Security UPDATE--Email Filtering--June 2, 2004

To make sure that your copy of Security UPDATE isn't mistakenly blocked by antispam software, add [email protected] to your list of allowed senders and contacts.

==== This Issue Sponsored By ====

OpenNetwork

http://www.opennetwork.com/?goto=WinNetSecurity

Windows & .NET Magazine

http://www.winnetmag.com/rd.cfm?code=fsep204xup

1. In Focus: Want A Junk-Free Inbox? Then Filter It

2. Security News and Features

- Recent Security Vulnerabilities

- Feature: Coping with Today's Killer App

- News: Report from the Phishing Spot

- Feature: A First Look at the New MBSA

- News: Microsoft Partnering to Sell ISA Server Appliances

3. Instant Poll

4. Security Toolkit

- FAQ

- Featured Thread

5. New and Improved

- Monitor Your Server from Anywhere in the World

==== Sponsor: OpenNetwork ====

Wondering where to start your Identity Management implementation? Find out more by reading the free whitepaper: Understanding the Identity Management Roadmap. Get your copy today at

http://www.opennetwork.com/?goto=WinNetSecurity

==== 1. In Focus: Want A Junk-Free Inbox? Then Filter It ====

by Mark Joseph Edwards, News Editor, mark at ntsecurity dot net

Last week, I wrote about DomainKeys, Sender Policy Framework (SPF), and CallerID for E-Mail. All three technologies have been submitted to the Internet Engineering Task Force (IETF) as draft proposals. Since then, the developers of SPF and Microsoft (the developer of CallerID) have agreed to merge the two technologies into one. A new draft proposal will be created and submitted to the IETF; however, the name for the new technology has yet to be formalized.

If you're interested in some of the ideas regarding how the two technologies will operate after they're merged, be sure to read Meng Weng Wong's outline of how things might pan out. Wong is one of the SPF developers, and you can find his outline in the SPF mailing list archives.

http://archives.listbox.com/[email protected]/200405/0199.html

Last week, I pointed out that people who intend to use any or all of the three new technologies to help filter unwanted email will also need to use other technologies in combination with them because none of the three new technologoies, not even all of them together, will completely stop unwanted email. A reader of this newsletter who also participates in the SPF mailing list asked SPF mailing list members whether my statement was true. The short answer is "yes," and another list member explains why.

http://archives.listbox.com/[email protected]/200405/0373.html

Another reader of this newsletter wrote to tell me that his Hotmail account is spam free. That may be true; however, I doubt that all other Hotmail accounts are in the same situation. Regardless, the way Hotmail (or any technology, for that matter) eliminates junk mail is to filter it by any of the available various methods, because that's the only way to do it without resorting to short-term disposable email addresses. Of course, such filtering relies on a variety of parameters, including known junk-mail-message content, known domains and networks that service spammers, open mail relays, keywords, key phrases, content types, block lists, allow lists, and so on. In the near future, DomainKeys and the combined SPF/CallerID will be a couple of additional mechanisms that will definitely be used for mail filtering. As you may know, the current rendition of SPF is already part of several mail-filtering packages; undoubtedly, such integration will continue. If you intend to curb unwanted email, you'll need to adapt to a method of filtering and tune that method as necessary.

==== Sponsor: Windows & .NET Magazine ====

Get 2 Sample Issues of Windows & .NET Magazine!

Every issue of Windows & .NET Magazine includes intelligent, impartial, and independent coverage of security, Active Directory, Exchange, scripting, and much more. Our expert authors deliver how-to articles and product evaluations that will help you do your job better. Try two, no-risk sample issues today, and find out why 100,000 IT professionals rely on Windows & .NET Magazine each month!

http://www.winnetmag.com/rd.cfm?code=fsep204xup

==== 2. Security News and Features ====

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

http://www.winnetmag.com/departments/departmentid/752/752.html

Feature: Coping with Today's Killer App

Some people are still waiting for the next killer app to emerge. But in my view, email is the killer app and has been for the past several years. Email has opened up easy communication for people both inside and outside an organization. It's a fast and convenient transport and distribution mechanism for vital information and enables an organization to operate smoothly. For many companies, email is a mission-critical component: If email is down, the business suffers--sometimes dramatically. In this article, Michael Otey discusses the need to treat email as the vital company resource it is and protect it.

http://www.winnetmag.com/article/articleid/42593/42593.html

News: Report from the Phishing Spot

According to the Anti-Phishing Working Group, in April, 1125 unique scams tried to obtain sensitive information from customers of 12 well-known companies, including Citibank, U.S. Bank, eBay, PayPal, and Federal Deposit Insurance Corporation (FDIC). In March, the group tracked 402 scams against 18 companies. As of the last week in May, half as many companies had been targeted as in April, but the total number of scams for the month was unreported.

http://www.winnetmag.com/article/articleid/42785/42785.html

Feature: A First Look at the New MBSA

Microsoft recently released a new version of Microsoft Baseline Security Analyzer (MBSA), a free security auditing and reporting tool. MBSA 1.2 has many enhancements that improve its functionality for system and security administrators. In addition to the ability to scan 10,000 machines in one run, MBSA now audits against a Microsoft Software Update Services (SUS) server and, when run locally, reports on macro settings in Microsoft Office products, the state of the Automatic Updates client, and the state of the Internet Connection Firewall (ICF). Paula Sharick gives an overview of the more notable new features in MBSA 1.2 in this article on our Web site.

http://www.winnetmag.com/article/articleid/42757/42757.html

News: Microsoft Partnering to Sell ISA Server Appliances

Microsoft announced at the Tech Ed 2004 conference in San Diego last week that it will team with hardware vendors to begin selling security appliances. The company aims to provide customers with a dedicated hardware solution that runs Internet Security and Acceleration Server (ISA) 2004, which is currently in beta testing. The solution will become available in the third quarter of this year from HP, Network Engines, Celestix Networks, and Avantis. The starting price will be $1499 per CPU, per server.

http://www.microsoft.com/isaserver/beta/hardwaresolutions.asp

==== Announcements ====

(from Windows & .NET Magazine and its partners)

New Chapter Available--"The Expert's Guide for Exchange 2003: Preparing for, Moving to, and Supporting Exchange Server 2003"

Chapter 4 is now available, "Database Strategies and Server Sizing." This free eBook will educate Exchange administrators and systems managers about how to best approach the migration and overall management of an Exchange 2003 environment. You'll learn about core issues such as configuration management, accounting, monitoring performance, and more. Get the latest chapter now!

http://www.WindowsITlibrary.com/ebooks/exchangeserver2003/index.cfm?code=0531emailannc

Chapter 2 Available Now--"Preemptive Email Security and Management"

This free eBook will offer a preventive approach to eliminating spam and viruses, stopping directory harvest attacks, guarding content, and improving email performance. In this new chapter, learn evolving techniques for eliminating spam, email virus, and worm threats. Download this eBook today!

http://www.WindowsITlibrary.com/ebooks/emailsecurity/index.cfm?code=0531emailannc

Windows & .NET Magazine Announces Best of Tech Ed Winners!

Windows & .NET Magazine and SQL Server Magazine announced the winners of the Best of Tech Ed 2004 Awards. The field included more than 260 entries in 10 categories. Winners were announced at a private awards ceremony on Wednesday, May 26 at Tech Ed. Click here to find out the winners:

http://www.winnetmag.com/windowspaulthurrott/article/articleid/42789/windowspaulthurrott_42789.html

==== 3. Instant Poll ====

Results of Previous Poll

The voting has closed in the Windows & .NET Magazine Network Security Web page nonscientific Instant Poll for the question, "Which wireless intrusion prevention system do you use?" Here are the results from the 9 votes.

- 11% AirDefense products

- 0% AirMagnet products

- 0% Red-M products

- 11% Aruba Wireless Networks products

- 78% Other products

New Instant Poll

The next Instant Poll question is, "Does your company intend to implement Windows XP Service Pack 2 (SP2)?" Go to the Security Web page and submit your vote for

- Yes, as soon as it's available

- Yes, within 3 months of its release

- Yes, within 6 months of its release

- Yes, but we're not sure when

- No

http://www.winnetmag.com/windowssecurity

==== 4. Security Toolkit ====

FAQ: How can I enable forms-based authentication for an Exchange Server 2003 system that hosts Microsoft Outlook Web Access (OWA)?

by John Savill, http://www.winnetmag.com/windowsnt20002003faq

A. After you enable Secure Sockets Layer (SSL) on a Microsoft Internet Information Services 5.0 (IIS) server (as I describe in the FAQ "How can I obtain a certificate so that I can enable Secure Sockets Layer (SSL) on my Microsoft Internet Information Services 5.0 (IIS) server?"), you can enable forms-based authentication on the server by performing these steps:

1. Start the Exchange System Manager (ESM) utility (click Start, Programs, Microsoft Exchange, System Manager).

2. Navigate to the OWA server (Administrator Groups, &ltAdministrative group name>, Servers, &ltServer name>).

3. Expand Protocols and expand HTTP.

4. Right-click the HTTP virtual server and click Properties.

5. Click the Settings tab of the displayed dialog box.

6. Select the "Enable Forms Based Authentication" check box and click OK.

If you want to stop non-SSL connections to your Exchange server, you can modify the Exchange virtual directory through the Microsoft Management Console (MMC) IIS snap-in as follows:

1. Access the Exchange virtual directory's Properties page.

2. Click the Directory Security tab.

3. Click Edit, and in the Secure Communication section, select the "Require secure channel (SSL)" check box.

Featured Thread: Port Scanning a Windows Server 2003 System

(Seven messages in this thread)

A reader writes that he recently downloaded a simple port scanner program and scanned his Windows Server 2003 test server. He found that the server is running the following services: Domain Controller for his test Active Directory (AD), DHCP, DNS, FTP, File/Print Server, and RRAS with 2 NICs--one connected to a cable modem and the other to the LAN.

After the port scanner has scanned all the ports of the WAN IP, its report shows that numerous other ports are open. The reader wants to know how to find out which programs are listening on each of the ports and how worms work (because he suspects that a worm might be able to infiltrate his system on one of the listening ports). Lend a hand or read the responses:

http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=121555

==== Events Central ====

(A complete Web and live events directory brought to you by Windows & .NET Magazine: http://www.winnetmag.com/events )

New Web Seminar--Shrinking the Server Footprint: Blade Servers

In this free Web seminar, you'll learn how blade servers provide native hot-swappable support, simplified maintenance, modular construction, and support for scalability. And we'll talk about why you should be considering a blade server as the backbone of your next hardware upgrade. Register now!

http://www.winnetmag.com/seminars/serversmallbusiness/index.cfm?code=0531emailannc

==== 5. New and Improved ====

by Jason Bovberg, [email protected]

Monitor Your Server from Anywhere in the World

GFI Software announced GFI Network Server Monitor 5.5, the most recent version of its automatic network and server monitoring tool. The upgraded version includes a remote Web monitor, which lets you check network and server status from anywhere in the world from a Web browser, a mobile phone, or any handheld device. GFI Network Server Monitor 5.5 costs $699 for unlimited monitoring of all workstations and servers or $375 for a five-server monitoring license. For more information about GFI Network Server Monitor 5.5 and to obtain an evaluation version, contact GFI on the Web.

http://www.gfi.com/nsm

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows & .NET Magazine T-shirt if we write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected].

==== Sponsored Links ====

Argent

Comparison Paper: The Argent Guardian Easily Beats Out MOM

http://ad.doubleclick.net/clk;6480843;8214395;q?http://www.argent.com/products/download_whitepaper.cgi?product=mom&&Source=WNTTextLink

==== Contact Us ====

About the newsletter -- [email protected]

About technical questions -- http://www.winnetmag.com/forums

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]

==== Contact Our Sponsors ====

Primary Sponsor: OpenNetwork -- http://www.opennetwork.com