Windows & .NET Magazine Security UPDATE -- Stem the Email Influx -- March 3, 2004

[InfoSec News <isn () c4i org>]

====================

==== This Issue Sponsored By ====

Ecora Software
   http://list.winnetmag.com/cgi-bin3/DM/y/eeqx0CJgSH0CBw0BF2l0Ak

Assure On-line Compliance - an on-demand Webcast
   http://list.winnetmag.com/cgi-bin3/DM/y/eeqx0CJgSH0CBw0BFQa0A5

====================

* In Focus: Three Proposed Ways to Stem the Email Influx

* Security News and Features
   - Feature: Wireless Networks in Small Spaces
   - News: Comparing Security Design Choices
   - News: Rights-Management Add-on for IE
   - News: What's Hot

* New and Improved
   - Analyze, Cross Reference, and Search Vulnerabilities
   - Monitor Computer Activity

====================

==== Sponsor: Ecora Software ====
   MS02-072 and MS03-039 are just two of 25 critical security patches
you need to protect your network. Get complete details on all 25 at
absolutely no cost to you--simply click on the link provided below.
Ecora's informative guide identifies each of your 25 "Must-Have"
patches; details the importance of each patch; provides links to
additional information--accessible at your convenience; and describes
how to check your systems to see if the patches are installed.
Download your free whitepaper today and open the door to The Ecora
Method of discovering, analyzing, researching and testing,
remediating, safety netting, and reporting throughout an automated,
worry-free patch management cycle.
   http://list.winnetmag.com/cgi-bin3/DM/y/eeqx0CJgSH0CBw0BF2l0Ak

====================

==== In Focus: Three Proposed Ways to Stem the Email Influx ====
   by Mark Joseph Edwards, News Editor, mark at ntsecurity dot net

Solutions are in the works to help curb the amount of junk email we
receive. Currently, most people probably use one of three types of
solutions (or combinations thereof) to help filter their email. These
solutions process incoming mail according to approved senders, banned
senders, and banned mail servers. Now three more solutions are making
their way into the marketplace: Sender Policy Framework (SPF), Caller
ID for E-Mail, and DomainKeys.

Meng Weng Wong and Mark Lentczner began working on SPF more than a
year ago, and more than 7500 domain operators have already implemented
the solution. AOL, one of the world's largest ISPs, has taken notice
and is testing SPF.

SPF attempts to use DNS queries to verify email sender IP addresses.
DNS publishes MX records for inbound mail servers for a given domain,
but there is no record type for publishing a list of outbound mail
servers for a given domain. To improvise, SPF uses specially formatted
TXT records in DNS to publish outbound mail servers for public queries
and subsequent attempts to authenticate email senders.

When an SPF-enabled mail system receives a message, the mail system
can query the sender's domain DNS servers to obtain a list of valid
outbound mail server addresses and compare these addresses with the IP
address in the message's SMTP email headers. If the IP addresses
match, the mail system can assume that the message isn't junk mail. If
the addresses don't match, the mail system can take a variety of
actions depending on how it's configured. You can learn more about
SPF, including how to implement it, at http://spf.pobox.com .

Microsoft recently published the Caller ID for E-Mail specification,
which is similar to SPF. Caller ID also works by using DNS TXT
records; however, Caller ID uses TXT records written in XML. Like SPF,
Caller ID checks IP addresses in SMTP email headers against outbound
mail server IP addresses published by DNS servers to verify that a
domain's authorized mail server sent a message. The differences
between Caller ID and SPF are in the way mail headers are processed
and the way DNS publishes outbound mail servers. You can learn more
about Microsoft's proposed Caller ID for E-Mail system at
http://www.microsoft.com/mscorp/twc/privacy/spam_callerid.mspx .

The third system, DomainKeys, is in development by Yahoo! and works by
cryptographically signing messages at the server level. You're
probably familiar with tools such as Pretty Good Privacy (PGP) that
use a public key and private key. Data is encrypted or signed by using
a private key; data is decrypted or a signature is verified by using a
public key. DomainKeys works the same way but at the server level. A
sending mail server uses a private key to sign all the messages it
sends. A DNS record publishes the sending server's public key. When
the target server receives a signed message, the server can use a DNS
query to obtain the sending server's public key and use the key to
verify the message signature.

For more analysis of these three proposed solutions, see an expanded
version of this Commentary at
   http://www.winnetmag.com/article/articleid/41892/41892.html

====================

==== Sponsor: Assure On-line Compliance - an on-demand Webcast ====
   Is your organization up to speed on best practices in website
 management?
   Many organizations find that website management is a critical top
and bottom line business issue, but surprisingly, on-line compliance
is often overlooked. Find out how to avoid the consequences of
non-compliance by viewing "Assuring On-line Compliance with Industry
Standards and Current Legislation," an on-demand Webcast brought to
you by Microsoft and Watchfire. Register for and view this free
Webcast now:
   http://list.winnetmag.com/cgi-bin3/DM/y/eeqx0CJgSH0CBw0BFQa0A5

====================

==== Announcements ====
   (from Windows & .NET Magazine and its partners)

Windows & .NET Magazine Connections
   Windows & .NET Magazine Connections features speakers from
Microsoft and other top independent experts. Complete details about
workshops, breakout sessions, and speakers are now online. All
attendees will get a chance to win a Florida vacation. Keep your
competitive edge by learning from the world's best experts. Go online
now to register.
   http://list.winnetmag.com/cgi-bin3/DM/y/eeqx0CJgSH0CBw0KXQ0Au

New eBook--Become a Master in Tools that Ease Computer Management
Tasks and Diagnostic Tools
   This eBook provides a practical introduction to some of the most
important tools in the resources kits and the Support Tools that the
Windows 2000 and Windows NT professional editions provide. You'll
learn about computer management tasks, desktop production, network
management, the browser monitor, and more. Download this free eBook
today!
   http://list.winnetmag.com/cgi-bin3/DM/y/eeqx0CJgSH0CBw0BFxx0A7

====================

==== Sponsor: Virus Update from Panda Software ====
   Are your traditional antivirus solutions really protecting your
network? Panda Antivirus GateDefender is a dedicated hardware device
installed at the Internet gateway to block viruses before they
contaminate your network. It scans 7 different communication
protocols, achieving optimum protection against external attacks.
Panda Antivirus GateDefender 7100 (25-500 seats) & Panda Antivirus
GateDefender 7200 (500 seats+) provide the highest scalability with
native load balancing that transparently adapts to traffic volume.
   Visit "Panda's GateDefender Stands Guard!" at
http://list.winnetmag.com/cgi-bin3/DM/y/eeqx0CJgSH0CBw0BEGa0At
for more information.

====================

==== Security News and Features ====

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these discoveries
at
   http://www.winnetmag.com/departments/departmentid/752/752.html

Feature: Wireless Networks in Small Spaces
   Recently, David Chernicoff helped a friend set up a wireless
network for his small business, which is located in a converted
factory building that's divided into office spaces for several
businesses. Problems began to arise when David started to configure
the client computers. Every other business in the building was running
a wireless network, and each of these networks was visible on the
other networks and completely unprotected. See how David resolved the
problems.
   http://www.winnetmag.com/articles/articleid/41837/41837.html

News: Comparing Security Design Choices
   Microsoft released an article that describes the results of testing
the performance of various security designs involving Windows 2000
Advanced Server, Microsoft SQL Server 2000, ASP.NET, and the Windows
.NET Framework. The article compares the relative performance of
various security options available for client authentication, hashing
algorithms, cryptography techniques, and digital signatures.
   http://www.winnetmag.com/articles/articleid/41867/41867.html

News: Rights-Management Add-on for IE
   Microsoft has released the Windows Rights Management Services (RMS)
add-on for Microsoft Internet Explorer (IE). The add-on will let
content owners restrict who can edit, forward, or copy documents,
Web-based information, and email.
   http://www.winnetmag.com/articles/articleid/41846/41846.html

News: What's Hot
   Learn about a few exceptional products that can help you do your
job. Readers highlight LANS Unlimited, NetIQ MailMarshall, and
something you might find humorous and useful: Sunbeam's USB Coffee
Warmer.
   http://www.winnetmag.com/articles/articleid/41657/41657.html

====================

==== Hot Release ====
   Need to Secure Multiple Domain or Host Names?
   Securing multiple domain or host names need not burden you with
unwanted administrative hassles. Learn more about how the
cost-effective Thawte Starter PKI program can streamline management of
your digital certificates. Click here to download our free guide:
   http://list.winnetmag.com/cgi-bin3/DM/y/eeqx0CJgSH0CBw0BF2m0Al

====================

==== Security Toolkit ====

Virus Center
   Panda Software and the Windows & .NET Magazine Network have teamed
to bring you the Center for Virus Control. Visit the site often to
remain informed about the latest threats to your system security.
   http://www.winnetmag.com/windowssecurity/panda

Virus Alert: Netsky.C
   Netsky.C is a worm that spreads through email and peer-to-peer
(P2P) file-sharing programs. The Netsky.C email message has variable
characteristics. The worm deletes several other worms that might have
infected a system, including Mydoom.A and Mimail.T. When the system
date and time are February 26, 2004, between 6:00 a.m. and 8:59 a.m.,
Netsky.C emits random tones through the infected system's internal
speaker.
http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=45084

FAQ
   by David Vincent and Ed Roth

Q: We're using Microsoft Software Update Services (SUS) in a test
environment. When we apply updates at the Graphical Identification and
Navigation (GINA) screen, the workstations should reboot
automatically, but they aren't doing so--we must manually reboot them.
We run Windows 2000 Service Pack 3 (SP3) with Novell Client 4.83 SP1
installed. Why won't the SUS clients reboot?

A: Here are a few places to start looking for answers. First, make
sure that the most current Automatic Updates client is installed on
your client workstations. Second, look in each client machine's Event
Viewer to determine whether the updates are being installed and
whether messages related to reboots are displayed. Third, verify that
any Group Policy or registry entries on the clients are set to reboot
after updates are installed if no one is logged on to the clients at
the time of installation.

Featured Thread: Using Multiple Antivirus Software Vendors
   (Two messages in this thread)
   Nick writes that his company uses Trend Micro products for its
gateway-level HTTP and SMTP antivirus scanning and a McAfee antivirus
solution on its desktops and servers. He's been looking at the full
Trend Micro antivirus suite for desktops and servers, but the company
originally decided to use two vendors for redundancy and for extra
protection in case one vendor was targeted. He wants to know whether
using multiple antivirus vendors is a good idea or if one vendor is
OK. Lend a hand or read the responses:
http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=117134

==== Events Central ====
   (A complete Web and live events directory brought to you by Windows
& .NET Magazine: http://www.winnetmag.com/events )

New Web Seminar--Realizing the Return on Active Directory
   Join Mark Minasi and Indy Chakrabarti for a free Web seminar and
discover how to maximize the return on your Active Directory
investments and cut the cost of security exposures with secure task
delegation, centralized auditing, and Group Policy management.
Register now and receive NetIQ's free "Securing Access to Active
Directory-A Layered Security Approach" white paper.
   http://list.winnetmag.com/cgi-bin3/DM/y/eeqx0CJgSH0CBw0BFE60AB

==== New and Improved ====
   by Jason Bovberg, products () winnetmag com

Analyze, Cross-Reference, and Search Vulnerabilities
   Syhunt announced that its application security scanner, TrustSight
Security Scanner, is now compatible with the Common Vulnerabilities
and Exposures (CVE) Initiative, a vulnerability-naming standard.
TrustSight is a vulnerability-assessment technology in the field of
Web application security and network security, helping organizations
plan and provide appropriate network and software security measures to
protect their Web infrastructure. For more information about
TrustSight, contact Syhunt on the Web.
   http://www.syhunt.com

Monitor Computer Activity
   TrueActive Software announced TrueActive Monitor 5.0, an upgrade of
its computer-monitoring program for enterprise security. Formerly
known as WinWhatWhere, TrueActive Monitor 5.0 provides a complete
audit trail of all computer activity within the enterprise, capturing
all keystrokes on PCs. Version 5.0 includes new features and
enhancements such as simplified network management, data archiving,
and improved employee privacy measures such as optional password and
credit card capture. Pricing for the base subscription of TrueActive
Monitor 5.0 starts at $100 per year. Product suite prices range from
$130 to $175 for an annual subscription, depending on the industry.
For more information about TrueActive Monitor 5.0, contact TrueActive
Software on the Web.
   http://www.trueactive.com

Tell Us About a Hot Product and Get a T-Shirt!
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a Windows & .NET Magazine T-shirt if we write about the
product in a future Windows & .NET Magazine What's Hot column. Send
your product suggestions with information about how the product has
helped you to whatshot () winnetmag com.

==== Contact Us ====

About the newsletter -- letters () winnetmag com
About technical questions -- http://www.winnetmag.com/forums
About product news -- products () winnetmag com
About your subscription -- securityupdate () winnetmag com
About sponsoring Security UPDATE -- emedia_opps () winnetmag com

This email newsletter is brought to you by Windows & .NET Magazine,
the leading publication for IT professionals deploying Windows and
related technologies. Subscribe today.
   http://www.winnetmag.com/sub.cfm?code=wswi201x1z

You received this email message because you asked to receive
additional information about products and services from the Windows &
.NET Magazine Network. To unsubscribe, send an email message to
mailto:Security-UPDATE_Unsub () list winnetmag com. Thank you!

View the Windows & .NET Magazine privacy policy at
http://www.winnetmag.com/AboutUs/Index.cfm?action=privacy

Windows & .NET Magazine, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2004, Penton Media, Inc. All rights reserved.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.