Security UPDATE--New Reports on UTM and IPS Solutions--November 9, 2005

1. In Focus: New Reports on UTM and IPS Solutions

2. Security News and Features

- Recent Security Vulnerabilities

- Microsoft Updates Bulletins MS05-052 and MS05-038

- Support for Exchange 5.5 and Exchange 2000 to Change Soon

- Windows Live Safety Center

3. Security Toolkit

- Security Matters Blog

- FAQ

- Security Forum Featured Thread

4. New and Improved

- UTM Tool Gets 2 Antivirus Engines

==== Sponsor: BindView ====

Free Security Compliance Reality Check

Get a quick reality check of your IT security compliance for specific regulations by running this FREE Compliance Assessment Tool. You'll get an overall "compliance score" as an example of how BindView solutions can help you monitor and report on compliance--all through a single compliance architecture for managing multiple regulations.

Download your free Compliance Assessment Tool for each of these regulations:

Sarbanes-Oxley FISMA HIPAA GLBA Basel II Payment Card Industry–-Data Security Standard

http://www.bindview.com/bvCat/index.cfm?AD=NS-WINITProBVCatDLU-Q305

==== 1. In Focus: New Reports on UTM and IPS Solutions

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

The NSS Group, which I've written about before, analyzes hardware-based security solutions and produces in-depth reports that cover the products' performance and capabilities. The group uses specialized equipment in a controlled environment for its analysis and has reviewed high-performance Intrusion Prevention Systems (IPSs), Intrusion Detection Systems (IDSs), and application firewalls. You can find previous articles about the group's reports at our Web site.

http://www.windowsitpro.com/search/index.cfm?action=search&qs=%22NSS+Group%22

Recently, The NSS Group released two new reports: Unified Threat Management (UTM) and IPS Group Test (Edition 3). The UTM report is the group's first report on products in this category. It looks at unified security solutions that include firewall, VPN, IDS/IPS, antivirus, antispam, URL filtering, and content filtering components. Of the six vendors that agreed to take part in the tests, two had products that weren't ready in time and two others had products that failed the group's stringent testing. The end result was that only two products passed the overall UTM tests: Fortinet FortiGate-3600 and Internet Security Systems (ISS) Proventia M50.

IPS Group Test (Edition 3) is The NSS Group's third report on IPSs. The group reported that products in this classification have improved since last year in terms of performance, stating that "whereas last year we were seeing top speeds of 1-2Gbps, this year we are starting to see devices that can go well beyond that limit and which are looking over-engineered for Gigabit environments." Even so, four of the twelve products submitted by vendors for testing failed the overall tests, leaving eight products to receive an NSS Approved rating. Those products are Cisco IPS-4255 5.0(3), Cisco IPS-4240 5.0(3), Intoto IntruPro 3.0, Juniper Networks IDP 600F 3.1, NFR Sentivist Smart Sensor 100C, Radware DefensePro-3000 2.43, Symantec SNS 7160 4.0.0.9, and Westline Athena Aegis IPS 510L 2.1.

The NSS Group also said that because product performance has improved significantly, the group will begin testing multigigabit Ethernet IPSs. Ten companies are signed up for the tests, which begin this month. That report should be interesting to those of you who must deal with super-high-speed networks.

The NSS Group's reports reveal a lot about the performance characteristics of particular products (which of course is a huge aid in buying decisions) and about how to test such products. For example, the group uses specialized hardware and software from Spirent Communications to generate and measure high volumes of network traffic. The group also uses tools that might be common in your own environments, such as Cisco Systems Catalyst switches. And you might be interested to know that the group uses Tcpreplay (at the first URL below) and Tomahawk (at the second URL below), both of which are open-source tools that you can easily obtain.

http://tcpreplay.sourceforge.net

http://tomahawk.sourceforge.net

Tcpreplay lets you replay previously captured traffic and modify packets. Tomahawk also lets you replay network traffic and generates large volumes of traffic for stress testing. You could use both tools to test the effectiveness of your particular IPS or IDS.

Overall, I think you'll find the new reports very interesting and valuable, particularly if you're evaluating new high-end security solutions. You can read the full reports online (at the URL below) and purchase copies in PDF format or as printed and bound reports.

http://www.nss.co.uk

==== Sponsor: DesktopStandard ====

Implement Least Privilege with DesktopStandard PolicyMaker!

The award-winning PolicyMaker suite now includes a Group Policy Extension for implementing the security best practice of Least Privilege. For the first time you can manage the permissions of applications and tasks and keep your users restricted! The PolicyMaker suite includes 24 extensions to Microsoft's Group Policy and integrates with native tools including the Group Policy Management Console (GPMC). If you use Group Policy there's little to learn. Download a free evaluation copy and learn why PolicyMaker was voted the Most Innovative Product of 2005 by Windows IT Pro readers!

http://www.desktopstandard.com/base/itpronl110905.aspx

==== 2. Security News and Features ====

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

http://www.windowsitpro.com/departments/departmentid/752/752.html

Microsoft Updates Bulletin MS05-052

On November 2, Microsoft published a revision of its security bulletin MS05-052--Cumulative Security Update for Internet Explorer (896688), alerting people that problems related to the patch have been addressed. The bulletin, which was originally issued October 11, was revised because a ActiveX controls didn't always load as expected after customers installed the original patch.

http://www.windowsitpro.com/Article/ArticleID/48347/48347.html

Support for Exchange 5.5 and Exchange 2000 to Change Soon

Extended support for Microsoft Exchange Server 5.5 and mainstream support for Microsoft Exchange 2000 Server are available through December 31. You can purchase an extended support agreement for Exchange 2000 in the first 90 days of 2006.

http://www.windowsitpro.com/Article/ArticleID/48342

Windows Live Safety Center

Microsoft's Windows Live initiative will offer a Safety Center, where you can go to clean unwanted software off your system and have system performance evaluated. The Safety Center, currently in beta, works with Windows 2000, Windows XP, and Windows Server 2003 and requires Microsoft Internet Explorer (IE) 6.0 or MSN 9.0. http://www.windowsitpro.com/Article/ArticleID/48346

==== Resources and Events ====

Get Ready for the SQL Server 2005 Roadshow in Europe--Get the facts about migrating to SQL Server 2005!

SQL Server experts will present real-world information about administration, development, and business intelligence to help you implement a best-practices migration to SQL Server 2005 and improve your database-computing environment. Receive a one-year membership to PASS and one-year subscription to SQL Server Magazine. Register now.

http://www.windowsitpro.com/roadshows/sqlservereurope/index.cfm?code=1109emailannc

Are You Really Prepared for Disaster Recovery?

Join industry guru Liam Colvin in this free Web seminar and get the tips you need to validate your disaster recovery data. You'll learn if your backup and restore data is worth staking your career on, what type of geo-clustering is right for you, which response to use in crisis situations, and more!

http://www.windowsitpro.com/go/seminars/disasterrecovery/?partnerref=1109emailannc

Cut Your Windows XP Migration Time by 60% or More!

If your organization is considering or has already begun migrating your operating system to Windows XP, this Web seminar is for you. Sign up for this free event and you'll learn how to efficiently migrate your applications into the Windows Installer (.msi) format, how to prepare them for error-free deployment, what steps you need to follow to package your applications quickly and correctly, and more!

http://www.windowsitpro.com/go/seminars/WindowsXP?partnerref=1109emailannc

Get the Maximum Return on Software Investments by Optimizing Every Dollar Spent on Software

Inaccurate information about software usage causes many organizations to either overspend and buy licenses they don't use, or underspend and deny some end users access to the software they need. Attend this free Web seminar and get a 5-step plan for quickly implementing a license management program today!

http://www.windowsitpro.com/go/seminars/softwarelicense/?partnerref=1109emailannc

What Does It Mean to Be Compliant?

We've all heard about legal and regulatory requirements, but there are other types of compliance that might also affect you--specifically email compliance. In this free Web seminar, you'll get insights into compliance and policy issues that you need to know about, suggestions on what to look for when implementing your compliance strategy, and more. Register today!

http://www.windowsitpro.com/go/seminars/compliance/?partnerref=1116emailannc

Deploy VoIP and FoIP Technologies

Voice over Internet Protocol (VoIP) is the future of telecommunications, and many companies are already enjoying the benefits of using VoIP networks to significantly reduce telephone and facsimile costs. Join industry expert David Chernicoff for this free, on-demand Web seminar to learn the ins and outs of boardless fax in IP environments, tips for rolling out fax and integrating fax with telephony technologies, and more.

http://www.windowsitpro.com/go/seminars/voip/?partnerref=1109emailannc

==== Featured White Paper ====

Stopping Crimeware and Malware: How to Close the Vulnerability Window

Computer users can no longer wait for a new vaccine every time a new security threat appears. How do you defend your network in a world of smarter, faster, Internet-borne zero-day attacks? Find out about an Intrusion Prevention System that can detect and destroy malware with virtually zero false positives.

http://www.windowsitpro.com/go/whitepapers/panda/stopcrimeware?code=1109emailannc

==== Hot Release ====

Meeting Enterprise Management Needs: The Integration of Microsoft SMS 2003 and Afaria

Learn about the capabilities offered by the integration of Microsoft SMS 2003 and Afaria. In this free white paper you'll learn about new functionality and benefits of Microsoft SMS specifically targeted to improving management of remote and mobile devices, challenges of managing frontline systems, how the combined solution creates value around the successful use of technology at the front lines of business and more.

http://www.windowsitpro.com/go/whitepapers/ianywhere/enterprisemgmt?code=sechot1109

==== 3. Security Toolkit ====

Security Matters Blog: A Clear Case of Sony Taking DRM Too Far

by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters

You bought the new Sony BMG music CD-ROM and now you own it--sort of. If you want to play it on your computer, you must use Sony's audio player, which attempts to enforce Digital Rights Management (DRM), so you install the audio player. Little do you know that you just installed what amounts to a type of rootkit. Only this rootkit isn't designed to give others full access to your system--it's designed to prevent you from having full access to your system. Read more about it in this blog entry on our Web site.

http://www.windowsitpro.com/Article/ArticleID/48318

FAQ

by John Savill, http://www.windowsitpro.com/windowsnt20002003faq

Q: How can I check whether a user account has certain user properties flags set?

Find the answer at

http://www.windowsitpro.com/Article/ArticleID/48310

Security Forum Featured Thread: Blocking IM

A forum participant is looking for the IP addresses for the popular IM services (AOL Instant Messenger--AIM, ICQ, Yahoo! Messenger, MSN Messenger) so that he can create blocking rules for these addresses in his firewall. Join the discussion at:

http://forums.windowsitpro.com/web/forum/messageview.aspx?catid=42&threadid=44315&enterthread=y

==== Announcements ====

(from Windows IT Pro and its partners)

VIP Monthly Online Pass = Quick Answers

Sign up for a VIP Monthly Online Pass and get online access to ALL the articles, tools, and helpful resources published in SQL Server Magazine, Windows IT Pro, Exchange and Outlook Administrator, Windows Scripting Solutions, and Windows IT Security. You'll have 24/7 access to a database of more than 25,000 articles that will give you all the answers you need, when you need them. BONUS--Includes the latest issue of Windows IT Pro each month. Sign up now for just US$29.95 per month:

https://store.pentontech.com/index.cfm?s=1&promocode=eu275buv

Need Answers to Your Tough Security Questions?

The Windows IT Security newsletter can help. Subscribe now and discover fundamentals on building and maintaining a secure enterprise. Each issue features in-depth product coverage of the best security tools available, expert advice on the best way to implement various security components, and much more. Paid subscribers also get searchable access to the full online security article database (more than 1900 articles). Subscribe today:

https://store.pentontech.com/index.cfm?s=1&promocode=eu255buy

==== 4. New and Improved ====

by Renee Munshi, [email protected]

UTM Tool Gets 2 Antivirus Engines

Astaro released version 6.1 of its Astaro Security Gateway software, a Unified Threat Management (UTM) solution. The new version uses two virus scanning engines--Kaspersky and ClamAV--and adds improved spam controls. The software provides email virus, spam, and phishing protection; Web spyware and virus protection and content filtering; and firewall, Intrusion Prevention System (IPS), and VPN technology in one package. Astaro also announced the Astaro Security Gateway 425 appliance, which includes the new software and a hardware acceleration card to improve virus scanning performance. Pricing starts at $330 for the software and $695 for the appliance. For more information, go to

http://www.astaro.com

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected].

Editor's note: Share Your Security Discoveries and Get $100

Share your security-related discoveries, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions (500 words or less) to [email protected]. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.

==== Contact Us ====

About the newsletter -- [email protected]

About technical questions -- http://www.windowsitpro.com/forums

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]