[ISN] TCP/IP Changes in Windows Vista and Longhorn
InfoSec News
isn at c4i.org
Thu Feb 16 05:41:45 EST 2006
====================
This email newsletter comes to you free and is supported by the
following advertisers, which offer products and services in which
you might be interested. Please take a moment to visit these
advertisers' Web sites and show your support for Security UPDATE.
Bindview
http://list.windowsitpro.com/t?ctl=20EAA:4FB69
Thawte
http://list.windowsitpro.com/t?ctl=20EAD:4FB69
====================
1. In Focus: TCP/IP Changes in Windows Vista and Longhorn
2. Security News and Features
- Recent Security Vulnerabilities
- Intel Invests in European Linux Solution Provider Collax
- Sophos to Sell ActiveState
- Three Products Achieve ICSA Labs Desktop Anti-Spyware Certification
3. Security Toolkit
- Security Matters Blog
- FAQ
- Share Your Security Tips
4. New and Improved
- Monitor Windows Event Logs for Compliance
====================
==== Sponsor: Bindview ====
Get the tips you need to prepare and comply with PCI-Data Security
standards, including defining the 12 major requirements, and how those
requirements affect IT.
http://list.windowsitpro.com/t?ctl=20EAA:4FB69
====================
==== 1. In Focus: TCP/IP Changes in Windows Vista and Longhorn ====
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
The upcoming Windows Vista and Longhorn server releases will both use a
redesigned TCP/IP stack. The new stack will bring several new features,
including routing compartments, a better host model, better support for
IP version 6 (IPv6), a new packet-filtering API, and some other changes
that don't necessarily affect security (you can read about these
changes at the URL at the end of this editorial).
The routing compartments feature is really interesting. It lets each
user logon session have its own routing table and will prevent Internet
traffic from being routed across a VPN into an intranet. The new host
model will help defend against attacks on multihomed systems. So for
example, a packet that reaches a network interface must have a
destination address that matches the interface's address or the packet
will be dropped.
The new packet-filtering API, now known as Windows Filtering Platform
(WFP), will help developers more easily filter or change packets before
they're processed further along in the OS. This means that tools such
as firewalls and antivirus and antispyware products can better control
which data enters the system. You can learn more about WFP at the
following URL:
http://list.windowsitpro.com/t?ctl=20EB4:4FB69
Windows XP and Windows Server 2003 both support IPv6; however
functionality is somewhat limited because they don't support Internet
Key Exchange (IKE) and data encryption. The new TCP/IP stack will fix
this problem by introducing a fully functional IPv6 protocol layer,
which will be enabled by default.
However, using IPv6 won't be without problems. Microsoft said that an
IPv6-enabled system will first request an AAAA record (which is a
record for IPv6 addresses). If the query fails, the system will request
an A record (a record for IPv4). Some DNS servers won't answer the A
record request if the AAAA request fails. If you want to get a head
start on building IPv6 functionality, make sure your DNS server will
handle the AAAA, A sequence of requests.
Another issue with IPv6 is Network Address Translation (NAT), which
might also break connectivity. To get around that problem, Microsoft
uses Teredo (also known as Shipworm), which is a method of
encapsulating IPv6 inside IPv4 UDP packets. Microsoft first released
Teredo support in its Advanced Networking Pack for Windows XP in XP
Service Pack 1 (SP1) and later shipped Teredo as part of XP SP2 and
Windows 2003 SP1. Teredo will be a standard part of Windows Vista and
Longhorn server.
You can read more about the IPv6 enhancements at the first URL below
and learn more about other new features of the TCP/IP stack at the
second URL below.
http://list.windowsitpro.com/t?ctl=20EAB:4FB69
http://list.windowsitpro.com/t?ctl=20EAC:4FB69
====================
==== Sponsor: Thawte ====
The Starter PKI Program
Do you need to secure multiple domains or host names? In this free
white paper you'll learn how the Starter PKI Program will benefit your
company with timesaving convenience. Plus--you'll get the chance to
actually test the program!
http://list.windowsitpro.com/t?ctl=20EAD:4FB69
====================
==== 2. Security News and Features ====
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http://list.windowsitpro.com/t?ctl=20EAF:4FB69
Intel Invests in European Linux Solution Provider Collax
Collax announced that Intel Capital has invested in the company,
bringing its total Series A funding to $8.4 million. Collax Business
Server's management interface offers simplified management functions
for security features including firewalls, proxies, VPNs, antivirus,
antispam, antiphishing, PKI, and Web content filtering.
http://list.windowsitpro.com/t?ctl=20EB9:4FB69
Sophos to Sell ActiveState
Security solutions provider Sophos will sell its ActiveState unit to
Canadian venture capital firm Pender Financial Group for $2.25 million.
Pender Financial intends to acquire ActiveState through a newly
incorporated company, which will allow ActiveState to become
independent.
http://list.windowsitpro.com/t?ctl=20EBA:4FB69
Three Products Achieve ICSA Labs Desktop Anti-Spyware Certification
Three products have earned ICSA Labs Desktop Anti-Spyware
Certification. ICSA Labs antispyware testing criteria determine whether
products can defend systems against spyware, keyloggers, password
stealers, dialers, rootkits, and adware. Find out which products earned
certification in this article on our Web site.
http://list.windowsitpro.com/t?ctl=20EB7:4FB69
====================
==== Resources and Events ====
Let industry expert Brian Moran teach you the tips and tricks he's
learned in 15 years of experience fine-tuning SQL Server systems. This
is a web seminar you won't want to miss! Live event: Tuesday, March 21,
2006, 12:00 EST.
http://list.windowsitpro.com/t?ctl=20EA5:4FB69
Learn the best ways to manage your email security (and fight spam)
using a variety of solutions and tips.
http://list.windowsitpro.com/t?ctl=20EAE:4FB69
Use clustering technology to protect your company against network
outages, power loss and natural disasters. Live Event: Wednesday,
February 28, 2006, 12:00 EST
http://list.windowsitpro.com/t?ctl=20EA6:4FB69
Gain control of your messaging data with step-by-step instructions for
complying with the law, ensuring your systems are working properly and
ultimately making your job easier.
http://list.windowsitpro.com/t?ctl=20EA9:4FB69
Align compliance with business efficiency, and learn how fax-document
management plays a role in your strategy.
http://list.windowsitpro.com/t?ctl=20EA7:4FB69
====================
==== Featured White Paper ====
Learn about recovery to virtual computer environments, hardware
migration strategies, hardware repurposing for optimal resource
utilization, meeting recovery time objectives, increasing disaster
tolerance, and more.
http://list.windowsitpro.com/t?ctl=20EA8:4FB69
====================
==== Hot Spot ====
ThreatSentry--IIS Host IPS & Application Firewall
Malicious or unauthorized traffic plaguing your Web servers?
ThreatSentry combines a state-of-the-art Application Firewall and
advanced behavioral intrusion prevention components to block any
activity falling outside of trusted parameters. Get enterprise-grade,
multi-layered protection for Microsoft IIS at a small business price!
Download free trial today.
http://list.windowsitpro.com/t?ctl=20EB5:4FB69
====================
==== 3. Security Toolkit ====
Security Matters Blog: Wipe Data from Your Old Media
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=20EBC:4FB69
I've covered this issue several times in different ways. Now there's
more help: the National Institute of Standards and Technology (NIST)
issued a new guide, "Guidelines for Media Sanitization." Find out more
in the blog article.
http://list.windowsitpro.com/t?ctl=20EB8:4FB69
FAQ
by John Savill, http://list.windowsitpro.com/t?ctl=20EBB:4FB69
Q: How can I clear the cache from Microsoft Internet Explorer (IE)?
Find the answer at http://list.windowsitpro.com/t?ctl=20EB6:4FB69
Share Your Security Tips and Get $100
Share your security-related tips, comments, or problems and
solutions in the Windows IT Security print newsletter's Reader to
Reader column. Email your contributions (500 words or less) to
r2rwinitsec at windowsitpro.com. If we print your submission, you'll
get $100. We edit submissions for style, grammar, and length.
====================
==== Announcements ====
(from Windows IT Pro and its partners)
VIP Subscribers have it all!
Become a VIP subscriber and get continuous, inside access to ALL of
the online resources published in Windows IT Pro magazine, SQL Server
Magazine, and the Exchange and Outlook Administrator, Windows Scripting
Solutions, and Windows IT Security newsletters--that's more than 26,000
articles at your fingertips. You'll also get a valuable one-year print
subscription to Windows IT Pro and two VIP CD-ROMs that include the
entire article database and are delivered twice per year. Don't miss
out--sign up now:
http://list.windowsitpro.com/t?ctl=20EB2:4FB69
Save 44% off the Windows IT Security Newsletter
For a limited time, order the Windows IT Security Newsletter and
SAVE up to $30 off the regular price. You'll discover endless
fundamentals about building and maintaining a secure enterprise, how-to
coverage of free security tools, and expert advice on the best way to
implement various security components. You'll also get unlimited access
to the full online security article database (more than 1900 articles).
Subscribe now:
http://list.windowsitpro.com/t?ctl=20EB1:4FB69
====================
==== 5. New and Improved ====
by Renee Munshi, products at windowsitpro.com
Monitor Windows Event Logs for Compliance
TNT Software offers ELM Event Log Monitor (EVM), which provides
monitoring, alerting, reporting, and archiving for Windows event logs.
TNT says it leveraged specific functionalities of its ELM Enterprise
Manager to produce a tool to meet companies' compliance and security
challenges. EVM collects Windows events from hundreds of systems and
presents the results at a centralized console, triggers real-time
alerts, stores the event data in a central database, and generates
audit reports. EVM monitors high-level account changes and logon/logoff
activity for compliance and security purposes. You can use
preconfigured or customized monitoring settings. For more information,
go to http://list.windowsitpro.com/t?ctl=20EBE:4FB69
Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a T-shirt if we write about the product in a future
Windows IT Pro What's Hot column. Send your product suggestions with
information about how the product has helped you to
whatshot at windowsitpro.com.
====================
==== Contact Us ====
About the newsletter -- letters at windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=20EBD:4FB69
About product news -- products at windowsitpro.com
About your subscription -- windowsitproupdate at windowsitpro.com
About sponsoring Security UPDATE -- salesopps at windowsitpro.com
====================
This email newsletter is brought to you by Windows IT Security,
the leading publication for IT professionals securing the Windows
enterprise from external intruders and controlling access for
internal users. Subscribe today.
http://list.windowsitpro.com/t?ctl=20EB3:4FB69
View the Windows IT Pro privacy policy at
http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2006, Penton Media, Inc. All rights reserved.
More information about the ISN
mailing list