Internet Security update 0637

Internet Security update 0637

You've undoubtedly heard of "phishing," luring users (typically through
email messages) to phony Web sites that imitate legitimate Web sites to
try to trick users into divulging private information such as logon
IDs, passwords, and account numbers. Phishing can lead to unauthorized
monetary charges against your merchant accounts, unauthorized use of
your services, and more.

Tools such as CoreStreet's SpoofStick (at first URL below) and the
Netcraft Toolbar (at second URL below) can help in some cases. Both
tools are add-ons for Microsoft Internet Explorer (IE) and Mozilla
Firefox that try to determine and display the real domain of the site
you're visiting.

Recently, hackers are combining phishing with DNS poisoning or DNS
hijackingalso known as "pharming." In a pharming attack, the attacker
changes DNS records of the servers at an ISP or at the company that's
the target of the attack or modifies a client system's HOSTS file or
DNS settings. Obviously, protecting against such attacks means devising
some method of establishing trust in DNS query results. The two tools I
mentioned above don't help much against pharming.

I know of three ways to help prevent pharming attacks. The first method
is for a company to use a service, such as one recently announced by
MarkMonitor, to monitor the company's DNS servers for unauthorized
changes. When unauthorized changes are detected, MarkMonitor alerts the
company so that it can begin working to correct the situation.

A second method, which is also new, is to use Next Generation
Security's (NGSEC's) AntiPharming tool, which works at the client level
(rather than the server level) to prevent unauthorized changes to a
system's HOSTS file and local DNS settings. It also listens on the
system's network interfaces to capture DNS query responses and then
doublechecks those responses against "three secure DNS servers." The
tool comes with three DNS servers preconfigured, and you can modify
those server addresses as you see fit. The tool is available free for
personal use and requires a fee for commercial use.

Another new solution, Identity Cues from Green Armor Solutions, works
at the Web site level. The first time a user logs on to an Identity
Cues-protected Web site, the product generates colored visual cues that
will then appear each time the user logs on to the site. A spoofed Web
site won't be able to generate the same cues, so a user sent to a
spoofed site will immediately know that he or she isn't visiting the
legitimate Web site. Identity Cues is definitely a novel concept.

All three approaches sound like good ideas and would go a long way
towards thwarting phishing and pharming. I suspect that there are other
ways to help prevent pharming, but at this point I'm unaware of any
other solutions. If you know of any, please send me an email message
that fills me in on the details.

Security News and Features

Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities.

Three Previous Microsoft Security Bulletins Re-released
Microsoft released ten security bulletins this month. Did you know
the company also re-released three older security bulletins?

Setting Up Windows Server Update Services
Patch management is a headache for security administrators at most
organizations. Microsoft has developed an improved patch-management
product, called Windows Server Updates Services. WSUS offers benefits
for organizations of all sizes, thanks to its flexibility, advanced
features, and ease of deployment. John Howie walks you through the
process of installing and configuring WSUS for your organization,
obtaining updates, and configuring clients to use WSUS to obtain
updates.

Resources

Anti-spam product not working?
Many email administrators are experiencing increased frustration
with their current anti-spam products as they battle new and more
dangerous email threats. In-house software, appliances and even some
services may no longer work effectively, require too much IT staff time
to update and maintain, or satisfy the needs of different users. In
this free Web seminar, learn how you can search for a better way to
protect your email systems and users.

Back By Popular Demand - SQL Server 2005 Roadshow in a City Near You
Get the facts about migrating to SQL Server 2005. SQL Server experts
will present real-world information about administration, development,
and business intelligence to help you implement a best-practices
migration to SQL Server 2005 and improve your database computing
environment. Attend and receive a 1-year membership to PASS and 1-year
subscription to SQL Server Magazine.

Token Authentication: Getting It Right
Perhaps you need tokens for management or mobile workers or your
only applications that need token support are VPN, extranet access, or
PC security. In this free Web seminar, join industry guru Randy
Franklin Smith and learn how you can make a solid business case to
management that justifies tokens. You'll also discover what the right
combination of token devices and middleware can do. Plus - receive
checklists of key evaluation and testing points for rollout time.

Recover Your Active Directory
Get answers to all your Active Directory recovery questions here!
Join industry guru Darren Mar-Elia in this free Web Seminar and
discover how to use native recovery tools and methods, how to implement
a lag site to delay replication, limitations to native recovery
approaches and more. Learn how you can develop an effective AD backup
strategy.

The Essential Guide to Exchange Preventative Maintenance
Database health is the weakest link in most Microsoft Exchange
Server environments. Download this Essential Guide now and find out how
the ideal solution is an automated, end-to-end maintenance and
management tool that provides a centralized view of the entire managed
infrastructure.

Internet Security News Home