PLEASE VISIT OUR SPONSORS, WHO BRING YOU SECURITY UPDATE FOR FREE:
Are you spending too much time monitoring security logs?
http://www.crossteccorp.com/TryASC/?utm_source=WinITPro&utm_medium=newsletter&utm_campaign=asc082306
Clean Up Your Company's Email Act: Using Filters to Block Threats
http://www.windowsitpro.com/go/whitepapers/stbernard/cleanup/?code=SECMid0823
Ensure Instant Access To Files at Remote Servers/Offices
http://findtechinfo.com/penton/nl/118
CONTENTS
===========================================
IN FOCUS: Malware Up Close
NEWS AND FEATURES
- BorderWare Teams Up with Zfone Creator
- Darknet Aims to Keep Net Traffic Confidential
- Market Watch: Network Quarantine
- Recent Security Vulnerabilities
GIVE AND TAKE
- Security Matters Blog: Hardcore IDS 1.0
- FAQ: Windows Live OneCare and VPNs
- From the Forum: Prevent Web Site Defacement
- Instant Poll: IPsec Authentication Methods
- Share Your Security Tips
PRODUCTS
- Manage and Secure Remote Systems
- Wanted: Your Reviews of Products
RESOURCES AND EVENTS
FEATURED WHITE PAPER
ANNOUNCEMENTS
=== SPONSOR: CrossTec
================================
Are you spending too much time monitoring security logs?
Research shows that IT Security Managers can spend over four hours a day monitoring various security event logs and chasing after alerts. Activeworx saves you valuable time because it consolidates and manages logs from multiple vendors and devices. Activeworx Security Center is a cost-effective security information management solution that provides real-time security device log monitoring with correlated alerts, audit and compliance reports, and tools for advanced, in-depth forensic analysis. Activeworx reduces the time it takes to analyze event data from multiple sources and produces real-time reports that pinpoint network security breaches and vulnerabilities. These in-depth reports provide the details necessary for regulatory compliance reporting for Sarbanes-Oxley, HIPAA, and the Gramm-Leach-Bliley Act. Try Activeworx for free - fast install and free support.
http://www.crossteccorp.com/TryASC/?utm_source=WinITPro&utm_medium=newsletter&utm_campaign=asc082306
=== IN FOCUS: Malware Up Close
=======================
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
On August 15, Security UPDATE subscribers received the Security Alert "Exploits Attack Windows Server Service," regarding new exploits that install bots onto unprotected systems. You can also find the Alert at the URL below.
http://www.windowsitpro.com/Article/ArticleID/93190/93190.html
The exploits were reported by LURHQ, a provider of threat and vulnerability management services. A few days after its initial report, LURHQ posted a detailed analysis of one of the exploits, which installs a variant of Mocbot. The analysis goes far beyond the typical level of detail you might expect to see from your antivirus or anti-malware vendor, which makes it both interesting and valuable as an educational expose.
LURHQ captured and installed the exploit and set up a small forensics network to investigate the inner workings of the bot and its related botnet. The test network consisted of two systems: One to infect with the bot and one to simulate the Internet in order to gather forensic data. One goal was to discover the command and control center for the botnet. Another goal was to discover logon information for the command and control center so that when the data-collecting system made a manual connection to the center, the connector would appear to be just another bot in the network and not a forensics investigator.
Building these two systems required some specialized tools. LURHQ used a Windows system for the client to infect. The second system acted as a "sandnet"--that is, a server in an isolated environment. The sandnet software LURHQ used is a toolkit called The Reusable Unknown Malware Analysis Net (Truman), which you can download at the URL below. Truman is based on a bootable Linux image and includes a collection of scripts that help provide the required interactivity with malware to gather data.
http://www.lurhq.com/truman
With the two systems working together, LURHQ discovered that the botnet instructs the bot to join certain Internet Relay Chat (IRC) channels and then download a Trojan horse program that serves as a proxy for sending spam. In this case, the spammers are helping to sell porn, wrist watches, and other popular items.
LURHQ's description is a good step-by-step example of what's involved in malware analysis, so be sure to read it if you're interested in doing this sort of thing yourself or are just curious about how experts do it.
http://lurhq.com/mocbot-spam.html
LURHQ credits myNetWatchman with assisting in its analysis process. In a nutshell, myNetWatchman collects security log information from participants and analyzes malicious activity so that it can report that activity to the proper ISP in the hope that the ISP will take action. The goal is to minimize the amount of time a compromised system is exposed to the Internet. To learn more about myNetWatchman, including how you can participate, go the URL below.
http://www.mynetwatchman.com/faq.asp
===
Roadshow Targets Oracle/SQL Server Interoperability
Cross-platform experts from Scalability Experts and Solid Quality Learning will present interoperability tips to IT professionals and DBAs who work with Oracle or SQL Server in a one-day roadshow that kicks off September 7 in Washington, D.C. Sponsored by Oracle Magazine, Windows IT Pro, HP, Intel, and Microsoft, the show will feature information about the Windows 64-bit platform for database computing, an under-the-hood tour of Oracle and SQL Server, an overview of deploying highly available Oracle and SQL Server databases, guidelines for using SQL Server business intelligence on the Oracle platform, and a research-based session about how IT professionals can prepare for the changing database job market.
The roadshow will visit 12 cities between September 7 and October 24: Washington, D.C.; Boston; Columbus, Ohio; Chicago; St. Louis; Houston; Irvine, Calif.; San Francisco; Phoenix; New York; Atlanta; and Seattle. Attendees who register before August 25 will enter a drawing for a free iPod nano sponsored by Windows IT Pro. For complete agenda and speaker information, go to
http://www.windowsitpro.com/roadshows/sqloracle/
=== SPONSOR: St. Bernard Software
====================
Clean Up Your Company's Email Act: Using Filters to Block Threats
Do you want to block unwanted or undesirable email? Download this free whitepaper to learn how to manage the content of information crossing your network.
http://www.windowsitpro.com/go/whitepapers/stbernard/cleanup/?code=SECMid0823
=== SECURITY NEWS AND FEATURES
=======================
BorderWare Teams Up with Zfone Creator
BorderWare Technologies will become the first commercial licensee of Phil Zimmermann's Zfone encryption technology. BorderWare intends to integrate the technology into its SIPassure VoIP firewall solution.
http://www.windowsitpro.com/Article/ArticleID/93234/93234.html
Darknet Aims to Keep Net Traffic Confidential
A new "darknet" service launched in Sweden gives people anonymity on the Internet for 5 euros (about $6.50) per month. The service lets customers use a PPTP VPN with 128-bit encryption, which routes their Internet traffic through servers in Sweden.
http://www.windowsitpro.com/Article/ArticleID/93204/93204.html
Market Watch: Network Quarantine
Some vendors now offer simpler, cheaper alternatives in the emerging Network Access Control (NAC) market. Jeff Fellinge tells you all about it in this article on our Web site.
http://www.windowsitpro.com/Article/ArticleID/50253/50253.html Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at
http://www.windowsitpro.com/departments/departmentid/752/752.html
=== SPONSOR: Availl
==================================
Ensure Instant Access To Files at Remote Servers/Offices
Confused by WAFS, Wide Area Mirroring, DFS, WAN acceleration, or Replication technologies? Do you have remote sites with common data or file needs? Get a free software trial, and register for the free seminar.
http://findtechinfo.com/penton/nl/118
=== GIVE AND TAKE
====================================
SECURITY MATTERS BLOG: Hardcore IDS 1.0
by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters
Based on Snort 2.6, Hardcore IDS 1.0 looks like an easy way to quickly build a new intrusion detection system (IDS). Learn more about it and get a link to download the latest version in the blog article on our Web site.
http://www.windowsitpro.com/Article/ArticleID/93138/93138.html
FAQ: Windows Live OneCare and VPNs
by John Savill, http://www.windowsitpro.com/windowsnt20002003faq
Q: I installed Windows Live OneCare and can no longer connect to my workplace via VPN. What's wrong?
Find the answer at
http://www.windowsitpro.com/Article/ArticleID/93162/93162.html
FROM THE FORUM: Prevent Web Site Defacement
A forum participant would like to know what steps to take to prevent a Web site defacing attack on Windows 2000 servers. To join the discussion, go to
http://forums.windowsitpro.com/web/forum/messageview.aspx?catid=42&threadid=48874&enterthread=y
INSTANT POLL: IPsec Authentication Methods
What is your preferred method of authenticating IPsec connections?
- Pre-shared key
- Digital certificate
- Kerberos
Submit your vote at
http://www.windowsitpro.com/windowssecurity#poll
SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions to [email protected]. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.
=== PRODUCTS
=========================================
by Renee Munshi, [email protected]
Manage and Secure Remote Systems
Anfibia Software announced the release of Desktop Orbiter 4.1.3, which fixes bugs and adds new features to this remote security and administration tool. Administrators can use Desktop Orbiter to protect and manage multiple computers from a central location. Along with other features, Desktop Orbiter enforces security policies on managed computers, disables access to components such as the Start menu and Control Panel, restricts access to Web sites, keeps track of active connections and open ports used by applications and services, provides reporting tools, and supports 256-bit AES encryption and key-based authentication. Desktop Orbiter is designed for businesses, schools, public libraries, Internet cafes, and other settings. It supports Windows 2003/XP/2000. A 10-user pack costs $399, and volume discounts are available. For more information, go to
http://www.anfibia-soft.com
WANTED: your reviews of products you've tested and used in production. Send your experiences and ratings of products to [email protected] and get a Best Buy gift certificate.
=== RESOURCES AND EVENTS
=============================
Cross-Platform Data Roadshow
Oracle professionals will cover key concepts about Oracle and SQL Server in enterprise database computing. This event provides invaluable information, including benefits of 64-bit computing on the Windows platform, SQL Server BI for Oracle, high-availability proof points for SQL and Oracle, and much more.
http://www.windowsitpro.com/roadshows/sqloracle/?code=0823emailannc
Microsoft Tech·Ed: IT Forum
Discover more at Microsoft's premier EMEA conference designed to provide IT professionals with technical training, information, and community resources to build, plan, deploy, and manage the secure connected enterprise. Visit the Website for further information and register before the Early Bird deadline of 29 September 2006 to save 300 euros.
http://www.microsoft.com/europe/teched-itforum
14 - 17 November 2006, Barcelona, Spain
Best Practices for Migrating Applications to a New Operating System
Take the necessary steps for application management, from converting legacy applications to MSI to conflict and usability testing. Don't overlook an important component during your OS migration--join us for this free on-demand Web seminar.
http://www.windowsitpro.com/go/seminars/macrovision/appmanagement/?partnerref=0821emailannc
Total Cost of Ownership (TCO). It's every executive's favorite buzzword, but what does it really mean and how does it affect you? In this podcast, Ben Smith explains how your organization can use virtualization technology to measurably improve TCO for servers and clients.
http://www.windowsitpro.com/go/podcast/hp/virtualization/?code=0821emailannc
Ensure that you're being effective with your internal network security. Are your DIY options protecting you against worms, BotNets, Trojans, and hackers? Make sure! On-Demand Web Seminar.
http://www.windowsitpro.com/go/seminars/alertlogic/outsourcing/?partnerref=0821emailannc
=== FEATURED WHITE PAPER
=============================
Did you know that wasteful processes can drive the cost of document management and output to as high as 10-15% of your company's annual revenues? Download this free white paper today and find out how you can use fax solutions to achieve cost control, security, compliance, increased workflow, and more.
http://www.windowsitpro.com/go/whitepapers/Faxback/faxing?code=0821featwp
=== ANNOUNCEMENTS
====================================
Monthly Online Pass--only $14.95 per month!
Includes instant online access to every article ever written in the Windows IT Security newsletter, your #1 resource for everything security. Order now:
https://store.pentontech.com/index.cfm?s=1&promocode=eu2568um
Save $40 off Windows IT Pro
Subscribe to Windows IT Pro magazine today and SAVE up to $40! Along with your 12 issues, you'll get FREE access to the entire Windows IT Pro online article archive, which houses more than 9,000 helpful IT articles. This is a limited-time offer, so order now:
https://store.pentontech.com/index.cfm?s=1&promocode=eu2068uw
===========================================================
Security UDPATE is brought to you by the Windows IT Pro Web site's Security page (first URL below) and the Windows IT Security newsletter (subscribe at the second URL below).
http://www.windowsitpro.com/windowssecurity
https://store.pentontech.com/index.cfm?s=1&promocode=eu255xsb
Subscribe to Security UPDATE at
http://www.windowsitpro.com/Email/Index.cfm?action=archive
Unsubscribe by clicking
http://list.windowsitpro.com/u?id=%%SUBSCRIBER_ID_TAG%%
Be sure to add [email protected] to your antispam software's list of allowed senders.
To contact us:
About Security UPDATE content -- [email protected]
About technical questions -- http://www.windowsitpro.com/forums
About your product news -- [email protected]
About your subscription -- [email protected]
About sponsoring Security UPDATE -- [email protected]
View the Windows IT Pro privacy policy at
http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2006, Penton Media, Inc. All rights reserved.