Security UPDATE: Congress Passes Antispam Bill


==== This Issue Sponsored By ====

Shavlik: Free Security Patch Management Software

Automate Patch Management with Ecora


1. In Focus: How Microsoft Manages Its Security

2. Announcements

- Attend Black Hat Briefings 2004

- Order Windows & .NET Magazine and the Article Archive CD at One Low Rate!

3. Security News and Features

- Recent Security Vulnerabilities

- News: Congress Passes Antispam Bill

- Feature: Enterprise Patch Management for Windows

4. Security Toolkit

- Virus Center

- Virus Alerts: Sysbug.A, Randex.BF

- FAQ: How can I back up the Microsoft IIS Metabase in Windows 2000 and later?

- Featured Thread: Security+ Certification

5. Event

- Receive a Free Identity Management White Paper!

6. New and Improved

- Keep Passwords Secure

- Scan and Audit Your Network Security

- Tell Us About a Hot Product and Get a T-Shirt

7. Contact Us

See this section for a list of ways to contact us.


==== Sponsor: Shavlik: Free Security Patch Management Software ====

Install the latest critical Microsoft security patches MS03-048 through MS03-051 today with HFNetChkPro. A free, fully functional, no time-out version of HFNetChkPro is available to help you automate the delivery and testing of these critical patches. HFNetChkPro offers unlimited scanning, a complete GUI and Shavlik's exclusive PatchPush capabilities. Save time on patch deployment, ensure systems are fully protected and safeguard your systems from remote code execution, identity spoofing, arbitrary code execution and other attacks. It's free, and it simplifies patch management without agents. Learn more and download the free version of HFNetChkPro at


==== 1. In Focus: How Microsoft Manages Its Security ====

by Mark Joseph Edwards, News Editor, [email protected]

I'm sure most of you regularly look for ways to improve the security of your networks. Sometimes learning how other organizations manage their security lends insight into ways you could tweak your own methods. Last week, Microsoft released the document "Security at Microsoft," which explains how the company manages its IT security.

The entire document is interesting; however, you might find some sections more interesting than others. For example, Microsoft explains that to secure its perimeter, it uses smart cards for remote access, customized profiles, and scripts to check the configuration of remote computers for security policy compliance.

The company has more than 4000 wireless Access Points (APs) around the world that let approximately 31,000 employees connect to the network. Each wireless client must be authenticated using 802.1x protocols, Extensible Authentication Protocol (EAP), Transport Layer Security (TLS), and certificates. All wireless connections are encrypted, and wireless clients are periodically reauthenticated during connectivity sessions. Rogue APs are prohibited, and the security group scans for such devices.

As a software manufacturer, Microsoft maintains several specialized networks, including development networks, test networks, and of course support networks. These networks have different requirements for security policies and controls, so the company doesn't have a simple blanket policy for all its networks. Security is more stringent in some network areas than in others.

Some other interesting tidbits you'll learn when you read the document are that each month, Microsoft experiences some 100,000 intrusion attempts and quarantines more than 125,000 email messages that contain viruses and the like. I'm not sure how much junk mail the company filters out each month, but I'd guess the figure is well into the millions of messages.

You can find "Security at Microsoft" at the URL below. Be sure to check it out. You might find some ideas that you can use to better protect your own networks.


==== Sponsor: Automate Patch Management with Ecora ====

How confident are you that all critical security patches are deployed and up-to-date on every single system in your infrastructure? Need some help figuring it all out before the next big worm attack? Try a free copy of Ecora Patch Manager. Designed for IT professionals short on time, Patch Manager completely automates and simplifies the entire patch management cycle in just minutes. See for yourself how automation can save time, reduce costs, and keep your IT infrastructure stable and secure. Download a free, fully-functional trial of Ecora Patch Manager now!


==== 2. Announcements ====

(from Windows & .NET Magazine and its partners)

Attend Black Hat Briefings 2004

Black Hat Windows Security 2004 Briefings & Training is January 27-30, 2004, in Seattle. This is the world's premier Windows IT security event. Discover solutions to all of the current worm, virus, and attack threats. Come for six tracks and eight 2-day training sessions. Register today!

Order Windows & .NET Magazine and the Article Archive CD at One Low Rate!

What's better than Windows & .NET Magazine? Try Windows & .NET Magazine and the Windows & .NET Magazine Article Archive CD at one super low rate. Read Windows & .NET Magazine in the office. Take the Article Archive CD with you on the road. Subscribe now!


==== Sponsor: Virus Update from Panda Software ====

Check for the latest anti-virus information and tools, including weekly virus reports, virus forecasts, and virus prevention tips, at Panda Software's Center for Virus Control.

Viruses routinely infect "fully protected" networks. Is total protection possible? Find answers in the free guide HOW TO KEEP YOUR COMPANY 100% VIRUS FREE from Panda Software. Learn how viruses enter networks, what they do, and the most effective weapons to combat them. Protect your network effectively and permanently - download today!


==== 3. Security News and Features ====

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

News: Congress Passes Antispam Bill

The US House of Representatives has passed the first bill designed to protect US consumers from spam, paving the way for President George W. Bush to sign the bill into law by the end of the year. The bill, which passed by a 392 to 5 vote, is similar to the CAN-SPAM legislation that the US Senate approved last month by a vote of 97 to 0. If accepted as law, the bills will prohibit senders of unsolicited email from disguising their identities and harvesting email addresses from the Web and require them to let recipients opt out of future mass mailings.

Feature: Enterprise Patch Management for Windows

Given the ever-increasing threats from hackers, viruses, and Internet-based worms, patch management has become a crucial component of enterprise security. Mark Burnett and his associates tested seven patch-management products to determine their suitability for managing a Windows-based enterprise network. The products tested aren't the only patch-management programs available, but they provide a good overview of the field. Read our lab report to see how well each product performed.

==== 4. Security Toolkit ====

Virus Center

Panda Software and the Windows & .NET Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security.

Virus Alert: Sysbug.A

Sysbug.A is a Trojan horse that's sent in an email message with the subject "Re\[2\]:Mary" and an attachment called PRIVATE.ZIP. The attachment contains a file called WENDYNAKED.JPG.EXE. Sysbug.A steals passwords from the recipient's system and logs this information in a file that can then be sent to the perpetrator. Sysbug.A also installs a backdoor that opens the TCP port 5555 and waits for control commands.

Virus Alert: Randex.BF

Randex.BF is a Trojan horse that attempts to connect to systems at randomly generated IP addresses by using passwords that are typical or easy to guess. If it connects to a remote system successfully, it copies itself to that system. Once running, Randex.BF joins the Internet Relay Chat (IRC) channel #goep on the IRC server and waits for control commands.

FAQ: How can I back up the Microsoft IIS Metabase in Windows 2000 and later?

by John Savill,

A. Microsoft IIS configuration information resides in a metabase that consists of an XML document. If you're hosting several Web sites that have separate configurations, backing up the metabase is vital. To back up the IIS metabase, perform the following steps:

1. Start the Microsoft Management Console (MMC) Internet Information Services (IIS) Manager snap-in (go to Start, Programs, Administrative Tools, then click Internet Information Services Manager).

2. Right-click the name of the machine that hosts the IIS services, then select Backup/Restore Configuration from the All Tasks menu.

3. Click Create Backup.

4. Enter a name for the backup.

5. Optionally select the "Encrypt backup using password" check box and enter a password to protect the backup.

6. Click OK.

7. Click Close on the main Backup/Restore Configuration window.

The OS will create a metabase backup in the \%windir%\system32\inetsrv\metaback folder. You should ensure that you back up this folder as part of your routine system backups. The folder contains two files: .mdx and .scx. The .mdx file contains the actual metabase information, and the .scx file contains the schema. In both cases, "x" is the version of the backup.

Featured Thread: Security+ Certification

(One message in this thread)

A forum reader is considering taking the Security+ Certification exam from CompTIA. He wonders whether anyone has any opinions on this certification. Also, he's having trouble understanding the difference between the Discretionary Access Control (DAC), Mandatory Access Control (MAC), and Role Based Access Control (RBAC) policies. He wonders whether anyone can give him a brief explanation of each and maybe an example. Lend a hand or read the responses:

==== 5. Event ====

Receive a Free Identity Management White Paper!

Are your existing identity-management and access-control solutions fragmented, duplicated, and inefficient? Attend this free Web seminar and discover how to automate and simplify identity creation, administration, and access control. Leverage your investment in Microsoft technologies and benefit from greater security, improved productivity, and better manageability. Register now!

==== 6. New and Improved ====

by Jason Bovberg, [email protected]

Keep Passwords Secure

CEZEO software released SecureWord 1.3, password-management software that uses the Advanced Encryption Standard (AES) to keep your passwords secure. You can use SecureWord to store passwords and other important information, import and export the data, and back up or synchronize the data. Multiple users can use SecureWord without risking security compromise. A built-in password generator lets you instantly create new passwords. The software's easy-to-use UI and search system simplify browsing and searching for secure information. A single-user copy of SecureWord costs $19.95 (an unlimited Site License costs $499), and you can obtain a free 30-day trial version from the company's Web site. For more information about SecureWord, contact CEZEO software on the Web.

Scan and Audit Your Network Security

Infiltration Systems released Infiltrator, a security scanner and auditing tool for your Windows XP/2000/NT 4.0 network. Infiltrator quickly audits computers for vulnerabilities, security holes and exploits, and information enumerations. Infiltrator can reveal information such as installed software, shares, users, drives, hotfixes, NetBIOS and SNMP information, and open ports. The software audits each computer's registry, services, and password and security policies and alerts you if security is insufficient. Pricing for Infiltrator starts at $195.95 for as many as 25 IP addresses. For more information about Infiltrator, contact Infiltration Systems on the Web.

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows & .NET Magazine T-shirt if we write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected]


==== Sponsored Links ====

Sybari Software

Free! "Admins Shortcut Guide to Email Protection" from Sybari;6574227;8214395;q?

Microsoft(R) Security Readiness Kit

Get your free kit for creating an enhanced risk-management plan.;6600432;8214395;e?;6576037;8608804;t?


==== 7. Contact Us ====

About the newsletter -- [email protected]

About technical questions --

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]

This email newsletter is brought to you by Security Administrator, the print newsletter with independent, impartial advice for IT administrators securing Windows and related technologies. Subscribe today.

Copyright 2003, Penton Media, Inc.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.