====================
==== This Issue Sponsored By ====
Ecora Software
https://www.ecora.com/ecora/jump/pm15.asp
Assure On-line Compliance - an on-demand Webcast
http://w.on24.com/r.htm?e=4767&s=1&k=6A6C0B2B0FBBFB375CC8D09109799172
====================
* In Focus: Three Proposed Ways to Stem the Email Influx
* Security News and Features
- Feature: Wireless Networks in Small Spaces
- News: Comparing Security Design Choices
- News: Rights-Management Add-on for IE
- News: What's Hot
* New and Improved
- Analyze, Cross Reference, and Search Vulnerabilities
- Monitor Computer Activity
====================
==== Sponsor: Ecora Software ====
MS02-072 and MS03-039 are just two of 25 critical security patches you need to protect your network. Get complete details on all 25 at absolutely no cost to you—-simply click on the link provided below. Ecora's informative guide identifies each of your 25 "Must-Have" patches; details the importance of each patch; provides links to additional information—-accessible at your convenience; and describes how to check your systems to see if the patches are installed. Download your free whitepaper today and open the door to The Ecora Method of discovering, analyzing, researching and testing, remediating, safety netting, and reporting throughout an automated, worry-free patch management cycle.
https://www.ecora.com/ecora/jump/pm15.asp
====================
==== In Focus: Three Proposed Ways to Stem the Email Influx ====
by Mark Joseph Edwards, News Editor, mark at ntsecurity dot net
Solutions are in the works to help curb the amount of junk email we receive. Currently, most people probably use one of three types of solutions (or combinations thereof) to help filter their email. These solutions process incoming mail according to approved senders, banned senders, and banned mail servers. Now three more solutions are making their way into the marketplace: Sender Policy Framework (SPF), Caller ID for E-Mail, and DomainKeys.
Meng Weng Wong and Mark Lentczner began working on SPF more than a year ago, and more than 7500 domain operators have already implemented the solution. AOL, one of the world's largest ISPs, has taken notice and is testing SPF.
SPF attempts to use DNS queries to verify email sender IP addresses. DNS publishes MX records for inbound mail servers for a given domain, but there is no record type for publishing a list of outbound mail servers for a given domain. To improvise, SPF uses specially formatted TXT records in DNS to publish outbound mail servers for public queries and subsequent attempts to authenticate email senders.
When an SPF-enabled mail system receives a message, the mail system can query the sender's domain DNS servers to obtain a list of valid outbound mail server addresses and compare these addresses with the IP address in the message's SMTP email headers. If the IP addresses match, the mail system can assume that the message isn't junk mail. If the addresses don't match, the mail system can take a variety of actions depending on how it's configured. You can learn more about SPF, including how to implement it, at http://spf.pobox.com .
Microsoft recently published the Caller ID for E-Mail specification, which is similar to SPF. Caller ID also works by using DNS TXT records; however, Caller ID uses TXT records written in XML. Like SPF, Caller ID checks IP addresses in SMTP email headers against outbound mail server IP addresses published by DNS servers to verify that a domain's authorized mail server sent a message. The differences between Caller ID and SPF are in the way mail headers are processed and the way DNS publishes outbound mail servers. You can learn more about Microsoft's proposed Caller ID for E-Mail system at http://www.microsoft.com/mscorp/twc/privacy/spam_callerid.mspx .
The third system, DomainKeys, is in development by Yahoo! and works by cryptographically signing messages at the server level. You're probably familiar with tools such as Pretty Good Privacy (PGP) that use a public key and private key. Data is encrypted or signed by using a private key; data is decrypted or a signature is verified by using a public key. DomainKeys works the same way but at the server level. A sending mail server uses a private key to sign all the messages it sends. A DNS record publishes the sending server's public key. When the target server receives a signed message, the server can use a DNS query to obtain the sending server's public key and use the key to verify the message signature.
SPF, Caller ID for E-Mail, and DomainKeys have at least one thing in common: They verify that mail came from a mail server in the domain used by the sender's email address. This sort of functionality will help curb spoofing and help eliminate some amount of junk mail, but it won't completely stop all junk mail. Nevertheless, support is growing for all three proposed systems.
The most widely used mail server software is Sendmail. I recently spoke with J.F. Sullivan, Sendmail's director of product marketing, who told me that the company is providing feedback to all three entities to help them develop their respective solutions. Sullivan said that sometime this summer, Sendmail will release a new version of Sendmail, 8.13.x, that will include mail filter (milter) support for both Caller ID for E-Mail and DomainKeys. The new milter support will be available in both the commercial and open source versions of the mail server. After Sendmail has built-in support, millions of servers could potentially implement Caller ID or DomainKeys or both. Sendmail is also considering implementing SPF but doesn't yet have a timeframe for doing so.
Before that point release of Sendmail becomes available, SPF, Caller ID, and DomainKeys developers have plenty of work to do. All three solutions require particular changes to the configuration of DNS and the architecture of various mail-processing systems. For example, in some instances, the solutions would break widely used tools such as various types of mailing list software because the solutions might rewrite certain SMTP mail headers, which could change mail server or mail client behavior during mail processing. Solution developers might need to come up with workarounds for these types of situations.
The good news is that none of the proposed solutions will place drastic requirements on email end users because the solutions work at the server level. However, we might wonder about server interoperability because not everyone will wind up using the same solution.
Be sure to read about each of the solutions as they stand now, and keep an eye on their progress. Doing so could give you a head start on planning your future mail services.
====================
==== Sponsor: Assure On-line Compliance - an on-demand Webcast ====
Is your organization up to speed on best practices in website management?
Many organizations find that website management is a critical top and bottom line business issue, but surprisingly, on-line compliance is often overlooked. Find out how to avoid the consequences of non-compliance by viewing "Assuring On-line Compliance with Industry Standards and Current Legislation," an on-demand Webcast brought to you by Microsoft and Watchfire. Register for and view this free Webcast now:
http://w.on24.com/r.htm?e=4767&s=1&k=6A6C0B2B0FBBFB375CC8D09109799172
====================
==== Announcements ====
(from Windows & .NET Magazine and its partners)
Windows & .NET Magazine Connections
Windows & .NET Magazine Connections features speakers from Microsoft and other top independent experts. Complete details about workshops, breakout sessions, and speakers are now online. All attendees will get a chance to win a Florida vacation. Keep your competitive edge by learning from the world's best experts. Go online now to register.
http://www.winconnections.com
New eBook--Become a Master in Tools that Ease Computer Management Tasks and Diagnostic Tools
This eBook provides a practical introduction to some of the most important tools in the resources kits and the Support Tools that the Windows 2000 and Windows NT professional editions provide. You'll learn about computer management tasks, desktop production, network management, the browser monitor, and more. Download this free eBook today!
http://www.WindowsITlibrary.com/ebooks/windowsnetworking/index.cfm
====================
==== Sponsor: Virus Update from Panda Software ====
Are your traditional antivirus solutions really protecting your network? Panda Antivirus GateDefender is a dedicated hardware device installed at the Internet gateway to block viruses before they contaminate your network. It scans 7 different communication protocols, achieving optimum protection against external attacks. Panda Antivirus GateDefender 7100 (25-500 seats) & Panda Antivirus GateDefender 7200 (500 seats+) provide the highest scalability with native load balancing that transparently adapts to traffic volume.
Visit "Panda's GateDefender Stands Guard!" at
http://www.pandasecurity.com/gatedefender/
for more information.
====================
==== Security News and Features ====
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at
http://www.winnetmag.com/departments/departmentid/752/752.html
Feature: Wireless Networks in Small Spaces
Recently, David Chernicoff helped a friend set up a wireless network for his small business, which is located in a converted factory building that's divided into office spaces for several businesses. Problems began to arise when David started to configure the client computers. Every other business in the building was running a wireless network, and each of these networks was visible on the other networks and completely unprotected. See how David resolved the problems.
http://www.winnetmag.com/articles/articleid/41837/41837.html
News: Comparing Security Design Choices
Microsoft released an article that describes the results of testing the performance of various security designs involving Windows 2000 Advanced Server, Microsoft SQL Server 2000, ASP.NET, and the Windows .NET Framework. The article compares the relative performance of various security options available for client authentication, hashing algorithms, cryptography techniques, and digital signatures.
http://www.winnetmag.com/articles/articleid/41867/41867.html
News: Rights-Management Add-on for IE
Microsoft has released the Windows Rights Management Services (RMS) add-on for Microsoft Internet Explorer (IE). The add-on will let content owners restrict who can edit, forward, or copy documents, Web-based information, and email.
http://www.winnetmag.com/articles/articleid/41846/41846.html
News: What's Hot
Learn about a few exceptional products that can help you do your job. Readers highlight LANS Unlimited, NetIQ MailMarshall, and something you might find humorous and useful: Sunbeam's USB Coffee Warmer.
http://www.winnetmag.com/articles/articleid/41657/41657.html
====================
==== Hot Release ====
Need to Secure Multiple Domain or Host Names?
Securing multiple domain or host names need not burden you with unwanted administrative hassles. Learn more about how the cost-effective Thawte Starter PKI program can streamline management of your digital certificates. Click here to download our free guide:
http://ad.doubleclick.net/clk;7310834;8859394;x
====================
==== Security Toolkit ====
Virus Center
Panda Software and the Windows & .NET Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security.
http://www.winnetmag.com/windowssecurity/panda
Virus Alert: Netsky.C
Netsky.C is a worm that spreads through email and peer-to-peer (P2P) file-sharing programs. The Netsky.C email message has variable characteristics. The worm deletes several other worms that might have infected a system, including Mydoom.A and Mimail.T. When the system date and time are February 26, 2004, between 6:00 a.m. and 8:59 a.m., Netsky.C emits random tones through the infected system's internal speaker.
http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=45084
FAQ
by David Vincent and Ed Roth
Q: We're using Microsoft Software Update Services (SUS) in a test environment. When we apply updates at the Graphical Identification and Navigation (GINA) screen, the workstations should reboot automatically, but they aren't doing so--we must manually reboot them. We run Windows 2000 Service Pack 3 (SP3) with Novell Client 4.83 SP1 installed. Why won't the SUS clients reboot?
A: Here are a few places to start looking for answers. First, make sure that the most current Automatic Updates client is installed on your client workstations. Second, look in each client machine's Event Viewer to determine whether the updates are being installed and whether messages related to reboots are displayed. Third, verify that any Group Policy or registry entries on the clients are set to reboot after updates are installed if no one is logged on to the clients at the time of installation.
Featured Thread: Using Multiple Antivirus Software Vendors
(Two messages in this thread)
Nick writes that his company uses Trend Micro products for its gateway-level HTTP and SMTP antivirus scanning and a McAfee antivirus solution on its desktops and servers. He's been looking at the full Trend Micro antivirus suite for desktops and servers, but the company originally decided to use two vendors for redundancy and for extra protection in case one vendor was targeted. He wants to know whether using multiple antivirus vendors is a good idea or if one vendor is OK. Lend a hand or read the responses:
http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=117134
==== Events Central ====
(A complete Web and live events directory brought to you by Windows & .NET Magazine: http://www.winnetmag.com/events )
New Web Seminar--Realizing the Return on Active Directory
Join Mark Minasi and Indy Chakrabarti for a free Web seminar and discover how to maximize the return on your Active Directory investments and cut the cost of security exposures with secure task delegation, centralized auditing, and Group Policy management. Register now and receive NetIQ's free "Securing Access to Active Directory-A Layered Security Approach" white paper.
http://www.winnetmag.com/seminars/activedirectoryroi
==== New and Improved ====
by Jason Bovberg, [email protected]
Analyze, Cross-Reference, and Search Vulnerabilities
Syhunt announced that its application security scanner, TrustSight Security Scanner, is now compatible with the Common Vulnerabilities and Exposures (CVE) Initiative, a vulnerability-naming standard. TrustSight is a vulnerability-assessment technology in the field of Web application security and network security, helping organizations plan and provide appropriate network and software security measures to protect their Web infrastructure. For more information about TrustSight, contact Syhunt on the Web.
http://www.syhunt.com
Monitor Computer Activity
TrueActive Software announced TrueActive Monitor 5.0, an upgrade of its computer-monitoring program for enterprise security. Formerly known as WinWhatWhere, TrueActive Monitor 5.0 provides a complete audit trail of all computer activity within the enterprise, capturing all keystrokes on PCs. Version 5.0 includes new features and enhancements such as simplified network management, data archiving, and improved employee privacy measures such as optional password and credit card capture. Pricing for the base subscription of TrueActive Monitor 5.0 starts at $100 per year. Product suite prices range from $130 to $175 for an annual subscription, depending on the industry. For more information about TrueActive Monitor 5.0, contact TrueActive Software on the Web.
http://www.trueactive.com
Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows & .NET Magazine T-shirt if we write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected].
==== Contact Us ====
About the newsletter -- [email protected]
About technical questions -- http://www.winnetmag.com/forums
About product news -- [email protected]
About your subscription -- [email protected]
About sponsoring Security UPDATE -- [email protected]
This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today.
http://www.winnetmag.com/sub.cfm?code=wswi201x1z
Copyright 2004, Penton Media, Inc. All rights reserved.
