==== This Issue Sponsored By ====
* In Focus: Evaluating Intrusion Prevention Systems
* Security News and Features
- News: XP SP2 Training for Developers
- News: Sober.D Poses as Microsoft Patch
- News: Ethereal 0.10.2 Released
- News: Certified Ethical Hacking
* New and Improved
- Protect Your Online Privacy
==== Sponsor: Ecora Software ====
Patch Management is a series of best practices that must be repeated to assure the security and integrity of your environment. This FREE webinar covers key topics including Patch Management Implementation, Applying Patch Management Techniques Best Patch Practices, and Increasing the Effectiveness and Security of Your Environment NOW!! Sign up today for this FREE March 24 webinar.
==== In Focus: Evaluating Intrusion Prevention Systems ====
by Mark Joseph Edwards, News Editor, mark at ntsecurity dot net
Last September, I wrote about an evaluation of Intrusion Detection Systems (IDSs) conducted by the UK-based NSS Group. If you missed that edition of this newsletter or want to review it, you can read it at the following URL:
Recently, Bob Walder (director of The NSS Group) wrote to let me know that his organization has recently published a set of test results for Intrusion Prevention Systems (IPSs). The NSS Group defines an IPS as a proactive defense mechanism that detects attacks and stops them before they can do any damage.
You might recall that last year, Gartner claimed that IDSs/IPSs were no longer useful and that "deep inspection firewalls" were the wave of the future. Walder said that The NSS Group's test results show that Gartner is wrong, and that "deep inspection firewalls may well be where the industry ends up, \[however\] those devices are a long way from being ready for prime time right now. Our report shows that IPS \[is\] ready for prime time deployments and as the technology develops it will be interesting to see whether those 'deep inspection firewalls' actually evolve from present day firewalls ... or whether they evolve from current IPS products!"
The NSS Group decided to test IPS products to determine their effectiveness, viability, and validity as security solutions. The NSS Group invited all major IPS vendors to participate, and five companies responded: Internet Security Systems (ISS), NetScreen Technologies, Network Associates, TippingPoint Technologies, and Top Layer Networks.
All told, The NSS Group performed more than 750 tests against each of the products to determine the performance and reliability, security accuracy, and usability of each one. When the tests were complete, the group wrote its detailed results and analysis into a 277-page report.
If you use one of the tested products or are considering acquiring an IPS to protect your network, you'll probably find this report invaluable. Be sure to check it out. It's available online in HTML format, or you can purchase a PDF version at The NSS Group's Web site.
==== Sponsor: Security Administrator ====
Try a Sample Issue of Security Administrator!
Security Administrator is the monthly newsletter from Windows & .NET Magazine that shows you how to protect your network from external intruders and control access for internal users. Sign up now to get a 1-month trial issue--you'll feel more secure just knowing you did. Click here!
==== Security News and Features ====
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at
News: XP SP2 Training for Developers
Microsoft said that Windows XP Service Pack 2 (SP2) might break functionality of existing applications. In an effort to help developers understand the implications of SP2, the company is now offering an XP SP2 training course that covers the changes slated for the new service pack.
News: Sober.D Poses as Microsoft Patch
A new worm, Sober.D, is traveling the Internet posing as a patch from Microsoft. However, users should be aware that Microsoft doesn't issue patches through email messages. The worm targets users who speak German and specifically tries to propagate itself to the .nl, .be, .at, .ch, .de, and .li top-level domains. The worm arrives with a file attachment that might have either an .exe or .zip file extension. If you run the attachment, the worm installs a backdoor on your system that listens on port 13468. Be sure to update your antivirus software to guard against the new worm.
News: Ethereal 0.10.2 Released
A new version of Ethereal, 0.10.2, is available. The popular shareware packet sniffer--often used for security purposes--runs on BSD, Linux, Windows, Mac OS, Sun Microsystems' Solaris, and numerous other platforms. The latest version includes new support for Cisco Systems' Cisco Cast Client Control Protocol as well as updates to a long list of other protocols including AppleTalk, ASN.1, HTTP, Kerberos, MSN Messenger, PostgreSQL, and more. You can download the new version, including the source code, at the Ethereal Web site.
News: Certified Ethical Hacking
The UK branch of The Training Camp is now offering a Certified Ethical Hacker course to qualified individuals. The 5-day course, which has been offered in the United States for several months, teaches students how to scan and penetrate a network and, once inside, how to elevate privileges. The course also teaches social engineering, how to defend against intrusion, how to create policies, and more. Prerequisites include 2 years' experience with information security, a working knowledge of TCP/IP, and a basic familiarity with Linux.
==== Sponsor: Virus Update from Panda Software ====
Are your traditional antivirus solutions really protecting your network? Panda Antivirus GateDefender is a dedicated hardware device installed at the Internet gateway to block viruses before they contaminate your network. It scans 7 different communication protocols, achieving optimum protection against external attacks. Panda Antivirus GateDefender 7100 (25-500 seats) & Panda Antivirus GateDefender 7200 (500 seats+) provide the highest scalability with native load balancing that transparently adapts to traffic volume.
Visit "Panda's GateDefender Stands Guard!" at http://www.pandasecurity.com/gatedefender/ for more information.
==== Announcements ====
(from Windows & .NET Magazine and its partners)
Infosecurity Europe 2004 - London, England
Now in its 9th year, Infosecurity Europe is Europe's number one IT Security Exhibition. The event brings together professionals interested in IT Security from around the globe with suppliers of security hardware, software and consultancy services. Grand Hall at Olympia from 27th to the 29th April 2004. Visitors not registered by 22nd April will be charged a 20 \[pounds sterling\] entrance fee. Visit:
Sign Up for 2 New Web Seminars--Business Workflow Process and Authenticating Email to Stop Spam and Phishing
Unmanaged companywide Access reports and spam issues can lead to security and performance problems, not to mention use up valuable resources. Learn how to consolidate your reports with a reporting service and find out how to stop spam and phishing to solve these important organizational issues. Register now!
Take Our Brief Survey!
Does your company use third-party management tools to manage your Microsoft Windows network? If you do, Windows & .NET Magazine would like to hear from you about your preferences. Please respond to our short survey regarding Windows management tools and we'll enter you in a drawing to win one of two $50 Amazon.com gift certificates.
==== Security Toolkit ====
Panda Software and the Windows & .NET Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security.
FAQ: Why can't I search for files in the System32 or SysWow64 folders in the 64-bit version of Windows XP?
by John Savill, http://www.winnetmag.com/windowsnt20002003faq
A. By default, the 64-bit version of XP excludes system folders from searches. To search within these folders, open Windows Explorer, click Search, select "All files and folders," "More advanced options," and the "Search system folders" check box. Also, from the Tools menu in Windows Explorer, select Folder Options, go to the View tab, and enable "Show hidden files and folders." Then, do your search.
Featured Thread: Discovering Installed Hotfixes
(One message in this thread)
Mark is having trouble obtaining an exact list of installed hotfixes in Windows XP, Windows 2000, and Windows NT. He's been using VBScript scripts and Microsoft Baseline Security Analyzer (MBSA) to examine the systems, but each one returns different, noncomprehensive results. Mark wants to know how to obtain a complete and comprehensive list so that he can plan for appropriate updates to the systems. Lend a hand if you have a suggestion:
==== Events Central ====
(A complete Web and live events directory brought to you by Windows & .NET Magazine: http://www.winnetmag.com/events )
New Web Seminar--Realizing the Return on Active Directory
Join Mark Minasi and Indy Chakrabarti for a free Web seminar and discover how to maximize the return on your Active Directory investments and cut the cost of security exposures with secure task delegation, centralized auditing, and Group Policy management. Register now and receive NetIQ's free "Securing Access to Active Directory-A Layered Security Approach" white paper.
==== New and Improved ====
by Jason Bovberg, [email protected]
Protect Your Online Privacy
SpiDer Software announced MyProxy 6.40, Internet software that combines the features of a proxy server, a pop-up/banner-ad filter, a dialer, and a DNS cache. MyProxy blocks cookies and referrers, which marketers use to track your online behavior. Also, by blocking unwanted online ads and caching graphics, the program can increase page-loading speeds by as much as five times. To help you calculate your expenses, the product's built-in dialer tracks time spent on the Internet and bandwidth consumed. And the program comes with password protection to prevent unauthorized access. MyProxy 6.40 costs $29.95 and is available for download at SpiDer Software's Web site.
Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows & .NET Magazine T-shirt if we write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected]
==== Sponsored Links ====
Enter the Microsoft Windows Server 2003 Challenge. Win BIG prizes.
==== Contact Us ====
About the newsletter -- [email protected]
About technical questions -- http://www.winnetmag.com/forums
About product news -- [email protected]
About your subscription -- [email protected]
About sponsoring Security UPDATE -- [email protected]
This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today.
Copyright 2004, Penton Media, Inc. All rights reserved.