- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Jun 24, 2002 (Vol. 7, #46 - Issue #377)
Top 10 Wireless Security Tips
  This issue of W2Knews™ contains:
  1. EDITORS CORNER
    • I Cannot Keep A Secret!
  2. TECH BRIEFING
    • Top 10 Wireless Security Tips
    • Free DHCP Turbo product
    • Disaster Recovery Plans Do Not Exist In 80% Of Companies
  3. NT/2000 RELATED NEWS
    • Windows 2000 SP3 in Release Candidate Stage
  4. NT/2000 THIRD PARTY NEWS
    • Fast Relief From Your IIS Patching Migraine
    • Real-time Auditing and Content Management of Email
    • Free Vulnerability Scanning Tool to Combat Apache Bug
    • PestPatrol Fills Unmet Corporate Security Need
    • Relax, Your Information Security Policies Are Already Written!
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  6. PRODUCT OF THE WEEK
    • Hacking Exposed: Web Applications
  SPONSOR: WhatChanged
Track changes to critical servers and workstations!
Ever wonder why that computer that was working correctly till now is
suddenly acting strange? Want to know what changed? WhatChanged (TM)
for Windows v2 is powerful but friendly software to let you track,
examine, understand and manage change. Use the Enterprise Edition to
implement centralized Change Management in your Intranet today. Must
have software for critical servers and desktops. Get your free copy
of the Personal Edition (a $29 value). Visit Prism Microsystems for
more information.
Visit WhatChanged for more information.
  EDITORS CORNER

I Cannot Keep A Secret!

So I might as well throw it out to the rest of the world to hear. We are coming out next week with a really cool anti-spam product. It works on Outlook and Outlook Express and quarantines all this crap that really gets out of control at the moment.

This puppy works at the client-level (we will explain why it was designed that way) and aggressively quarantines a very high percentage of spam. Frankly I am getting sick and tired of porn in my inbox and I want it filtered out before I see it. This new killer anti-spam tool will do it. Stay tuned, I'll send you a special issue about this one late next week.

Our third winner is Daniel Pogosian from Fairfax, Virginia. Congratulations! Only one more winner to go, make sure you update your profile and recommend your friends to get qualified, there is still time!

Subscribe to either W2Knews or WinXPnews, complete your profile, recommend up to 3 of your friends, have them complete their profiles and each of you could be eligible to win your own Palm m105 Handheld! We're giving away 4 of these puppies! (Sponsored by Computers4SURE, your source for 60,000+ Technology Products.) Use the link at the bottom of each newsletter to update your profile and recommend your friends.

ps - For those of you interested in Windows XP have a look at our WinXPnews Newsletter as well as subscribe yourself.
http://www.w2knews.com/rd/rd.cfm?id=020624ED-WinXPnews

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: Double-Take
Full Site Failover and Infrastructure Redundancy
delivered by the #1 tool for data replication: Double-Take. Ensure
that your data and applications are always safe. Help your Company
and Homeland Security by protecting your most valuable resources at
the source: Your Servers. Double-Take will fail over if your source
server goes down. 2001 Editor's Choice of both Windows 2000 and
Network Magazine. Download a 30-day eval copy now and start protecting
your data and apps.
Visit Double-Take for more information.
  TECH BRIEFING

Top 10 Wireless Security Tips

Bruce Comeau is a business networking specialist at 3Com, and he wrote this article for the eChannelLine site which is a portal for VARs in the IT bizz. I thought the data he provided was very useful so I'm going to quote him and provide a link to the site at the end of this article. There is a great amount of useful stuff over on that site and it's a Fave of mine. Here goes!

The term "wireless security" is no longer an oxymoron. Security tools, features and protocols exist to offer greater protection than ever before. So how do you minimize or even eliminate the risk of hackers accessing a Wi-Fi, or 802.11, wireless network (WLAN)? First, you must control who gets access to the network -- authentication -- and then protect the information traveling wirelessly -- encryption.

Consider the following options to spoil a hacker's attempts to exploit holes in a wireless network:

  1. Put the access point in the right place
    Start with the basics: within your network configuration, ensure wireless access points are outside your perimeter firewall.
  2. Use MAC to stop a hack
    Using MAC address-based ACLs (Access Control Lists) will allow only registered devices to access the network. While it can be "spoofed," MAC address filtering is like adding another lock to your front door - the more obstacles you present, the more likely that hackers will be encouraged to move on to less secure organizations.
  3. Manage your wireless network ID
    All WLANs come with a default SSID (Service Set Identifier) or network name. Change it - immediately - with an alphanumeric name. If your organization can handle the administrative work, regularly change the SSID. And don't do the equivalent of walking around with the network name written on your forehead: disable the automatic SSID broadcast feature.
  4. WEP is great
    WEP (Wired Equivalent Privacy) is the standard 802.11b wireless security protocol. It's designed to provide wired-like protection by encrypting wireless data as it transmits information. Simply put, enable it, and then immediately change the WEP key from the default. Ideally, have your WEP keys generated dynamically when a user logs on, making access to wireless data a moving target for hackers. Session-based and user-based WEP keys offer the best protection and add another layer of deterrence.
  5. But WEP is not fool proof
    Don't put all your encrypted eggs into the WEP basket. WEP is one security layer of many and should not be relied on as the sole security measure, despite its role as the pre-eminent encryption security. Many network administrators have learned this lesson the hard way.
  6. VPN is one of the best security mechanisms to have
    If each security option is like another locked entrance hackers must penetrate - changing SSIDs, enabling MAC address filtering and employing dynamic WEP key generation - then a Virtual Private Network (VPN) is a bank vault door. VPNs offer a higher layer of security (Layer 3) than WEP and allow a secure end-to-end tunnel between user and network.
  7. Leverage existing RADIUS servers
    Remote users of larger companies are often authenticated to use the network through a RADIUS (Remote Authentication Dial-In User Service) server. IT managers can integrate wireless LANs into the existing RADIUS infrastructure to more simply manage users. It not only enables wireless authentication, but also ensures wireless users go through the same authorization and accounting approvals as remote users.
  8. Simplify your security: integrate wireless and wired policies
    Wireless security is not a separate network infrastructure that requires all different procedures and protocols. Develop a security policy that combines both wired and wireless security to leverage management and cost advantages. For example, integrate a single user ID and password requirement for users whether they are accessing the network through your wired or wireless infrastructure.
  9. Not all WLANs are created equal
    While 802.11b is a standard protocol and all equipment bearing the WiFi trademark will operate with the same base functionality, not all wireless equipment is created equal. While Wi-Fi ensures interoperability, many manufacturers' equipment does not include enhanced security features.
  10. Don't allow "Bob in marketing" to sprout a rogue network
    WLAN set up is now simple enough that non-technical staff are installing their own wireless routers or access points in their office departments, with little thought for security. Regularly scan the network with intrusion detection tools to root out rogue networks that provide a potentially susceptible hacker entry point. Ensure a policy that restricts WLANs from being established without formal systems administration approval and deployment.
(Grateful Acknowledgement to eChannelLine. Copyright eChannelLine. Check this site out at):
http://www.w2knews.com/rd/rd.cfm?id=020624TB-WLAN_Security

Free DHCP Turbo product

The Weird-solutions site is giving away our DHCP Turbo (max 5 client version) as a free download. It's great for small work sites that want DHCP services running on workstations, where the price of Windows Server is cost prohibitive. It was designed to be cross platform from the beginning, a Win32 and Linux version is available, commercial Unix is planned. One GUI can manage all DHCP Servers on WIn32 and Linux (encrypted communication). On the enterprise side it supports broadband and provisioning requirements as well, as it's designed to be extremely fast: somewhere about 100,000 leases per minute. In reality it's a very advanced DHCP server that they target both the low end and the high end market with.
http://www.w2knews.com/rd/rd.cfm?id=020624TB-Free_DHCP

Disaster Recovery Plans Do Not Exist In 80% Of Companies

A study of 200 companies conducted by an independent research firm for SunGard Availability Services has found that companies of all sizes are remarkably unprepared to keep their key information processing systems running in the event of a system or network disruption.

Although nearly half of the companies studied experienced a serious disruption during the past 12 months, less than 20 percent have plans and solutions in place to provide the information availability they require to keep their businesses functioning effectively. The majority of companies surveyed rely solely on tape backup.

"The study highlights the gap between the time companies require to have employees and/or customers able to access their critical applications before there is a negative impact on the business and the actual time it takes to recover these applications with the solutions they currently have in place," explained Dave Palermo, vice president of marketing, SunGard Availability Services. "The bottom-line impacts of unavailability of information are dramatic losses in staff productivity, lost revenue and lost customers," he added.

The study was conducted by the New York City-based research firm David Michaelson and Company, LLC, between April 16 and May 2, 2002, among a sample of companies in a broad range of industries and annual revenues. Need a Disaster Recovery solution. Check out Double-Take at:
http://www.w2knews.com/rd/rd.cfm?id=020624TB-Double-Take

  NT/2000 RELATED NEWS

Windows 2000 SP3 in Release Candidate Stage

ENT Magazine reported that for those of you anxiously awaiting W2K Service Pack 3, the suspense should soon be over. Microsoft said that the service pack is in the Release Candidate 1 stage with availability scheduled for "this summer." A spy that reported to me tells me in its current stage it is definitely not ready yet and told me to give it at least another month.

Unconfirmed reports have the service pack coming as soon as July. Officials in Redmond aren't saying much about the SP publicly, except to note one interesting addition: "Windows 2000 SP3 will include the changes required by the consent decree with the DOJ and nine states," a Microsoft spokesman said. Read more:
http://www.w2knews.com/rd/rd.cfm?id=020624RN-W2K_SP3

  THIRD PARTY NEWS

Fast Relief From Your IIS Patching Migraine

Once again, folks running Microsoft IIS were greeted with a notification a few days ago that a high-risk vulnerability was detected in their software and attackers could penetrate their systems and gain complete control remotely:

"Wednesday, June 12, 2002 - Microsoft acknowledged a serious flaw in its Internet server software that could allow sophisticated hackers to seize control of websites, steal information and use vulnerable computers to attack others online"

While these types of announcements no longer get much media attention because they have become so frequent, they are still critical issues that affect IT administrators globally...and drive us insane with worries about being vulnerable to an exploit if we fail to patch immediately.

The problem of security and patch vulnerability does not mean that MS's IIS software is BAD and should be avoided as a solution. Quite the contrary, it is very feature-rich and is a common choice for admins. In fact, Microsoft IIS runs about one third of all websites in the world. The issue becomes one of adding a competent layer of security to properly protect IIS from potential attacks. That way, even if we don't have time to immediately install the Microsoft patch or we are not alerted right away, we remain protected and IIS is safeguarded.

Vendors sometimes assume that, as admins, we can just take our systems offline and quickly implement patches without issue. However, testing and installing a patch properly in any organization (especially in enterprises) is quite involved and takes time. Most importantly, we need to always test the patch to make certain that it doesn't adversely affect other components of our mission-critical systems. Finally, propagating patches out to all affected systems creates even more lag time in which our organizations remain vulnerable. Being exposed for weeks, days, or even minutes is irrelevant in Internet time. The fact that our servers are exposed for even one second is unacceptable.

The good news, there is a simple answer to IIS vulnerabilities: The SecureIIS? Application Firewall

In a nutshell, Microsoft IIS was created to be a feature-rich app. SecureIIS was developed by eEye Digital Security to specifically address IIS security deficiencies and protect servers from attack. eEye is the leading authority on IIS vulnerability research and their SecureIIS is the critical proactive security layer that guards IIS ? even when you don?t have time to patch your systems right away (or while Microsoft takes several weeks to create a fix for a newly discovered vulnerability).

eEye just released version 2.0 of SecureIIS this past week and it is the definitive answer to small and large organizations that have IIS web servers deployed. The new version of SecureIIS installs in minutes, boasts an incredibly easy-to-use interface, and was developed to accommodate enterprise-level customers seeking to centrally manage their web servers' security. eEye knows IIS security inside out; they discovered the Code Red vulnerability last year and 90% of all IIS vulnerabilities in the past 2 years. No other vendor comes close to their knowledge and ability to protect IIS customers from attack... period.

So, if you are running IIS and tired of worrying about exposure to old, new, and unknown vulnerabilities, get relief today from SecureIIS Application Firewall. A 10-minute online demo of SecureIIS in addition to a free trial download is available from our website at:
http://www.w2knews.com/rd/rd.cfm?id=020624TP-SecureIIS

Real-time Auditing and Content Management of Email

Sunbelt has been providing the CAMEO product for a long time. It was recently acquired, improved and renamed to Content Auditor. Here is the new version. Content Management for Exchange managers and admins just became a whole lot easier. On June 17, IntelliReach released Content Auditor and Content Inspector, two products created to help you audit, scan, and better control email content both historically and in real- time.

Content Auditor for Exchange provides you with real-time monitoring of inbound, outbound, and internal email. Content Auditor continuously scans the content of emails flowing through the Exchange messaging. The product can search for over 200 definable words and phrases and can scan hundreds of messages per minute. Content Auditor can continuously scan messages for specific message content or conduct complete Inbox scanning. This product can scan hundreds of messages per minute, searching for over 200 definable words and phrases.

A variety of actions can be taken when Content Auditor detects the presence of content that meets the search criteria, including automatic deletion of non-compliant messages, user notification of messages matching searched criteria, and forwarding of messages and attachments to a holding inbox.

Content Inspector for Exchange is a powerful email content policy product that gives you complete control over all users' mailboxes. Content Inspector provides organizations with the ability to search the entire Exchange Information Store, including all users' folders (Inbox, Deleted Items, Sent Items, Calendar, Notes, etc.) Like Content Auditor, it can search for direct matches to words or phrases. Content Inspector also includes expanded search options for attachments, the ability to search mailboxes by date, and an added option to conduct exhaustive searches of all message and text fields. Eval on the Sunbelt website at:
http://www.w2knews.com/rd/rd.cfm?id=020624TP-Content_Auditor
http://www.w2knews.com/rd/rd.cfm?id=020624TP-Content_Inspector

Free Vulnerability Scanning Tool to Combat Apache Bug

eEye Digital Security has announced a freeware utility that allows you to quickly scan your networks for any systems vulnerable to the recent Chunked Encoding" exposure found in default versions of Apache HTTP Server. An exploit for this vulnerability has been developed and the risk to servers worldwide could be substantial. To prevent unnecessary damage to networks, IT administrators are urged to identify vulnerable systems and correct the issue immediately via instructions provided on the eEye website.

"eEye is dedicated to helping the IT community stay secure. This free tool will allow administrators to scan systems for any vulnerable Apache web servers that need to be patched and guide them through fixing the problem immediately," stated Marc Maiffret, Chief Hacking Officer of eEye Digital Security. "We developed this free utility in the past few days and based the technology off of our popular commercial scanner, Retina®." Customers that need to scan larger networks, a broader-range of systems, and comprehensively detect vulnerabilities beyond the Apache chunked encoding issue can use Retina Network Security Scanner. The freeware tool may be downloaded directly from the Sunbelt website in the "Retina WhitePapers" Section.
http://www.w2knews.com/rd/rd.cfm?id=020624TP-Retina

PestPatrol Fills Unmet Corporate Security Need

PestPatrol fills an unmet need in corporate security. The software works much like an anti-virus product but instead of looking for viruses, PestPatrol searches out hacker tools, trojans, spyware, and agents that create backdoors for hackers - which can be far more damaging to companies than viruses. "PestPatrol is the only software available today that finds this combination of threats from inside and outside the organization," said Robert C. Bales, CEO PestPatrol, Inc."

The National Software Testing Laboratory (NSTL) recently conducted a comparative analysis of PestPatrol along with twelve leading anti-virus and anti-trojan products. Of the 13 products tested, PestPatrol was by far the most effective tool for detecting pests both overall and in each individual category. NSTL's test showed that PestPatrol detected 86% of the pests in the sample database. Trend Micro's PC-Cillin 2000 came in a distant second, finding only 55%, and both Norton AntiVirus and McAfee detected less than 50%.

PestPatrol is a member of Check Point Software Technology's OPSEC alliance, and has applied for certification.

"Now, more than ever, security is a major concern for businesses of all sizes. I believe the technology that PestPatrol delivers is critical to the integrity of today's corporate computing environment," said Blair Mohn, Director and PestPatrol, Inc. lead investor. "The threats it uncovers can create backdoors that bypass existing security and compromise networks.

Corporate networks will be subjected to an endless series of increasingly sophisticated attacks. This in turn will be followed by the development of anti-attack software. First there was anti-virus software, then firewalls and more recently, intrusion detection software. Now additional anti-hacker tools are needed. Eval over at:
http://www.w2knews.com/rd/rd.cfm?id=020624TP-PestPatrol

Relax, Your Information Security Policies Are Already Written!

Get INFORMATION SECURITY POLICIES MADE EASY V8 now for only $595! This is the most comprehensive security policy reference tool on the market offering 1100+ already-written security policies in print and on CD that can be quickly customized to meet your company's needs. These ready-to-use, definitive security policies cover the latest threats and technologies including HIPAA and GLBA regulations. Also check out "Information Roles & Responsibilities Made Easy", offering sample infosec job descriptions, mission statements and more. Check 'em out here:
http://www.w2knews.com/rd/rd.cfm?id=020624TP-Security_Library

  FAVE LINKS

This Week's Links We Like. Tips, Hints And Fun Stuff

  • The iSun Charger is a complete portable solar charger for small electronics. And while you are there, check out their new Remote-Control Watch.

  • http://www.w2knews.com/rd/rd.cfm?id=020624FA-iSun_Charger
  • Fairly large and comprehensive searchable database. Enter the numbered event and click search.

  • http://www.w2knews.com/rd/rd.cfm?id=020624FA-Searchable_Database
  • Thought you might be interested in this article on the future of 120TB (Yes, TeraByte) hard drives.

  • http://www.w2knews.com/rd/rd.cfm?id=020624FA-TeraByte_HardDrives
  • XBOX with built-in mod chip. It allows booting non-XBOX programs + copied cd's and overcomes DVD limitations - even a divx demo has been shown running on it. The chips seem to be available separately as well.

  • http://www.w2knews.com/rd/rd.cfm?id=020624FA-XBOX
      PRODUCT OF THE WEEK

    Hacking Exposed: Web Applications

    Joel Scambray has done it again, but now for web apps. He's one of these anti-hacker Gods and co-author of the original Hacking Exposed series. This copy is again really good. It shows you step-by-step how to defend against the latest web-attacks by understanding the hacker's devious methods and thought process. Discover how intruders gather information, acquire targets, identify weak spots, gain control and cover their tracks. In-depth, real-world stuff. Gotta have it!

    http://www.w2knews.com/rd/rd.cfm?id=020624BW-Hacking_Exposed