- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Aug 12, 2002 (Vol. 7, #55 - Issue #386)
W2knews Target Awards - Vote For Your Fave Tools
  This issue of W2Knews™ contains:
  1. EDITORS CORNER
    • W2Knews Target Awards - VOTE FOR YOUR FAVE TOOLS
  2. TECH BRIEFING
    • The Challenge of Non-Viral Malware
    • Network World's 2002 Salary Calculator
  3. NT/2000 RELATED NEWS
    • Customers Nix Licensing 6.0 Plan
    • Microsoft moves to comply with DOJ settlement deal
  4. NT/2000 THIRD PARTY NEWS
    • Email Security & Content Mgmt Best Practices Webinar Invitation
    • Run A Financial Institution? Are you GLBA-compliant yet?
    • Chief Strategy Offer Loves iHateSpam
    • How Many Security Incidents This Year? Dang!
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  6. PRODUCT OF THE WEEK
    • Anti-Hacker Toolkit
  SPONSOR: NetIQ and Microsoft
FREE MANAGEABILITY eBOOK from NetIQ and Microsoft
Got systems management headaches? We've got your cure--read our
free eBook, "The Definitive Guide to Enterprise Manageability."
You'll learn how to get enterprise-class event and performance
management of your Windows and mixed IT environments. Register now!
Visit NetIQ and Microsoft for more information.
  EDITORS CORNER

W2Knews Target Awards - VOTE FOR YOUR FAVE TOOLS

It's that time of year again! We have looked at the categories of tools that you actually use the most, found the most popular tools in each category, and now you can vote for your fave tools. See it as the Golden Globes of Software, it's a "user's choice award" you are giving. [Rules: You get one vote. We nix double votes. Employees and family members of all participating software companies are not eligible to vote.] Show your colleagues what tools you like BEST! VOTE HERE (takes 2 minutes, and you get the immediate results of the voting as it progresses) Closing date September 23-rd! VOTE NOW:

LINK: http://www.w2knews.com/rd/rd.cfm?id=020812ED-TargetAwards

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: Double-Take
Full Site Failover and Infrastructure Redundancy delivered by the
#1 tool for data replication: Double-Take.
Ensure that your data
and applications are always safe. Help your Company and Homeland
Security by protecting your most valuable resources at the source:
Your Servers. Double-Take will fail over if your source server goes
down. 2001 Editor's Choice of both Windows 2000 and Network Magazine.
Download a 30-day eval copy now and start protecting your data and apps.
Visit Double-Take for more information.
  TECH BRIEFING

The Challenge of Non-Viral Malware

"We have a firewall and anti-virus software in place, so our network is protected." To a certain extent, that's true. But don't fall into the trap of thinking that if you have a firewall and AV (maybe VPNs and IDS, too), you're protected from everything. A false sense of total security is more dangerous than recognizing that your network isn't - and can't ever truly be - 100% secure. This is especially true in the case of non-viral malware.

Non-viral malicious software is planted by hackers, or unknowingly downloaded by unsuspecting users, or foisted on systems as part of a software package to track the user's behavior or software usage. By its nature, non-viral malicious software is designed to be inconspicuous and stealthy. Frequently, the damage to a system or network isn't immediate, so infections can go undetected for long periods of time.

While viruses generally damage individual files or file types, or simply cause annoyance by jamming up e-mail systems, the potential damage from non-viral pests extends into data theft, espionage, electronic privacy violation, and issues of legal liability.

Evasion

Non-viral malware poses unique challenges to network and security administrators. First and foremost, it can easily evade existing security measures - even today, many systems administrators mistakenly believe that anti-virus software will provide adequate protection against all types of malware. Unfortunately for them, the leading AV products don't even attempt to deal with illicitly installed hacker tools, spyware, or commercial RATs. And while they may detect standard forms of some well-known trojans, those trojans can be easily "packed" with a custom encryption program to evade detection. And anti-virus programs generally can't remove trojans.

After a non-viral malware infection occurs, the threat changes from a content security issue to a network security issue - and that's just the beginning of the problem. Let's look at a RAT infection, using SubSeven as an example.

Once installed on a PC behind a corporate firewall, the RAT silently tries to connect to its sender. Because most firewalls are configured to allow any outbound connection, they simply see this connection as a legitimate session, and the hacker easily establishes control over the victim's machine. Intrusion Detection Systems could use a rule to identify earlier versions of RATs because they opened the same port connection every time, but newer RATs will use port 80 or other "must allow" ports. Other RATs may open a different random port every session, and will notify the hacker via e-mail exactly which port he should connect to for that session.

If the infected system is used by a remote user, when the user logs into a corporate network via VPN, the hacker gains access to the corporate network as well. The VPN simply encrypts the session - it does nothing to stop the hacker from getting in.

Removal

Another challenge of non-viral malware is that it is extremely difficult to remove. Unlike viruses, which infect a portion of existing files, RATs and spyware install themselves as discrete programs, and will often modify the registry and start up areas so that they are the first processes activated during a boot. They may even rename themselves to appear as legitimate Windows processes. So removing them often requires changes to registry and start up areas as well as file deletion, and may require a system re-boot. In some cases, it may be necessary to compare the binary of a suspected file against a signed, legitimate executable. Anti-virus products aren't designed to perform these functions, and usually just refer users to a generic help document about editing the registry.

Human Behavior

Human behavior is one of the most difficult aspects of security to regulate. Even a minimally skilled but disgruntled employee can wreak havoc when equipped with a vengeful mindset and a piece of malware.

Disgruntled employees can cause chaos with tools that are easily available on the web. Remote users (mobile employees and telecommuters) are the #1 security concern for many security administrators. Such users generally have a lax attitude toward or complete lack of understanding of the importance of security. The following scenario probably takes place thousands of times every day all over the world - and it's enough to send shivers up the spine of any security-conscious systems administrator:

A remote employee's family member uses the company computer during off hours, and inadvertently downloads a RAT during an IRC session, giving a hacker full access to the machine. The next day, the employee logs into corporate network, but the VPN sees and stops nothing. Bingo - the hacker has access to the entire network.

Liability

Non-viral malware hiding on your network also poses a liability risk. The body of case law relating to the responsibility of companies to ensure that their computers cannot be unwittingly used in a DdoS attack is growing. The reasoning is that, if hackers use your company's resources to attack others and due diligence could have prevented it, your company can be held liable. The same argument holds true for other types of attacks that are routed through your systems. Right now, you don't read much about such cases since they are generally settled out of court - mainly to avoid the negative publicity and consequent share price damage any publicity would cause. But that may not be the case for long. And you can bet that, even if such a lawsuit never sees the inside of a courtroom, heads will roll in the IT department.

Practical Steps

Here are some practical steps to prevent non-viral malware infections:

  • Shore up your security and personnel policies regarding the use of hacker tools by employees
  • Block all executable e-mail attachments, and don't open any type of unsolicited e-mail attachments
  • Enable your personal firewall to block applications that initiate outbound connections
  • Keep your anti-virus software up-to-date - some of the more popular RATs are recognized by anti-virus software
  • Use dedicated anti-trojan and anti-spyware products to provide additional protection beyond the capability of anti-virus
  • Only obtain software from legitimate sources, not from "warez" or hacker sites which may trojanize their downloads.
  • Never install software if you don't know where it came from
  • And, of course, install PestPatrol software throughout the company:
http://www.w2knews.com/rd/rd.cfm?id=020812TB-PestPatrol

Network World's 2002 Salary Calculator

How has the turbulent market affected your earning potential? Find out with Network World's 2002 Salary Calculator. They updated their Salary Calculator and revised it to reflect the results of the Network World 2002 Salary Survey. Give them some details about yourself and they will tell you if you earn as much as your peers:
http://www.w2knews.com/rd/rd.cfm?id=020812TB-Salary_Calc

  NT/2000 RELATED NEWS

Customers Nix Licensing 6.0 Plan

Though Microsoft Corp. may believe that customers will eventually move over to its new licensing plan, Licensing 6.0, a large majority of enterprise customers have chosen to balk at signing up for new licenses as of the July 31 deadline.

According to an ongoing poll being conducted this week by TechTarget, roughly 75% of 595 Windows administrators have dug in their heels and refused to sign new contracts. Only 25% said that they signed up for the new licensing program.

Licensing 6.0 includes a program called Software Assurance, which makes it necessary for customers to pay an annual fee to purchase software. This entitles customers to software upgrades for the life of their contracts. Software Assurance replaces previous one-time upgrade programs, including Upgrade Advantage, which let customers purchase software at a discount whenever they wanted. Customers who don't sign up for Licensing 6.0 must pay full price for the software each time they want to upgrade. Full article over here:
http://www.w2knews.com/rd/rd.cfm?id=020812RN-TechTarget

And a 50+ page report on how to negotiate the best deal with MS here:
http://www.w2knews.com/rd/rd.cfm?id=020812RN-MS_Licensing

Microsoft moves to comply with DOJ settlement deal

ComputerWorld has an interesting article about MS and how they are going to open up the previously "secret" APIs to developers and competitors this month.
http://www.w2knews.com/rd/rd.cfm?id=020812RN-MS_to_Comply

  THIRD PARTY NEWS

Email Security & Content Mgmt Best Practices Webinar Invitation

Email abuse, Exchange security, court ordered discovery of email records, and email compliance issues all have the potential to rock the very foundation of your organization. Don't let this happen to you and your IT staff. We are offering you a FREE seat in the last webinar of the summer in our online Exchange educational series:

"Every Move You Make: Best Practices For Exchange Security & Content Management"

When: *Tuesday August 20, 2002
Time: *11:30 AM ET, 8:30 AM PT, 4:30 PM GMT

Click here to register:
http://www.w2knews.com/rd/rd.cfm?id=020812TP-ExchangeWebinar

Who should attend: IT Managers, IT Directors, Legal Personnel, Email Managers, Email Administrators, anyone responsible for preventing Exchange email abuse.

You will learn:

  • Key strategies for preventing a rogue email or emailer from landing your organization on the front page of the news
  • Best practices for email content management
  • Powerful, easy-to-use tips for effective email policies that stick without forcing you to "use the stick"
  • Critical tools all administrators can leverage to dramatically reduce internal email security, legal risks, and virus damage
  • Common Email Content Management issues all Exchange managers and administrators are facing
To sign up, visit this link:
http://www.w2knews.com/rd/rd.cfm?id=020812TP-ExchangeWebinar

PS: Don't miss this last seminar of the summer. Seating is limited to this interactive webinar, make sure you get in. We hope to "see" you there!

Run A Financial Institution? Are you GLBA-compliant yet?

Do you have steps already in place to make your Organization GLBA-compliant (Gramm-Leach-Bliley Act)? The links below discuss the critical role of an Information Security Policy as a foundation upon which to build a GLBA-compliant information privacy practice, and how PentaSafe?s VigilEnt Policy Center can be used to considerably reduce the time and effort normally necessary to build such a policy.
http://www.w2knews.com/rd/rd.cfm?id=020812TP-PentaSafe

Chief Strategy Offer Loves iHateSpam

I must say that I have been searching for a tool for years that would deal with spam as well as your product. I maintain multiple email accounts and the level of spam had reached a point where I was receiving 5+ pieces of junk for every business related email. This is the first product that actually allowed me to remove 99% of the junk without removing ANY of my real messages on an Outlook/MS Exchange platform. I have already started recommending this product to my friends and staff. Finally! An Exchange/Outlook client based spam removing app that works as advertised. Feel free to use me as a reference. I can't recommend your product enough.

Mark Spaeth
Chief Strategy Officer
Technium, Inc.

Here is a link to a positive press review of iHateSpam with other anti-spam tools:
http://www.w2knews.com/rd/rd.cfm?id=020812TP-Press_Reviews

And here is the link where you can get your copy of iHateSpam
http://www.w2knews.com/rd/rd.cfm?id=020812TP-iHateSpam

How Many Security Incidents This Year? Dang!

Through June, 2002 a whopping 43,136 security incidents have been reported. If you compare that to 2001, 52,658 were reported for the entire YEAR. And as you probably know, the most common point of entry is exploitation of known operating system vulnerabilities. So it is really time to scan and patch your Web-, FTP-, Mail- and DNS servers, your firewalls, IDS systems, switchers and routers for well over a 1,000 known holes. Secure your critical assets and do not become a statistic. Overall spending on security software grew 18 percent from 2000 to 2001, according to IDC, and is likely to continue growing in the next five years. Here are the best-of-breed scanner and patching tools:
Retina: http://www.w2knews.com/rd/rd.cfm?id=020812TP-Retina
UpdateEXPERT: http://www.w2knews.com/rd/rd.cfm?id=020812TP-UpdateEXPERT

  FAVE LINKS

This Week's Links We Like. Tips, Hints And Fun Stuff

  • Low cost, short range, 2-way comm up to 40Kbps... under your skin?

  • http://www.w2knews.com/rd/rd.cfm?id=020812FA-2-way_Comm
  • A site that shows all the different security categories and tools.

  • http://www.w2knews.com/rd/rd.cfm?id=020812FA-ITSecurity
  • Hackers use Sega Dream Cast to infiltrate and open doors

  • http://www.w2knews.com/rd/rd.cfm?id=020812FA-Dream_Cast
  • Boeing's response on the Jane's report they investigate anti-gravity

  • http://www.w2knews.com/rd/rd.cfm?id=020812FA-Boeings_Response
  • Using DOOM as a system admin tool to kill processes? These guys do it!

  • http://www.w2knews.com/rd/rd.cfm?id=020812FA-Doom_Admin_Tool
  • Yup, a couch made out of mouse pads. Proof? Here are the pictures.

  • http://www.w2knews.com/rd/rd.cfm?id=020812FA-Mouse_Pad_Couch
  • Quick Password Generator (Freeware). Sometimes you need hundreds of passwords. Generate them and paste 'em in Excel!

  • http://www.w2knews.com/rd/rd.cfm?id=020812FA-Password_Generator
  • The most popular comparison-shop site is now affiliated with W2Knews!

  • http://www.w2knews.com/rd/rd.cfm?id=020812FA-PriceGrabber
      PRODUCT OF THE WEEK

    Anti-Hacker Toolkit

    Get in?depth details on the most effective security tools and learn how to use them with this hands-on resource. A must-have companion to the best-selling security book Hacking Exposed, this toolkit includes tips and configuration advice for getting the best results from the creators of the top hacking tools in use today.

    Stay one step ahead of even the most cunning hackers with help from this invaluable resource. Through proper use and configuration of key security tools, you'll be able to investigate and resolve existing problems within your network infrastructure with precision and a minimum of fuss. Written by experienced security professionals, this resource provides you with comprehensive coverage of the most important and up-to-date security tools in use today, explains their function, and shows you how to use each tool effectively through in-depth implementation examples and case studies. Learn to detect and prevent system misconfigurations and Web server hacks plus, discover best practices for protecting both large and small networks.

    http://www.w2knews.com/rd/rd.cfm?id=020812BW-Anti-Hacker_Toolkit