Security UPDATE--A New IPS Test Report--February 16, 2005

1. In Focus: A New IPS Test Report

2. Security News and Features

- Recent Security Vulnerabilities

- Serious Flaws in Symantec and F-Secure Protection Products

- Microsoft Investigating Anti-Anti-Spyware Trojan

3. Security Matters Blog

- How to Detect Network Sniffers

4. Security Toolkit

- FAQ

- Security Forum Featured Thread

5. New and Improved

- A Faster IPS

==== Sponsor: Postini====

An Evaluation of the Total Cost of Ownership of Email Security Solutions

Quantifying the Total Cost of Ownership (TCO) of email security solutions is a notoriously difficult task. Discover how Total Cost of Ownership is much more than the initial acquisition cost of a solution, and how you can save thousands of dollars each year without sacrificing accuracy, control or effectiveness in protecting your email systems. Download this free whitepaper now!

http://www.windowsitpro.com/whitepapers/postini/emailsecuritycost/index.cfm?code=secnl

==== 1. In Focus: A New IPS Test Report ====

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

You might recall that The NSS Group periodically releases in-depth test reports that can be very useful to security administrators looking for solutions. Over the past couple of years, I have written twice about the group's product testing for Intrusion Detection Systems (IDSs) and Intrusion Prevention Systems (IPSs). In my September 24, 2003 article "Evaluating Intrusion Detection Systems," I wrote about the group's tests of IDSs for 10Mbps/100Mbps Ethernet and Gigabit Ethernet networks. In my March 17, 2004 article "Evaluating Intrusion Prevention Systems," I wrote about the group's tests of IPSs.

http://www.windowsitpro.com/Article/ArticleID/40338

http://www.windowsitpro.com/Article/ArticleID/42065

The NSS Group recently finished its second round of tests and has made the results available online. According to the group, testing "consists of seven sections within three primary areas: performance and reliability, security accuracy, and usability." The group also said that "the brand new test suite contains more than 800 individual tests, many of which are run multiple times, to provide the most thorough and complete evaluation anywhere of IPS products available today."

An interesting tidbit from the latest report is that nine vendors signed up for the recent tests. However four of the products didn't make the cut during stringent testing, so the final report covers the five remaining products. The current report includes detailed test information about BroadWeb NetKeeper NK-3256T 3.6.0, Fortinet FortiGate-800, SecureSoft Absolute IPS NP5G 1.1, Top Layer IPS 5500 3.3, and V-Secure V-100 7.0.

A couple of other interesting notes are related to performance. During earlier tests, The NSS Group measured IDS and IPS top traffic-processing speeds of 1Gbps to 2Gbps; this year, top speeds well exceeded that threshold. So the group decided to launch a new multigigabit IPS test later this year. Ten vendors have reportedly already signed up for the next test.

It's also interesting to note that industry analysts had previously claimed that IDS and IPS systems were things of the past. But something is seriously wrong with that "analysis," because IDS and IPS systems are still being used, and according to The NSS Group, the number of available products has actually grown!

The group said that over the last year, it has improved the testing suite and introduced a new methodology to conduct in-depth tests of rate-based IPS systems, which gives a more accurate evaluation of their capabilities as compared to the evaluation of content-based IPS systems.

The report itself is great information for security administrators looking for evaluations of prospective product choices. The report is also valuable in that it offers details about the group's test methodologies as well as about the hardware and software solutions the group uses to conduct its tests.

As has been the case in the past, the results of the new report are freely available at the group's Web site (see the first URL below). If you missed the past reports, you can find those online too (see the second URL below). If you want a copy of all reports on CD-ROM or copies of selected reports in PDF format, you can purchase those at the Web site.

http://www.nss.co.uk/ips/edition2/index.htm

http://www.nss.co.uk/download/download.htm

Until next time, have a great week.

==== Sponsor: Security Administrator ====

Try a Sample Issue of Security Administrator!

Security Administrator is the monthly newsletter from Windows IT Pro that shows you how to protect your network from external intruders and control access for internal users. As an added bonus, paid subscribers get access to over 1900 searchable articles on the Web. Sign up now to get a 1-month trial issue--you'll feel more secure just knowing you did. Click here!

http://www.secadministrator.com/rd.cfm?code=fseu2552sp

==== 2. Security News and Features ====

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

http://www.windowsitpro.com/departments/departmentid/752/752.html

Serious Flaws in Symantec and F-Secure Protection Products

Internet Security Systems (ISS) reported that its X-Force research team has discovered a serious vulnerability in a Symantec parsing engine that's used in several of the company's products. ISS X-Force also discovered a critical flaw in F-Secure's antivirus and Internet security products. The flaw is in the way the products scan files that are compressed with ARJ compression.

http://www.windowsitpro.com/Article/ArticleID/45393

Microsoft Investigating Anti-Anti-Spyware Trojan

by Paul Thurrott

Microsoft is investigating a new electronic attack that attempts to disable the Microsoft AntiSpyware beta product so that it can surreptitiously install spyware on users' systems.

http://www.windowsitpro.com/Article/ArticleID/45391

==== Resources and Events ====

Get Ready for SQL Server 2005 Roadshow in a City Near You

Get the Facts about Migrating to SQL Server 2005. SQL Server experts will present real-world information about administration, development, and business intelligence to help you implement a best-practices migration to SQL Server 2005 and improve your database computing environment. Receive a 1-year membership to PASS and 1-year subscription to SQL Server Magazine. Register now!

http://www.windowsitpro.com/roadshows/sqlserverusa/index.cfm?code=0216emailannc

Fax Servers: Integrate. Automate. Communicate

Attend this free Web seminar and receive a complimentary 30-day software evaluation, industry whitepaper, and a Starbuck's gift card! Join industry expert David Chernicoff and learn how leading organizations are incorporating fax technologies to empower users and enhance existing investments in infrastructure and applications while providing substantial ROI. Register now!

http://www.windowsitpro.com/seminars/faxservers/index.cfm?code=0216emailannc

Sensible Best Practices for Exchange Availability Web Seminar

If you're discouraged about not having piles of money for improving the availability of your Exchange server, join Exchange MVP Paul Robichaux for this free Web seminar and learn how to maximize your existing configuration. Survive unexpected outages, plan for the unplannable, and evaluate what your real business requirements are without great expense. Register now!

http://www.windowsitpro.com/seminars/exchangeavailability/index.cfm?code=0216emailannc

Keeping Critical Applications Running in a Distributed Environment

Get up to speed fast with solid tactics you can use to fix problems you're likely to encounter as your network grows in geographic distribution and complexity and learn how to keep your network's critical applications, such as Active Directory and Exchange, running. Don't miss this exclusive opportunity--register now!

http://www.windowsitpro.com/seminars/windowsapplications/index.cfm?code=0216emailannc

Discover All You Need to Know About 64-bit Computing in the Enterprise

In this free Web seminar, industry guru Michael Otey explores the need for 64-bit computing and looks at the type of applications that can make the best use of it. He'll explain why the most important factor in the 64-bit platform is increased memory. Discover the best platform for high performance and learn how you can successfully differentiate, migrate, and manage between 32-bit and 64-bit technology. Register now!

http://www.windowsitpro.com/seminars/integrityservers/index.cfm?code=0216emailannc

==== 3. Security Matters Blog ====

by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters

Check out this recent entry in the Security Matters blog:

How to Detect Network Sniffers

I found a new free tool that can help detect network sniffers on your network. The new tool, Promqry 1.0, was developed by Tim Rains at Microsoft.

http://www.windowsitpro.com/Article/ArticleID/45402

==== 4. Security Toolkit ====

FAQ

by John Savill, http://www.windowsitpro.com/windowsnt20002003faq

Q. How can I enable complex passwords on my Windows Server 2003 Active Directory (AD) domain?

Find the answer at http://www.windowsitpro.com/Article/ArticleID/45338

Security Forum Featured Thread: Monitoring File System Changes

Jay wonders whether there's a utility that can monitor for file system changes when an application is installed. Jay wants to be able to detect all the files that have been added, deleted, or changed during the installation process. Join the discussion at

http://www.windowsitpro.com/Forums/messageview.cfm?catid=42&threadid=129367

==== Announcements ====

(from Windows IT Pro and its partners)

Try a Sample Issue of Exchange & Outlook Administrator!

If you haven't seen Exchange & Outlook Administrator, you're missing out on key information to help you migrate, optimize, administer, backup, recover, and secure Exchange and Outlook. Plus, paid subscribers receive exclusive online library access to every article we've ever published. Order now!

http://www.exchangeadmin.com/rd.cfm?code=fsep2352up

==== 5. New and Improved ====

by Renee Munshi, [email protected]

A Faster IPS

TippingPoint, a division of 3Com, announced that the TippingPoint 5000E Intrusion Prevention System (IPS), which can perform total packet inspection at 5Gbps with real-world traffic, will ship next month. TippingPoint claims that the 5Gbps throughput rate is "more than double any other IPS's maximum rated throughput." TippingPoint 5000E comes with eight Gigabit Ethernet ports able to protect four network segments. The TippingPoint product line is automatically kept up-to-date through the Digital Vaccine service to protect against the latest worms, viruses, Trojan horses, Denial of Service (DoS) attacks, spyware, and Voice over IP (VoIP) threats. For more information about TippingPoint 5000E, go to

http://www.tippingpoint.com

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected].

Editor's note: Share Your Security Discoveries and Get $100

Share your security-related discoveries, comments, or problems and solutions in the Security Administrator print newsletter's Reader to Reader column. Email your contributions (500 words or less) to [email protected]. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.

==== Sponsored Links ====

Argent versus MOM 2005 Experts Pick the Best Windows Monitoring Solution http://ad.doubleclick.net/clk;13273616;8214395;i?http://www.argent.com/w/whitepapers_mom.html?Source=WNT%20Sponsored%20Link

Quest Software See Active Directory in a whole new light. And get a free flashlight! http://ad.doubleclick.net/clk;13695556;8214395;t?http://wm.quest.com/WITPUpdatelinkSpotADflash205

==== Contact Us ====

About the newsletter -- [email protected]

About technical questions -- http://www.windowsitpro.com/forums

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]