[ISN] Security UPDATE -- Browser Security;
More About Security Through Obscurity -- June 8, 2005
InfoSec News
isn at c4i.org
Thu Jun 9 01:17:49 EDT 2005
====================
This email newsletter comes to you free and is supported by the
following advertisers, which offer products and services in which
you might be interested. Please take a moment to visit these
advertisers' Web sites and show your support for Security UPDATE.
A New Dimension in IT Infrastructure Management: Integrated KVM and
Serial Console Control Systems
http://list.windowsitpro.com/t?ctl=BB46:4FB69
Avoiding Availability Pitfalls in Microsoft Exchange Environments
http://list.windowsitpro.com/t?ctl=BB41:4FB69
====================
1. In Focus: Browser Security; More About Security Through Obscurity
2. Security News and Features
- Recent Security Vulnerabilities
- Does Web Browser Choice Affect Security?
- Setting Up Windows Server Update Services
3. Security Toolkit
- Security Matters Blog
- FAQ
4. New and Improved
- Keep Your Windows PC Secure
====================
==== Sponsor: Raritan Computer ====
A New Dimension in IT Infrastructure Management: Integrated KVM and
Serial Console Control Systems
In this free white paper learn how today's KVM and serial console
control tools have evolved to meet the challenge of large,
multiplatform, heterogeneous infrastructures data centers becoming ever
more complex. Plus - discover the many benefits of integrated KVM and
serial solutions, which include reduced downtime, mean-time-to-repair,
lower costs and improved ROI. Download your copy now!
http://list.windowsitpro.com/t?ctl=BB46:4FB69
====================
==== 1. In Focus: Browser Security; More About Security Through
Obscurity ====
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
In a recent survey performed by Opera Software, approximately 32
percent of respondents had no idea whether the browser they choose
affects their system's overall security (see the news item below). It's
probably safe to assume that those people don't know how any
application might affect their system's overall security.
Some people might argue that using any browser other than Microsoft
Internet Explorer (IE) is far safer. That might not be true depending
on how someone uses IE. For example, if you load the latest patches,
stay on top of the latest vulnerabilities and exploits, use add-on
tools that increase security, and possibly modify certain registry
settings, then IE can become much safer to use than it is in its
default configuration. Plus, if you use Windows XP with Service Pack 2
(SP2), IE is much safer.
If you subscribe to our WinInfo Daily UPDATE newsletter, you probably
read last Friday's Short Takes edition in which Paul Thurrott mentioned
that IE 7.0 is in development. It will undoubtedly be more secure than
previous versions, but there's a catch: It will be available only for
Windows XP and Windows Server 2003. At this time, it seems that
Microsoft won't make the new browser version available for Windows
2000. Mainstream support for that OS ends June 30, but that doesn't
mean that no security patches will be available. Since the company will
provide free security patches until June 2010, I think we can assume
that includes security patches for IE on Win2K.
It's certainly possible to switch from IE to another browser on any
Windows platform, but of course doing so presents problems because some
application interfaces rely on the use of IE. This means that in many
cases, you'll have to use two browsers, which isn't a big deal, but you
do incur the added work of managing an additional application on your
desktops.
Last week, I wrote about security through obscurity. One reader wrote
to say that in his opinion I completely missed the point of what the
phrase "security through obscurity" really means. There's no sense
arguing semantics. I'll just say that I was advocating adding as much
security as possible even if the added amount is trivial. Another
reader wrote with a comment that illustrates this point. He said that
even though he knows a thief can quickly unlock his car door and steal
the vehicle, he locks the car anyway.
That about sums it up. However, there is the notion of cost, which I
didn't cover last week. Some might argue that the cost of managing
something like MAC address filtering on wireless Access Points (APs) is
excessively expensive for the amount of security gained. This could be
true depending on the size of your environment, the size of your budget
and your ideas about where that money is best spent, and the manner in
which you implement network management. Obviously, you have to decide
that for yourself.
A feature item below mentions a feature article about Windows Server
Update Services (WSUS). You can read the complete feature article on
our Web site and chat about WSUS with Doug Toombs today at 12 P.M.
Eastern (9 A.M. Pacific). Learn more about the "WSUS Is Not for
Wussies!" Web chat at
http://list.windowsitpro.com/t?ctl=BB59:4FB69
====================
==== Sponsor: MessageOne ====
Avoiding Availability Pitfalls in Microsoft Exchange Environments
When Microsoft Exchange is down, many businesses are down. Although
many solutions are targeted at making Exchange email environments more
reliable, a wide range of potential difficulties still lurk, waiting to
interrupt service and, ultimately, your business. In this free white
paper, discover the more common pitfalls that can lessen Exchange
availability and the recommendations for what you can do to avoid the
problem and better plan your Microsoft Exchange messaging environment.
http://list.windowsitpro.com/t?ctl=BB41:4FB69
====================
==== 2. Security News and Features ====
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http://list.windowsitpro.com/t?ctl=BB4C:4FB69
Does Web Browser Choice Affect Security?
A recent survey revealed that many people still don't realize how
applications might affect overall system security. The survey revealed
that 17 percent of respondents thought that the browser played no role
in overall system security and 32 percent said they didn't know one way
or the other.
http://list.windowsitpro.com/t?ctl=BB4F:4FB69
Setting Up Windows Server Update Services
Patch management is a headache for security administrators at most
organizations. Windows Server Updates Services (WSUS) offers benefits
for organizations of all sizes. In this article, John Howie walks you
through the process of installing and configuring WSUS for your
organization, obtaining updates, and configuring clients to use WSUS to
obtain updates.
http://list.windowsitpro.com/t?ctl=BB50:4FB69
====================
==== Resources and Events ====
Antispam product not working?
Many email administrators are experiencing increased frustration
with their current antispam products as they battle new and more
dangerous email threats. In-house software, appliances, and even some
services may no longer work effectively and require too much IT staff
time to update and maintain or to satisfy the needs of different users.
In this free Web seminar, learn how you can search for a better way to
protect your email systems and users.
http://list.windowsitpro.com/t?ctl=BB48:4FB69
Register For This Free Web Seminar--You Could Win a Windows IT Pro VIP
Subscription!
In this free Web seminar, learn what the most common fax messaging
challenges encountered in the workforce are and solutions for how to
turn these common fax "headaches" into cost-effective, easy-to-use,
business communications. You'll also receive a free, industry white
paper on fax deployment and integration techniques. Register now and
you'll receive a 30-day software trial and a Starbucks gift card for
attending!
http://list.windowsitpro.com/t?ctl=BB45:4FB69
Diagnose and Resolve Performance Problems
Maximizing application performance isn't easy, and database is only
one component of today's complex, multi-tiered systems. In this free
Essential Guide, learn how to follow a solid monitoring practice and
troubleshoot issues before they get out of hand. You'll discover how
you can ensure optimal SQL Server performance and satisfied users.
http://list.windowsitpro.com/t?ctl=BB4B:4FB69
Get Ready for SQL Server 2005 Roadshow in Europe
Get the facts about migrating to SQL Server 2005. SQL Server experts
will present real-world information about administration, development,
and business intelligence to help you implement a best-practices
migration to SQL Server 2005 and improve your database computing
environment. Receive a 1-year membership to PASS and 1-year
subscription to SQL Server Magazine. Register now!
http://list.windowsitpro.com/t?ctl=BB49:4FB69
Recover Your Active Directory
Get answers to all your Active Directory recovery questions here!
Join industry guru Darren Mar-Elia in this free Web Seminar and
discover how to use native recovery tools and methods, how to implement
a lag site to delay replication, limitations to native recovery
approaches and more. Learn how you can develop an effective AD backup
strategy - Register today!
http://list.windowsitpro.com/t?ctl=BB43:4FB69
====================
==== Featured White Paper ====
Antispam Product Not Working?
In-house software, appliances, and some services may no longer work
effectively and require too much IT staff time to update and maintain
or to satisfy the email security needs of different users. In this free
white paper, learn how a managed service solution can lower overhead
and administrative costs, get more flexible end-user controls, improve
service and support, and more.
http://list.windowsitpro.com/t?ctl=BB42:4FB69
====================
==== Hot Release ====
Converting a Microsoft Access Application to Oracle HTML DB
Get the most efficient, scaleable and secure approach to managing
information using an Oracle Database with a Web application as the user
interface. In this free white paper learn how you can use an Oracle
HTML Database to convert a Microsoft Access application into a Web
application that can be used by multiple users concurrently. You'll
learn how to improve the original application by adding hit
highlighting and an authorization scheme to provide access control to
different types of users. Download this free white paper now!
http://list.windowsitpro.com/t?ctl=BB47:4FB69
====================
==== 3. Security Toolkit ====
Security Matters Blog: TCPDUMP for Windows
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=BB55:4FB69
If you've been looking for a Windows-based version of the popular
tcpdump tool, MicroOLAP Technologies offers MicroOLAP TCPDUMP for
Windows, which the company says reproduces all the features found in
the original tcpdump for UNIX.
http://list.windowsitpro.com/t?ctl=BB4E:4FB69
FAQ
by John Savill, http://list.windowsitpro.com/t?ctl=BB52:4FB69
Q: How can I enable the List Object security option in Active Directory
(AD)?
Find the answer at
http://list.windowsitpro.com/t?ctl=BB51:4FB69
====================
==== 4. New and Improved ====
by Renee Munshi, products at windowsitpro.com
Keep Your Windows PC Secure
WinKeeper Professional 4.85 is the most recent version of a suite of
12 Windows security utilities from WinKeeper Software. Spyware Doctor
detects and cleans spyware, adware, Trojan horses, keyloggers, spybots,
and other malware that might be on your PC. Security Task Manager lets
you examine the processes that run on your computer and ensure that
there are no intruders. BHO Cleaner lets you easily control the browser
helper objects that have been installed on your computer. Other suite
utilities can help you clear your IE history file, erase files, and
manage passwords. WinKeeper Professional 4.85 runs under Windows
98/Me/NT 4.0/2000/XP and costs $34.95 for a single-user license. For
more information, go to
http://list.windowsitpro.com/t?ctl=BB5A:4FB69
Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a T-shirt if we write about the product in a future
Windows IT Pro What's Hot column. Send your product suggestions with
information about how the product has helped you to
whatshot at windowsitpro.com.
Editor's note: Share Your Security Discoveries and Get $100
Share your security-related discoveries, comments, or problems and
solutions in the Windows IT Security print newsletter's Reader to
Reader column. Email your contributions (500 words or less) to
r2rwinitsec at windowsitpro.com. If we print your submission, you'll
get $100. We edit submissions for style, grammar, and length.
====================
==== Sponsored Links ====
Optimizing Disk-Based Backups for SMBs and Distributed Enterprises
Combine disk-based backup with automated backup technology. Download
now!
http://list.windowsitpro.com/t?ctl=BB44:4FB69
Free Active Directory Recovery white paper
Recover data in minutes with Quest Recovery Manager for AD
http://list.windowsitpro.com/t?ctl=BB5B:4FB69
====================
==== Contact Us ====
About the newsletter -- letters at windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=BB56:4FB69
About product news -- products at windowsitpro.com
About your subscription -- windowsitproupdate at windowsitpro.com
About sponsoring Security UPDATE -- emedia_opps at windowsitpro.com
====================
This email newsletter is brought to you by Windows IT Security,
the leading publication for IT professionals securing the Windows
enterprise from external intruders and controlling access for
internal users. Subscribe today.
http://list.windowsitpro.com/t?ctl=BB4D:4FB69
View the Windows IT Pro privacy policy at
http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2005, Penton Media, Inc. All rights reserved.
More information about the ISN
mailing list