Security UPDATE--VM, VPS, and User Training--April 19, 2006

1. In Focus: VM, VPS, and User Training

2. Security News and Features

- Recent Security Vulnerabilities

- Microsoft To Hold Five Security Summits

- Oracle Slip-Up Results in Leaked Exploit Information

- Geek Squad Gets Slapped with Restraining Order

3. Security Toolkit

- Security Matters Blog

- FAQ

- Instant Poll

- Share Your Security Tips

4. New and Improved

- Remove Malware Remotely

==== Sponsor: Symantec ====

A multi-tier approach to email security prevents unauthorized access and can stop spam, viruses, and phishing attacks. Learn to implement one today, and protect your network security and business systems!

http://www.windowsitpro.com/go/whitepapers/Symantec/multitier/?code=SECTop0419

==== 1. In Focus: VM, VPS, and User Training ====

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Last week, I discussed how virtual machines (VMs) might become standard on computers. As a brief recap, virtualization technology could provide an effective way to ensure the integrity of desktop computers, particularly because it makes restoring a compromised system quick and easy: Simply shut down the VM and relaunch it.

If you consider implementing this type of solution, you should also consider running different OSs on the under- and overlying systems. Doing so will probably improve overall security more than if you, say, run a Windows-based VM (typically called the guest OS) on top of another Windows-based OS (typically called the host OS). Exploiting the vulnerabilities of two OSs and their related applications is more difficult than compromising one.

You could, for example, run some variety of Linux or BSD or possibly Mac OS X or Solaris as the host OS and run Windows as a VM. This way, if an intruder is able to compromise Windows, you can quickly clean up that problem; in order to compromise the entire system, the intruder would need to know which OS runs as the host underneath Windows and be able to exploit that OS too. Of course, the downside of this approach is that you'd have two OSs to maintain, plus the expense of licensing the host OS if you don't use an open source OS.

Last week, I mentioned Microsoft Virtual Server 2005 R2, VMware, and Parallels Workstation as virtualization solutions. Serenity Virtual Station (SVISTA) from Serenity System International allows both Linux and FreeBSD as host OSs and can run Windows, Linux, and Serenity's eComStation as guest OSs.

http://www.serenityvirtual.com

Finally, another virtualization solution that I didn't mention last week is called virtual private servers (VPSs). Don't mistake VPSs for VMs--there are important differences. In short, VPS technology doesn't let you mix different host and guest OSs. True VMs work at the hardware level, whereas VPS technology works at the software level to create an isolated environment that uses the OS. So for example, if you use VPS technology on a Windows XP system, each VPS you create on that system will be based on that single installed copy of XP.

If you think you might be interested in VPS technology, have a look at Virtuozzo from SWsoft (first URL below), which runs on Windows and Linux. If you use Solaris, you might know that it has VPS support built in. Other VPS solutions are also available for Linux via the Linux-Vserver Web site (at the second URL below) and BSD via BSD jails (which you can learn about at the third URL below).

http://www.swsoft.com/en/products/virtuozzo

http://linux-vserver.org

http://en.wikipedia.org/wiki/FreeBSD_Jail

Virtualization technology goes a long way towards building better security and can help protect users from themselves. Another way to help end users improve company security is to train them.

Last week, CompTIA said that based on a recent survey of 574 companies, human error was responsible for 60 percent of information security breaches experienced over the last year. Yet only 36 percent of the surveyed companies offer end-user training!

It is glaringly apparent that end users need training to help raise their security awareness. I seriously doubt that any combination of technologies could reasonably replace thorough education. Chances are great that if more end users received security-related training, security breaches could be significantly reduced. This of course saves time and money and helps protect your business at all levels, including its important public image.

Although some aspects of end-user training need to be tailored to fit your particular business, many aspects can be generalized to fit nearly any business that uses Microsoft products. I'll see if I can dig up some useful training resources that might help you review or augment your existing training or develop new training if you don't have any in place. Look for this information in an upcoming edition of this newsletter.

==== Sponsor: Macrovision ====

Strategically manage your organization's software licenses with a 5-step program to help save time and cut costs by centralizing licensing operations.

http://www.windowsitpro.com/go/whitepapers/macrovision/centralizinglicenses/?code=SECMid0419

==== 2. Security News and Features ====

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

http://www.windowsitpro.com/departments/departmentid/752/752.html

Microsoft To Hold Five Security Summits

Microsoft announced that it's hosting a series of one-day security events in five US cities tailored for IT pros and developers. The series, Security Matters--Microsoft Security Summits 2006, are intended to teach people about key trends as well as how to prepare for those trends and to offer an opportunity to discuss security issues with experts from the company.

http://www.windowsitpro.com/Article/ArticleID/49973

Oracle Slip-Up Results in Leaked Exploit Information

Vendors typically frown upon the premature publication of vulnerability and exploit information, and usually the discoverer is the source of the leak. But recently Oracle was the source of a leak about a vulnerability, including a working exploit, in its popular Oracle Database server product.

http://www.windowsitpro.com/Article/ArticleID/49932

Geek Squad Gets Slapped with Restraining Order

You'd think that a megacorporation would know better than to use unlicensed software. But if employee reports are true, then Best Buy's Geek Squad committed a major faux pas that has landed the company in some very hot water.

http://www.windowsitpro.com/Article/ArticleID/49978

==== Resources and Events ====

Gain control of your messaging data with step-by-step instructions for complying with the law, ensuring your systems are working properly, and ultimately making your job easier.

http://www.windowsitpro.com/toolkits/ilumin/index.cfm?code=0419emailannc

Industry guru Randy Franklin Smith helps you identify what you should do to leverage your mobile and wireless infrastructure, how to pick devices that are right for you, and more!

http://www.windowsitpro.com/go/seminars/mobileandwireless/?partnerref=0419emailannc

Learn about the advantages of each alternative to traditional file servers and tape storage solutions, and make the best choice for your enterprise needs.

http://www.windowsitpro.com/go/seminar/symantec/storagebackup/?partnerref=0419emailannc

Learn to gather evidence of compliance across multiple systems and link the data to regulatory and framework control objectives.

http://www.windowsitpro.com/go/seminars/bindview/multiregcompliance/?partnerref=0419emailannc

Learn how application packaging can cut your OS migration time while maintaining error-free deployment.

http://www.windowsitpro.com/go/whitepapers/xosoft/apppackaging?code=0419emailannc

==== Featured White Paper ====

Secure Your Online Data Transfer with SSL

Increase your customers' confidence and your business by securely collecting sensitive information online. In this free white paper you'll learn about the various applications of SSL certificates and how to deploy them appropriately, along with details of how to test SSL on your Web server.

http://www.windowsitpro.com/go/whitepapers/thawte/ssl?code=0419featnl

==== Hot Spot ====

New Activeworx v3 - Affordable SIM from CrossTec

Activeworx Security Center v3 is a high-quality, low-cost, security information and event management (SIM) software solution that collects, normalizes and analyzes data from virtually any security device from any vendor. ASC includes real-time correlation and analysis, immediate alerts, built-in compliance reports and deep forensics. Free Eval.

http://www.crossteccorp.com/activeworx/?utm_source=WinIT0419&utm_medium=newsletter&utm_campaign=aschot

==== 3. Security Toolkit ====

Security Matters Blog: A Deeper Look at Microsoft's InfoCard Identity System

by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters

Microsoft Passport is essentially a flop. However, Microsoft's new identity system, InfoCard, might actually take off. Find out more about it by following the links in this blog article.

http://www.windowsitpro.com/Article/ArticleID/49972

FAQ

by John Savill, http://www.windowsitpro.com/windowsnt20002003faq

Q: Can you use the Microsoft File Server Migration Toolkit (FSMT) to migrate shares between servers in different forests?

Find the answer at http://www.windowsitpro.com/Article/ArticleID/49597

New Instant Poll

How do your remote employees access your file servers?

- VPN (IPsec, PPTP, L2TP, or SSL)

- Web-based file-access application

- Web Distributed Authoring and Versioning (WebDAV) server

See the article "WebDAV for Remote Access" at

http://www.windowsitpro.com/Article/ArticleID/49847

Submit your vote at

http://www.windowsitpro.com/windowssecurity#poll

Share Your Security Tips and Get $100

Share your security-related tips, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions to [email protected]. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.

==== Announcements ====

(from Windows IT Pro and its partners)

Exclusive Spring Savings

Subscribe to SQL Server Magazine and SAVE 58%! Along with your 12 issues, you'll get FREE access to the entire SQL Server Magazine online article archive, which houses more than 2,300 helpful articles. This is a limited-time offer, so order now:

https://store.pentontech.com/index.cfm?s=9&promocode=eu2164uq

Save 44% off the Windows IT Security Newsletter

For a limited time, order the Windows IT Security newsletter and SAVE up to $80! You'll get 12 helpful issues loaded with endless fundamentals on building and maintaining a secure enterprise, in-depth product coverage of the best security tools available, and expert advice on the best way to implement various security components. Subscribe now:

https://store.pentontech.com/index.cfm?s=1&promocode=eu2564us

==== 4. New and Improved ====

by Renee Munshi, [email protected]

Remove Malware Remotely

IS Decisions has released SweepDeployer, free software which lets you remotely execute on an entire network (or a selection of systems) one of the following malware removal solutions: Microsoft Malicious Software Removal Tool, McAfee AVERT Stinger, or Trend Micro Damage Cleanup Engine. The targeted systems need no agents or manual intervention. You can also schedule SweepDeployer to automatically run the selected tool at regular intervals. SweepDeployer is based on IS Decisions RemoteExec technology. For more information, go to

http://www.sweepdeployer.com

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected].

==== Contact Us ====

About the newsletter -- [email protected]

About technical questions -- http://www.windowsitpro.com/forums

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]