Servers into Botnet Members

Three worms circulating the Internet take advantage of a vulnerability in the Windows DNS service to turn a system into a bot. Microsoft and security solution providers are working to integrate protection against the worms into their offerings.

http://www.windowsitpro.com/Article/ArticleID/95822

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

http://www.windowsitpro.com/departments/departmentid/752/752.html

=== SPONSOR: Vizioncore

esxRanger Professional: Hot Backups for VI3

Still don't have a reliable disaster recovery plan in place? Vizioncore's esxRanger Professional supports a sophisticated, yet cost effective DR strategy for your VMware Infrastructure 3 environment. Restoring entire virtual machine images -- or just files -- is smooth & seamless. Visit http://www.vizioncore.com/security.html for a trial download today.

=== GIVE AND TAKE

SECURITY MATTERS BLOG: Security Brief on Oracle's Latest Security Patches

by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters

Oracle released its quarterly batch of security updates. Get links to information about several of the problems.

http://www.windowsitpro.com/Article/ArticleID/95833

FAQ: Pushing Out Management Packs

by John Savill, http://www.windowsitpro.com/windowsnt20002003faq

Q: How do I push management packs to System Center Operations Manager agents in System Center Configuration Manager 2007?

Find the answer at

http://www.windowsitpro.com/Article/ArticleID/95754

TELL US ABOUT THE PRODUCTS YOU LOVE!

What products are you using that save you time or make your workload a little lighter? What hot product discoveries have you made that other IT pros need to know about? Let the world know about your experiences in Windows IT Pro's monthly What's Hot department. If we publish your story in What's Hot, we'll send you a Best Buy gift card! Send information about your favorite product and how it has helped you to [email protected].

SHARE YOUR SECURITY TIPS AND GET $100

Share your security-related tips, comments, or problems and solutions in Security Pro VIP's Reader to Reader column. Email your contributions to [email protected]. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.

=== PRODUCTS

by Renee Munshi, [email protected]

Take Control of Endpoints

matrix42 introduced Empirum Security Suite, which protects workstations and laptops with a firewall, intrusion prevention system (IPS), application and file control, removable device control, and wireless control. Empirum Security Suite enforces a workstation's specific policies whether the computer is on or off the network. According to matrix42, Empirum operates at the kernel level, so after you configure it by using the central management console, a user (even one with administrator rights) can't disable or reconfigure it. Empirum has behavioral technology and defends against information theft via keylogging or spyware and other intrusion methods. For more information, go to

http://www.matrix42.com

=== RESOURCES AND EVENTS

For more security-related resources, visit

http://www.windowsitpro.com/go/securityresources

Web seminar: Managing Change Risk on Critical Windows NT Infrastructure

Why choose a change-control approach to solve what is traditionally considered a security problem? Come join us for a Web seminar on May 3 featuring Motorola CISO Bill Boni. Mr. Boni will discuss the problem of supporting legacy NT systems at Motorola and the solution requirements, evaluation criteria, and decision to adopt a change control approach. He'll also describe Motorola's vision for deploying change control on other critical systems across the company.

http://www.solidcore.com/landing_pages/webinar_050307_wip.html

Get Ready for Exchange & Office 2007 Roadshow--free!

The successful Microsoft-partnered Get Ready for Exchange & Office 2007 Roadshow is coming to Stockholm! Three independent, respected technical speakers--Jim McBee, Mark Arnold, and Ben Schorr--will deliver tracks on securing, managing, and deploying Exchange and Office 2007 and using Exchange Server 2007 capabilities to improve your messaging environment. Register today for this free day-long event. Your delegate bag will include Microsoft Exchange Server 2007 and Office 2007 Beta 2 Software Kits.

Venue: Berns Hotel, Stockholm

Date: Monday, 14 May 2007

http://www.windowsitpro.com/roadshows/exchange2007europe/

Did you know that 75 percent of corporate intellectual property resides in email? The challenges facing this vital business application range from spam to the costly impact of downtime and the need for effective, centralized email storage systems. Join us for a free Web seminar and learn the key features of a holistic approach to email security, availability, and control. Download this on-demand seminar now!

http://www.windowsitpro.com/go/seminars/symantec/messagingsecurity/?partnerref=0423e&R

=== FEATURED WHITE PAPER

ESG's independent testing lab verified substantial gains in utilization, availability, and database manageability with the use of a unique approach to virtualization, as presented by Polyserve. Find out more about this powerful platform for your SQL Server deployments, and you can save your department up to 70 percent of TCO and streamline management.

http://www.sqlmag.com/go/whitepapers/polyserve/esg/?code=0423featwp

=== ANNOUNCEMENTS

Introducing a Unique Security Resource

Security Pro VIP is an online information center that delivers new articles every week on topics such as perimeter security, authentication, and system patches. Subscribers also receive tips, cautionary advice, direct access to our editors, and a host of other benefits! Order now at an exclusive charter rate and save up to $50!

https://store.pentontech.com/index.cfm?s=1&promocode=eu2574us

Introducing a Unique Exchange and Outlook Resource

Exchange & Outlook Pro VIP is an online information center that delivers new articles every week on topics such as administration, migration, security, and performance. Subscribers also receive tips, cautionary advice, direct access to our editors, and a host of other benefits! Order now at an exclusive charter rate and save up to $50!

https://store.pentontech.com/index.cfm?s=1&promocode=eu2372ue