Windows NET Magazine Security 0324204
Windows NET Magazine Security
Focusing on Shaping This Newsletter
* Security News and Features
- News: New RSS Feeds; Cisco Buys Twingo; Windows XP2; cPanel
Problems; Storage Utilities
- Sneak Preview: SUS 2.0 Beta Is Now WUS
- News: Chat with Microsoft About WUS and More; New Shell-Coders
Resource; eEye on Security; Phishing for Fargo
- News: VoIP Security; More Phishing; New Mac OS X Released
* New and Improved
- Ensure the Reliability of Your Network Security
Help Shape This Newsletter
>From time to time, we like to ask readers how we might improve our
products. It's been a while since we've asked you--the readers of
Security UPDATE--for your opinions. So this week, we want to pose some
general questions and request your input into how we can improve this
newsletter.
One question we often contemplate is whether Security UPDATE is too
long, too short, or just right. Knowing how busy you all are, we try
to keep it as short as we can, but please tell us what you think about
the length. For example, do you prefer to have the complete In Focus
in the newsletter, or would you rather see a short summary of it with
a link to the full text on our Web site? Are our News and Feature
summaries long enough, or are they too short?
In each Security UPDATE, we typically include In Focus, news, an FAQ,
a forum thread, and new products. We sometimes (although not each
week) include feature-article summaries and Virus Alerts. Do you want
to see more or less of any of the above? Are there other types of
information you'd like to see covered?
You might have noticed that we've recently adjusted the format of
Security UPDATE's table of contents (TOC). We wonder whether you like
having a TOC, and if so, whether you prefer a complete TOC or an
abbreviated one. Also, does a numbered TOC (with matching numbers in
the body of the newsletter) help you navigate the newsletter, or do
you prefer a simple bulleted TOC?
Those are some of the particular areas we'd like your opinion about,
but we're also open to any other suggestions, critiques, and comments
you might want to share with us. So please feel free to send any
feedback to me at "mark at ntsecurity dot net." Please use a subject
prefix of "SECUPD:" to help me more easily identify responses to this
editorial.
One other content-related item I want to point out this week is our
new Really Simple Syndication (RSS) feeds. We've recently added
several such feeds to our Web site, and you can learn more about them
in the "New RSS Feeds" news story below.
Security News and Features
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities.
News: New RSS Feeds; Cisco Buys Twingo; Windows XP2; cPanel Problems;
Storage Utilities
Windows & .NET Magazine has numerous new Really Simple Syndication
(RSS) feeds that you can use to stay abreast of our latest news and
articles or to integrate our content into your own Web site. Cisco
Systems bought desktop security company Twingo Systems for $5 million
in cash. Windows XP Service Pack 2 (SP2) is on the way--you can learn
more about it now. New bugs were discovered in cPanel. Making the
storage utility a compelling service offering isn't easy. Jerry
Cochran talks about how manageability--including Storage Resource
Management (SRM), disaster recovery and business continuance, and
security--is one key reason for the difficulty.
Sneak Preview: SUS 2.0 Beta Is Now WUS
Microsoft announced that Software Update Services (SUS) 2.0 is now
renamed Windows Update Services (WUS). The company released the new
version of the product into public beta testing and evaluation on
March 16. You can learn all about it in the documentation (in
Microsoft Word format) on the Microsoft Web site and sign up for the
beta or evaluation program.
News: Chat with Microsoft about WUS and More; New Shell Coders
Resource; eEye on Security; Phishing for Fargo
If you missed the March 16 chat with Microsoft about Windows Update
Services (WUS), you might find the chat archived for your review on
the Microsoft chat Web page. Or chat with the company about other
security topics and other Microsoft products. A new book is available
from John Wiley & Sons that helps you learn shell-coding techniques to
help you defend your network. eEye Digital Security's eEye Research
discovered five new vulnerabilities in IBM, Apple Computer, and
Microsoft products. A new phishing scam targets Wells Fargo customers,
so watch out.
News: VoIP Security; More Phishing; New Mac OS X Released
Because Voice over IP (VoIP) technologies rely on computers,
software, and networks, you must consider many potential threats when
implementing them. Learn more about defending VoIP. Yet another
phishing scam is under way, targeting users of the Regulations.gov Web
site. The Federal Trade Commission (FTC) has issued a consumer alert.
Apple Computer released Mac OS X 10.3.3, which includes--among other
enhancements--all previous standalone security updates.
Announcements...
Free eBook--"The Expert's Guide for Exchange 2003: Preparing for,
Moving to, and Supporting Exchange Server 2003"
This eBook will educate Exchange administrators and systems
managers about how to best approach the migration and overall
management of an Exchange 2003 environment. The book will concentrate
on core issues such as configuration management, accounting, and
monitoring performance with an eye toward migration, consolidation,
security, and management.
Event Central--a Comprehensive Resource for the Latest Events in Your
Field
Looking for one place to find the latest Web seminars, roadshows,
and conferences? Event Central has every topic you're looking for.
Stay current on the latest developments in your field. Visit Event
Central and find answers now!
Get 2 Sample Issues of SQL Server Magazine!
SQL Server Magazine is a 360-degree resource loaded with must-read
information covering database modeling, ADO.NET, XML, performance
tuning, security, and the latest topics that SQL Server database
developers, administrators, and business intelligence architects need
to know. Try two (no-risk) sample issues today, and discover the
timesaving qualities the magazine has to offer. Click here:
Instant Poll
Results of Previous Poll
The voting has closed in the Windows & .NET Magazine Network
Security Web page nonscientific Instant Poll for the question, "Does
your company plan to implement a server-based mail-authentication
solution?" Here are the results from the 187 votes.
- 53% Yes, Sender Policy Framework
- 3% Yes, DomainKeys
- 5% Yes, Caller ID for E-Mail
- 11% Yes, two or more of the above
- 27% No
(Deviations from 100 percent are due to rounding.)
New Instant Poll
The next Instant Poll question is, "Does your company use or intend
to use Voice over IP (VoIP) technology?" Go to the Security Web page
and submit your vote for
- Yes, we use it now
- Yes, we intend to use it
- No, we don't plan to use it
- Not sure
Security Tools
Virus Center
Panda Software and the Windows & .NET Magazine Network have teamed
to bring you the Center for Virus Control. Visit the site often to
remain informed about the latest threats to your system security.
FAQ: After I use the Microsoft Exchange Server 2003 Recovery Storage
Group, do I need to delete its contents?
A. Yes, after you finish a recovery operation, you should delete all
databases in the Recovery Storage Group and delete the group itself.
If you fail to do so, you'll encounter problems when you try to
perform a typical restore because Exchange might still store the data
in the Recovery Storage Group instead of placing it in the usual
storage group (SG) location.
If you want to leave the Recovery Storage Group in place, you must
tell the backup API to ignore the group by performing the following
steps:
1. Start a registry editor (e.g., regedit.exe).
2. Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
\Services\MSExchangeIS\ParametersSystem registry subkey.
3. From the Edit menu, select New, DWORD Value.
4. Enter the name Recovery SG Override, double-click the new value,
set it to 1, then click OK.
Be careful when you perform these steps. If you later delete the
Recovery Storage Group but you neglect to delete (or set to 0) the
registry value that you created in steps 3 and 4 and another
administrator later recreates the Recovery Storage Group for a restore
operation, that restore operation will overwrite the original database
rather than use the Recovery Storage Group database. This behavior
will result in serious production problems.
Featured Thread: How Do I Encrypt Everything?
(Two messages in this thread)
A reader writes that his or her company has decided to encrypt all
the data on the company systems as well as data traveling to and from
the systems. The company has a Windows 2000 and Active Directory (AD)
environment and wants to know whether anyone can recommend one
solution that handles data encryption for desktops, laptops, servers,
TCP/IP networks, Web, and email. Lend a hand or read the responses:
Event Central
New--Microsoft Security Strategies Roadshow!
We've teamed with Microsoft, Avanade, and Network Associates to
help you better protect your infrastructure and applications against
security threats. Learn how to implement a patch-management strategy;
lock down servers, workstations, and network infrastructure; and
implement security policy management. Register now for this free
event.
New and Improved
Ensure the Reliability of Your Network Security
MetaInfo announced Meta IP NG Feature Pack 4, which extends the
functionality of Meta IP DHCP through three separately deployable
modules: the DHCP MAC Address Authentication module, the Check Point
UserAuthority Authentication module, and the Authenex ASAS module.
Each module ensures that only authenticated users can obtain leases to
privileged IP addresses. Meta IP NG Feature Pack 4 also extends the
software's reliability features. Users can create scheduled backups of
Meta IP system configurations within the UI and from the command line,
creating further layers of redundancy and failover consistency across
networks.
Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a Windows & .NET Magazine T-shirt if we write about the
product in a future Windows & .NET Magazine What's Hot column.
