[ISN] Windows & .NET Magazine Security UPDATE--Help Shape This Newsletter--March 24, 2004

InfoSec News isn at c4i.org
Thu Mar 25 05:45:24 EST 2004


====================

==== This Issue Sponsored By ====

Symantec V2i Protector – Real-time Backup/Recovery
   http://list.winnetmag.com/cgi-bin3/DM/y/efBZ0CJgSH0CBw0BGbS0As

Symantec ON iPatch - Enterprise Patch Management Solution
   http://list.winnetmag.com/cgi-bin3/DM/y/efBZ0CJgSH0CBw0BGbT0At

====================

* In Focus: Help Shape This Newsletter

* Security News and Features
   - News: New RSS Feeds; Cisco Buys Twingo; Windows XP2; cPanel
     Problems; Storage Utilities
   - Sneak Preview: SUS 2.0 Beta Is Now WUS
   - News: Chat with Microsoft About WUS and More; New Shell-Coders
     Resource; eEye on Security; Phishing for Fargo
   - News: VoIP Security; More Phishing; New Mac OS X Released

* New and Improved
   - Ensure the Reliability of Your Network Security

====================

==== Sponsor: Symantec V2i Protector ====
   In the event of a security event or disaster V2i Protector provides
a real-time, disk-based backup and disaster recovery solution designed
to capture a system's active state, including all server/desktop files
and configurations.
   Using V2i Protector, you can quickly restore failed systems to a
specified point-in-time without taking hours to manually reinstall and
restore data from tape backup or rebuilding from scratch. Perform a
full system restoration, a complete bare metal restoration or restore
individual files and folders in minutes.
   V2i Protector also creates exact backups of volumes/partitions
through the use of snapshot technology. This captures all files and
system personalities and configurations. Backups are created without
disrupting data access or application usage.
   Click here to download an evaluation version today:
   http://list.winnetmag.com/cgi-bin3/DM/y/efBZ0CJgSH0CBw0BGbS0As

====================

==== In Focus: Help Shape This Newsletter ====
   by Mark Joseph Edwards, News Editor, mark at ntsecurity dot net

>From time to time, we like to ask readers how we might improve our
products. It's been a while since we've asked you--the readers of
Security UPDATE--for your opinions. So this week, we want to pose some
general questions and request your input into how we can improve this
newsletter.

One question we often contemplate is whether Security UPDATE is too
long, too short, or just right. Knowing how busy you all are, we try
to keep it as short as we can, but please tell us what you think about
the length. For example, do you prefer to have the complete In Focus
in the newsletter, or would you rather see a short summary of it with
a link to the full text on our Web site? Are our News and Feature
summaries long enough, or are they too short?

In each Security UPDATE, we typically include In Focus, news, an FAQ,
a forum thread, and new products. We sometimes (although not each
week) include feature-article summaries and Virus Alerts. Do you want
to see more or less of any of the above? Are there other types of
information you'd like to see covered?

You might have noticed that we've recently adjusted the format of
Security UPDATE's table of contents (TOC). We wonder whether you like
having a TOC, and if so, whether you prefer a complete TOC or an
abbreviated one. Also, does a numbered TOC (with matching numbers in
the body of the newsletter) help you navigate the newsletter, or do
you prefer a simple bulleted TOC?

Those are some of the particular areas we'd like your opinion about,
but we're also open to any other suggestions, critiques, and comments
you might want to share with us. So please feel free to send any
feedback to me at "mark at ntsecurity dot net." Please use a subject
prefix of "SECUPD:" to help me more easily identify responses to this
editorial.

One other content-related item I want to point out this week is our
new Really Simple Syndication (RSS) feeds. We've recently added
several such feeds to our Web site, and you can learn more about them
in the "New RSS Feeds" news story below.

====================

==== Sponsor: Symantec ON iPatch ====
   ON iPatch allows you to proactively patch and secure thousands of
computers simultaneously - including remote and mobile computers, no
matter where they are located or connected - and rapidly recover from
virus corruption, without the significant cost and time delay by
sending IT staff to remote locations.
   As a result, ON iPatch allows you to cost effectively protect all
your business-critical systems and minimize the substantial risk of
lost revenue and downtime caused by future virus and worms.
   Click here for more information:
   http://list.winnetmag.com/cgi-bin3/DM/y/efBZ0CJgSH0CBw0BGbT0At

====================

==== Security News and Features ====

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these discoveries
at
   http://www.winnetmag.com/departments/departmentid/752/752.html

News: New RSS Feeds; Cisco Buys Twingo; Windows XP2; cPanel Problems;
Storage Utilities
   Windows & .NET Magazine has numerous new Really Simple Syndication
(RSS) feeds that you can use to stay abreast of our latest news and
articles or to integrate our content into your own Web site. Cisco
Systems bought desktop security company Twingo Systems for $5 million
in cash. Windows XP Service Pack 2 (SP2) is on the way--you can learn
more about it now. New bugs were discovered in cPanel. Making the
storage utility a compelling service offering isn't easy. Jerry
Cochran talks about how manageability--including Storage Resource
Management (SRM), disaster recovery and business continuance, and
security--is one key reason for the difficulty.
   http://www.winnetmag.com/article/articleid/42046/42046.html

Sneak Preview: SUS 2.0 Beta Is Now WUS
   Microsoft announced that Software Update Services (SUS) 2.0 is now
renamed Windows Update Services (WUS). The company released the new
version of the product into public beta testing and evaluation on
March 16. You can learn all about it in the documentation (in
Microsoft Word format) on the Microsoft Web site and sign up for the
beta or evaluation program.
   http://www.winnetmag.com/article/articleid/42051/42051.html

News: Chat with Microsoft about WUS and More; New Shell Coders
Resource; eEye on Security; Phishing for Fargo
   If you missed the March 16 chat with Microsoft about Windows Update
Services (WUS), you might find the chat archived for your review on
the Microsoft chat Web page. Or chat with the company about other
security topics and other Microsoft products. A new book is available
from John Wiley & Sons that helps you learn shell-coding techniques to
help you defend your network. eEye Digital Security's eEye Research
discovered five new vulnerabilities in IBM, Apple Computer, and
Microsoft products. A new phishing scam targets Wells Fargo customers,
so watch out.
   http://www.winnetmag.com/article/articleid/42075/42075.html

News: VoIP Security; More Phishing; New Mac OS X Released
   Because Voice over IP (VoIP) technologies rely on computers,
software, and networks, you must consider many potential threats when
implementing them. Learn more about defending VoIP. Yet another
phishing scam is under way, targeting users of the Regulations.gov Web
site. The Federal Trade Commission (FTC) has issued a consumer alert.
Apple Computer released Mac OS X 10.3.3, which includes--among other
enhancements--all previous standalone security updates.
   http://www.winnetmag.com/article/articleid/42050/42050.html

====================

==== Sponsor: Virus Update from Panda Software ====
   Are your traditional antivirus solutions really protecting your
network? Panda Antivirus GateDefender is a dedicated hardware device
installed at the Internet gateway to block viruses before they
contaminate your network. It scans 7 different communication
protocols, achieving optimum protection against external attacks.
Panda Antivirus GateDefender 7100 (25-500 seats) & Panda Antivirus
GateDefender 7200 (500 seats+) provide the highest scalability with
native load balancing that transparently adapts to traffic volume.
   Visit "Panda's GateDefender Stands Guard!" at
http://list.winnetmag.com/cgi-bin3/DM/y/efBZ0CJgSH0CBw0BEGa0Ad
for more information.

====================

==== Announcements ====
   (from Windows & .NET Magazine and its partners)

Free eBook--"The Expert's Guide for Exchange 2003: Preparing for,
Moving to, and Supporting Exchange Server 2003"
   This eBook will educate Exchange administrators and systems
managers about how to best approach the migration and overall
management of an Exchange 2003 environment. The book will concentrate
on core issues such as configuration management, accounting, and
monitoring performance with an eye toward migration, consolidation,
security, and management.
   http://list.winnetmag.com/cgi-bin3/DM/y/efBZ0CJgSH0CBw0BGSd0Au

Event Central--a Comprehensive Resource for the Latest Events in Your
Field
   Looking for one place to find the latest Web seminars, roadshows,
and conferences? Event Central has every topic you're looking for.
Stay current on the latest developments in your field. Visit Event
Central and find answers now!
   http://list.winnetmag.com/cgi-bin3/DM/y/efBZ0CJgSH0CBw0BEtb0AP

Get 2 Sample Issues of SQL Server Magazine!
   SQL Server Magazine is a 360-degree resource loaded with must-read
information covering database modeling, ADO.NET, XML, performance
tuning, security, and the latest topics that SQL Server database
developers, administrators, and business intelligence architects need
to know. Try two (no-risk) sample issues today, and discover the
timesaving qualities the magazine has to offer. Click here:
   http://list.winnetmag.com/cgi-bin3/DM/y/efBZ0CJgSH0CBw0BGbU0Au

====================

==== Hot Release ====
   FREE DOWNLOAD: New Sitekeeper(R) 3.0
   Find machines that are missing patches and service packs,
distribute patches and updates, track licenses, and inventory hardware
and software-all within an hour of installation! Sitekeeper makes
automated systems management fast, affordable and easy. Start managing
your systems RIGHT NOW-Download FREE Sitekeeper trialware!
   http://list.winnetmag.com/cgi-bin3/DM/y/efBZ0CJgSH0CBw0BGbV0Av

====================

==== Instant Poll ====

Results of Previous Poll
   The voting has closed in the Windows & .NET Magazine Network
Security Web page nonscientific Instant Poll for the question, "Does
your company plan to implement a server-based mail-authentication
solution?" Here are the results from the 187 votes.
   - 53% Yes, Sender Policy Framework
   -  3% Yes, DomainKeys
   -  5% Yes, Caller ID for E-Mail
   - 11% Yes, two or more of the above
   - 27% No
   (Deviations from 100 percent are due to rounding.)

New Instant Poll
   The next Instant Poll question is, "Does your company use or intend
to use Voice over IP (VoIP) technology?" Go to the Security Web page
and submit your vote for
   - Yes, we use it now
   - Yes, we intend to use it
   - No, we don't plan to use it
   - Not sure
   http://www.winnetmag.com/windowssecurity

==== Security Toolkit ====

Virus Center
   Panda Software and the Windows & .NET Magazine Network have teamed
to bring you the Center for Virus Control. Visit the site often to
remain informed about the latest threats to your system security.
   http://www.winnetmag.com/windowssecurity/panda

FAQ: After I use the Microsoft Exchange Server 2003 Recovery Storage
Group, do I need to delete its contents?
   by John Savill, http://www.winnetmag.com/windowsnt20002003faq

A. Yes, after you finish a recovery operation, you should delete all
databases in the Recovery Storage Group and delete the group itself.
If you fail to do so, you'll encounter problems when you try to
perform a typical restore because Exchange might still store the data
in the Recovery Storage Group instead of placing it in the usual
storage group (SG) location.

If you want to leave the Recovery Storage Group in place, you must
tell the backup API to ignore the group by performing the following
steps:

   1. Start a registry editor (e.g., regedit.exe).
   2. Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
\Services\MSExchangeIS\ParametersSystem registry subkey.
   3. From the Edit menu, select New, DWORD Value.
   4. Enter the name Recovery SG Override, double-click the new value,
set it to 1, then click OK.

Be careful when you perform these steps. If you later delete the
Recovery Storage Group but you neglect to delete (or set to 0) the
registry value that you created in steps 3 and 4 and another
administrator later recreates the Recovery Storage Group for a restore
operation, that restore operation will overwrite the original database
rather than use the Recovery Storage Group database. This behavior
will result in serious production problems.

Featured Thread: How Do I Encrypt Everything?
   (Two messages in this thread)
   A reader writes that his or her company has decided to encrypt all
the data on the company systems as well as data traveling to and from
the systems. The company has a Windows 2000 and Active Directory (AD)
environment and wants to know whether anyone can recommend one
solution that handles data encryption for desktops, laptops, servers,
TCP/IP networks, Web, and email. Lend a hand or read the responses:
http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=118325

==== Events Central ====
   (A complete Web and live events directory brought to you by Windows
& .NET Magazine: http://list.winnetmag.com/cgi-bin3/DM/y/efBZ0CJgSH0CBw0BEtb0AP )

New--Microsoft Security Strategies Roadshow!
   We've teamed with Microsoft, Avanade, and Network Associates to
help you better protect your infrastructure and applications against
security threats. Learn how to implement a patch-management strategy;
lock down servers, workstations, and network infrastructure; and
implement security policy management. Register now for this free
event.
   http://list.winnetmag.com/cgi-bin3/DM/y/efBZ0CJgSH0CBw0BELe0Am

==== New and Improved ====
   by Jason Bovberg, products at winnetmag.com

Ensure the Reliability of Your Network Security
   MetaInfo announced Meta IP NG Feature Pack 4, which extends the
functionality of Meta IP DHCP through three separately deployable
modules: the DHCP MAC Address Authentication module, the Check Point
UserAuthority Authentication module, and the Authenex ASAS module.
Each module ensures that only authenticated users can obtain leases to
privileged IP addresses. Meta IP NG Feature Pack 4 also extends the
software's reliability features. Users can create scheduled backups of
Meta IP system configurations within the UI and from the command line,
creating further layers of redundancy and failover consistency across
networks. For more information about Meta IP NG Feature Pack 4,
including pricing, contact MetaInfo at sales at metainfo.com,
206-674-3700, or on the Web.
   http://www.metainfo.com

Tell Us About a Hot Product and Get a T-Shirt!
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a Windows & .NET Magazine T-shirt if we write about the
product in a future Windows & .NET Magazine What's Hot column. Send
your product suggestions with information about how the product has
helped you to whatshot at winnetmag.com.

===================

==== Sponsored Links ====

Microsoft(TM)
   Enter the Microsoft Windows Server 2003 Challenge. Win BIG prizes.
   http://list.winnetmag.com/cgi-bin3/DM/y/efBZ0CJgSH0CBw0BGIT0AU

===================

==== Contact Us ====

About the newsletter -- letters at winnetmag.com
About technical questions -- http://www.winnetmag.com/forums
About product news -- products at winnetmag.com
About your subscription -- securityupdate at winnetmag.com
About sponsoring Security UPDATE -- emedia_opps at winnetmag.com

====================

==== Contact Our Sponsors ====

Primary/Secondary Sponsor:
   Symantec -- http://www.symantec.com

Hot Release Sponsor:
   Executive Software -- http://www.executive.com

====================

This email newsletter is brought to you by Windows & .NET Magazine,
the leading publication for IT professionals deploying Windows and
related technologies. Subscribe today.
   http://www.winnetmag.com/sub.cfm?code=wswi201x1z

View the Windows & .NET Magazine privacy policy at
http://www.winnetmag.com/AboutUs/Index.cfm?action=privacy

Windows & .NET Magazine, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2004, Penton Media, Inc. All rights reserved.





More information about the isn mailing list