Security UPDATE--Blacklists Decrease Spam-—November 10, 2004

This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertisers' Web sites and show your support for Security UPDATE.

Free Patch Management White Paper from St. Bernard Software

http://www.windowsitpro.com/whitepapers/stbernard/patchmanagement/index.cfm?code=1110sec_P

The Unofficial Guide to IM for Executives

http://www.windowsitpro.com/whitepapers/akonix/im/index.cfm?code=1110sec_s

1. In Focus: Blacklists Decrease Spam

2. Security News and Features

- Recent Security Vulnerabilities

- Microsoft Security Bulletin Advance Notification

- Rights Management Services SP1 Beta

- Windows XP SP2: 110 Million Users and Counting

3. Security Matters Blog

- SpoofStick: the Good, the Bad, and the Ugly

- Mac OS X Security Guide

4. Security Toolkit

- FAQ

- Security Forum Featured Thread

5. New and Improved

- SSL VPN for Small-Scale Deployments

- Protect Users from Internet Threats

==== Sponsor: St. Bernard Software ====

Free Patch Management White Paper from St. Bernard Software

Successful patch management is a core component of maintaining a secure computing environment. With a growing number of patches being released by Microsoft weekly, IT administrators must be vigilant in assuring that the machines on their networks are accurately patched. Although Microsoft offers tools to assist administrators with the tasks of patching, they are often time-consuming and far from comprehensive. However there are solutions on the market that can reliably and accurately automate the tasks involved in successful patch management. In this free white paper, learn more about the patch management dilemma and patch management solutions. Download this free white paper now!

http://www.windowsitpro.com/whitepapers/stbernard/patchmanagement/index.cfm?code=1110sec_P

==== 1. In Focus: Blacklists Decrease Spam ====

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

I'm sure that most, if not all, of you use some sort of mail-filtering software to help eliminate unwanted email. Some mail-filtering solutions are server-based, some are desktop-based, and some are a combination of both.

I use a desktop-based mail-filtering solution on my personal desktop system, and so far it works fairly well. As with many mail filters, mine has to be trained to recognize unwanted email messages and considers any messages that don't meet enough spam requirements to be legitimate messages. The good thing about this approach is that it decreases the possibility that I might not see a legitimate message that I really need.

The downside of the approach is that it takes a while to train the mail filter to properly filter as much spam as possible. As each message is processed, more keywords (typically called tokens) are added to the spam-filtering engine. So naturally the more spam the engine filters, the better it operates. I receive a lot of junk mail. For example, in August and September, I received over 28,000 email messages. Of those, at least 18,090 (more than 64 percent) were spam.

One thing I've found that really helps reduce the amount of spam that reaches my inbox is that my email filter supports the use of blacklist services. You might already know that blacklist services track IP addresses that are known to be used to send spam. So any mail filter that supports blacklist services can query the services for a given IP address (the sender's address or any address that might have relayed the message along the way). If the IP address is on a blacklist, then it's more probable that a message is spam.

In my testing of mail-filter software, I've found that a mail filter that uses blacklists should query every mail server found in a message's "Received:" header. Doing so increases the likelihood of detecting spam messages. But some mail filters don't query all the "Received:" headers, so they're less effective.

If your mail filter supports the use of blacklist services and you aren't using them, consider testing them to see if they help reduce the amount of unwanted email that you receive on your network. Blacklist services are somewhat controversial because of complaints that some services blacklist IP addresses at the drop of a hat without much, if any, investigation first. In my experience thus far, services such as SpamCop, Spamhaus, Relay Stop List, and Spam and Open Relay Blocking System (SORBS) work fairly well. To find other possible blacklist services, use your favorite search engine to query for "blacklist services."

http://www.spamcop.net

http://www.spamhaus.org

http://relays.visi.com

http://www.dnsbl.us.sorbs.net

==== Sponsor: Akonix Systems ====

The Unofficial Guide to IM for Executives

This free white paper will help managers, directors and executives in all types of businesses understand Instant Messaging and the powerful benefits it brings to the workplace when properly managed and controlled. According to Giga Information Group, a large majority of mid- to large-sized organizations have no formal IT support for IM. This means employees are often logging onto public IM networks without permission and without protection from viruses and worms, corporate policy control or the ability to monitor and log conversations. Start protecting your organization and get the white paper now!

http://www.windowsitpro.com/whitepapers/akonix/im/index.cfm?code=1110sec_s

==== 2. Security News and Features ====

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

http://www.windowsitpro.com/departments/departmentid/752/752.html

Microsoft Security Bulletin Advance Notification

Microsoft announced that it will notify all customers of impending security bulletins three days before it releases the bulletins to help administrators plan for these security patches.

http://www.windowsitpro.com/Article/ArticleID/44404/44404.html

Rights Management Services SP1 Beta

The Windows Rights Management Services (RMS) Service Pack 1 (SP1) beta is on the way. The new service pack will add the ability to deploy RMS without a connection to the Internet and "without an operational dependency on an external entity such as Microsoft," enhanced authentication with support for smart cards, and the ability to apply rights based on dynamic groups in Active Directory (AD).

http://www.windowsitpro.com/Article/ArticleID/44402/44402.html

Windows XP SP2: 110 Million Users and Counting

On November 4, Microsoft announced that it had distributed Windows XP Service Pack 2 (SP2), released in August, to more than 110 million customers worldwide. Microsoft also said that 12.5 million users have used the Windows Security Center introduced by XP SP2 to update their antivirus software.

http://www.windowsitpro.com/Article/ArticleID/44403/44403.html

==== Announcements ====

(from Windows IT Pro and its partners)

Subscribe Now to Windows IT Pro with Exclusive Online Access!

Windows & .NET Magazine is now Windows IT Pro! Act now to get the November issue, which features a Linux primer for Windows administrators, the how-tos of making NTBackup work, and a checklist for Sarbanes-Oxley compliance. You'll save 30% off the cover price and receive exclusive subscriber-only access to our entire online library with your paid subscription! This is a limited-time offer, so click here to order today!

http://www.winnetmag.com/rd.cfm?code=00ep204kul

Get the Final Chapter Release--"The Expert's Guide for Exchange 2003: Preparing for, Moving to, and Supporting Exchange Server 2003"

Download our final chapter, "Exchange Security," and learn 5 key strategies to help you secure your environment before vulnerabilities become a problem, including how to reduce the number of protocols used and how to partition your environment. Plus, start protecting authentication credentials, data transmission, and more. Get the entire eBook now!

http://www.windowsitlibrary.com/ebooks/exchangeserver2003/index.cfm?code=1108annc

Attend and Get a Free Subscription to Windows IT Pro! The Enterprise Alliance Roadshow

Come and join us for this free event and find out how a more strategic and holistic approach to IT planning helps organizations increase operational efficiency and facilitate the implementation of new technology. Attend and you could win an iPod! Sign up today. Space is limited.

http://www.windowsitpro.com/roadshows/serverconsolidation/index.cfm?code-1108annc

Win a Trip to TechEd 2005 Plus iPod and XBox Prizes

Compete in the first-ever IT Prolympics to test your Active Directory knowledge against your peers. You could win recognition and great prizes. The IT Prolympian grand prize is an expense-paid trip to TechEd 2005. Click here to enter the competition.

http://www.windowsitpro.com/itprolympics/index.cfm?code=1108annc

==== 3. Security Matters Blog ====

by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters

Check out these recent entries in the Security Matters blog:

SpoofStick: the Good, the Bad, and the Ugly

I recently heard about a tool called SpoofStick, which is a browser extension for Microsoft Internet Explorer (IE) and Mozilla Firefox. The good thing about this tool is that it shows you the real URL of the site you're visiting. The tool is designed to help prevent people from falling victim to URL spoof attacks (which are bad). But there was an ugly glitch when I tried to use the product.

http://www.windowsitpro.com/Article/ArticleID/44383/44383.html

Mac OS X Security Guide

If you're using or planning to use Mac OS X, you might want to review the new "Apple Mac OS X v10.3.x 'Panther' Security Configuration Guide" from the National Security Agency (NSA).

http://www.windowsitpro.com/Article/ArticleID/44394/44394.html

==== 4. Security Toolkit ====

FAQ

by John Savill, http://www.windowsitpro.com/windowsnt20002003faq

Q: How can I install a domain controller (DC) from backup media by using a DCPromo answer file?

Find the answer at

http://www.winnetmag.com/Article/ArticleID/44379/44379.html

Security Forum Featured Thread

A forum participant writes that Microsoft recommends putting Internet Security and Acceleration (ISA) Server in a demilitarized zone (DMZ) and publishing Outlook Web Access (OWA) from a Microsoft Exchange Server front-end server on the inside network. He wonders whether skipping the front-end server and publishing the back-end server is any less secure. Join the discussion at

http://www.windowsitpro.com/Forums/messageview.cfm?catid=42&threadid=127173

==== Events Central ====

(A complete Web and live events directory brought to you by Windows IT Pro at http://www.windowsitpro.com/events )

IT Security Solutions Roadshow--Attend and Get a Free Subscription to Windows IT Pro

Take your security to the next level with this free half-day event covering topics such as antivirus, intrusion prevention, vulnerability discovery, and more. Get a backstage pass to the ISA Server 2004 Hands-on Lab. Attend and enter to win tickets to a professional sports game. Register now!

http://www.windowsitpro.com/roadshows/security/index.cfm?code=1108annc

==== 5. New and Improved ====

by Renee Munshi, [email protected]

SSL VPN for Small-Scale Deployments

AEP Systems offers SureWare A-Gate AG-60, a Secure Sockets Layer (SSL) VPN designed specifically for small-scale deployments. The product supports up to 50 concurrent users and sells for $7000 per appliance with no extra licensing fees. A-Gate AG-60 supports both clientless Web-enabled applications, including Windows Terminal Services, and access to client-server applications. For more information, go to

http://www.aepsystems.com

Protect Users from Internet Threats

Armor2net released Armor2net Personal Firewall, software that provides Internet security and privacy for computers. Armor2net Personal Firewall monitors the computer and tracks all connections, both incoming and outgoing. The software will show complete details of each connection and let the user turn off unsafe connections and block dangerous Internet sites. In addition, Armor2net Personal Firewall can stop Internet pop-up ads and search for and remove spyware from a computer. Armor2net Personal Firewall runs on Windows XP/2000/Me/98 and requires 32MB of RAM and 20MB of free hard disk space. It's available for $19.99 from the Armor2net Web site at

http://www.armor2net.com

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected].

Editor's note: Share Your Security Discoveries and Get $100

Share your security-related discoveries, comments, or problems and solutions in the Security Administrator print newsletter's Reader to Reader column. Email your contributions (500 words or less) to [email protected]. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.

==== Contact Us ====

About the newsletter -- [email protected]

About technical questions -- http://www.windowsitpro.com/forums

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]