Security UPDATE--The Perils of Mobile Computing--July 13, 2005

This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertisers' Web sites and show your support for Security UPDATE.

Testing Your Security Configuration
http://www.windowsitpro.com/Whitepapers/microsoft/securityconfiguration/index.cfm?code=sectop_713

Windows Master CD
http://www.windowsitpro.com/rd.cfm?code=cdeu2256up

1. In Focus: The Perils of Mobile Computing

2. Security News and Features
- Recent Security Vulnerabilities
- Microsoft Baseline Security Analyzer v2.0 Now Available
- Active Directory Federation Services for Non-Microsoft Platforms

3. Security Toolkit
- Security Matters Blog
- FAQ
- Security Forum Featured Thread

4. New and Improved
- Partnering for Better Security

==== Sponsor: Testing Your Security Configuration ====

Over a decade ago the Department of Defense (DoD) released a statement saying, "Hack your network, or the hackers will do it for you. Up until that point, the value of vulnerability scanning and penetration testing was questionable. Today, vulnerability-scanning hackers, Internet-traveling worms, and roving bots are common. The DoD's advice given 10 years ago still holds true: You should conduct regular vulnerability and penetration testing audits to validate your security policy. This free white paper will discuss how to identify and fix vulnerabilities, discover and use vulnerability assessment tools, evaluate your security investment and more. Download your free copy now!
http://www.windowsitpro.com/Whitepapers/microsoft/securityconfiguration/index.cfm?code=sectop_713

==== 1. In Focus: The Perils of Mobile Computing ====
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Over the past few years, wireless networks have spread all over the place. Some cities and towns even provide free Internet access over public networks. Chances are high that unless you live in a very rural area, one or more of your neighbors has a home wireless network. Chances are also high that many of those neighboring wireless networks are wide open, and anybody can connect without the owner's permission. And, invariably, sooner or later somebody does just that.

With the proliferation of wireless networks comes the very attractive opportunity to use mobile computing in all sorts of ways. For example, many coffee shops offer free wireless access, as do libraries and restaurants. So if you're a telecommuter working on the road somewhere, or just want to check your email or do a little Web surfing without going back to your own network, you can use any number of public wireless networks.

A problem with the ease-of-use that open wireless networks offer is that invariably some people can't resist using an open wireless network even if it's not expressly made open for the public. That's where simple wardriving can become a criminal act. After all, the unauthorized use of a network is a crime in most places today. So if you discover a wireless network and decide to use it, you might be committing a crime.

Last week, a precedent for increased arrests began to develop in Florida. A man discovered that another man was sitting outside his house in a vehicle while using a laptop. The man of the house apparently had an open wireless network, and the man in the vehicle had connected to the wireless network without permission and was using it for what are at this time unknown purposes. Eventually, the homeowner informed the police, who subsequently arrested and charged the man in the vehicle. He now faces a criminal case.

The man's illegal use of someone else's network is puzzling. If I understand correctly, the incident took place in St. Petersburg, which is the fourth largest city in Florida with a population of nearly 250,000. Certainly, there must be many places that offer free public wireless network access, so why did the man choose to break into someone else's network? I don't know, but the incident does raise some interesting questions.

What if that man was using a computer provided by his company? Or what if he was checking email on his company's mail server? Would that then make the company liable for the man's actions? If nothing else, the incident points out that businesses that provide wireless devices to their employees should probably consider implementing policies that stipulate acceptable use of those devices. Without such policies, businesses are more open to potential legal problems if employees misuse company equipment.

If you're interested in the details of this story, then use your favorite news site search engine to look for the terms "wireless" and "Florida," and add the terms "Smith" and "Dinon" if you need to narrow the search results.

==== Sponsor: Windows Master CD ====

Why Do You Need the Windows IT Pro Master CD? There are three good reasons to order our latest Windows IT Pro Master CD. One, because it's lightning-fast, portable tool that let you search for solutions by topic, author, or issue. Two, because it includes our Top 100 Windows IT Pro Tips. Three, because you'll also receive exclusive, subscriber-only access to our entire online article database. Click here to discover even more reasons:
http://www.windowsitpro.com/rd.cfm?code=cdeu2256up

==== 2. Security News and Features ====

Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at
http://www.windowsitpro.com/departments/departmentid/752/752.html

Microsoft Baseline Security Analyzer 2.0 Now Available
On July 1, Microsoft released Microsoft Baseline Security Analyzer (MBSA) 2.0. The new version supports Windows Server Update Services (WSUS) and includes a new command line interface to perform local and remote scans.
http://www.windowsitpro.com/Article/ArticleID/46910

Active Directory Federation Services for Non-Microsoft Platforms
Windows Server 2003 R2 will support Web-based single-sign-on (SSO) and federated authentication using Active Directory (AD) as the backend. Centrify aims to enable the technology on non-Microsoft platforms.
http://www.windowsitpro.com/Article/ArticleID/46933

==== Resources and Events ====

Identify the Key Security Considerations for Wireless Mobility
Wireless and mobile technologies are enabling enterprises to gain competitive advantage through accelerated responsiveness and increased productivity. In this free Web seminar, you'll receive a checklist of risks to factor in when considering your wireless mobility technology evaluations and design. Sign up today and learn all you need to know about firewall security, transmission security, OTA management, management of third-party security applications, and more!
http://www.windowsitpro.com/seminars/mobilesecurity/index.cfm?code=0711emailannc

Learn to Sort Through Sarbanes-Oxley, HIPPA, and More Legislation Quicker and Easier!
In this free Web seminar, get the tips you've been looking for to save time and money in achieving IT security and regulatory compliance. Find out how you can simplify these manually intensive, compliance-related tasks that reduce IT efficiency. Turn these mandates into automated and cost-effective solutions. Register now!
http://www.windowsitpro.com/seminars/regulatorycompliance/index.cfm?code=0713emailannc

New Cities Added--SQL Server 2005 Roadshow in a City Near You
Get the facts about migrating to SQL Server 2005. SQL Server experts will present real-world information about administration, development, and business intelligence to help you implement a best-practices migration to SQL Server 2005 and improve your database computing environment. Attend and receive a 1-year membership to PASS and 1-year subscription to SQL Server Magazine. Register now!
http://www.windowsitpro.com/roadshows/sqlserverusa/index.cfm?code=0713emailannc

Integrate Your Compliance System With Backup and Recovery
Discover the issues involved with integrating your compliance system with backup and recovery, including backup schedules, pros and cons of outsourcing backup media storage and management, the DR implications of backing up compliance data, the possibility of using alternative backup methods to provide backup and compliance in a single system, and more. You'll learn what to watch out for when combining the two functions and how to assess whether your backup/restore mechanisms are equal to the challenge.
http://www.windowsitpro.com/seminars/backupandrecovery/index.cfm?code=0713emailannc

Influencers 2005: Thriving In The Face Of Regulation: How to Accommodate the New Corporate Governance Regime and Achieve Optimum Financial Performance
Join Arthur Levitt, former chairman of the SEC, Arnold Hanish, and Scott Mitchell as they discuss the most important management challenge facing businesses today--Wednesday, July 20 at 11:00 a.m. EDT. Register here:
http://bfmag.com/webcasts/7-20-05/index.html?w=1&ext_event_user_cd=winit&partnerref=winit

You Could Win An iPod Mini!
Your expert opinion makes a difference--tell us what you think about industry conferences and events. Your feedback is very valuable to us. Take this short survey today!
http://www.pentonsurveys.com/survey.asp?s=01033250254096156108

==== Featured White Papers ====
Is Your Company Legally Required to Have an Email Compliance and Retention Policy?
Gain an understanding of general retention and compliance issues and Microsoft Exchange Server's built-in archiving and compliance features and get guidance on the first steps to take when starting an archiving regime. Plus--discover how to analyze trends and usage across your messaging store.
http://www.windowsitpro.com/whitepapers/sherpa/exchangecompliance/index.cfm?code=0713emailannc

==== 3. Security Toolkit ====

Security Update for Internet Explorer
by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters

Microsoft released a security update for Internet Explorer (IE) 5.x and 6.0. Microsoft article 903235 discusses the matter.
http://www.windowsitpro.com/Article/ArticleID/46912

FAQ
by John Savill, http://www.windowsitpro.com/windowsnt20002003faq

Q: How can I enable the Anonymous SID to be part of the Everyone group in Windows XP and later?

Find the answer at http://www.windowsitpro.com/Article/ArticleID/46603

Audit File Access
(Two messages in this thread)
A reader wants to know whether there are any third-party tools to implement domain-wide file auditing. He needs to be able to dump log data into a database, including which files were accessed, when they were accessed, the name of the user who accessed the files, and the computer that the files were accessed from.

Join the discussion at http://forums.windowsitpro.com/web/forum/messageview.aspx?catid=42&threadid=42185

==== Announcements ====
(from Windows IT Pro and its partners)

Check Out the New Windows IT Security Newsletter!
Security Administrator is now Windows IT Security. We've expanded our content to include even more fundamentals on building and maintaining a secure enterprise. Each issue also features product coverage of the best security tools available and expert advice on the best way to implement various security components. Plus, paid subscribers get online access to our entire security article database (over 1900 security articles)! Order now:
http://www.secadministrator.com/rd.cfm?code=00eu2557su

Exclusive Content for VIP Subscribers!
Get inside access to all of the content and vast resources from Windows IT Pro, SQL Server Magazine, Exchange & Outlook Administrator, Windows Scripting Solutions, and Windows IT Security, with over 26,000 articles at your fingertips. Your VIP subscription also includes a 1-year print subscription to Windows IT Pro and a VIP CD (includes entire article database). Sign up now:
http://www.windowsitpro.com/rd.cfm?code=wveu2757bu

==== 4. New and Improved ====
by Dustin Ewing, [email protected]

Partnering for Better Security
Apani Networks announced that its In-depth Network Security (INS) system is available from HP. HP will provide first-line support for customers around the world, as well as security-compliance consulting and onsite services as needed. INS provides complete network-access control, dynamic implementation of network security policies, and point-to-point encryption. It will allow organizations to manage security relationships for an entire network from a centralized point. This centralization reduces infrastructure costs and provides a security audit trail, which is essential for compliance regulation requirements. For more information, visit the company's Web site
http://www.apani.com

Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to
[email protected]

Editor's note: Share Your Security Discoveries and Get $100
Share your security-related discoveries, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions (500 words or less) to [email protected] If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.

==== Sponsored Link ====

Argent versus MOM 2005
Experts Pick the Best Windows Monitoring Solution
http://a.windowsitpro.com/RealMedia/ads/click_lx.ads/www.windowsitpro.com/TextLink/1112745096/x14/Penton/WN_Argent_July05_NLSplink_116194/1x1.gif/1

==== Contact Us ====

About the newsletter -- [email protected]
About technical questions -- http://www.windowsitpro.com/forums
About product news -- [email protected]
About your subscription -- [email protected]
About sponsoring Security UPDATE -- [email protected]