Security UPDATE--Safer Mobile Surfing--February 9, 2005

1. In Focus: Safer Mobile Surfing

2. Security News and Features

- Recent Security Vulnerabilities

- February the 13th: Microsoft Issues Massive Number of Security Fixes

- Microsoft to Purchase Sybari Software

- Weakness in Windows XP SP2 Overflow Protection

- SOHO Firewall Appliances

3. Security Matters Blog

- Stop Users from Bypassing Group Policy

- Two More Months to Opt Out of Windows XP SP2

4. Instant Poll

5. Security Toolkit

- FAQ

- Security Forum Featured Thread

6. New and Improved

- Spam Firewall for Large Organizations

==== Sponsor: ScriptLogic ====

Evaluate Cloak & Get A Free T-Shirt

If you're a security-conscious administrator, ScriptLogic has a new product that's a must-have, no matter how large or small your company is. Cloak is an innovative software solution that enhances the NTFS by providing increased security, more accurate audits, and a streamlined experience for network users. When you install Cloak on the Windows Server, users will only see the files and folders they have permission to access. Not only does Cloak filter network requests on file servers, it can also filter local activity, so it's ideal for Citrix Metaframe and Terminal Servers too! Download a 30-day evaluation today and get a free Cloak t-shirt. Go to

http://www.scriptlogic.com/wip-feb9.asp

==== 1. In Focus: Safer Mobile Surfing ====

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

I'm sure you read lots of different security-related blogs and Web sites. There are a bunch of them out there, and the number seems to keep right on growing. I've got dozens of them in my RSS reader, and I often find new ones that I want to read now and then.

One interesting blog that I found some time ago is called Secureme. Not only is it informative, but the writing style is subtly humorous at times too. When I look at the "avatars" of the blog writers at the site, I'm not quite sure what's missing: a flashy mirrored disco ball and colored lights, or Santa's workshop. When you go to the blog, you'll see what I mean.

http://secureme.blogspot.com

An interesting recent post at the blog ("No SSH server, no problem!" January 13) covered two tools, The Onion Router (TOR) and Privoxy, both of which can be used in a variety of situations, such as using them together to better protect your Internet communications when you're on the road. For example, if you're using a hotel's in-house network or a public wireless network, you could use TOR and Privoxy to help protect your network traffic.

TOR is a routing technology that encrypts and routes your Internet traffic through a number of TOR servers before the traffic reaches its destination. Privoxy is a proxy server that helps protect your Internet privacy by removing or obscuring various content, such as your DNS queries, browser type, OS type, and more. You can configure Privoxy to communicate with TOR so that all your Web traffic is routed through the TOR network.

I tried the two tools, and they seem to work all right. Setting up a TOR client is incredibly simple. Just install it, run it, and make sure there are open ports on your firewall to pass traffic. That's it! Privoxy is equally simple, except that to make it work with TOR, you'll need to add one line to the Privoxy configuration, which is explained in the TOR documentation. You can learn more about TOR and Privoxy and download copies at their respective Web sites.

http://tor.eff.org

http://www.privoxy.com

Until next time, have a great week.

==== Sponsor: Postini ====

An Evaluation of the Total Cost of Ownership of Email Security Solutions

Quantifying the Total Cost of Ownership (TCO) of email security solutions is a notoriously difficult task. Discover how Total Cost of Ownership is much more than the initial acquisition cost of a solution, and how you can save thousands of dollars each year without sacrificing accuracy, control or effectiveness in protecting your email systems. Download this free whitepaper now!

http://www.windowsitpro.com/whitepapers/postini/emailsecuritycost/index.cfm?code=0209secnl

==== 2. Security News and Features ====

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

http://www.windowsitpro.com/departments/departmentid/752/752.html

February the 13th: Microsoft Issues Massive Number of Security Fixes

Yesterday, Microsoft issued a massive number of security bulletins and fixes as part of its regularly scheduled monthly security update release. The company released 12 security bulletins for various products, including several Windows versions, Exchange Server, Office XP, Windows Media Player, MSN Messenger, and SharePoint. Eight of the bulletins are rated as "critical," the company's most serious rating.

http://www.windowsitpro.com/Article/ArticleID/45344/45344.html

Microsoft to Purchase Sybari Software

Microsoft announced yesterday that it has signed a definitive agreement to acquire Sybari Software, a New York-based company that develops antivirus, antispam, and content-filtering technologies. The acquisition will include all of Sybari's staff and technologies. http://www.windowsitpro.com/Article/ArticleID/45340/45340.html

Weakness in Windows XP SP2 Overflow Protection

Security company Positive Technologies released a white paper that explains what it considers to be weaknesses in the heap overflow protection and data execution protection in Windows XP Service Pack 2 (SP2). The two technologies are designed to help prevent intruders from taking advantage of unchecked buffers to launch malicious code within the OS.

http://www.windowsitpro.com/Article/ArticleID/45280

SOHO Firewall Appliances

Even if you have a home office or work for a small company, you still need to protect your valuable data and network. Firewalls have become a de facto standard for all organizations--large and small--as a frontline perimeter-based defense against attackers who want to steal your information, hijack your resources, and otherwise vandalize your network. Jeff Fellinge looks at several solutions in this Buyer's Guide.

http://www.windowsitpro.com/Article/ArticleID/44981

==== Resources and Events ====

InfoSec World 2005, April 4-6, 2005, Orlando, FL

InfoSec World 2005 is where connections are made. Expand your knowledge with the hottest topics and get real-world strategies and tested techniques for meeting your toughest information security challenges. With a full spectrum of events, InfoSec World offers an array of stimulating programs, presentations, activities, networking opportunities and more!

http://www.misti.com/12/os05el7.html

Ensure Successful Token Authentication

What's more secure than password protection? Attend this free Web seminar and learn how to protect your network and make your mobile and remote users more secure with token authentication. Discover ways to evaluate, test, and roll out token authentication to protect your investment, while making a solid business case to justify the costs. Register now!

http://www.windowsitpro.com/seminars/tokenauthentication/index.cfm?code=0209emailannc

Windows Connections Conference Spring 2005

Mark your calendar for Windows Connections Spring 2005, April 17-20, 2005, at the Hyatt Regency in San Francisco. Sessions jam-packed with tips and techniques you need to know to ensure success in today's enterprise deployments. Get the complete brochure online or call 203-268-3204 or 800-505-1201 for more information.

http://ad.doubleclick.net/clk;13381178;8214395;l?http://www.winconnections.com

Configuring Blade Servers for Your Application Needs

Blade servers pack a lot of function into a small space, conserve power and are flexible. In this free Web seminar, industry guru David Chernicoff details the best use of 1P, 2P and 4P configurations using single and multiple enclosures; integrating with NAS and SAN and managing the entire enterprise from a single console. Register now and take advantage of blade servers' power and flexibility.

http://www.windowsitpro.com/seminars/bladeservers2/index.cfm?code=0209emailannc

==== 3. Security Matters Blog ====

by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters

Check out these recent entries in the Security Matters blog:

Stop Users from Bypassing Group Policy

I read a really interesting thread on the Focus on Microsoft mailing list. A list member said his users found a way to bypass Group Policy so that they could install unauthorized software on their machines. The users entered their logon credentials, then as soon as they were authenticated to the domain, they unplugged the network cable so that Group Policy Objects (GPOs) weren't downloaded to their machines. However, there are ways to foil this strategy.

http://www.windowsitpro.com/Article/ArticleID/45295

Two More Months to Opt Out of Windows XP SP2

According to Microsoft's TechNet Flash newsletter, "the mechanism to temporarily disable delivery of Windows XP SP2 is available only for a period of 240 days (8 months) from August 16, 2004. At the end of this period (after April 12, 2005), Windows XP SP2 will be delivered to all Windows XP and Windows XP Service Pack 1 systems."

http://www.windowsitpro.com/Article/ArticleID/45322

==== 4. Instant Poll ====

Results of Previous Poll:

Is comment spam a problem on your company's blogs or Web forums?

The voting has closed in this Windows IT Pro Security Hot Topic nonscientific Instant Poll. Here are the results from the 13 votes:

- 23% Yes it was, but we solved it by requiring registration

- 0% Yes, but we'll implement the new "rel" tag format to stop it

- 0% Yes, but we don't plan to do anything about it

- 77% No

New Instant Poll:

If your company uses Windows XP, do you use XP SP2?

Go to the Security Hot Topic and submit your vote for

- Yes

- No, but we intend to

- No, and we don't intend to

http://www.windowsitpro.com/windowssecurity#poll

==== 5. Security Toolkit ====

FAQ

by John Savill, http://www.windowsitpro.com/windowsnt20002003faq

Q: How can I view a list of all applications on my computer that start at boot-up?

Find the answer at http://www.windowsitpro.com/Article/ArticleID/45305

Security Forum Featured Thread: ISAPI Extension Access to DCOM Application Server

Nicola has an Internet Server API (ISAPI) DLL that connects to a Distributed COM (DCOM) application server. The setup includes a Microsoft IIS server configured with integrated security and anonymous access disabled, a domain group to collect all the domain users that should be able to use the procedures in the DLL, and DCOM configured with an administrator account and launch/access permissions for the domain group. The setup works if the domain group is included in the local Administrators group, but Nicola doesn't want to put the domain group in the local Administrators group and wonders if there's some other configuration that will work. Join the discussion at

http://www.windowsitpro.com/Forums/messageview.cfm?catid=42&threadid=129422

==== Announcements ====

(from Windows IT Pro and its partners)

Try a Sample Issue of Exchange & Outlook Administrator!

If you haven't seen Exchange & Outlook Administrator, you're missing out on key information to help you migrate, optimize, administer, backup, recover, and secure Exchange and Outlook. Plus, paid subscribers receive exclusive online library access to every article we've ever published. Order now!

http://www.exchangeadmin.com/rd.cfm?code=fsep2352up

==== 6. New and Improved ====

by Renee Munshi, [email protected]

Spam Firewall for Large Organizations

Barracuda Networks offers Barracuda Spam Firewall 800, a spam and virus appliance for large organizations and ISPs. Barracuda Spam Firewall 800 supports 30,000 active users and can handle nearly 1.3 million messages per hour. It's designed for reliability, including redundant hot-swap power supplies, RAID 5 disk storage, dual gigabit Ethernet ports, and clustering capabilities. Barracuda Spam Firewall 800 is priced at $17,999 for the appliance and $3999 per year for a subscription to the Energize Update service, which updates the appliance hourly with new spam rules and virus definitions. Barracuda also offers Spam Firewall models for smaller organizations. For more information, visit

http://www.barracudanetworks.com

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected].

Editor's note: Share Your Security Discoveries and Get $100

Share your security-related discoveries, comments, or problems and solutions in the Security Administrator print newsletter's Reader to Reader column. Email your contributions (500 words or less) to [email protected]. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.

==== Sponsored Links ====

Argent versus MOM 2005

Experts Pick the Best Windows Monitoring Solution

http://ad.doubleclick.net/clk;13273616;8214395;i?http://www.argent.com/w/whitepapers_mom.html?Source=WNT%20Sponsored%20Link

Quest Software

See Active Directory in a whole new light. And get a free flashlight!

http://ad.doubleclick.net/clk;13695556;8214395;t?http://wm.quest.com/WITPUpdatelinkSpotADflash205

==== Contact Us ====

About the newsletter -- [email protected]

About technical questions -- http://www.windowsitpro.com/forums

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]