- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Jul 1, 2002 (Vol. 7, #47 - Issue #378)
Security, Security, Security
  This issue of W2Knews™ contains:
    • OK, What Is This New Palladium Technology About?
    • Network Security - Where does it actually begin?
    • BSA Survey: Government Will Suffer Major Cyberattack
    • Patching OS and Apps Reliably?
    • How Pests Are Vital Hacker Tools
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • HACK PROOFING Your Network (2nd Edition)
  SPONSOR: PentaSafe
If you are looking for a real top-down, wall-to-wall complete security
, (which as a side effect will get you fully HIPAA compliant)
multi platform, with both infrastructure AND personnel components, you
should really check out the PentaSafe page, and then get a 15-minute
personalized demo with one of the PentaSafe SE's over the phone. This
is the ultimate in security solutions. Check here:
Visit PentaSafe for more information.

OK, What Is This New Palladium Technology About?

MS just announced a new security technology called Palladium and they say it's a few years out, like 2004, but extremely effective to secure your networks. It will likely be part of a next Windows flavor. If you want to be negative, you could call this "TCP/MS". But it has got some positive sides.

Palladium is an architecture that includes both code and silicon, and enables a whole slew of stuff:

  • Authentication
  • Privacy control
  • Data encryption
  • Digital rights management
The code is something they call a "nub" which seems to be locked down and is a black box that allows Windows to manage data but is independent from the Windows code. Windows cannot get its hot little hands on the data is the message. And the hardware contains a digital cert which will take care of platform validation. All of it is so new that it is not compatible with any existing chips, but both Intel and AMD have said they commit to making new chipsets.

This new technology is more focused on servers, but will also work on desktops. It makes me think of a locked down environment like you have in the military, but public. I'm wondering though if this will just reinforce the Wintel marketshare. Below in the fave links there is a URL to some one who seems to think this is the case.

Karen Yagi from Wailuku, HI is our last winner in our Refer-A-Friend Contest! Congratulations Karen!!

Our Refer-A-Friend Contest is over! (Sponsored by Computers4SURE, your source for 60,000+ Technology Products.)

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: Double-Take
Full Site Failover and Infrastructure Redundancy
delivered by the #1 tool for data replication: Double-Take. Ensure
that your data and applications are always safe. Help your Company
and Homeland Security by protecting your most valuable resources at
the source: Your Servers. Double-Take will fail over if your source
server goes down. 2001 Editor's Choice of both Windows 2000 and
Network Magazine. Download a 30-day eval copy now and start protecting
your data and apps.
Visit Double-Take for more information.

Network Security - Where does it actually begin?

From the "Security Genesis Series" by Guest Columnist Luis F. Medina.

Is your company's network security an afterthought or an initial consideration in the designing and planning stages of a new product or service? If your company is proactive, security is introduced "In the beginning" when defining a new product or service. If your company is reactive, security is a desperate measure to recover from an attack.

How much is your product or service worth to your customers? More importantly, how much are your customers worth to your business? The lack of security in your network provides hackers an opportunity to seek and devour confidential information -- In the absence of security exists an opportunity for intrusion.

Security is a perennial task that requires ongoing modifications and appropriate adjustments to combat new forms of attacks. If your company isn't taking security seriously or has overlooked basic security steps, ask yourself if the company, your network, and your career are prepared to deal with the consequences associated with a security threat. Is your network really secured?

Every company should have at least one thing in common, and that is that security is incorporated in the design, planning, and implementation phases of a new product or service -- but, that is not enough, security requires ongoing attention and improvements through timely security updates and adapting new technologies.

Unfortunately, many IT managers believe that a firewall and a good security policy is sufficient to guard their network(s) from hackers. Are you confident that your network is secured and that you have covered all the bases? Think again! Why have a firewall if you are not using an access- list (ACL) on your border router? Below are two tips to help you get started with protecting your network beginning with your border router:

Tip #1:
Deny all VTY's. Disable outside access (even to restricted hosts) to your router's external and internal interfaces. Your router will still accept a session on port 23 on the inside interface, unless you block outside telnet to both interfaces. Use a VPN or dial-up connection to your network, and then access your router from inside. Limit access to your router to one or two internal hosts that are not exposed to the Internet.

Tip #2:
Avoid the too-many-hands-in-the-cookie-jar syndrome. Restrict admin roles to one or two administrators and define the IP address of no more than two hosts that can access the router. These hosts should not run any public services or be exposed to the Internet. Obviously, good password management will protect your router against unauthorized access by inside users, but not if physical (console port) access to the router is available. A quick reboot and then the BREAK signal provides the inside culprit with control to your router.

It's been my experience that experienced IT professionals have often overlooked some of these basic steps. If you're serious about security, you must pay attention to details and leave no room for hackers.


BSA Survey: Government Will Suffer Major Cyberattack

The Security Wire Digest is a newsletter I strongly recommend. I found an article in this week's issue that has a lot to do with Windows as a very large percentage of the US Govt runs their machines on NT and W2K. Cheryl Balian wrote the following story, and a subscription link to their Digest is at the end.

A report released earlier this week by the Business Software Alliance (BSA) and Entrust reveals that a majority of IT professionals believe the U.S. government will be victimized by cyberterrorism in the next year. Almost all--84 percent--of the 395 IT managers polled, who represent a variety of business sectors, said they also believe that federal agencies are woefully unprepared to defend themselves against major security breaches.

"These respondents are IT leaders who are on the front lines of information security, so the results reveal a sense of urgency," says Robert Holleyman, BSA's president and CEO, a collaboration of 19 companies whose members analyze critical software and online security issues. "Government must fulfill its obligation to properly govern, so it's critical that the Bush administration and Congress move quickly to secure this nation. Cybersecurity is fundamental to our society."

The survey results, which were released at the E-Gov conference in Washington, D.C., also indicated that 86 percent of respondents believe federal agencies need to devote more time and resources to cybersecurity than they devoted to Y2K. "Industry and government worked together to ward off this one-time problem," says Bill Conner, president, chairman and CEO of Entrust, a provider of Internet security services. "Just as we continue to upgrade our military offensive, the same diligence is needed to protect the nation's critical infrastructure."

Experts who reviewed the report were more cautious.

"The survey was inconclusive as to whether current online federal protection measures are adequate," said Anil Phull, senior analyst at The Yankee Group. Nearly one in four respondents believe Washington has built adequate security provisions into its e-government program. "While I agree that there needs to be a team approach across the federal government to prevent an attack, the government isn't a for-profit company, so there are going to be some inefficiencies," he says.

For a subscription to Security Wire Digest, go to:

If you are looking for a real top-down, wall-to-wall complete security solution, (which as a side effect will get you fully HIPAA compliant) multi platform, with both infrastructure AND personnel components, you should really check out PentaSafe over here, and then get a 15-minute personalized demo with one of the PentaSafe SE's over the phone. This is the ultimate in security solutions. Check here:


Patching OS and Apps Reliably?

Are you confident that you can reliably manage OS and application patches? When scanning systems for hotfixes, service packs and other hotfixes, do you have the confidence and time to write scripts and be an expert? UpdateEXPERT solves these problems.

UpdateEXPERT is a software patch management tool that scans your network for missing hotfixes and FIXES discovered weaknesses for increased network protection. UpdateEXPERT features our exclusive database of patches that are completely researched and tested in- house. In a nutshell: reliability and peace of mind.

Supporting Windows NT4/2000/XP, SQL Server, Exchange Server, IE, Outlook and other mission critical applications, UpdateEXPERT scans for patches, validates your installations, installs updates to all servers and workstations remotely without a required agent. Create the baseline and issue a conformance report for compliance.

How Pests Are Vital Hacker Tools

Most of you are aware of the recent computer hackings that have hit Universities, State and Local Government entities and Corporate America. Although all of these organizations are using anti-virus, firewalls and Intrusion detection systems, hackers are still getting through.

The reason why these organizations are getting hacked is due to the growing phenomenon of non-viral computer hacking. Above and beyond creating viruses, computer hackers are creating non-viral cyber threats such as stealthy trojan horses that cannot be detected by anti-virus, key loggers, RATS, spyware, direct-denial-of-service attacks and other backdoor threats.

PestPatrol is the only non-viral malicious scanning solution that will detect all of the threats listed above. You should simply try a 30-day evaluation to scan for potential malicious software threats that might be on your PCs or servers. The trial version is fully functional and easy-to-use, so we encourage you to take advantage of this offer and scan as many PCs and servers as you wish.

PestPatrol (which recently received a 5-star editor rating in PC Mag) specializes in anti-hacking security software that scans and cleans Trojan horses, hacker tools, key loggers, spyware, denial-of-service attack agents and other backdoor threats on the network?all in one solution.

I've provided some information and statistics below on the non-viral computer hacking problem, why it is happening and how we address the problem. Additionally, you will find a URL to download the trial version, a link to our installation guides (to get the most out of your trial experience) and some whitepaper links for further reading.

Here are some recent statistics from the FBI on computer hacking: According to the 2002 Computer Security Institute/FBI survey,

  • 90% of companies had security breaches in the past 12 months
  • 80% acknowledged financial losses as a result
  • 40% detected denial of service attacks
  • 40% detected system penetration from outside
  • 33% detected internal attack sources
The most serious and expensive losses were of proprietary information. Yet these companies seem to be doing all the right things when it comes to information security:
  • 90% use anti-virus software
  • 89% use firewalls
  • 60% use intrusion detection systems
The damage is increasing in terms of both number of attacks and ensuing financial losses by 50% year on year, according to the 2002 Computer Security Institute/Federal Bureau of Investigation survey.

So why is it happening? Not enough layers of defense.

Perimeter security has a gaping hole that allows hacker tools, Trojan horses, spyware, and other non-viral 'pests' to take up hidden residence on your network. Anti-virus can't remove them since they are non-viral, hidden malicious code. Firewalls and intrusion detection systems can't even see when confidential information is being transmitted out to a hacker who's hijacked an authorized user's identity.

What's the business problem here?

Non-viral computer pests have the potential to be destructive to your organization:

  • Hackers can gain access to your confidential information
  • There is the legal liability factor
  • Downtime expense recovering from a hacker attack
  • Spyware that is installed without users' permission is consuming network bandwidth that is consumed to "phone home" with your company information
  • Hacker tools can be used for the wrong intent by disgruntled employees
And the solution?
  • While PestPatrol doesn't claim to provide 100% protection against any threat - there's no such thing as 100% protection - we do promise that we will defend your electronic assets against a significant percentage of the malicious code that's currently getting past your information security controls.
  • PestPatrol automates the process of managing pest detection while complementing existing security layers. PestPatrol is the only solution available that scans for Spyware, Trojans, key loggers, DDOS attack agents and hacker tools--all in one solution.
  • Master log reports will inform you about hidden spyware, Trojans and hacker tools that have come in through the perimeter. Additionally, PestPatrol has alerting capabilities that will notify the Sys Admin of any unauthorized malicious software or backdoor threats.
To get a trial copy and installation guides of PestPatrol, and to access the installation guides for installing PestPatrol in a networked environment and with CheckPoint VPN-1, check out:

This Week's Links We Like. Tips, Hints And Fun Stuff

  • Villainsupply.com provides hard-to-find tools of evil. A riot.

  • http://www.w2knews.com/rd/rd.cfm?id=020701FA-VillainSupply
  • A very dark view on Microsoft's new Palladium Technology. "TCP/MS"

  • http://www.w2knews.com/rd/rd.cfm?id=020701FA-PalladiumTechnology
  • This one is SUPERCOOL if it is true. Wi-Fi with a 50 mile radius?!?

  • http://www.w2knews.com/rd/rd.cfm?id=020701FA-WiFi

    HACK PROOFING Your Network (2nd Edition)

    By Ryan Russell (and a bunch of other security gurus). Ryan Permeh from eEye has written the chapter on buffer overflows for this new edition. Ryan's information alone is well worth checking out however the rest of the book also has a lot of really great information. Definitely check this book out if your interested in the topic of security. "The only way to stop a hacker is to think like one". This bestseller is now updated. This is one of these "Stu's Warmly Recommended" ones.