Security UPDATE--Browser History: What Happened?--April 27, 2005

1. In Focus - Browser History: What Happened?

2. Security News and Features

- Recent Security Vulnerabilities

- Firefox 1.0.3--Nine Security Fixes

- Credit Card Companies to Enforce Payment Card Industry Standard

- Putting OpenVPN to Work

3. Security Toolkit

- Security Matters Blog

- FAQ

- Security Forum Featured Thread

4. New and Improved

- Fast Security

==== Sponsor: KACE ====

Simplify Software, Desktop and Server Management

KBOX by KACE is a simple, affordable solution that delivers complete inventory, software deployment, patch management, software update, reporting and more. Finally there's a complete solution that lets you act on your information. It's all in the (K)BOX. This self-contained appliance is a snap to implement and use and costs less than you'd expect. Find out why leading companies are choosing KBOX by KACE every day and learn how you can take advantage of our 45-day return policy that guarantees your satisfaction.

http://www.kace.com/?=winitpro_security

==== 1. In Focus - Browser History: What Happened? ====

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Occasionally, you might need to trace a user's Web-browsing path. Manual forensic analysis, which involves digging through cookie files, the browser's cache, and browser history data, isn't easy.

For a good rundown on forensic analysis of browser activity, you should consider reading "Web Browser Forensics, Part 1," by Keith J. Jones and Rohyt Belani of Red Cliff Consulting. The article, published on the SecurityFocus Web site, offers a brief usage overview of some very useful tools: in particular, Pasco, Internet Explorer History Viewer, Web Historian, and Forensic Toolkit.

http://www.securityfocus.com/infocus/1827

Pasco is an open-source tool that can be used to reconstruct browser use from Microsoft Internet Explorer's (IE's) index.dat files. The files contain data such as which URLs were visited and when. Pasco is a command-line tool that creates a text-based output file.

http://sourceforge.net/projects/odessa

Internet Explorer History Viewer, available from Phillips Ponder, has been around for a while. It too can reconstruct IE usage and has the added benefits of being able to read Netscape history data and find fragments of deleted files in the Windows Recycle Bin. IE History costs $50.

http://www.phillipsponder.com/histviewer.htm

The free Web Historian, provided by Red Cliff Consulting, is more powerful than the previous two tools. It can help you analyze the historic usage of Internet Explorer, Mozilla, Firefox, Netscape, Opera, and Apple Computer's Safari.

http://red-cliff.com/index.php?fuseaction=tools.overview

Forensic Tookit (FTK), from AccessData, is the most powerful of the bunch, and at $995, it better be. It too can reconstruct browser use history, but it's also billed as a tool that can perform "complete and thorough forensics examinations." Among other tasks, Forensic Toolkit can index entire drives, allows quick text searches, and supports more than 270 file types.

http://www.accessdata.com/Product04_Overview.htm

Now let's suppose for a minute that you don't want anybody to be able to perform such analysis on your systems. For example, if your laptop is stolen or lost, do you want whoever ends up with it to be able to find out detailed information about you by analyzing your surfing habits? To prevent someone else from accessing your data, you could implement disk encryption.

You can also manually delete browser details (IE History and Cache) fairly easily, but you have to remember to do that, and you also need to erase the disk sectors to ensure that the data can't be recovered. I know that many standalone tools can do both these tasks quickly and effortlessly. Privacy Eraser is one example (which I haven't yet tried).

http://www.privacyeraser.com/features.htm

Are any such tools that include centralized management available for an enterprise? If you know of any, please send me an email with the details or a URL.

====

Don't miss a Web chat with Randy Franklin Smith on the topic "The Security Event Log: The Unofficial Guide." It will take place May 4, 12:00 P.M. Eastern (9:00 A.M. Pacific). For more information, go to

http://www.microsoft.com/communities/chats/default.mspx#05_0504_TN_SEUG

And, finally, you have less than one week left to vote for your favorite products in Windows IT Pro's annual Readers' Choice Awards. Voting ends May 2, so vote now at

http://windowsitpro.com/readerschoice/

==== Sponsor: Postini ====

Phishing, viruses, bot-nets and more: How to prevent the "Perfect Storm" from devastating your email system

Unfortunately, fragmented appliance-based and software-based anti-spam solutions operating inside the email gateway can't prevent a potentially devastating impact on your email system and users. In this free white paper learn how you can protect your email boundary and stop attacks with a multi-layered approach that effectively prevents the perfect storm from ever reaching your email gateway. Download your copy now!

http://www.windowsitpro.com/whitepapers/postini/phishing/index.cfm?code=secnl_427

==== 2. Security News and Features ====

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

http://www.windowsitpro.com/departments/departmentid/752/752.html

Firefox 1.0.3--Nine Security Fixes

Mozilla Organization released Firefox 1.0.3 to correct nine security vulnerabilities. Interestingly enough, all the problems corrected in the new release relate to vulnerabilities that could be exploited via JavaScript.

http://www.windowsitpro.com/Article/ArticleID/46093

Credit Card Companies to Enforce Payment Card Industry Standard

Most major credit card companies have adopted the Payment Card Industry (PCI) Data Security Standard, which was jointly developed by VISA and MasterCard. Adopters of the standard include American Express, Diners Club, Discover, and JCB International.

http://www.windowsitpro.com/Article/ArticleID/46133

Putting OpenVPN to Work

You're probably familiar with Microsoft's RRAS VPN solutions, as well as commercial VPNs from vendors such as Cisco Systems and Nortel Networks, but you might not be aware of an open-source program called OpenVPN. Jeff Fellinge explains how to implement OpenVPN in this article on our Web site.

http://www.windowsitpro.com/Article/ArticleID/45844

==== Resources and Events ====

Protect the Rest of Your Exchange Infrastructure

There is more to data protection for Exchange than protecting mail and mail servers. In this free Web seminar, you'll learn some methods for anticipating, avoiding, and overcoming technical problems that can affect your Exchange environment, including corruption or errors in Active Directory, DNS problems, configuration errors, service pack installation, and more. Register now!

http://www.windowsitpro.com/seminars/ExchangeInfrastructure/index.cfm?code=0427emailannc

Get Ready for SQL Server 2005 Roadshow in a City Near You

Get the facts about migrating to SQL Server 2005. SQL Server experts will present real-world information about administration, development, and business intelligence to help you implement a best-practices migration to SQL Server 2005 and improve your database computing environment. Attend and receive a 1-year membership to PASS and 1-year subscription to SQL Server Magazine. Register now!

http://www.windowsitpro.com/roadshows/sqlserverusa/index.cfm?code=0425emailanncs

Ensure SQL Server High Availability

In this free Web seminar, discover how to maintain business continuity of your IT systems during routine maintenance and unplanned disasters. Learn critical factors for establishing a secure and highly available environment for SQL Server including overcoming the technology barriers that affect SQL Server high availability and Microsoft's out-of-the-box high-availability technologies such as clustering, log shipping, and replication. Register now!

http://www.windowsitpro.com/seminars/SQLHighAvailability/index.cfm?code=0427emailannc

Configuring Blade Servers for Your Application Needs

Blade servers pack a lot of function into a small space, conserve power, and are flexible. In this free, on-demand Web seminar, industry guru David Chernicoff details the best use of 1P, 2P, and 4P configurations using single and multiple enclosures; integrating with NAS and SAN; and managing the entire enterprise from a single console. Register now and take advantage of blade servers' power and flexibility.

http://www.windowsitpro.com/seminars/bladeservers2/index.cfm?code=0427emailannc

Discover All You Need to Know About 64-bit Computing in the Enterprise

In this free, on-demand Web seminar, industry guru Michael Otey explores the need for 64-bit computing and looks at the type of applications that can make the best use of it. He'll explain why the most important factor in the 64-bit platform is increased memory. Discover the best platform for high performance and learn how you can successfully differentiate, migrate, and manage between 32-bit and 64-bit technology. Register now!

http://www.windowsitpro.com/seminars/integrityservers/index.cfm?code=0427emailannc

==== Featured White Paper ====

Get Rapid and Reliable Data and System Recovery

Even under the best circumstances, performing a bare metal recovery from tape is tedious and unreliable. In this free white paper, learn how you can achieve unprecedented speed and reliability in recovering systems and data.

http://www.windowsitpro.com/whitepapers/symantec/livestaterecovery/index.cfm?code=0427emailannc

==== Hot Release ====

Security Event Management – It shouldn't cost a fortune to save a fortune

Activeworx Security Center dramatically reduces the time, effort & cost required to collect, analyze, report & escalate critical security data. Activeworx consolidates multi-vendor security log data - providing an affordable solution for detailed event correlation to detect both known and unknown threats. Free Trial.

http://www.brighttools.com/winitpro_index.html

==== 3. Security Toolkit ====

Security Matters Blog

by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters

Perils of Wardriving

It's fairly common knowledge that some people set up Wi-Fi hotspots using the Wi-Fi cards in their own computers in hopes that someone will connect. Once a connection is made, an intrusion attempt begins against the machine that connected. Obviously it's not very smart to use any old Wi-Fi hotspot you come across just because it's there.

http://www.windowsitpro.com/Article/ArticleID/46161

FAQ

by John Savill, http://www.windowsitpro.com/windowsnt20002003faq

Q: How can I configure the Windows Server 2003 Service Pack 1 (SP1) Windows Firewall from a command line?

Find the answer at

http://www.windowsitpro.com/Article/ArticleID/46125/46125.html

Security Forum Featured Thread

A forum participant is looking for methods or products that can block all access to X-rated Web sites on his company's laptop computers and for security policy templates to use as a model for developing an acceptable-use policy. Join the discussion at:

http://www.windowsitpro.com/Forums/messageview.cfm?catid=42&threadid=131548

==== Announcements ====

(from Windows IT Pro and its partners)

Check Out the New Windows IT Security Newsletter!

Security Administrator is now Windows IT Security. We've expanded our content to include even more fundamentals on building and maintaining a secure enterprise. Each issue also features product coverage of the best security tools available and expert advice on the best way to implement various security components. Plus, paid subscribers get online access to our entire security article database! Click here to try a sample issue today:

http://www.secadministrator.com/rd.cfm?code=fseu2554up

Windows IT Security Monthly Pass = Quick Answers!

Sign up today for your Windows IT Security Monthly Pass and get 24/7 online access to every article on the Windows IT Security Web site, including exclusive subscriber-only content. That's a database of more than 1900 security articles to help you get all the answers you need, when you need them! Sign up now:

http://www.windowsitpro.com/sub/MonthlyAccess/index.cfm?promocode=eu2554mp

==== 4. New and Improved ====

by Renee Munshi, [email protected]

Fast Security

Metanetworks Technologies offers the MTP-1G Gigabit Ethernet and MTP-10G 10 Gigabit Ethernet cards, specifically designed to support existing open-source network security and monitoring applications, such as Intrusion Detection Systems (IDSs). The MTP-1G passes Gigabit Ethernet traffic and the MTP-10G passes 10 Gigabit Ethernet traffic between the card's two ports with 400 ns latency while performing wire-speed, stateful packet inspection. When determining whether to capture or block packets, the cards can apply up to 1500 wire-speed stateful policies per packet. When the cards capture packets, the cards present the packets to the OS as standard NICs in promiscuous mode. For more information, go to

http://www.metanetworks.org

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to

[email protected].

Editor's note: Share Your Security Discoveries and Get $100

Share your security-related discoveries, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions (500 words or less) to [email protected]. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.

==== Sponsored Links ====

Quest Software

Heading to Exchange from Notes or GroupWise? Get Expert Help!

http://ad.doubleclick.net/clk;14771969;8214395;x?http://wm.quest.com/WITPUpdateNotesMigratorforExchange32005

Best Practices for Establishing and Enforcing a Security Policy in Your Business

Is your company prepared to fend off threats? Download this free white paper!

http://ad.doubleclick.net/clk;15940855;8214395;q?http://www.windowsitpro.com/whitepapers/microsoft/bestpractices/index.cfm

==== Contact Us ====

About the newsletter -- [email protected]

About technical questions -- http://www.windowsitpro.com/forums

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]