Security UPDATE--Security Writers Web Site--July 21, 2004

To make sure that your copy of Security UPDATE isn't mistakenly blocked by antispam software, add [email protected] to your list of allowed senders and contacts.

==== This Issue Sponsored By ====

Sunbelt Network Security Inspector

http://www.sunbelt-software.com/rd/rd.cfm?id=040721EB-WINSU

Free Security White Paper from Postini

http://www.winnetmag.com/whitepapers/postini/shiftingtactics/index.cfm?code=0720securitysecondary

1. In Focus: Security Writers Web Site

2. Security News and Features

- Recent Security Vulnerabilities

- Feature: SUS Implementation Tips

3. Security Toolkit

- FAQ

- Featured Thread

4. New and Improved

- Antivirus Activity Analysis

==== Sponsor: Sunbelt Network Security Inspector ====

A World-Class Scanner that Won't Make a Hole in Your Budget! New V1.5 Now Multi-Platform; Scan By IP-range! Sunbelt Network Security Inspector (SNSI) is a low-cost, quick-install, fast-result vulnerability scanner. It uses a top-quality, commercial-grade vulnerability database with well over 3,000 ranked vulnerabilities. SNSI is licensed per Admin. Now you can finally afford a world-class scanner and be proactive without compromises. Click here for your free download.

http://www.sunbelt-software.com/rd/rd.cfm?id=040721EB-WINSU

==== 1. In Focus: Security Writers Web Site ====

by Mark Joseph Edwards, News Editor, mark at ntsecurity dot net

I think you'll agree that either being a security administrator or managing security administrators requires that you continually add new information to your base of knowledge. Lots of resources are available for you to use to gather more information. Some of the resources are well-known and others are either relatively new or remain a bit obscure for whatever reasons. This week, I want to share with you a resource that you might not be aware of but that's worth checking into.

Information Security Writers (Infosec Writers) is a Web site at which you can find numerous technical papers and essays, all of which of course pertain to information security. The site was originally launched in 2000 as the Security Writers Guild. Since that time, the site has obviously changed names, and the content has grown.

http://www.infosecwriters.com

The site hosts a library of technical papers written by various contributors who want to share their knowledge with the community at large. Categories in the Web site's Text Library include Email Security; Exploitation/Vulnerability; Firewall & Perimeter Protection; Forensics; General Security Concepts & Misc.; Honeypots; Information Assurance; Intrusion Detection; Malware/Malicious Code; Network Devices, Protocols & Traffic; Organizational Security; Security Tools; and Wireless Security.

For some examples of the types of papers that you might find at the site, check the Latest Articles section of the Infosec Writers home page. Some recently published papers are "Securing Mac OS X" by Stephen de Vries, "Shadow Software Attack" by Angelo Rosiello, "The Increasing Risks of Internet Computing" by Greg Greer, "Information Systems Misuse--Threats & Countermeasures" by Vijay Gawde, and "Non Conventional Virus Attack" by Raul Alvarez.

Another item of interest that you can find at the site is "Hitchhiker's World," which is a Web-based magazine. As far as I can determine, the magazine isn't published at any particular interval, however the next version is due to be released July 27. You might want to read some or all of the previous editions; if you find the content useful, you can mark your calendar to read the upcoming edition.

If you know of other security-related Web sites that others might not be aware of and you want to share their names with the readers of this newsletter, please send me an email and let me know about them.

==== Sponsor: Free Security White Paper from Postini ====

The Shifting Tactics of Spammers: What You Need to Know about New Email Threats

As the incidence of spam and malicious emails carrying viruses and worms continues to increase, conventional content filtering anti-spam solutions fail to keep pace. This paper will describe the latest email threats, how spam filters typically operate and how spammers are attempting to defeat conventional software and appliance content filtering technologies. You'll see how spammers are moving beyond hash busting and Bayesian poisoning and learn how spammers are stealing addresses from your email directory with "directory harvest attacks"--compromising and even bringing down your email servers. Download this free white paper now!

http://www.winnetmag.com/whitepapers/postini/shiftingtactics/index.cfm?code=0720securitysecondary

==== 2. Security News and Features ====

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

http://www.winnetmag.com/departments/departmentid/752/752.html

Feature: SUS Implementation Tips

As you know, Microsoft Software Update Services (SUS) lets you download (for free) all crucial updates to a Windows 2000 or later server, then distribute them to your network's Windows servers and workstations. SUS gives you a way to automate patch management and eliminates the need to manually download and install critical updates on individual workstations. In this article, Alan Sugano offers some tips for SUS implementation.

http://www.winnetmag.com/article/articleid/43247/43247.html

==== Announcements ====

(from Windows & .NET Magazine and its partners)

Get Subscriber Access to Everything in the Windows & .NET Magazine Network!

Our VIP Web site/Super CD subscribers are used to getting online access to all of our publications, plus a print subscription to Windows & .NET Magazine and exclusive access to our banner-free VIP Web site. Now we've added even more content from the archives of SQL Server Magazine! You won't find a more complete and comprehensive resource anywhere--check it out!

http://www.winnetmag.com/rd.cfm?code=edep274xup

Windows Connections, October 24-27, Orlando, FL

Microsoft and Windows & .NET Magazine team up to produce the essential conference for network administrators and IT managers on Windows and Exchange technology. Register early and attend sessions for free at the concurrently run Microsoft Exchange Connections. See the complete conference brochure online or call 800-505-1201 for more information.

http://www.winconnections.com

Free eBook--"The Expert's Guide for Exchange 2003: Preparing for, Moving to, and Supporting Exchange Server 2003"

This eBook will educate Exchange administrators and systems managers about how to best approach the migration and overall management of an Exchange 2003 environment. The book will focus on core issues such as configuration management, accounting, and monitoring performance with an eye toward migration, consolidation, security, and management.

http://www.WindowsITlibrary.com/ebooks/exchangeserver2003/index.cfm?code=0705emailannc

==== Hot Release ====

Need to Secure Multiple Domain or Host Names?

Securing multiple domain or host names need not burden you with unwanted administrative hassles. Learn more about how the cost-effective Thawte Starter PKI program can streamline management of your digital certificates.

Click here to download our free guide:

http://ad.doubleclick.net/clk;9435481;9685120;q

==== 4. Security Toolkit ====

FAQ: What Causes the Error I Receive in the Event Log When I Attempt to Replicate the ForestDNSZones Directory Partition?

by John Savill, http://www.winnetmag.com/windowsnt20002003faq

A. The ForestDNSZones directory partition is replicated among all domain controllers (DCs) in a forest that have the DNS service installed. When you replicate ForestDNSZones, you might see an error message that's similar to one posted with this FAQ at the URL below.

This type of error can occur when you have several sites that don't have site links between them or when site-link bridging is disabled (and no site-link bridge has been manually created) and when a site that has DCs running DNS is connected to a site that has DCs that don't run DNS. The ForestDNSZones partition, which replicates only between DCs that have DNS installed, can't replicate to the DCs that don't have DNS installed. Consider a scenario in which sites A and C have DCs that run DNS and are connected to site B, which has a DC that doesn't run DNS. The error appears on DCs in sites A and C if site-link bridging is disabled and no site-link bridge was manually created between them.

To solve this problem, you must either create a site-link bridge between sites A and C, or if sites A and C aren't connected because of routing restrictions, install DNS on a DC at site B. Using either method allows replication through the DC at site B. You don't need to configure any zones on the DC; merely having DNS installed is enough to add the DC to the ForestDNSZones partition's replication set.

http://www.winnetmag.com/windowsnt20002003faq/article/articleid/43165/43165.html

Featured Thread: Web Site Access to Internal Databases

(Three messages in this thread)

Gary writes that he has a Web server on a demilitarized zone (DMZ) that accesses an internal SQL database through Active Server Pages (ASP). He wants to know the best way to let some of his customers access certain parts of the database while not allowing public access. He wonders if he should set up local accounts on the Web server and use Windows authentication. Lend a hand or read the responses.

http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=123379

==== Events Central ====

(A complete Web and live events directory brought to you by Windows & .NET Magazine: http://www.winnetmag.com/events )

Going Beyond Blade Server Basics

In this free Web seminar, attendees will learn about the scalability of blade servers and how the HP BL series of servers work. And, we'll look at support for remote management, Integrated Lights Out (ILO) management, automated configuration, and server provisioning, as well as specialized server designations within a blade enclosure and more. Register now!

http://www.winnetmag.com/seminars/bladeserverbasics/index.cfm?code=0719emailannc

==== 5. New and Improved ====

by Jason Bovberg, [email protected]

Antivirus Activity Analysis

eIQnetworks announced FirewallAnalyzer Enterprise 3.5, the newest enterprise version of the company's browser-based firewall/VPN analysis, reporting, and monitoring solution. FirewallAnalyzer Enterprise 3.5 correlates antivirus server and firewall/VPN information and reports on it. The product comes with more than 400 reports to help you take preventive actions against network-perimeter attacks and viruses. It provides more than 100 reports that identify virus activity across enterprise networks, delivering such information as virus type, source, destination, frequency, file type, file extension, and protocol. Information can be reported hourly, daily, and monthly from each firewall, as well as across all firewalls and antivirus servers. The software runs on Windows 2003/XP/2000/NT and costs $795 per physical firewall. For a free trial, contact eIQnetworks on the Web.

http://www.eiqnetworks.com

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows & .NET Magazine T-shirt if we write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected].

==== Sponsored Links ====

Argent

Comparison Paper: The Argent Guardian Easily Beats Out MOM

http://ad.doubleclick.net/clk;6480843;8214395;q?http://www.argent.com/products/download_whitepaper.cgi?product=mom&&Source=WNTTextLink

CrossTec

Free Download--New - Launch NetOp Remote Control from a USB Drive

http://ad.doubleclick.net/clk;9571671;8214395;t?http://www.crossteccorp.com/html_ad/winnetmag.htm

Editor's note: Share Your Security Discoveries and Get $100

Share your security-related discoveries, comments, or problems and solutions in the Security Administrator print newsletter's Reader to Reader column. Email your contributions (500 words or less) to [email protected]. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.

==== Contact Us ====

About the newsletter -- [email protected]

About technical questions -- http://www.winnetmag.com/forums

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]

==== Contact Our Sponsors ====

Primary Sponsor:

Sunbelt Software -- http://www.sunbelt-software.com -- 1-888-688-8457

Secondary Sponsor:

Postini -- http://www.postini.com --1-888-584-3150

Hot Release Sponsor:

thawte -- http://www.thawte.com -- 1-650-426-7400