Security UPDATE--TCP/IP Changes in Windows Vista and Longhorn--February 15, 2006

1. In Focus: TCP/IP Changes in Windows Vista and Longhorn

2. Security News and Features

- Recent Security Vulnerabilities

- Intel Invests in European Linux Solution Provider Collax

- Sophos to Sell ActiveState

- Three Products Achieve ICSA Labs Desktop Anti-Spyware Certification

3. Security Toolkit

- Security Matters Blog

- FAQ

- Share Your Security Tips

4. New and Improved

- Monitor Windows Event Logs for Compliance

==== Sponsor: Bindview ====

Get the tips you need to prepare and comply with PCI-Data Security standards, including defining the 12 major requirements, and how those requirements affect IT.

http://www.windowsitpro.com/go/whitepapers/bindview/pci?code=SECTop0215

==== 1. In Focus: TCP/IP Changes in Windows Vista and Longhorn ====

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

The upcoming Windows Vista and Longhorn server releases will both use a redesigned TCP/IP stack. The new stack will bring several new features, including routing compartments, a better host model, better support for IP version 6 (IPv6), a new packet-filtering API, and some other changes that don't necessarily affect security (you can read about these changes at the URL at the end of this editorial).

The routing compartments feature is really interesting. It lets each user logon session have its own routing table and will prevent Internet traffic from being routed across a VPN into an intranet. The new host model will help defend against attacks on multihomed systems. So for example, a packet that reaches a network interface must have a destination address that matches the interface's address or the packet will be dropped.

The new packet-filtering API, now known as Windows Filtering Platform (WFP), will help developers more easily filter or change packets before they're processed further along in the OS. This means that tools such as firewalls and antivirus and antispyware products can better control which data enters the system. You can learn more about WFP at the following URL:

http://www.microsoft.com/whdc/device/network/WFP.mspx

Windows XP and Windows Server 2003 both support IPv6; however functionality is somewhat limited because they don't support Internet Key Exchange (IKE) and data encryption. The new TCP/IP stack will fix this problem by introducing a fully functional IPv6 protocol layer, which will be enabled by default.

However, using IPv6 won't be without problems. Microsoft said that an IPv6-enabled system will first request an AAAA record (which is a record for IPv6 addresses). If the query fails, the system will request an A record (a record for IPv4). Some DNS servers won't answer the A record request if the AAAA request fails. If you want to get a head start on building IPv6 functionality, make sure your DNS server will handle the AAAA, A sequence of requests.

Another issue with IPv6 is Network Address Translation (NAT), which might also break connectivity. To get around that problem, Microsoft uses Teredo (also known as Shipworm), which is a method of encapsulating IPv6 inside IPv4 UDP packets. Microsoft first released Teredo support in its Advanced Networking Pack for Windows XP in XP Service Pack 1 (SP1) and later shipped Teredo as part of XP SP2 and Windows 2003 SP1. Teredo will be a standard part of Windows Vista and Longhorn server.

You can read more about the IPv6 enhancements at the first URL below and learn more about other new features of the TCP/IP stack at the second URL below.

http://www.microsoft.com/technet/community/columns/cableguy/cg1005.mspx

http://www.microsoft.com/technet/community/columns/cableguy/cg0905.mspx

==== Sponsor: Thawte ====

The Starter PKI Program

Do you need to secure multiple domains or host names? In this free white paper you'll learn how the Starter PKI Program will benefit your company with timesaving convenience. Plus--you'll get the chance to actually test the program!

http://www.windowsitpro.com/go/whitepapers/thawte/pki?code=SECMid0215

==== 2. Security News and Features ====

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

http://www.windowsitpro.com/departments/departmentid/752/752.html

Intel Invests in European Linux Solution Provider Collax

Collax announced that Intel Capital has invested in the company, bringing its total Series A funding to $8.4 million. Collax Business Server's management interface offers simplified management functions for security features including firewalls, proxies, VPNs, antivirus, antispam, antiphishing, PKI, and Web content filtering.

http://www.windowsitpro.com/Article/ArticleID/49332

Sophos to Sell ActiveState

Security solutions provider Sophos will sell its ActiveState unit to Canadian venture capital firm Pender Financial Group for $2.25 million. Pender Financial intends to acquire ActiveState through a newly incorporated company, which will allow ActiveState to become independent.

http://www.windowsitpro.com/Article/ArticleID/49331

Three Products Achieve ICSA Labs Desktop Anti-Spyware Certification

Three products have earned ICSA Labs Desktop Anti-Spyware Certification. ICSA Labs antispyware testing criteria determine whether products can defend systems against spyware, keyloggers, password stealers, dialers, rootkits, and adware. Find out which products earned certification in this article on our Web site.

http://www.windowsitpro.com/Article/ArticleID/49357

==== Resources and Events ====

Let industry expert Brian Moran teach you the tips and tricks he's learned in 15 years of experience fine-tuning SQL Server systems. This is a web seminar you won't want to miss! Live event: Tuesday, March 21, 2006, 12:00 EST.

http://www.windowsitpro.com/go/seminars/quickshift/sqltuning/?partnerref=0215emailannc

Learn the best ways to manage your email security (and fight spam) using a variety of solutions and tips.

http://www.windowsitpro.com/go/ebooks/ironport/emailsecurity/?code=

Use clustering technology to protect your company against network outages, power loss and natural disasters. Live Event: Wednesday, February 28, 2006, 12:00 EST

http://www.windowsitpro.com/go/seminars/xosoft/clustering/?partnerref=0215emailannc

Gain control of your messaging data with step-by-step instructions for complying with the law, ensuring your systems are working properly and ultimately making your job easier.

http://www.windowsitpro.com/toolkits/ilumin/index.cfm?code=0215emailannc

Align compliance with business efficiency, and learn how fax-document management plays a role in your strategy.

http://www.windowsitpro.com/go/whitepapers/esker/docmanagement?code=0215emailannc

==== Featured White Paper ====

Learn about recovery to virtual computer environments, hardware migration strategies, hardware repurposing for optimal resource utilization, meeting recovery time objectives, increasing disaster tolerance, and more.

http://www.windowsitpro.com/go/whitepaper/symantec/hardware?code=0215featwp

==== Hot Spot ====

ThreatSentry--IIS Host IPS & Application Firewall

Malicious or unauthorized traffic plaguing your Web servers? ThreatSentry combines a state-of-the-art Application Firewall and advanced behavioral intrusion prevention components to block any activity falling outside of trusted parameters. Get enterprise-grade, multi-layered protection for Microsoft IIS at a small business price! Download free trial today.

http://www.privacyware.com/intrusion_prevention.html

==== 3. Security Toolkit ====

Security Matters Blog: Wipe Data from Your Old Media

by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters

I've covered this issue several times in different ways. Now there's more help: the National Institute of Standards and Technology (NIST) issued a new guide, "Guidelines for Media Sanitization." Find out more in the blog article.

http://www.windowsitpro.com/Article/ArticleID/49353

FAQ

by John Savill, http://www.windowsitpro.com/windowsnt20002003faq

Q: How can I clear the cache from Microsoft Internet Explorer (IE)?

Find the answer at http://www.windowsitpro.com/Article/ArticleID/49292

Share Your Security Tips and Get $100

Share your security-related tips, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions (500 words or less) to [email protected]. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.

==== Announcements ====

(from Windows IT Pro and its partners)

VIP Subscribers have it all!

Become a VIP subscriber and get continuous, inside access to ALL of the online resources published in Windows IT Pro magazine, SQL Server Magazine, and the Exchange and Outlook Administrator, Windows Scripting Solutions, and Windows IT Security newsletters--that's more than 26,000 articles at your fingertips. You'll also get a valuable one-year print subscription to Windows IT Pro and two VIP CD-ROMs that include the entire article database and are delivered twice per year. Don't miss out--sign up now:

https://store.pentontech.com/index.cfm?s=1&promocode=eu2762uv

Save 44% off the Windows IT Security Newsletter

For a limited time, order the Windows IT Security Newsletter and SAVE up to $30 off the regular price. You'll discover endless fundamentals about building and maintaining a secure enterprise, how-to coverage of free security tools, and expert advice on the best way to implement various security components. You'll also get unlimited access to the full online security article database (more than 1900 articles). Subscribe now

https://store.pentontech.com/index.cfm?s=1&promocode=eu2562uy

==== 5. New and Improved ====

by Renee Munshi, [email protected]

Monitor Windows Event Logs for Compliance

TNT Software offers ELM Event Log Monitor (EVM), which provides monitoring, alerting, reporting, and archiving for Windows event logs. TNT says it leveraged specific functionalities of its ELM Enterprise Manager to produce a tool to meet companies' compliance and security challenges. EVM collects Windows events from hundreds of systems and presents the results at a centralized console, triggers real-time alerts, stores the event data in a central database, and generates audit reports. EVM monitors high-level account changes and logon/logoff activity for compliance and security purposes. You can use preconfigured or customized monitoring settings. For more information, go to http://www.tntsoftware.com

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected].

==== Contact Us ====

About the newsletter -- [email protected]

About technical questions -- http://www.windowsitpro.com/forums

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]