[ISN] Security UPDATE -- In Focus: pGina Open Source GINA
Replacement -- March 30, 2005
InfoSec News
isn at c4i.org
Thu Mar 31 01:37:41 EST 2005
====================
This email newsletter comes to you free and is supported by the
following advertisers, which offer products and services in which
you might be interested. Please take a moment to visit these
advertisers' Web sites and show your support for Security UPDATE.
Free Info Kit on Automating Patch Management
http://list.windowsitpro.com/t?ctl=6511:4FB69
New NetOp Remote Control v 8.0
http://list.windowsitpro.com/t?ctl=64FE:4FB69
====================
1. In Focus: pGina Open Source GINA Replacement
2. Security News and Features
- Recent Security Vulnerabilities
- Altiris to Acquire Pedestal Software
- BMC Acquires OpenNetwork
- Consolidated Security Event IDs in Windows 2003
3. Security Toolkit
- Security Matters Blog
- FAQ
- Security Forum Featured Thread
4. New and Improved
- Encryption with Two-Factor Authentication
====================
==== Sponsor: PatchLink====
Free Info Kit on Automating Patch Management
Now, in a free information kit, learn how easily you can identify,
deploy, and maintain patches critical to the security and availability of
your network. You'll also discover how you can maintain bulletproof security
-- against a range of threats -- at every network endpoint. This
information-packed kit, from the pros at PatchLink, also shows you how to
reduce IT workload by automating the installation of critical patches while
being confident that all installed patches are pre-tested –- without having
to do the testing. Click here to get your Free "Automating Patch Management"
Kit now, and learn how to ease one of your biggest IT burdens. Download your
Free Kit at:
http://list.windowsitpro.com/t?ctl=6511:4FB69
====================
==== 1. In Focus: pGina Open Source GINA Replacement ====
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
You're probably aware that Windows Graphical Identification and
Authentication (GINA) DLL is the interface used for logons during user
authentication. You might also be aware that you can install a GINA
replacement if you need to use nonstandard authentication methods or to
integrate additional authentication types, such as a fingerprint logon
system.
It's probably not wise to replace GINA unless you really need to
because doing so could weaken both your system and network security.
But in some cases, that might not matter to you as much as the
management headache that you'd incur if you didn't replace GINA.
Some vendors--particularly those that make alternative authentication
systems--offer GINA replacements to help integrate their products into
a Windows platform. But there are undoubtedly some network
architectures in which you'd really like to a have a GINA replacement,
yet haven't found anything suitable that can address all your needs.
Recently in SecurityFocus's Focus-MS mailing list, someone mentioned an
open-source GINA replacement, pGina, that seems like it could be
helpful to those with diverse authentication needs. pGina, from XPA
Systems, is unique in that it uses a plug-in architecture that lets you
add just about any kind of authentication mechanism you can imagine. If
there isn't a plug-in that meets your needs, then you can use the
source code to develop one or have someone develop a plug-in for you.
Depending on your needs and network architecture, pGina might let you
centralize all your user credentials, which could save a lot of time
and effort in management.
http://list.windowsitpro.com/t?ctl=6514:4FB69
Numerous plug-ins are already available for pGina. For example, the
Remote Authentication Dial-in User Service (RADIUS) plug-in lets you
authenticate users to any RADIUS server. The ACE plug-in lets you use
RSA Security's RSA SecureID two-factor authentication system for
Windows logons--although last I heard, RSA does offer its own GINA
replacement. Another interesting plug-in works with MySQL open-source
database servers, which could be used to store user credentials. Yet
another plug-in works with the Bluesocket architecture, which is very
useful for authenticating mobile users. There are also plug-ins for
Network Information Service (NIS) servers, Lightweight Directory Access
Protocol (LDAP) servers, OpenAFS (based on the Andrew File System), and
more.
GINA replacements are also available from other sources. FrontMotion
sells source code to a GINA replacement that supports most versions of
Windows and includes domain support and Active Directory (AD) support.
Doug Scoular offers a free GINA replacement that helps integrate
Windows with Unix or Linux platforms by using FTP as an authentication
mechanism. Deakin University offers free GINA source code that can be
used to authenticate with NIS servers.
http://list.windowsitpro.com/t?ctl=6512:4FB69
http://list.windowsitpro.com/t?ctl=6510:4FB69
http://list.windowsitpro.com/t?ctl=6515:4FB69
====================
==== Sponsor: CrossTec ====
FREE Download – The Next Generation of End-Point Security is Available
Today.
NEW NetOp Desktop Firewall's fast 100% driver-centric design offers
a tiny footprint that protects machines even before Windows loads -
without slowing them down. NetOp is also the only solution to provide
process control as well as application control to give you the highest
level of security. The NetOp Desktop Firewall utilizes real-time
centralized management and control, intelligent network detection,
stateful packet filtering, port blocking, protection from process
hijacking, and much more. Try it FREE.
http://list.windowsitpro.com/t?ctl=64FE:4FB69
====================
==== 2. Security News and Features ====
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http://list.windowsitpro.com/t?ctl=6504:4FB69
Altiris to Acquire Pedestal Software
Altiris announced that it will acquire Pedestal Software in a deal
valued at $65 million. Altiris further said that after the deal closes
at the end of March, the company will immediately begin integrating
Pedestal products into its distribution channels and will continue
offering Pedestal's SecurityExpressions and AuditExpress products as
standalone solutions.
http://list.windowsitpro.com/t?ctl=6509:4FB69
BMC Acquires OpenNetwork
BMC Software announced that it has reached an agreement to acquire
OpenNetwork, makers of Web application management and single sign-on
(SSO) technology. BMC said OpenNetwork's solutions will allow BMC to
expand its browser-based authentication and authorization offerings,
which compliment its existing offerings for workflow, audit and
compliance, enterprise-enabled SSO, provisioning, and directory content
management.
http://list.windowsitpro.com/t?ctl=650B:4FB69
Consolidated Security Event IDs in Windows 2003
Randy Franklin Smith tells why Windows Server 2003 domain
controllers (DCs) don't report domain-account authentication failures,
except for bad password attempts.
http://list.windowsitpro.com/t?ctl=650A:4FB69
====================
==== Resources and Events ====
The Essential Guide to Active Directory Management
Migrating from NDS and/or eDirectory to AD means changes in the way
you manage your network, users, and network resources. Download this
Essential Guide to Active Directory Management and learn hands-on
approaches that reduce management complexity, IT workload, and costs
and improve security--all with minimal impact on your organization.
Download this guide today.
http://list.windowsitpro.com/t?ctl=6503:4FB69
Get Chapter 2 of "SQL Server Administration for Oracle DBAs"
Learn the key concepts that give Oracle DBAs a firm foundation in
mapping Oracle database-management skills, knowledge, and experience to
SQL Server database management. Chapter 2 of this free eBook discusses
SQL Server management, including managing memory, processes, storage,
sessions and transactions, and low-level structures (e.g., locks,
latches). Download Chapter 2 now!
http://list.windowsitpro.com/t?ctl=6500:4FB69
Attend This Free Web Seminar for a Chance to Win a $1000 American
Express Gift Check!
Achieve High Availability and Disaster Recovery for Microsoft
Servers. In this Web seminar, discover what it takes to minimize the
likelihood of downtime through reliability and resilience in your
Microsoft server environment, including Exchange Server, SQL Server,
File Server, IIS, and SharePoint. Sign up today!
http://list.windowsitpro.com/t?ctl=64FF:4FB69
Hey Europe! Get Ready to Become the Next Gatekeeper Champion
Get a leg up on your fellow European IT pros by getting all the
study materials you'll need to help you prepare for the next Gatekeeper
competition on April 4. Windows IT Pro will help you hone your security
skills and become the ultimate IT security expert. Start preparing now
by visiting:
http://list.windowsitpro.com/t?ctl=6505:4FB69
Sensible Best Practices for Exchange Availability On-Demand Web Seminar
If you're discouraged about not having piles of money for improving
the availability of your Exchange server, join Exchange MVP Paul
Robichaux for this free Web seminar and learn how to maximize your
existing configuration. Survive unexpected outages, plan for the
unplannable, and evaluate what your real business requirements are
without great expense. Register now!
http://list.windowsitpro.com/t?ctl=6501:4FB69
====================
==== 3. Security Toolkit ====
Security Matters Blog
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=650F:4FB69
Patching with WSUS
If you're interested in using Windows Server Update Services (WSUS--
formerly Windows Update Services), then you might consider watching
Microsoft's new on-demand TechNet Webcast, "Introduction to Security
Patching Using Windows Update Services." The Webcast offers insight
into WSUS's new features and offers planning and deployment guidance.
Microsoft also released a WSUS release candidate (RC) and said that
after April 22, WUS beta 2 will no longer receive updates. So if you
were testing the beta, you need to update your copy to the RC.
http://list.windowsitpro.com/t?ctl=6508:4FB69
FAQ
by John Savill, http://list.windowsitpro.com/t?ctl=650D:4FB69
Q: How can I deploy missing patches to my Microsoft Systems Management
Server (SMS) clients?
Find the answer at
http://list.windowsitpro.com/t?ctl=6507:4FB69
Security Forum Featured Thread: Password Control Via IIS
A forum participant has an intranet that requires domain
authentication for access to data on one Windows 2000 Server machine.
He's set a password timeout period for x number of days. But users
don't see a password expiration warning because they log on via an IIS
site. In addition, passwords seem to stop working for some time before
they expire. How can he deliver a password expiration notification to
the users? Join the discussion at
http://list.windowsitpro.com/t?ctl=6502:4FB69
====================
==== Announcements ====
(from Windows IT Pro and its partners)
Get Windows IT Pro at 44% Off!
Windows & .NET Magazine is now Windows IT Pro! Act now to get an
entire year for just $39.95--that's 44% off the cover price! Our March
issue shows you what you need to know about Windows Server 2003 SP1,
how to get the best out of your IT staff, and how to fight spyware.
Plus, we review the top 10 features of Mozilla Firefox 1.0. This is a
limited-time, risk-free offer, so click here now:
http://list.windowsitpro.com/t?ctl=650C:4FB69
====================
==== 4. New and Improved ====
by Renee Munshi, products at windowsitpro.com
Encryption with Two-Factor Authentication
Mobile Armor announced that its PolicyServer and DataArmor products
have "RSA SecurID Ready" certification, meaning that they now integrate
with RSA SecurID two-factor authentication technology. DataArmor
software provides preboot authentication and high-speed full-device
encryption, especially for mobile devices; PolicyServer integrates
DataArmor with other security software such as antivirus solutions,
VPNs, and firewalls. For more information, go to
http://list.windowsitpro.com/t?ctl=6516:4FB69
Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a T-shirt if we write about the product in a future
Windows IT Pro What's Hot column. Send your product suggestions with
information about how the product has helped you to
whatshot at windowsitpro.com.
Editor's note: Share Your Security Discoveries and Get $100
Share your security-related discoveries, comments, or problems and
solutions in the Windows IT Security print newsletter's Reader to
Reader column. Email your contributions (500 words or less) to
r2rwinitsec at windowsitpro.com. If we print your submission, you'll
get $100. We edit submissions for style, grammar, and length.
====================
==== Contact Us ====
About the newsletter -- letters at windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=6513:4FB69
About product news -- products at windowsitpro.com
About your subscription -- windowsitproupdate at windowsitpro.com
About sponsoring Security UPDATE -- emedia_opps at windowsitpro.com
====================
This email newsletter is brought to you by Windows IT Security,
the leading publication for IT professionals securing the Windows
enterprise from external intruders and controlling access for
internal users. Subscribe today.
http://list.windowsitpro.com/t?ctl=6506:4FB69
View the Windows IT Pro privacy policy at
http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2005, Penton Media, Inc. All rights reserved.
More information about the ISN
mailing list