Security UPDATE--Looking Ahead Into 2006--December 28, 2005

This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertisers' Web sites and show your support for Security UPDATE.

Diskeeper http://www.windowsitpro.com/whitepapers/diskeeper/defragmentation/index.cfm?code=SECtop1228

Thawte http://www.windowsitpro.com/go/whitepapers/thawte/ssl?code=SECmid1228

1. In Focus: Looking Ahead Into 2006

2. Security News and Features - Recent Security Vulnerabilities - Microsoft Releases Tool to Help with SUS 1.0 Synchronization - Oracle to Fortify Its Solutions

3. Security Toolkit - Security Matters Blog - FAQ - Security Forum Featured Thread

4. New and Improved - UTM Appliances for Small Businesses

==== Sponsor: Diskeeper ====

The Impact of Disk Defragmentation Nearly every IT professional has a fragmentation horror story - in which fragmentation severely degraded performance that systems were unusable. In this free white paper, learn what impact fragmentation has on users and system activities and discover how quickly fragmentation accumulates as a result of these activities. Plus get the recommendations you need to manage the frequency of defragmentation across your infrastructure. http://www.windowsitpro.com/whitepapers/diskeeper/defragmentation/index.cfm?code=SECtop1228

==== 1. In Focus: Looking Ahead Into 2006 ==== by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Only a few days are left in 2005 and instead of recapping major events of the past year, let's peek into what might be some of the major topics in 2006. Any number of unknowns might arise over the next 12 months, but I think at least three areas will be among the major centers of attention: Least-Privileged User Accounts (LUA), rootkits, and backups.

LUA is a major topic that has grown in importance throughout 2005. Although Windows Vista promises to bring us closer to true LUA functionality, we don't have an official product release of Vista yet. Even when it does become available, countless desktops won't be running it for quite some time. So we need to make due with what we have to work with.

One of the best resources for learning how to implement LUA and for sharing experiences in that realm is the Nonadmin Wiki (nonadmin.editme.com ) at the URL below. According to the Web site, the wiki is "a place where anyone can share their experiences with running as a non-administrator in Windows – the good (tips, tools, and help for using a limited-user account), the bad (programs that won't even install, let alone run, unless you're administrator), and the ugly (workarounds and kludges)."

The site is published by a group of contributors, some of whom work at Microsoft and some of whom you've probably heard of, including Aaron Margosis, Jay Bazuzi, Jenni Merrifield, Jonathan Hardwick, Micheal Howard, and Thomas Lee. Other contributors include anyone in the Internet community who wants to offer his or her experiences and insight. At the wiki, you'll find that you can also ask questions and download numerous tools that help you move toward establishing LUA in your environment.

A major hurdle in establishing LUA is with applications that can't run without some level of access to resources that require administrative access. Margosis said that next year a new tool will be released (tentatively named LUA Buglight) that will help developers find problems in application code that requires administrative access to either install or run. The tool will also help developers create ways to work around the problems. If you're a developer, keep an eye on the wiki for the eventual release of that tool.

Microsoft is also currently beta testing instructions in a whitepaper, "Applying the Principle of Least Privilege to User Accounts on Windows XP." I don't know when that whitepaper will be finished and ready for the public, but when it's ready, I'll let you know.

In the coming year, we'll also see more focus on rootkits. The problem with rootkits is obvious: They grant people unauthorized access to a system, sometimes at the Administrator or System level. Furthermore, we learned this year via the Sony BMG fiasco (see the URL below) that we can't trust all companies to do the right thing when it comes to providing tools for public consumption. Invariably, some companies will overstep reasonable boundaries. http://www.windowsitpro.com/Article/ArticleID/48318/48318.html

One of the more popular rootkits that intruders use is called Hacker Defender, and several security packages claim to be able to detect and remove it from a system. However, removal isn't a simple task, and often Hacker Defender is a moving target. You can learn why it's a moving target directly from the person who developed the code by reading the article at the URL below. http://www.emailbattles.com/archive/battles/security_aacejifdhf_ic

The developer claims that one reason he developed Hacker Defender was that "rootkit projects force security companies to care about the core of the problems, to develop better and better products." But if his intent is to improve security products, why do so by selling a hazardous tool? Why not instead create a tool that can help prevent rootkits?

Intel is taking steps in that direction by working to develop chip-level technology that helps prevent malicious code, such as Hacker Defender, from making its way into systems. The technology, called System Integrity Services (SIS), will work with software-based drivers, kernel-level code, and application code to help prevent nuisances such as code injection, memory overwrites, and jumps in code blocks. The company published two documents that explain how the technology will work. One document (at the first URL below) gives a broad overview. The second document (at the second URL below) provides a fair amount of technical insight about what will actually take place inside a system http://www.intel.com/technology/magazine/research/runtime-integrity-1205.pdf http://www.intel.com/technology/comms/download/system_integrity_services.pdf The third area of attention for 2006 is backups, particularly because backups are necessary to recover from some forms of security intrusions. Backups have been an area of high importance ever since computers made it onto desktops in businesses. In the past, people created backups (typically at night when workers were out of the office) and hopefully stored the backup media in a secure remote location. When a restoration is required, the backup media is retrieved for use. The process takes time and carries considerable risk. Tapes could be lost, stolen, or damaged anywhere along the way.

In recent years a new type of backup process, continuous data protection (CDP), has become more prominent and affordable to a broader set of customers. As the name implies, CDP archives continuous data snapshots, typically in realtime. As you might suspect, CDP archives only the bits of data that change as opposed to entire files. Obviously such technology has many advantages, including reduction of bandwidth usage, easier and faster recovery methods, and a much smaller window of vulnerability to data loss. With such appeal, naturally there are many solutions available, and I've complied a list of links to 10 of the most popular ones at the end of this article. To find even more CDP solutions, use your favorite search engine with the phrase "continuous data protection." Also don't forget to check Windows IT Pro's Web site for articles that relate to CDP. The URL below will take you directly to the search results. http://www.windowsitpro.com/search/index.cfm?maxresults=0&sortby=date&advanced=&qs=%22Continuous%20Data%20Protection%20%22&Action=Search

With that said, I want to express to you all best wishes for a better year in 2006.

CDP Solutions

IBM Tivoli http://www-306.ibm.com/software/tivoli/products/continuous-data-protection LiveVault: http://www.livevault.com Mendocino Software: http://www.mendocinosoft.com Microsoft: http://www.microsoft.com/windowsserversystem/dpm/default.mspx Mimosa Systems: http://www.mimosasystems.com Revivio: http://www.revivio.com Storactive: http://www.storactive.com Timespring: http://www.timespring.com Troika Networks: http://www.troikanetworks.com Xosoft: http://www.xosoft.com

==== Sponsor: Thawte ====

Secure Your Online Data Transfer with SSL Increase your customers' confidence and your business by securely collecting sensitive information online. In this free white paper you'll learn about the various applications of SSL certificates and their appropriate deployment, along with details of how to test SSL on your web server. http://www.windowsitpro.com/go/whitepapers/thawte/ssl?code=SECmid1228

==== 2. Security News and Features ====

Recent Security Vulnerabilities If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at http://www.windowsitpro.com/departments/departmentid/752/752.html

Microsoft Releases Tool to Help with SUS 1.0 Synchronization Microsoft previously made known a problem with Software Update Services (SUS) 1.0 that occurs when it is synchronized after December 12, 2005. Previously approved updates might all become listed as unapproved. Last week, Microsoft released its Approval Analyzer Tool to help correct the problem. http://www.windowsitpro.com/Article/ArticleID/48837

Oracle to Fortify Its Solutions Oracle announced that it will integrate Fortify Software's security analysis tools into its software development process. Fortify Software's tools scan source code to find potential security problems, test software for various vulnerabilities such as buffer overflows and SQL injection attacks, and help manage the security aspects of project development. http://www.windowsitpro.com/Article/ArticleID/48833

==== Resources and Events ====

SQL Server 2005: Up & Running Roadshows Coming to Europe! SQL Server experts will present real-world information about administration, development, and business intelligence to help you put SQL Server 2005 into practice and learn how to use its new capabilities. Registration includes one-year PASS membership and subscription to SQL Server Magazine. Register now for London and Stockholm, Sweden at: http://www.windowsitpro.com/roadshows/sqlservereurope/index.cfm?code=1228emailannc

ESSENTIAL GUIDE: Learn strategies for improving your email system's availability and resiliency. Download this free guide today: http://www.windowsitpro.com/essential/index.cfm?code=1228emailannc

WEB SEMINAR: Get the tools, tips, and training that you need to avoid a messaging meltdown when an outage strikes. View this seminar today: http://www.windowsitpro.com/go/seminars/messaging/?partnerref=1228emailannc

Microsoft Exchange & Windows Connections 2006 April 9-12, 2006, Orlando, Florida. These co-located events will provide you with cutting-edge information and training to keep your competitive edge. Register by January 9 and receive one FREE hotel night at the Walt Disney World Swan Resort. Call 800-438-6720 for details. http://www.winconnections.com

WHITE PAPER: Plan and implement reliable strategies to maintain highly available Exchange Server 2003 messaging systems. Download this free white paper today! http://www.windowsitpro.com/go/whitepapers/HP/exchange2003?code=1228emailannc

==== Featured White Paper ====

WHITE PAPER: What you need to know about ensuring data protection and high availability for Exchange. Get your copy today. http://www.windowsitpro.com/go/whitepapers/NSI/exchange?code=1228emailannc

==== Hot Spot ====

As a result of growing credit card identity theft, the PCI Data Security Standard was developed and is rapidly becoming a requirement for all organizations to protect the privacy of cardholders and their confidential information. In this free white paper you'll get the tips you need to prepare and comply with PCI-Data Security standards, including defining the 12 major requirements, how those requirements affect IT and more! http://www.windowsitpro.com/go/whitepapers/bindview/pci?code=SEChot1228

==== 3. Security Toolkit ====

Security Matters Blog: Encryption Without Secrets by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters

If you need to protect private information for some period of time then in some cases you could use simplified encryption techniques that don't require certificates. http://www.windowsitpro.com/Article/ArticleID/48836

FAQ by John Savill, http://www.windowsitpro.com/windowsnt20002003faq

Q: What are the new well-known security principals that Windows Server 2003 introduces?

Find the answer at http://www.windowsitpro.com/Article/ArticleID/48447

Security Forum Featured Thread: Book Recommendation Needed (Two message in this thread) A forum user wants to know if anyone can recommend a book that teaches in-depth packet level detail and how the network layer works in Windows.

Join the conversation: http://forums.windowsitpro.com/web/forum/messageview.aspx?catid=42&threadid=44355&enterthread=y

==== Announcements ==== (from Windows IT Pro and its partners)

Want to Become a VIP Subscriber? Become a VIP subscriber and get continuous, inside access to ALL the online resources published in Windows IT Pro, SQL Server Magazine, and the Exchange and Outlook Administrator, Windows Scripting Solutions, and Windows IT Security newsletters. That's more than 26,000 articles at your fingertips. You'll also get a valuable one-year print subscription to Windows IT Pro and two VIP CDs. (CDs include the entire article database on CD, delivered twice per year.) Don't miss out…sign up now: https://store.pentontech.com/index.cfm?s=1&promocode=eu275cuv

Holiday Special--Save up to $40 off SQL Server Magazine You won't want to miss any of SQL Server Magazine's upcoming winter issues! Subscribe now and discover the best ways to plan for a successful SQL Server 2005 upgrade, the value of integrating Visual Studio 2005, ways ADO.NET 2.0 solves your problems, the annual Readers' Choice survey, and much more. You'll also gain exclusive access to the entire SQL Server Magazine online article database FREE, and you'll save up to $40 off the full cover price. Click here: https://store.pentontech.com/index.cfm?s=9&promocode=eu215cum

==== 4. New and Improved ==== by Renee Munshi, [email protected]

UTM Appliances for Small Businesses Check Point Software Technologies announced the new Check Point Safe@Office 500 and Safe@Office 500W Unified Threat Management (UTM) network security appliances, designed for small businesses. Safe@Office 500 and 500W, based on technology developed by Check Point subsidiary SofaWare Technologies, feature firewall, VPN, antivirus, intrusion prevention, traffic-shaping, and Web-filtering software. Safe@Office 500W integrates a 108Mbps extended range wireless Access Point (AP) with wireless security and guest hotspot capabilities. Safe@Office 500 and 500W are scheduled to be available in December. Pricing starts at $299 for the appliance and $10 annually per user for firewall and antivirus subscriptions. Check Point SecuRemote VPN Client is bundled with the appliances. For more information, visit http://www.checkpoint.com/smallbusiness

Tell Us About a Hot Product and Get a T-Shirt! Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected].

Editor's note: Share Your Security Discoveries and Get $100 Share your security-related discoveries, comments, or problems and slutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions (500 words or less) to [email protected]. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.

==== Contact Us ====

About the newsletter -- [email protected] About technical questions -- http://www.windowsitpro.com/forums About product news -- [email protected] About your subscription -- [email protected] About sponsoring Security UPDATE -- [email protected]