Security UPDATE--Mobile Computing Security Through Obscurity--June 23, 2004

===============

==== This Issue Sponsored By ==== Windows & .NET Magazine http://www.winnetmag.com/rd.cfm?code=fsep204xup Implementing Client Security on Windows 2000/XP http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032248077&Culture=en-US

==========

1. In Focus: Mobile Computing Security Through Obscurity 2. Security News and Features - Recent Security Vulnerabilities - eBook: Preemptive Email Security and Management - News: Audit Reveals Spyware Infestation - News: Secure SMS and Your Passwords 3. Security Toolkit - FAQ - Featured Thread 4. New and Improved - Monitor Your System and Applications - Protect Your Privacy

==========

==== Sponsor: Windows & .NET Magazine ==== Get 2 Sample Issues of Windows & .NET Magazine! Every issue of Windows & .NET Magazine includes intelligent, impartial, and independent coverage of security, Active Directory, Exchange, scripting, and much more. Our expert authors deliver how-to articles and product evaluations that will help you do your job better. Try two, no-risk sample issues today, and find out why 100,000 IT professionals rely on Windows & .NET Magazine each month! http://www.winnetmag.com/rd.cfm?code=fsep204xup

==========

==== 1. In Focus: Mobile Computing Security Through Obscurity ==== by Mark Joseph Edwards, News Editor, mark at ntsecurity dot net I wonder if part of your job as security administrator or manager includes handling mobile phone security? Someone at your company should be tending to that responsibility, especially if employees are storing company information on their phones. Last week, Kaspersky Labs announced the discovery of the first virus to infect mobile phones. The virus, which Kaspersky named Cabir, affects mobile phones that use the Symbian OS. The virus is relatively harmless--its only purpose is to propagate itself, and it does so only to other phones that have Bluetooth enabled and are broadcasting their presence. However, Denis Zenkin, head of Corporate Communications at Kaspersky Labs, said that sooner or later, more malicious forms of mobile phone malware that will possibly destroy or steal data will begin to spread. http://www.viruslist.com/eng/viruslist.html?id=1689517 Since Cabir spreads to mobile phones that broadcast their presence via Bluetooth wireless technology, you might want to configure Symbian to use Bluetooth in an invisible mode that doesn't broadcast the phone's presence. Configure other mobile phone OSs too to prevent any future attacks against them. Using invisible mode is similar to configuring wireless Access Points (APs) to not broadcast their SSID. If an AP broadcasts its SSID, intruders can detect it and use it as a starting point for penetrating your network. Bluetooth invisible mode is also similar to using a firewall, which makes your internal networks invisible to connected networks. These security measures are probably common sense for you, but they might not be for mobile phone users in your organization. You could explain the security needs to users by comparing their Bluetooth-broadcasting mobile phone to a wallet or purse left lying on a car seat while they're out of the car. The wallet or purse is essentially begging somebody to break into the car and steal it. A little security through obscurity might save a lot of frustration sooner or later. Some people might disagree, but I think you can gain a fair amount of security by obscuring the presence of anything, whether it be a wallet, purse, or wireless network. Of course, you can gain plenty of security by adding device protection, such as antivirus software for mobile phones, which is available from many antivirus software vendors. And, as I mentioned earlier, you might also consider some configuration changes to your mobile phone OS, particularly disabling Bluebooth broadcasts to make the devices somewhat invisible. If you're interested in other problems with Bluetooth and mobile phones, you might want to read about a few other related vulnerabilities, which are mentioned in a recent Integralis press release. http://www.integralis.co.uk/about_us/press_releases/2004/150604PR.html

==========

==== Sponsor: Implementing Client Security on Windows 2000/XP ==== Learn the requirements for securing client computers in environments where Windows Server 2003, Windows 2000 and Windows NT 4.0 servers are present. You will also learn how to implement best practices for clients in extreme high-security environments. The session will discuss the use of Group Policy and Administrative Templates to secure Windows 2000 and Windows XP installations and provide guidance on software restriction policies, anti-virus strategies, and distributed firewall technologies. This session also covers configuring Microsoft Office and Internet Explorer to help achieve a secure client environment. Register now! http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032248077&Culture=en-US

==========

==== 2. Security News and Features ==== Recent Security Vulnerabilities If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at http://www.winnetmag.com/departments/departmentid/752/752.html eBook: Preemptive Email Security and Management In this free eBook, author Peter Bowyer details a preventive approach to eliminating spam and viruses, stopping directory harvest attacks, guarding content, and improving email performance. The first two chapters of the book are already online. You can download them in PDF format from our Windows IT Library. http://www.windowsitlibrary.com/ebooks/emailsecurity/index.cfm News: Audit Reveals Spyware Infestation An April audit conducted by EarthLink and Webroot Software scoured 420,761 computer systems. The audit discovered more than 11.3 million instances of spyware and Trojan horse programs installed on the computers. http://www.winnetmag.com/article/articleid/43016/43016.html News: Secure SMS and Your Passwords Microsoft released two new security-related articles that cover Systems Management Server (SMS) environments and user password management. The SMS article, "Scenarios and Procedures for Microsoft Systems Management Server 2003: Security," details security fundamentals, how to secure SMS, and how to maintain SMS security. The password article, "Mind Those Passwords!" addresses the problems many users face in managing numerous passwords. http://www.winnetmag.com/article/articleid/43021/43021.html

==========

==== Announcements ==== (from Windows & .NET Magazine and its partners) Attend the Black Hat Briefings & Training USA Event - July 24-29, 2004 This is the world's premier technical IT security conference, hosting 2,000 delegates from 30 nations. Featuring 27 hands-on training courses and 10 conference tracks with presentations by security experts and "underground" security specialists. The early-bird registration deadline is July 1! http://www.blackhat.com The Conference on Securing and Auditing Windows Technologies, July 20-21 New for 2004, The Conference on Securing and Auditing Windows Technologies will be held July 20-21, 2004, at the Fairmont Copley Plaza in Boston, MA. In vendor-neutral sessions on today's hottest topics, you'll get practical strategies for mitigating risk and safeguarding your systems. For more information, call 508-879-7999 or go to: http://www.misti.com/04/wsa04el05inf.html Free eBook--"Preemptive Email Security and Management" Chapter 2 available now, "Evolving techniques for eliminating spam, email virus and worm threats." In this eBook, you'll discover a preventive approach to eliminating spam and viruses, stopping directory harvest attacks, guarding content, and improving email performance. Download this eBook today! http://www.WindowsITlibrary.com/ebooks/emailsecurity/Index.cfm?code=0621emailannc

==========

==== 3. Security Toolkit ==== FAQ: How Can I Enable the Security Tab at the Exchange Organization Level? by John Savill, http://www.winnetmag.com/windowsnt20002003faq A. By default, the Security tab isn't displayed on an Exchange organization's properties page. To display the tab, perform these steps: 1. Start the registry editor (regedit.exe). 2. Navigate to the HKEY_CURRENT_USERSoftwareMicrosoftExchangeEXAdmin subkey. 3. From the Edit menu, select New and click DWORD Value. 4. Enter the name ShowSecurityPage and press Enter. 5. Double-click the new value and set it to 1. Click OK. 6. Close the registry editor. The Security tab will now be displayed on the Exchange organization's properties page. On the Security tab, you can turn off the Send As and Receive As deny settings to grant Exchange administrators full access to all mailboxes in the organization. Using the Security tab to allow full access is a simpler way to grant administrators access to users' mailboxes than the technique described in the FAQ "How can I configure Microsoft Exchange Server 2003 administrators so that they can access all users' mailboxes?" at the URL below. However, keep in mind that the Security tab lets you grant access only to all mailboxes or none. http://www.winnetmag.com/articles/index.cfm?articleid=42867 Featured Thread: Port Filtering on Windows 2000 Server (One message in this thread) Jeff writes that he needs to tighten security on a Windows 2000 Advanced Server Web server. He wants to allow most UDP traffic, except through ports 161 and 445. He doesn't want to use the OS's IP filtering because it only lets you define allowed ports, not blocked ports, which means that he'd have to manually create a long list of allowed ports. Do you know an easy way to accomplish this task? Lend a hand or read the responses: http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=122412

==========

==== Events Central ==== (A complete Web and live events directory brought to you by Windows & .NET Magazine: http://www.winnetmag.com/events ) We're Bringing the Experts Directly to You with 2 New IT Pro Workshop Series About Security And Exchange Don't miss two intense workshops designed to give you simple and free tools to better secure your networks and Exchange servers. Discover how to prevent hackers from attacking your network and how to perform a security checkup on your Exchange Server deployment. Get a free 12-month subscription to Windows & .NET Magazine and enter to win an Xbox. Register now! http://www.winnetmag.com/workshops/securingwindowsandexchange/index.cfm?tc=0621emailannc

==========

==== 4. New and Improved ==== by Jason Bovberg, [email protected] Monitor Your System and Applications Anfibia Software announced Watchman 6.0, an application-monitoring and system-protection tool. Watchman's new GUI offers file protection, application-usage logging, and access-control management. You can stop unwanted applications and protect documents from tampering. The software works on Windows 2003/XP/2000/Me/NT 4.0/98 systems, and single licenses start at $45. You can download a fully functional evaluation version from the company Web site. http://www.anfibia-soft.com Protect Your Privacy WinGuides released Privacy Guardian 3.0, a privacy protection tool that deletes Internet tracks and program history information stored on your computer. Information from the Web sites you visit is stored on your computer in hidden locations including temporary files, cookies, the registry, and the index.dat file. Privacy Guardian cleans out these hidden files. Privacy Guardian runs on Windows XP/2000/Me/9x, and prices begin at $29.95 for a single-user license. For more information, contact WinGuides at 877-576-2445 or [email protected]. You can download a free trial version of Privacy Guardian from the company's Web site. http://www.winguides.com/privacy Tell Us About a Hot Product and Get a T-Shirt! Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows & .NET Magazine T-shirt if we write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected].

==========

==== Sponsored Links ==== Argent Comparison Paper: The Argent Guardian Easily Beats Out MOM http://ad.doubleclick.net/clk;6480843;8214395;q?http://www.argent.com/products/download_whitepaper.cgi?product=mom&&Source=WNTTextLink CommVault CommVault - Free White Paper: Managing the Infinite Inbox http://ad.doubleclick.net/clk;9133584;8214395;q?http://www.commvault.com/mk/get/infinite_inbox_winnet VERITAS Software VERITAS White Paper: Reclaim 30% of Your Windows Storage Space Now! http://ad.doubleclick.net/clk;9081675;8214395;t?http://ad.doubleclick.net/clk;8450687;9350443;r?http://www.veritas.com/offer?a_id=6704

==========

Editor's note: Share Your Security Discoveries and Get $100 Share your security-related discoveries, comments, or problems and solutions in the Security Administrator print newsletter's Reader to Reader column. Email your contributions (500 words or less) to [email protected]. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.

==========

==== Contact Us ==== About the newsletter -- [email protected] About technical questions -- http://www.winnetmag.com/forums About product news -- [email protected] About your subscription -- [email protected] About sponsoring Security UPDATE -- [email protected]

===============

This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today.

http://www.winnetmag.com/sub.cfm?code=wswi201x1z

Windows & .NET Magazine, a division of Penton Media, Inc.

221 East 29th Street, Loveland, CO 80538

Attention: Customer Service Department

Copyright 2004, Penton Media, Inc. All rights reserved.