Security UPDATE--Handheld Security Admin--March 15, 2006

This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertisers' Web sites and show your support for Security UPDATE.

GuardianEdge Technologies

Scalable Software


1. In Focus: Handheld Security Admin

2. Security News and Features

- Recent Security Vulnerabilities

- Cisco Moving into Physical Security Arena

- Firefox 2.0 to Gain Security Improvements

- Crank Up Security with MBSA 2.0

3. Security Toolkit

- Security Matters Blog


- Security Forum Featured Thread

- Share Your Security Tips

4. New and Improved

- Better Security Event Reporting


==== Sponsor: GuardianEdge Technologies ====

Encrypt and Manage Data on Any Platform

Sensitive data is everywhere: in email and on hard drives, removable storage devices, and PDAs. Encryption is the only way to protect that data from criminals and competitors while complying with regulators. But encrypting data on all those devices and managing them efficiently is a major challenge. Encryption Anywhere solves the problem with a single management tool that plugs directly into Microsoft Active Directory letting you distribute and manage encrypted Microsoft clients without changing your current processes. Click here to find out how you can protect corporate data and prevent identity theft.


==== 1. In Focus: Handheld Security Admin ====

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Laptops are great tools. They've allowed security administrators to take their tools on the road and freed them from relying on access to a storage server. For some security consultants, it might be nearly impossible to get any work done without a laptop.

One downside of laptops is that sometimes they can be bulky to carry around. Plus when you need to use a laptop, you must take it out of the bag, find a place to set it (on your lap if necessary), and start it up. Then when you're done, you must reverse the whole process. A task that will take you 5 minutes on the computer winds up taking 10 minutes overall.

Now, new mobile devices are poised to improve our situation once again. New handheld devices are powerful, flexible, and relatively easy to use. They can run a full-blown OS (as opposed to a scaled down, limited version), provide plenty of storage, are lightweight, and are ready to use almost instantly nearly any time and any place.

New devices are coming to market. One that you might have already heard about is Microsoft's Ultra-Mobile PC (UMPC), code-named The Origami Project.

UMPC runs Windows XP Tablet PC Edition, has a 7-inch display with a minimum of 800 x 480 dpi resolution, includes network connectivity, has a 40GB hard drive, and weighs about 2 pounds. UMPC won't fit in your pocket, but it would fit in some purses, and you'll be able to hold it in your hand to get work done when necessary. Microsoft's UMPC will cost under $1000.

Some might think that UMPC is just another tablet PC. While that might be true in the most basic sense, tablet PCs have significant advantages over laptops, most notably the ease of use. One thing missing from UMPC is a keyboard. I must have a keyboard, even though I like handhelds' touch screens. A demo at Intel's site (first URL below) shows an ultra-mobile device that does have a keyboard (second URL below). I want this one!

Another new device is the DualCor cPC. This device weighs only 1.1 pounds and features two processors and two OSs: Windows XP Tablet PC Edition and Windows Mobile. The device also has a 40GB hard drive and 5-inch display with 800 x 480 dpi resolution. The price is $1500 retail, with discounts for volume purchases.

Another handheld computer comes from OQO. The OQO model 01+ has a 30GB drive, weighs only 14 ounces, and is small enough to put in your pocket. The screen size is 5 inches. The model 01+ has a mini-keyboard that slides out from under the display. Hold on to your hats for the price: the Windows Tablet PC Edition sells for $2099 retail!

For a decent comparison of several handheld computers, including some that I didn't have room to mention here and some that don't run Windows Tablet PC Edition, visit the Web site at the URL below.


==== Sponsor: Scalable Software ====

How much are you spending on IT compliance? Streamline and automate the compliance life cycle with this FREE white paper, and reduce your costs today!


==== 2. Security News and Features ====

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

Cisco Moving into Physical Security Arena

With its latest acquisition, Cisco aims to bring its customers IP-enabled physical security. The company announced an agreement to acquire privately held SyPixx Networks, a company founded in 2002 to deliver video surveillance systems.

Firefox 2.0 to Gain Security Improvements

An alpha release of Firefox 2.0 is due out in the next few days, according to meeting minutes posted at Mozilla Foundation. A few important new security features will be included in the 2.0 version. Read about them in this news story.

Crank Up Security with MBSA 2.0

The latest version of Microsoft's popular no-cost MBSA tool is more than a simple update; it includes new features and has been designed to integrate seamlessly with other update tools such as Windows Server Update Services (WSUS) and the Systems Management Server (SMS) Inventory Tool for Microsoft Updates (ITMU). Get the details at


==== Resources and Events ====

Windows Connections Conference, April 9-12, 2006

Don't miss the essential Windows technology conference.

When disaster strikes your servers, whether they are dedicated to Windows, SQL, or Exchange, you need answers. Make sure that if an emergency occurs, you're prepared. Get the full eBook and get started on your recovery plan today!

Learn to gather evidence of compliance across multiple systems and link the data to regulatory and framework control objectives. On-demand Web seminar.

Make sure your email server is secure. Learn everything from basic techniques to defense-in-depth strategies, including network-level access control lists, Web authentication, firewall protocol inspection, and perimeter filtering. Live Web seminar Thursday, March 23.

Use Windows Server 2003 R2 as a platform for SQL Server 2005 to support large-database requirements, including clustering and multiple processors. Register for this free Web seminar today!


==== Featured White Paper ====

Use scripted deployments to ensure that all your Exchange servers are configured and deployed with exactly the same options and to maintain a record of your installation configurations. Learn how today!


==== Hot Spot ====

Symantec Corporation

A multi-tier approach to email security prevents unauthorized access and can stop spam, viruses, and phishing attacks. Learn to implement one today, and protect your network security and business systems!


==== 3. Security Toolkit ====

Security Matters Blog: L0phtcrack Retired

by Mark Joseph Edwards,

After years as a password-cracking staple, L0phtcrack is apparently being put out to pasture--discontinued. However, there are alternatives, including Cain & Abel, LCP, Ophcrack 2, and the Openwall Project's John the Ripper. Find links to these alternatives in this blog article.


by John Savill,

Q: Can you use the Microsoft File Server Migration Toolkit (FSMT) to migrate shares between servers in different forests?

Find the answer at

Security Forum Featured Thread: Audit Tools

Know of any good tools to audit a Windows Server 2003 domain environment, including password reports? If so, join the discussion at

Share Your Security Tips and Get $100

Share your security-related tips, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions (500 words or less) to [email protected] If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.


==== Announcements ====

(from Windows IT Pro and its partners)

Windows IT Pro Magazine Article Library--access available

Sign up for a Monthly Online Pass and get INSTANT access to all articles, tools, and helpful resources published on, including exclusive subscriber-only content. You'll get 24/7 access to the full Windows IT article library (which includes more than 9,000 articles) as well as the latest digital issue of Windows IT Pro delivered right to your inbox. Sign up now:

Windows IT Pro Magazine--SAVE 58%

Windows IT Pro is a must-have in 2006! Subscribe now and plug into the largest independent Windows IT community in the world. Along with loads of how-to articles, time-saving advice, and expert tips and solutions, you'll gain exclusive access to the entire online Windows IT Pro article library FREE. This is a limited-time offer, so order now:


==== 4. New and Improved ====

by Renee Munshi, [email protected]

Better Security Event Reporting

Astaro released Astaro Report Manager 4.2, which lets you collect and report on data from Astaro Security Gateway appliances and security gateways from other vendors such as Check Point and Cisco. New features include a Java-based console that provides information about critical security events in real time, a new forensics analysis tool that helps you search log data on multiple devices, and new reports designed to meet federal regulatory requirements. Pricing starts at $295 for systems running Astaro Security Gateway Software and at $395 for Astaro Security Gateway appliances. For more information, go to

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected]


==== Contact Us ====

About the newsletter -- [email protected]

About technical questions --

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]


This email newsletter is brought to you by Windows IT Security, the leading publication for IT professionals securing the Windows enterprise from external intruders and controlling access for internal users. Subscribe today.

View the Windows IT Pro privacy policy at

Windows IT Pro, a division of Penton Media, Inc.

221 East 29th Street, Loveland, CO 80538

Attention: Customer Service Department

Copyright 2006, Penton Media, Inc. All rights reserved.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.