Security UPDATE--Security Diligence Is Overdue--June 28, 2006

This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertisers' Web sites and show your support for Security UPDATE.

SPI Dynamics
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701600000004arP

Diskeeper
http://www.diskeeper.com/landing/landing.asp?RId=10435&APID=PPS0001698&ad=winitpro0606282

CrossTec
http://www.crossteccorp.com/TryASC/wp.html?utm_source=WinITPro&utm_medium=newsletter&utm_campaign=062806asc

1. In Focus: Security Diligence Is Overdue

2. Security News and Features
- Recent Security Vulnerabilities
- Two New Excel Vulnerabilities Surface
- Workarounds for the First of Two Excel Vulnerabilities
- Windows Defender

3. Security Toolkit
- Security Matters Blog
- FAQ
- Share Your Security Tips

4. New and Improved
- Faster Intrusion Protection

==== Sponsor: SPI Dynamics ====

ALERT: "Top Web Application Hacker Tricks" Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation. Learn step-by-step vulnerability testing methods for your own Web Applications and guidelines for establishing best administration and coding practices. https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701600000004arP

==== 1. In Focus: Security Diligence Is Overdue ====
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

I recently came across some very interesting survey information published by Deloitte Touche Tohmatsu (DTT). The company conducted a survey of security executives in 150 companies from 30 countries whose business relates to technology, media, and telecommunications (TMT). The results shed some light on why some companies are open to security breaches.
http://www.deloitte.com/dtt/press_release/0,1014,sid%253D2283%2526cid%253D122077,00.html

According to the survey results, the majority of the surveyed companies consider themselves reactive (as opposed to proactive) when it comes to investing in information security. In other words, they spend money in response to breaches but don't typically spend nearly as much money to prevent breaches.

Only 4 percent of the companies think they're addressing the problem sufficiently; only 25 percent have already implemented or are in the process of implementing antiphishing protection; only 37 percent provided security training to employees over the past 12 months; only 24 percent believe their current security tools are being used effectively; and only 33 percent perform security risk assessments.

Another interesting pair of findings is that half of the companies who suffered breaches over the past 12 months were victims of insider attacks and only 47 percent of the companies believe they are adequately protected against such internal attacks.

Brian Geffert, principal of Deloitte Security and Privacy Services, said about the survey findings, "When it comes to security, TMT companies are talking the talk but not yet walking the walk. Survey respondents say that security is a top concern, but it is still not being addressed across the organization from a risk-based perspective, despite recent breaches costing million\[s\] of dollars of damage and inestimable harm to companies' reputations, brands, revenue and productivity. In fact, more than half of security executives surveyed admit that their security investments are falling behind the threats or at best just catching up."

Eye opening, isn't it? In a parallel study, DTT polled financial institutions as well as life sciences and health care companies. Although DTT didn't say how many companies took part in those studies, it did say that 78 percent of the financial institutions had experienced an external security breach and 49 percent had experienced an internal security breach in the past year. Seventeen percent of life sciences and health care companies had experienced an external security breach and 9 percent had experienced internal breaches. Wow!

How many news stories have you read over the past several months about some company suffering either an intrusion or equipment loss that exposed people's private information? We can't go more than a week or so without yet another of these stories coming to the surface, which just reinforces DTT's findings.

It seems to me, even more so in light of DTT's survey results, that the problems of intrusion and identity theft must be due to a lack of diligence, or maybe a lack of funding to support proper diligence.

After all, with proper funding, how hard is it to diligently defend your enterprise network, and how hard is it to diligently protect your mobile computing devices and backup media? The former can be tedious, of course, but not overly difficult. The latter requires mostly attentiveness and common sense on the part of users to avoid theft or other forms of loss.

If, in your opinion, your company isn't providing adequate resources for a diligent approach to information security, consider pointing your executives or decision makers to this editorial and DTT's press release. Maybe it'll help open some eyes.

==== Sponsor: Diskeeper ====

FREE UTILITY: SCANS YOUR SITE FOR SYSTEM SLOWDOWNS Disk Performance Analyzer for Networks is a FREE utility that remotely scans your networked systems looking for severe fragmentation-related disk performance bottlenecks. Disk fragmentation is a major source of slowdowns, freeze-ups and headaches; with Disk Performance Analyzer for Networks you can find and address potential problems before they become help desk calls. Find disk performance problems before they find you—download the FREE Disk Performance Analyzer for Networks now!
http://www.diskeeper.com/landing/landing.asp?RId=10435&APID=PPS0001698&ad=winitpro0606282

==== 2. Security News and Features ====

Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at
http://www.windowsitpro.com/departments/departmentid/752/752.html

Two New Excel Vulnerabilities Surface
You know the adage: When it rains it pours. On the heels of a zero-day Excel vulnerability reported two weeks ago come two more Microsoft-related vulnerabilities, one in Excel and one in Windows.
http://www.windowsitpro.com/Article/ArticleID/50654

Workarounds for the First of Two Excel Vulnerabilities
Two weeks ago, a zero-day exploit was discovered that affects Microsoft Excel. The vulnerability could allow the execution of arbitrary code on an affected computer. Microsoft has published a security advisory that includes possible workarounds to help you protect your systems.
http://www.windowsitpro.com/Article/ArticleID/50643

Windows Defender
Windows Defender Beta 2 is Microsoft's second antispyware beta release, but it really feels more like a new program. New graphics, tighter integration into the OS, and a streamlined interface all set this release apart from its predecessor, Microsoft AntiSpyware Beta 1. Jeff Fellinge gives you the skinny in this article on our Web site.
http://www.windowsitpro.com/Article/ArticleID/50360

==== Resources and Events ====

Attend Black Hat 2006 in Las Vegas July 29 - August 3; 2,500+ international security experts, 10 tracks, no vendor sales pitches.
http://www.blackhat.com

Event Log (for Windows systems) and Syslog (for UNIX/Linux systems) contain a wealth of information. In this free Web seminar, you'll learn about the processes, challenges, and benefits of consolidating events on a centralized server. Plus--identify the 50 critical events that should be monitored in your enterprise. Live Event: Thursday, June 29
http://www.windowsitpro.com/go/seminars/prism/eventlog/

Make full use of your VoIP network--integrate Fax for IP to reduce TCO and increase the ROI for your investment. On-demand Web seminar http://www.windowsitpro.com/go/seminars/faxback/leveragefax/?partnerref=0628emailannc

Learn the essentials about how consolidating hardware and updating selected technologies can help you build an infrastructure that can handle change effectively. http://www.windowsitpro.com/go/essential/hp/infrastructure/?code=0628emailannc

In this free podcast, Randy Franklin Smith outlines five points to consider when choosing an antispyware solution. Download the podcast today, and you could win an iPod! http://www.windowsitpro.com/go/podcasts/pctools/antispyware/?code=0628emailannc

Implement real-time processes in your email and data systems--you could also win a Best Buy Gift Card! Register today; the contest ends June 30. http://www.windowsitpro.com/go/toolkits/xosoft/disasterrecovery/?code=0628emailannc

==== Featured White Paper ====

Strategically managing software licenses saves time and cuts costs by centralizing licensing operations. Use this 5-step program to quickly implement your license management program. http://www.windowsitpro.com/go/whitepapers/macrovision/centralizinglicenses/?code=0628emailannc

Don't miss your chance to win a pair of Bose Triport Headphones! Download any white paper from Windows IT Pro before June 30 to enter. See the full selection of papers today at
http://www.windowsitpro.com/whitepapers

==== Hot Spot ====

Free White Paper - "7 Steps for SIMple Log Monitoring" Activeworx collects event logs from all your security devices and vendors to provide a single Dashboard view along with correlated alerts; hundreds of compliance reports; and deep forensics tools. Easy to install and use. Personalized support. Click for Free White Paper – 7 Steps for SIMple Log Monitoring
http://www.crossteccorp.com/TryASC/wp.html?utm_source=WinITPro&utm_medium=newsletter&utm_campaign=062806asc

==== 3. Security Toolkit ====

Security Matters Blog: WildPackets' OmniPeek Personal
by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters

Need an alternative to Ethereal and Wireshark? The OmniPeek Personal packet capture and analysis tool might be your answer.
http://www.windowsitpro.com/Article/ArticleID/50642

FAQ
by John Savill, http://www.windowsitpro.com/windowsnt20002003faq

Q: Where is the remote wipe facility in Microsoft Exchange Server 2003 Service Pack 2 (SP2)?

Find the answer at http://www.windowsitpro.com/Article/ArticleID/50628

Share Your Security Tips and Get $100
Share your security-related tips, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions (500 words or less) to [email protected]. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.

==== Announcements ====
(from Windows IT Pro and its partners)

Summer Special--Save 58% off Windows IT Pro Subscribe to Windows IT Pro today and SAVE 58%! Along with your 12 issues, you'll get FREE access to the entire Windows IT Pro online article archive, which houses more than 9,000 helpful articles. This is a limited-time offer, so order now: https://store.pentontech.com/index.cfm?s=1&promocode=eu2066uw

Need Access to Helpful SQL Server Articles? Subscribe to SQL Server Magazine today and SAVE 58%! Along with your 12 issues, you'll get FREE access to the entire SQL Server Magazine online article archive, which houses more than 2,300 helpful articles. This is a limited-time offer, so order now: https://store.pentontech.com/index.cfm?s=1&promocode=eu2166us

==== 4. New and Improved ====
by Renee Munshi, [email protected]

Faster Intrusion Protection
Third Brigade announced Deep Security 4.5, the newest release of its intrusion prevention system (IPS) that protects mission-critical hosts, applications, and data from malicious attacks. New features are designed to help customers deploy Deep Security more quickly. Customers can purchase Third Brigade Deep Security Manager to place Deep Security Agent software in IPS-ready mode on any number of hosts at no extra cost. Then when they're ready, they can switch the Agent from detection to prevention mode. Deep Security 4.5 also offers preconfigured security profiles for more than 80 software applications that run on Windows, Linux, and Solaris. And Third Brigade says it delivers new filters within hours of the announcement of new software vulnerabilities. For more information, go to
http://www.thirdbrigade.com

Tell Us About a Hot Product and Get a Best Buy Gift Card!
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Best Buy Gift Card if we write about the product in a Windows IT Pro What's Hot column. Send your product suggestion with information about how the product has helped you to [email protected].

==== Contact Us ====

About the newsletter -- [email protected] About technical questions -- http://www.windowsitpro.com/forums About product news -- [email protected] About your subscription -- [email protected] About sponsoring Security UPDATE -- [email protected]