Network Security
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
FW: Security Wire Perspectives, Vol. 6, No. 22, March 18, 2004
- From: Howell, Paul
- Date: Thu Mar 18 06:54:27 2004
> -----Original Message-----
> From: Security Wire Perspectives
> [mailto:searchSecurity@lists.techtarget.com]
> Sent: Thursday, March 18, 2004 4:01 AM
> To: Security Wire Perspectives
> Subject: Security Wire Perspectives, Vol. 6, No. 22, March 18, 2004
>
>
> Security Wire Perspectives is published by Information
> Security, the industry's leading magazine for security news
> and information, and SearchSecurity.com, the Web's best
> security-specific information resource for enterprise IT
> professionals. Additional newsletters available at
> http://searchsecurity.techtarget.com/?track=NL-358&ad=478466&O
> ffer=swp .
>
> IN THIS ISSUE:
>
> A READ ON THE NEWS
> *Beware of Hotel Hacking
> *Microsoft to Duplicate Third-Party Security Apps in Longhorn
>
> HEADLINES
> *Report: Zero-Day Exploits Nearing
> *New Platform Takes Remote Control
> *All-in-one Security Devices Carry Their Weight
> *How Privacy Costs Impact Infrastructure
> *Security Issues Delay Yukon
> *'Threat Fatigue' an Ever-present Danger for IT
>
> WEEKLY SECURITY PLANNER
> Week 14: Malicious Code -- When Viruses and Worms Run Amok
>
> WHATIS WORD OF THE WEEK
> *Freeware
>
> YOUR TWO CENTS
> Readers sound off on the dangers of .zip files
>
> TO UNSUBSCRIBE, REFER TO THE INSTRUCTIONS AT THE END OF THIS MESSAGE
>
> =====================================================
>
> SECURITY WIRE PERSPECTIVES IS SPONSORED BY: CipherTrust
>
> WHITE PAPER: Selecting an Email Security Solution
>
> Spam, viruses, phishing, and other attacks have become
> Routine. Organizations now require a comprehensive approach
> to securing their email systems. In this white paper from
> Spire Security, analyst Pete Lindstrom defines and discusses
> the risks associated with email. He identifies key
> requirements in four areas - identity, trust, threat, and
> vulnerability management - for choosing an email security
> solution. Finally, the paper identifies ways to gain a return
> on investment with an email security solution. Request your
> white paper
> at:
> http://searchSecurity.com/r/0,,26459,00.htm?track=NL-358&ad=47
> 8466&ciphertrust
>
> =====================================================
>
> A READ ON THE NEWS
>
> *BEWARE OF HOTEL HACKING
> By Anne Saita
>
> When traveling with a laptop, it can be difficult to
> determine if a hotel network provider's level of security
> matches your enterprise's requirements. And that matters
> whether you're working out of a lobby, guest room or on a
> convention floor.
>
> Salt Lake City-based STSN, which provides network security to
> some 900 hotels nationwide and handles a half-million guest
> room connections a month, plans to offer freeware to help
> business travelers gauge a hotel-based Internet service's security.
>
> The simple application runs from any laptop and, once plugged
> into a hotel port, scans a network for vulnerabilities. It
> recommends whether the user should continue, be cautious or
> reconsider using the service.
>
> Though a corporate VPN provides plenty of security, STSN CTO
> Brett Molen cautions that many machines' OSes are still
> vulnerable. "When someone gives you a public IP address in a
> hotel room, at that point you are completely open. There may
> not be firewall protection and, in Microsoft's OSes,
> file-sharing is on by default -- and that provides
> opportunities for attackers, too."
>
> Molen recommends the following for business travelers:
> --Find out a hotel's ISP and what security is included with
> the service. --Turn off file sharing. --Run a personal
> firewall. --Test your VPN against the hotel's network for
> compatibility.
>
> These tips should help keep hackers from accessing your hard
> drive. "And let's face it, the good stuff is on the hard
> drive," Molen says.
>
>
> *MICROSOFT TO DUPLICATE THIRD-PARTY SECURITY APPS IN LONGHORN
> By Edmund X. DeJesus
>
> Microsoft's next operating system -- code-named Longhorn --
> will contain some security features that third-party software
> vendors currently provide. These built-in features will make
> it tough for administrators to decide whether to buy the
> extra software or simply rely on Windows alone.
>
> Longhorn, the successor to Windows XP, is expected to ship in
> 2006, about two years behind schedule. Alpha versions of the
> operating system were distributed to developers in October
> 2003, and that special build is available to subscribers of
> the Microsoft development network.
>
> One aspect of Longhorn security is the Next-Generation Secure
> Computing Base (NGSCB) initiative, formerly known as Palladium.
>
> "NGSCB will employ a unique hardware and software design to
> give people new kinds of security protections," explains
> Mario Juarez, product manager with the security business and
> technology unit at Microsoft.
>
> The idea is to move some of the security burden from software
> to a Trusted Platform Model (TPM) chip, which will perform
> cryptographic functions that include storing digital keys and
> hashes to verify the authenticity of data. A new software
> component called a nexus will support two separate operating
> modes for Windows. In standard mode, Windows will function as
> usual and users would run applications without any special
> handling. In nexus mode, application processes will run in
> separate memory areas that the nexus would reserve,
> presumably keeping them out of harm's way.
>
> However, it's the other new security initiatives that may be
> bad news for security software vendors. At the February RSA
> Conference, Microsoft chairman and chief software architect
> Bill Gates revealed several new features intended to
> automatically monitor system and network behavior and respond
> to possible threats. Similar to several existing security
> products, Windows would attempt to identify irregular
> behavior in system calls, memory usage and network traffic.
>
> Part of this initiative -- called active protection
> technologies -- acts as behavior-based antivirus software
> products do. The approach tries to protect the system from
> malicious software by detecting known behaviors, then halting
> and containing the offending software.
>
> "Microsoft is developing security technology that will
> proactively adjust computer defenses based on state changes,
> contain the impact and spread of worms and viruses, and
> prevent known attacks from compromising the system," said Jon
> Murchinson, product manager at Microsoft's security business
> and technology unit.
>
> Dynamic system protection, another initiative component,
> essentially will be an intrusion detection and protection
> feature. It will keep track of the security patches applied
> to the system for known problems, and make appropriate
> changes to the Windows firewall to protect the system from
> attacks that might take advantage of any missing patches.
> This feature would also change security settings based on the
> type of network connection used, reacting to the difference
> between a corporate network and a dial-up connection.
>
> "Dynamic system protection proactively adjusts defenses on
> each computer based on changes in state, reducing the
> likelihood of a successful attack," said Murchinson.
>
> This isn't the first time that Microsoft has incorporated
> features from third-party software into its operating
> systems. Disk defragmentation, file undelete, compression and
> antivirus all started out as third-party products before
> Microsoft duplicated them. Security products appear to be next.
>
> =====================================================
>
> HEADLINES
> A look at other significant industry happenings from our
> sister publication, Security Wire Daily
>
> *Report: Zero-Day Exploits Nearing
> SearchSecurity.com
> The time is coming when zero-day threats will become a
> reality, according to Symantec Corp.'s recently released
> Internet Security Threat Report.
> http://searchsecurity.techtarget.com/originalContent/0,289142,
> sid14_gci930180,00.html?track=NL-358&ad=478466
>
>
> *New Platform Takes Remote Control
> SearchSecurity.com
> A Texas company has devised software to disable cameras on
> cellphones at enterprises discouraging their use.
> http://searchsecurity.techtarget.com/originalContent/0,289142,
> sid14_gci955312,00.html?track=NL-358&ad=478466
>
>
> *All-in-one Security Devices Carry Their Weight
> SearchNetworking.com All-in-one security devices are making
> it easier to keep distributed networks safe, and it's no
> wonder competition in the space is heating up. Despite
> earlier misgivings, one international firm explains how it's
> using a product from ServGate to deploy security updates.
> http://searchsecurity.techtarget.com/newsItem/0,289139,sid14_g
> ci955311,00.html?track=NL-358&ad=478466
>
>
> *How Privacy Costs Impact Infrastructure
> SearchSecurity.com
> A new survey indicates companies with IT safeguards over
> individual data still have poor privacy policies and business
> practices that undermine that technology.
> http://searchsecurity.techtarget.com/originalContent/0,289142,
> sid14_gci955081,00.html?track=NL-358&ad=478466
>
>
> *Security Issues Delay Yukon
> SearchDatabase.com
> Security concerns are among the most obvious reasons for the
> Yukon delay, but analysts say that a larger problem looms
> just beneath the surface.
> http://searchdatabase.techtarget.com/originalContent/0,289142,
> sid13_gci954886,00.html?track=NL-358&ad=478466
>
>
> *'Threat Fatigue' an Ever-present Danger for IT
> SearchWin2000.com Software vulnerability ratings have a lot
> in common with terror threat levels. If the level rises too
> high too often, "threat fatigue" sets in. And the
> consequences can be disastrous if people become complacent.
> http://searchwin2000.techtarget.com/columnItem/0,294698,sid1_g
> ci954860,00.html?track=NL-358&ad=478466
>
> =====================================================
>
> *ADVERTISEMENT*
>
> Time's running out to apply to Information Security Decisions
> coming to NYC April 19-21. Join a senior-level audience of
> your peers for unprecedented technical content and the best
> 3-day investment you'll spend out of the office this year.
> Gain expert insight you can't find anywhere else at any
> price. Apply today:
> http://infosecurityconference.techtarget.com/?track=NL-358&ad=
> 478466&Offer=isdad
>
> =====================================================
>
> WEEKLY SECURITY PLANNER
>
> In an effort to help busy security managers, CISSP Shelley
> Bard's weekly column will build upon the concept of the
> perpetual calendar (
> http://www.searchSecurity.com/tip/1,289483,sid14_gci948651,00.
> html?track=NL-358&ad=478466 ), offering a schedule of
> reminders for a proactive, strategic security plan. For an
> archive of previous columns, please visit:
> http://searchsecurity.techtarget.com/tipsIndex/0,289482,sid14_
> tax295570_alpD_idx0,00.html?track=NL-358&ad=478466
>
> Week 14: Malicious Code -- When Viruses and Worms Run Amok
>
> WHEN: Update weekly; at least daily during outbreaks
>
> WHY: Even though it seems logical to believe that everyone
> should have some protection on their systems by now, Netsky
> and Mydoom wouldn't have infected so many computers if this
> were so. The bottom line is that if you've had loss of
> business, bandwidth clogging, productivity erosion,
> management time reallocation issues or recovery costs, you
> were affected.
>
> STRATEGY: A virus is a program capable of replicating with
> little or no user intervention, that can destroy other
> programs without your permission. A worm is a
> self-replicating piece of code that spreads to other drives,
> systems or networks. I roll my eyes when I hear people
> correcting others when discussing a "worm" or a "virus."
> Other terms like trapdoor, time bomb, etc., are just flavors.
> Who cares? They're all code you don't want on your systems.
> Stop correcting people, and correct the system problems.
> Viruses generally have a harder time running on Unix systems.
> There are a few viruses that run on Linux. Windows suffers
> the majority.
>
> Figure out where the problem occurred. Virus signature
> updates not current or not frequent enough? Ensure you have
> the latest signatures the minute they're available, for
> example, using an auto-update mechanism versus fetching them
> yourself. People executing those attached files? Perhaps you
> need a better/faster/louder alert system for users. (Add this
> item to your training, education and awareness
> program.) E-mail server not recognizing outgoing spam? Tweak
> the activity threshold or get a third party package that
> regulates bulk e-mails, in or out. If your company does a lot
> of legitimate mass e-mailing, you'll have to tweak this
> system more than most. Users complaining about e-mail
> quarantines? Tough. Better a few late e-mail files than a
> system down and organization compromised. Use a backup system
> called the "telephone."
>
> In sum, take the time to figure out the area of your system
> most vulnerable to viruses and fix it. Even if there is a
> "next time," the fallout will affect you less, the fix will
> be faster and more manageable overall.
>
> MORE INFORMATION: Fred Cohen, generally credited with
> creating the first virus, got the idea for the term from a
> science fiction book, Shockwave Rider (Harper and Row, 1975),
> where the author discussed a computer tapeworm. Virus
> protection tools are available from Computer Associates,
> F-Secure, Kaspersky Labs, McAfee, Sophos, Symantec and Trend
> Micro. Some of these companies also offer AV for Unix-based
> systems. All can help you find what you need to make your
> system more secure.
>
> SHELLEY BARD, CISSP, is a senior security network engineer
> with Verizon Federal Network Systems (FNS). An infosecurity
> professional for 17 years, Bard has briefed and written
> infosecurity assessments and technical reports for the White
> House and Department of Defense, special interest groups,
> industry and academia. Please e-mail any comments to
> mailto:securityplanner@infosecuritymag.com
>
> Opinions expressed in this column are those of Shelley Bard
> and don't necessarily reflect those of Verizon FNS.
>
> NEXT WEEK: Spring cleaning -- part 1
>
> =====================================================
>
> Information Security Spam Survey
>
> Spam is a menace to enterprises and individual e-mail users.
> Tell Information Security magazine how spam is affecting your
> company by taking our spam survey:
> http://www.insightexpress.com/s/Spam69230.
>
> The survey takes just a few minutes. Participants will remain
> anonymous.
>
> =====================================================
>
> WHATIS WORD OF THE WEEK: Freeware
>
> Freeware (not to be confused with free software) is
> programming that is offered at no cost and is a common class
> of small applications available for downloading and use in
> most operating systems. Because it may be copyrighted, you
> may or may not be able to reuse it in programming you are
> developing. The least restrictive "no-cost" programs are
> uncopyrighted programs that are in the public domain. When
> reusing public domain software in your own programs, it's
> good to know the history of the program so that you can be
> sure it really is in the public domain.
>
> Free software, a somewhat newer and unrelated concept, is
> software that can be freely used, modified, and redistributed
> with only one
> restriction: any redistributed version of the software must
> be distributed with the original terms of free use,
> modification, and distribution (known as copyleft). The
> definition of free software is stipulated as part of the GNU
> project and by the Free Software Foundation. Unlike freeware,
> free software may be distributed for a fee. Freeware is
> liable to be more limited in capability than free software.
>
> Other security definitions:
> http://searchsecurity.techtarget.com/glossary/0,294242,sid14,0
> 0.html?track=NL-358&ad=478466
>
> =====================================================
>
> YOUR TWO CENTS
> Readers sound off
>
> Q&A: Dangers of ZIP Files
> http://searchsecurity.techtarget.com/qna/0,289202,sid14_gci953
> 548,00.html?track=NL-358&ad=478466
>
> The article on the dangers of .zip files is interesting but I
> do have a few comments.
>
> Most companies won't hold all .zip files; to check the
> content will take too much time. They'll either block them or
> let them through so they can be scanned.
>
> All antivirus scanners can scan the contents of .zip files.
> If the content is password-protected, then the content should
> be checked. If you stop .zip files, .exe files should be
> stopped, as well as .rar files, which are also quite common
> and I'm not sure if all AV vendors can handle that format.
> The last place I worked let the scanners handle .zip and .exe
> files. Maybe .msi files should be blocked? I'm not sure if
> any exist but why stop at .zip and .exe files? How about .z
> files (Unix)? --Ed Braiter
>
>
> I read the interview with Bruce Hughes with interest. I would
> like to comment on the following part of the dialog:
>
> SWP: Is stripping .zip files at the gateway the best way to
> mitigate these threats? Are there less severe measures?
>
> HUGHES: A default-deny approach at the gateway is the best
> approach, permitting only file types that are needed to do
> business. Always block attachments that are unsafe, i.e.
> .exe, .scr, .pif, .vbs, .zip, etc.
>
> I'd like to suggest a metaphor. Let's imagine an imaginary
> police state, where there is a checkpoint on the onramp and
> everyone is checked for blood alcohol concentration and drunk
> drivers are taken off the road. What Hughes suggests is that,
> regardless of passengers, we will automatically ban all buses
> from going on the highway.
>
> I believe that most (if not all) businesses have legitimate
> uses for .zip files. Windows XP incorporates a zip engine
> integrated with the shell. Antivirus engines check .zip files
> constantly for virus-infected content. If we are to filter
> dangerous files, why filter .zip, rather than dangerous files
> WITHIN the .zip files?
>
> My point is that .zip is a harmless container. The files
> within that container need to be filtered, and not the
> container itself. If the container is filtered, the many
> business uses that the .zip format enables are eliminated
> along with the risk. --Arik Baratz, system engineer, Vidius Israel
>
> ::::::::::::::::::::: ABOUT THIS NEWSLETTER ::::::::::::::::::::::
>
> Security Wire Perspectives (BPA E-Mail Audit Report, June
> 2002*) is an e-mail newsletter brought to you on Mondays and
> Thursdays by Information Security magazine, a TechTarget
> publication. Copyright
> (c) 2004, Information Security and TechTarget. No reuse or
> redistribution without the express written authorization of
> Information Security and TechTarget.
>
> Permission requests, questions or comments should be e-mailed
> to Shawna McAlearney, online editor,
> mailto:smcalearney@infosecuritymag.com.
>
> *A copy of the BPA
> Audit is available for download at:
> http://www.bpai.com/library/statement_files/s3> 43h0j2.pdf
>
>
>
> _____________________________________________________________________
>
> To unsubscribe from "Security Wire Perspectives":
>
> Go to unsubscribe:
> http://SearchSecurity.com/u?cid=478466&lid=559334&track=NL-358
&ad=478466
Please note, unsubscribe requests may take up to 24 hours to process; you
may receive additional mailings during that time. A confirmation e-mail will
be sent when your request has been successfully processed.
Contact us:
SearchSecurity
Member Services
117 Kendrick Street, Suite 800
Needham, MA 02494
------------------------------------------------------------------------
To unsubscribe from netsec, send mail to majordomo@merit.edu
with a body consisting of the words "unsubscribe netsec" --
without the quotes. For more help, send a message to majordomo@merit.edu
with the word "help" as the body.
------------------------------------------------------------------------
|
