Security Pro VIP--May 1, 2008

In this Issue

  • Perspective: Data on the Move
  • Coming this Month
  • April 2008 Articles in Print-Friendly Format
  • Security Horror Story Contest
  • Share Your Security Tips and Get $100
  • The Security Pro VIP Forum
  • Perspective: Data on the Move

    How do you share data with your business partners? Email attachments? Microsoft SharePoint sites? FTP? Purchased solution over leased lines? Many methods are available, but it's increasingly important to ensure that the method you use is a secure one. Regulations such as the Gramm-Leach-Bliley Act and the Health Insurance Portability and Accountability Act (HIPAA) stipulate proper handling of customer data, and your company might have other types of sensitive data that it wants to protect when sending the information to a partner organization or a branch location.

    The following articles present some options for secure file transfer:

    Access Denied: Exchanging Files Securely, October 2005, describes how you can safely exchange files by using the encryption features in Microsoft Office Word 2003, Microsoft Office Excel 2003 or WinZip Computing's WinZip.

    Secure File Exchange Over the Internet, February 2006, provides an overview of solutions for securing files for transport and then focuses on three encryption methods that work with email attachments: file compression utilities that also offer encryption, Pretty Good Privacy (PGP), and Public Key Infrastructure (PKI).

    Copying Files Securely Between Systems, October 12, 2005, introduces three common methods for securing file transfer: employing the RRAS component that comes with Windows Server 2003 and Windows 2000 Server to establish a VPN that uses PPTP, using Microsoft IIS and Secure Sockets Layer (SSL) connections along with a custom Web interface, or using Secure Shell (SSH). The article also points to resources for more information about implementing the three methods.

    Access Denied: Safeguarding FTP Files, June 2004, explains how to set permissions on an FTP account such that if the account's username and password are intercepted, the account will have only limited access to files on the FTP server.

    As an alternative to implementing your own file-transfer solution, you can purchase a file-transfer product. Sterling Commerce's Connect family of managed file transfer solutions has until recently been strictly for exchanging files with a business partner over a leased line. But a few weeks ago, the company released Sterling Secure Proxy, which extends managed file transfer to the Internet. Many of Sterling's customers are financial institutions with strict requirements for transferring data in an encrypted, uninterrupted, and auditable fashion. That was tough to do over the Internet. But now Secure Proxy gives these customers a way to expand the number of partners with which they can exchange data without adding a lot of costly leased connections. Secure Proxy sits in the demilitarized zone (DMZ) to protect the Sterling managed file transfer server that's behind the firewall on the corporate network.

    Sterling is just one of many "secure file transfer products," which you'll discover if you type in that phrase at

    This is the last Perspective column I'll be writing for Security Pro VIP. Next month, you'll have a fresh perspective from Lavon Peters, the new Security Pro VIP editor.

    —Renee Munshi, Security Pro VIP Editor

    Coming this Month

    "Securing the Windows Search Path" by Alex K. Angelopoulos
    Learn how to lock down the Windows search path as well as modify and lock down the pathext variable to prevent an attacker from using command search to escalate privileges.
    This article is now live on the Web.

    "The Event Log Query Utility" by Jim Turner
    This HTML Application lets you query a variety of machines for a variety of event types.
    This bonus article, first published in the Windows Scripting Solutions newsletter and available online only to Scripting Pro VIP subscribers, will now be available on Security Pro VIP.
    Coming tomorrow, May 2.

    "Tips for Securing WordPress" by Mark Burnett
    A hacked blog can be a PR nightmare. Stop it from happening to you by taking some precautions: Use SSL for administration, and set correct permissions.
    Coming May 8.

    Toolbox: "Safety Scanner" by Jeff Fellinge
    Microsoft's free service, Safety Scanner, part of the Windows Live OneCare product group, can scan, defrag, and clean files.
    Coming May 15.

    Windows Gatekeeper by Jan De Clercq
    Answers to your Windows security questions.
    Coming May 22.

    April 2008 Articles in Print-Friendly Format

    Get all the April articles in .pdf format by clicking here. Print the .pdf and enjoy!

    Security Horror Story Contest

    Tell us about a security hole that you found, a virus that shut down your network, an embarrassing or scary near-miss or direct hit. (Be sure to describe how you solved the problem too.) We’ll print the best tales in a Windows IT Pro cover story (anonymously, if you like), and you’ll win a 1-year Windows IT Pro VIP subscription. Send your security horror stories (no more than 500 words) to [email protected] by May 9.

    Share Your Security Tips and Get $100

    Share your security-related tips, comments, or problems and solutions in Security Pro VIP's Reader to Reader column. Email your contributions to [email protected]. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.

    The Security Pro VIP Forum

    The Security Pro VIP forum is your place to ask questions about security topics and about articles posted on the Security Pro VIP Web site and to get answers from other forum members, including Orin Thomas, forum moderator, and article authors. Let's talk!

    Hide comments


    • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

    Plain text

    • No HTML tags allowed.
    • Web page addresses and e-mail addresses turn into links automatically.
    • Lines and paragraphs break automatically.