[ISN] Security UPDATE--Email Filtering--June 2, 2004

InfoSec News isn at c4i.org
Thu Jun 3 03:32:26 EDT 2004


====================

Make sure your copy of Security UPDATE doesn't get mistakenly blocked
by antispam software! Be sure to add
Security-UPDATE at list.winnetmag.com to your list of allowed senders and
contacts.

==== This Issue Sponsored By ====

OpenNetwork
   http://list.winnetmag.com/cgi-bin3/DM/y/egA50CJgSH0CBw0BIp70A4

Windows & .NET Magazine
   http://list.winnetmag.com/cgi-bin3/DM/y/egA50CJgSH0CBw0BEuX0Ad

====================

1. In Focus: Want A Junk-Free Inbox? Then Filter It

2. Security News and Features
   - Recent Security Vulnerabilities
   - Feature: Coping with Today's Killer App
   - News: Report from the Phishing Spot
   - Feature: A First Look at the New MBSA
   - News: Microsoft Partnering to Sell ISA Server Appliances

3. Instant Poll

4. Security Toolkit
   - FAQ
   - Featured Thread

5. New and Improved
   - Monitor Your Server from Anywhere in the World

====================

==== Sponsor: OpenNetwork ====
   Wondering where to start your Identity Management implementation?
Find out more by reading the free whitepaper: Understanding the
Identity Management Roadmap. Get your copy today at
   http://list.winnetmag.com/cgi-bin3/DM/y/egA50CJgSH0CBw0BIp70A4

====================

==== 1. In Focus: Want A Junk-Free Inbox? Then Filter It ====
   by Mark Joseph Edwards, News Editor, mark at ntsecurity dot net

Last week, I wrote about DomainKeys, Sender Policy Framework (SPF),
and CallerID for E-Mail. All three technologies have been submitted to
the Internet Engineering Task Force (IETF) as draft proposals. Since
then, the developers of SPF and Microsoft (the developer of CallerID)
have agreed to merge the two technologies into one. A new draft
proposal will be created and submitted to the IETF; however, the name
for the new technology has yet to be formalized.

If you're interested in some of the ideas regarding how the two
technologies will operate after they're merged, be sure to read Meng
Weng Wong's outline of how things might pan out. Wong is one of the
SPF developers, and you can find his outline in the SPF mailing list
archives.
http://archives.listbox.com/spf-discuss@v2.listbox.com/200405/0199.html

Last week, I pointed out that people who intend to use any or all of
the three new technologies to help filter unwanted email will also
need to use other technologies in combination with them because none
of the three new technologies, not even all of them together, will
completely stop unwanted email. A reader of this newsletter who also
participates in the SPF mailing list asked SPF mailing list members
whether my statement was true. The short answer is "yes," and another
list member explains why.
http://archives.listbox.com/spf-discuss@v2.listbox.com/200405/0373.html

Another reader of this newsletter wrote to tell me that his Hotmail
account is spam free. That may be true; however, I doubt that all
other Hotmail accounts are in the same situation. Regardless, the way
Hotmail (or any technology, for that matter) eliminates junk mail is
to filter it by any of the available various methods, because that's
the only way to do it without resorting to short-term disposable email
addresses. Of course, such filtering relies on a variety of
parameters, including known junk-mail-message content, known domains
and networks that service spammers, open mail relays, keywords, key
phrases, content types, block lists, allow lists, and so on. In the
near future, DomainKeys and the combined SPF/CallerID will be a couple
of additional mechanisms that will definitely be used for mail
filtering. As you may know, the current rendition of SPF is already
part of several mail-filtering packages; undoubtedly, such integration
will continue. If you intend to curb unwanted email, you'll need to
adapt to a method of filtering and tune that method as necessary.

====================

==== Sponsor: Windows & .NET Magazine ====
   Get 2 Sample Issues of Windows & .NET Magazine!
   Every issue of Windows & .NET Magazine includes intelligent,
impartial, and independent coverage of security, Active Directory,
Exchange, scripting, and much more. Our expert authors deliver how-to
articles and product evaluations that will help you do your job
better. Try two, no-risk sample issues today, and find out why 100,000
IT professionals rely on Windows & .NET Magazine each month!
   http://list.winnetmag.com/cgi-bin3/DM/y/egA50CJgSH0CBw0BEuX0Ad

====================

==== 2. Security News and Features ====

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these discoveries
at
   http://www.winnetmag.com/departments/departmentid/752/752.html

Feature: Coping with Today's Killer App
   Some people are still waiting for the next killer app to emerge.
But in my view, email is the killer app and has been for the past
several years. Email has opened up easy communication for people both
inside and outside an organization. It's a fast and convenient
transport and distribution mechanism for vital information and enables
an organization to operate smoothly. For many companies, email is a
mission-critical component: If email is down, the business
suffers--sometimes dramatically. In this article, Michael Otey
discusses the need to treat email as the vital company resource it is
and protect it.
   http://www.winnetmag.com/article/articleid/42593/42593.html

News: Report from the Phishing Spot
   According to the Anti-Phishing Working Group, in April, 1125 unique
scams tried to obtain sensitive information from customers of 12
well-known companies, including Citibank, U.S. Bank, eBay, PayPal, and
Federal Deposit Insurance Corporation (FDIC). In March, the group
tracked 402 scams against 18 companies. As of the last week in May,
half as many companies had been targeted as in April, but the total
number of scams for the month was unreported.
   http://www.winnetmag.com/article/articleid/42785/42785.html

Feature: A First Look at the New MBSA
   Microsoft recently released a new version of Microsoft Baseline
Security Analyzer (MBSA), a free security auditing and reporting tool.
MBSA 1.2 has many enhancements that improve its functionality for
system and security administrators. In addition to the ability to scan
10,000 machines in one run, MBSA now audits against a Microsoft
Software Update Services (SUS) server and, when run locally, reports
on macro settings in Microsoft Office products, the state of the
Automatic Updates client, and the state of the Internet Connection
Firewall (ICF). Paula Sharick gives an overview of the more notable
new features in MBSA 1.2 in this article on our Web site.
   http://www.winnetmag.com/article/articleid/42757/42757.html

News: Microsoft Partnering to Sell ISA Server Appliances
   Microsoft announced at the Tech Ed 2004 conference in San Diego
last week that it will team with hardware vendors to begin selling
security appliances. The company aims to provide customers with a
dedicated hardware solution that runs Internet Security and
Acceleration Server (ISA) 2004, which is currently in beta testing.
The solution will become available in the third quarter of this year
from HP, Network Engines, Celestix Networks, and Avantis. The starting
price will be $1499 per CPU, per server.
   http://www.microsoft.com/isaserver/beta/hardwaresolutions.asp

====================

==== Announcements ====
   (from Windows & .NET Magazine and its partners)

New Chapter Available--"The Expert's Guide for Exchange 2003:
Preparing for, Moving to, and Supporting Exchange Server 2003"
   Chapter 4 is now available, "Database Strategies and Server
Sizing." This free eBook will educate Exchange administrators and
systems managers about how to best approach the migration and overall
management of an Exchange 2003 environment. You'll learn about core
issues such as configuration management, accounting, monitoring
performance, and more. Get the latest chapter now!
   http://list.winnetmag.com/cgi-bin3/DM/y/egA50CJgSH0CBw0BIoQ0AU

Chapter 2 Available Now--"Preemptive Email Security and Management"
   This free eBook will offer a preventive approach to eliminating
spam and viruses, stopping directory harvest attacks, guarding
content, and improving email performance. In this new chapter, learn
evolving techniques for eliminating spam, email virus, and worm
threats. Download this eBook today!
   http://list.winnetmag.com/cgi-bin3/DM/y/egA50CJgSH0CBw0BIoR0AV

Windows & .NET Magazine Announces Best of Tech Ed Winners!
   Windows & .NET Magazine and SQL Server Magazine announced the
winners of the Best of Tech Ed 2004 Awards. The field included more
than 260 entries in 10 categories. Winners were announced at a private
awards ceremony on Wednesday, May 26 at Tech Ed. Click here to find
out the winners:
   http://list.winnetmag.com/cgi-bin3/DM/y/egA50CJgSH0CBw0BIoS0AW

====================

==== 3. Instant Poll ====

Results of Previous Poll
   The voting has closed in the Windows & .NET Magazine Network
Security Web page nonscientific Instant Poll for the question, "Which
wireless intrusion prevention system do you use?" Here are the results
from the 9 votes.
   - 11% AirDefense products
   - 0% AirMagnet products
   - 0% Red-M products
   - 11% Aruba Wireless Networks products
   - 78% Other products

New Instant Poll
   The next Instant Poll question is, "Does your company intend to
implement Windows XP Service Pack 2 (SP2)?" Go to the Security Web
page and submit your vote for
   - Yes, as soon as it's available
   - Yes, within 3 months of its release
   - Yes, within 6 months of its release
   - Yes, but we're not sure when
   - No
   http://www.winnetmag.com/windowssecurity

==== 4. Security Toolkit ====

FAQ: How can I enable forms-based authentication for an Exchange
Server 2003 system that hosts Microsoft Outlook Web Access (OWA)?
   by John Savill, http://www.winnetmag.com/windowsnt20002003faq

A. After you enable Secure Sockets Layer (SSL) on a Microsoft Internet
Information Services 5.0 (IIS) server (as I describe in the FAQ "How
can I obtain a certificate so that I can enable Secure Sockets Layer
(SSL) on my Microsoft Internet Information Services 5.0 (IIS)
server?"), you can enable forms-based authentication on the server by
performing these steps:

   1. Start the Exchange System Manager (ESM) utility (click Start,
Programs, Microsoft Exchange, System Manager).
   2. Navigate to the OWA server (Administrator Groups,
&ltAdministrative group name>, Servers, &ltServer name>).
   3. Expand Protocols and expand HTTP.
   4. Right-click the HTTP virtual server and click Properties.
   5. Click the Settings tab of the displayed dialog box.
   6. Select the "Enable Forms Based Authentication" check box and
click OK.

If you want to stop non-SSL connections to your Exchange server, you
can modify the Exchange virtual directory through the Microsoft
Management Console (MMC) IIS snap-in as follows:

   1. Access the Exchange virtual directory's Properties page.
   2. Click the Directory Security tab.
   3. Click Edit, and in the Secure Communication section, select the
"Require secure channel (SSL)" check box.

Featured Thread: Port Scanning a Windows Server 2003 System
   (Seven messages in this thread)
   A reader writes that he recently downloaded a simple port scanner
program and scanned his Windows Server 2003 test server. He found that
the server is running the following services: Domain Controller for
his test Active Directory (AD), DHCP, DNS, FTP, File/Print Server, and
RRAS with 2 NICs--one connected to a cable modem and the other to the
 LAN.
   After the port scanner has scanned all the ports of the WAN IP, its
report shows that numerous other ports are open. The reader wants to
know how to find out which programs are listening on each of the ports
and how worms work (because he suspects that a worm might be able to
infiltrate his system on one of the listening ports). Lend a hand or
read the responses:
http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=121555

====================

==== Events Central ====
   (A complete Web and live events directory brought to you by Windows
& .NET Magazine: http://www.winnetmag.com/events )

New Web Seminar--Shrinking the Server Footprint: Blade Servers
   In this free Web seminar, you'll learn how blade servers provide
native hot-swappable support, simplified maintenance, modular
construction, and support for scalability. And we'll talk about why
you should be considering a blade server as the backbone of your next
hardware upgrade. Register now!
   http://list.winnetmag.com/cgi-bin3/DM/y/egA50CJgSH0CBw0BIoT0AX

====================

==== 5. New and Improved ====
   by Jason Bovberg, products at winnetmag.com

Monitor Your Server from Anywhere in the World
   GFI Software announced GFI Network Server Monitor 5.5, the most
recent version of its automatic network and server monitoring tool.
The upgraded version includes a remote Web monitor, which lets you
check network and server status from anywhere in the world from a Web
browser, a mobile phone, or any handheld device. GFI Network Server
Monitor 5.5 costs $699 for unlimited monitoring of all workstations
and servers or $375 for a five-server monitoring license. For more
information about GFI Network Server Monitor 5.5 and to obtain an
evaluation version, contact GFI on the Web.
   http://www.gfi.com/nsm

Tell Us About a Hot Product and Get a T-Shirt!
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a Windows & .NET Magazine T-shirt if we write about the
product in a future Windows & .NET Magazine What's Hot column. Send
your product suggestions with information about how the product has
helped you to whatshot at winnetmag.com.

====================

==== Sponsored Links ====

Argent
   Comparison Paper: The Argent Guardian Easily Beats Out MOM
   http://list.winnetmag.com/cgi-bin3/DM/y/egA50CJgSH0CBw0BDWV0A5

====================

==== Contact Us ====

About the newsletter -- letters at winnetmag.com
About technical questions -- http://www.winnetmag.com/forums
About product news -- products at winnetmag.com
About your subscription -- securityupdate at winnetmag.com
About sponsoring Security UPDATE -- emedia_opps at winnetmag.com

====================

==== Contact Our Sponsors ====

Primary Sponsor:
   OpenNetwork -- http://www.opennetwork.com

====================

This email newsletter is brought to you by Windows & .NET Magazine,
the leading publication for IT professionals deploying Windows and
related technologies. Subscribe today.
   http://www.winnetmag.com/sub.cfm?code=wswi201x1z

You received this email message because you asked to receive
additional information about products and services from the Windows &
.NET Magazine Network. To unsubscribe, send an email message to
mailto:Security-UPDATE_Unsub at list.winnetmag.com. Thank you!

View the Windows & .NET Magazine privacy policy at
http://www.winnetmag.com/AboutUs/Index.cfm?action=privacy

Windows & .NET Magazine, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2004, Penton Media, Inc. All rights reserved.





More information about the ISN mailing list