Security UPDATE--Transceiver Fingerprinting Improves Wireless Security--September 13, 2006

PLEASE VISIT OUR SPONSORS, WHO BRING YOU SECURITY UPDATE FOR FREE:

Save on the #1 Ranked Web Filtering Appliance

http://www.stbernard.com/forms/quickquote/quote_ip_q306choice.asp?oc=536

Top 10 Requirements for Effective Patch Management

http://findtechinfo.com/penton/nl/177

Extending SMS to Handheld Devices

http://www.ianywhere.com/forms/afaria_sms.html?referrer=Registered_security_update_hotspot

CONTENTS

===========================================

IN FOCUS: Transceiver Fingerprinting Improves Wireless Security NEWS AND FEATURES - New Unpatched Vulnerability Affects Microsoft Word 2000 - Cisco and Microsoft Team Up on Network Access Control - BrowserShield Defends Browsers at Network Borders - Recent Security Vulnerabilities GIVE AND TAKE - Security Matters Blog: Browzar Bashing--Is It Warranted? - FAQ: 64-Bit Version of Group Policy Management Console - From the Forum: NTFS Permission in an Education Environment - Share Your Security Tips PRODUCTS - Full-Featured Firewall-Routers - Wanted: Your Reviews of Products RESOURCES AND EVENTS FEATURED WHITE PAPER ANNOUNCEMENTS === SPONSOR: St. Bernard Software

====================

Save on the #1 Ranked Web Filtering Appliance iPrism, the IDC-ranked #1 Web filtering appliance has an offer that's too good to pass up. Purchase a 3-year subscription to the most accurate database in the industry and get your iPrism appliance at no charge. Or, purchase an iPrism and a 3-year subscription and get an extra year free. Only iPrism gives you two ways to save big. This is a limited time offer so get a Quick Quote now! http://www.stbernard.com/forms/quickquote/quote_ip_q306choice.asp?oc=536 === IN FOCUS: Transceiver Fingerprinting Improves Wireless Security by Mark Joseph Edwards, News Editor, mark at ntsecurity / net If you operate wireless networks, you know that media access control (MAC) address filtering is an unreliable way to prevent unwanted network access. The reasons are that it's relatively simple to spoof any MAC address and to collect MAC addresses from the airwaves. One technique used to improve on MAC filtering is to develop a fingerprint of the wireless network driver, which can help identify the wireless hardware by manufacturer. This approach works because each manufacturer develops its own driver behavior. The characteristics of that behavior can be tracked, identified, stored, and later matched when a wireless device is detected by an intrusion detection system (IDS) or authentication system. Other techniques involve actively or passively discovering wireless device model numbers, chipset model numbers, and OS versions. Jeyanthi Hall has explored a way to take wireless device fingerprinting even further. In her research, Hall discovered that each wireless network device has a unique frequency signal profile, which can be discovered as the device transmits over the airwaves. This holds true even for identical card models from the same manufacturer and even when those cards use exactly the same chipset. Therefore, a fingerprint can be developed that will match one specific physical device. Hall thinks that, based on her research, the only way such a fingerprint can be spoofed is to physically recreate all the characteristics of the circuits in the original device. In order to accomplish that task, the original device would be required, which implies that someone must first steal it. But in the case of a stolen device, the fingerprint could be blocked, hopefully before someone replicates the exact circuitry. In practical use, transceiver fingerprint identification could be used in wireless intrusion detection and prevention systems and in authentication systems. What's more, transceiver fingerprinting isn't limited to Wi-Fi devices. Since Bluetooth technology is also based on radio transmissions, similar techniques could be used to guard Bluetooth connectivity. According to Hall's research (as published to date), transceiver fingerprinting is about 95 percent accurate. So there is room for error, which means that additional methods of protection might be necessary in some situations. One important issue to keep in mind about any radio transmitter is that as a device ages, its radio signal profile changes. Therefore, in order to maintain fingerprint accuracy, the fingerprint must be updated continually. This of course creates processing overhead and could pose significant hurdles in large wireless network installations. Regardless, the hurdles aren't insurmountable. Hall has published two detailed white papers (one that covers Wi-Fi and one that covers Bluetooth) that describe her research and its potential applications. If you're interested in this technology, which very well might make its way into wireless security solutions, then be sure to read the papers. They're available at the first two URLs below in PDF format. If you're interested in other wireless security-related work published by Hall, then visit her site at Carleton University at the third URL below. http://www.scs.carleton.ca/~jhall2/Publications/IEEETDSC.pdf http://www.scs.carleton.ca/~jhall2/Publications/548-088.pdf http://www.scs.carleton.ca/~jhall2/ === SPONSOR: Patchlink

===============================

Top 10 Requirements for Effective Patch Management Endless streams of security patches are a continuous strain on IT resources. Assessing, deploying, & tracking software patches across operating systems is even more difficult. Learn to distill the requirements for selecting an effective patch management solution. Download now! http://findtechinfo.com/penton/nl/177 === SECURITY NEWS AND FEATURES

=======================

New Unpatched Vulnerability Affects Microsoft Word 2000 Symantec reported the discovery of a new unpatched vulnerability that affects Microsoft Word 2000. The vulnerability could allow a remote intruder to install a Trojan horse that opens a back door on an affected system when a malicious document is opened. Exploits that take advantage of the vulnerability have been discovered circulating on the Internet. http://www.windowsitpro.com/Article/ArticleID/93436/93436.html Cisco and Microsoft Team Up on Network Access Control Cisco and Microsoft announced that their respective technologies, Cisco Network Admission Control (NAC) and Microsoft Network Access Protection (NAP), will be interoperable. Both technologies are designed to prevent computers from accessing a network unless they meet specific "health" checks. http://www.windowsitpro.com/Article/ArticleID/93437/93437.html BrowserShield Defends Browsers at Network Borders Microsoft developed a prototype defense tool, BrowserShield, that can defend unpatched browsers by filtering and rewriting incoming Web content at network borders. http://www.windowsitpro.com/Article/ArticleID/93404/93404.html Recent Security Vulnerabilities If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at http://www.windowsitpro.com/departments/departmentid/752/752.html === SPONSOR: iAnywhere

===============================

Extending SMS to Handheld Devices Join iAnywhere on Tuesday, September 26th, for a webcast on how to extend Microsoft SMS to handheld devices. In this session, we'll provide an overview of Afaria's management and security capabilities and focus on enhancing and extending SMS to a wide range of mobile devices. http://www.ianywhere.com/forms/afaria_sms.html?referrer=Registered_security_update_hotspot === GIVE AND TAKE

====================================

SECURITY MATTERS BLOG: Browzar Bashing--Is It Warranted? by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters There's a lot of Browzar bashing going on, and most of it overlooks the obvious. Read my perspective on the bashing in this blog article http://www.windowsitpro.com/Article/ArticleID/93420/93420.html FAQ: 64-Bit Version of Group Policy Management Console by John Savill, http://www.windowsitpro.com/windowsnt20002003faq Q: Where can I get the 64-bit version of Group Policy Management Console (GPMC)? Find the answer at http://www.windowsitpro.com/Article/ArticleID/93411/93411.html FROM THE FORUM: NTFS Permission in an Education Environment A forum participant is working on creating a way for teachers and students to share info while controlling what the students can see and do. He's running a Windows Server 2003 Release 2 (R2) domain and is aware of access-based enumeration. He's having difficulty getting the permissions set properly and needs some advice. Join the discussion at: http://forums.windowsitpro.com/web/forum/messageview.aspx?catid=42&threadid=49155&enterthread=y SHARE YOUR SECURITY TIPS AND GET $100 Share your security-related tips, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions to [email protected]. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length. === PRODUCTS

=========================================

by Renee Munshi, [email protected] Full-Featured Firewall-Routers HotBrick Network Solutions offers the HSS 4000 and HSS 6000 firewall-routers. The HSS 4000 has 512MB of RAM, a 1.0GHz Pentium 4 processor, and four flex ports; the HSS 6000 has 1GB of RAM, a 2.8GHz Pentium 4 processor, and six flex ports. Both firewall-routers include internal hard drives and an optional hardware-based VPN accelerator (flexible software-based VPNs are standard). The HSS 4000 supports up to 1000 LAN users, while the HSS 6000 allows for an unlimited number of LAN users. You manage the firewall-routers from a Web interface over HTTP Secure (HTTPS), console port, and Secure Shell (SSH) connection. The Web-based content-filtering feature and the hard drive-based spam-filtering and antivirus options can also be managed from the interface. For more information, go to http://www.hotbrick.com WANTED: your reviews of products you've tested and used in production. Send your experiences and ratings of products to [email protected] and get a Best Buy gift certificate. === RESOURCES AND EVENTS

=============================

For more security-related resources, visit http://www.windowsitpro.com/go/securityresources Linux + Unix + Windows - TechX World Pure-play IT shops are a nice idea, but the reality today is that we are all faced with interoperability issues. TechX World 2006 gives you access to leading experts in the field and will prepare you to master interoperability issues in your environment. http://www.techxworld.com/?code=0913emailannc Tired of using separate products on your Microsoft Exchange server for antivirus, antispam, attachment filtering, disclaimers, content auditing/filtering? This webcast will address the latest threats to messaging security and spotlight Sunbelt's Messaging Ninja that enables system administrators to easily secure their messaging infrastructures and stop threats at the Exchange Server. http://msd2d.com/WebSeminar/webSeminar_viewDL_04.aspx?category=security Can you distinguish between the facts and fiction of Linux? Get the straight answers about Linux, UNIX, and Windows - together and head-to-to head comparisons. Read articles and download free resources today! You can also test your Linux skills and enter to win a $150 MSN Music gift card! http://www.windowsitpro.com/linuxfaq/ Randy Franklin Smith outlines five evaluation points to consider when choosing your antispyware solution in this free podcast. Download it today! http://www.windowsitpro.com/go/podcasts/pctools/antispyware/?code=0913emailannc Integrate fax services with business applications for major increases in ROI. Find out how fax technology can benefit your bottom line and improve business processes. Download the free ebook today! http://www.windowsitlibrary.com/Ebooks/faxservers/Index.cfm?code=0913emailannc === FEATURED WHITE PAPER

=============================

Extend Microsoft Windows Rights Management Services (RMS) to support enterprise requirements for information protection, including proprietary business data. Download the free whitepaper today! http://www.windowsitpro.com/go/whitepapers/liquidmachines/rightsmgmt/?code=0913featwp === ANNOUNCEMENTS

====================================

Special Invitation for VIP Access Become a VIP subscriber and get continuous, inside access to ALL content published in Windows IT Pro magazine, SQL Server Magazine, Exchange and Outlook Administrator newsletter, Windows Scripting Solutions newsletter, and Windows IT Security newsletter. Subscribe now and SAVE $100: https://store.pentontech.com/index.cfm?s=1&promocode=eu2769uv Get the Windows IT Pro Utility Kit FREE SAVE up to $30 off Windows IT Pro magazine and get an exclusive Windows IT Pro Utility Kit CD FREE with your paid order! In addition, you'll get unlimited access to the entire online article archive, which houses more than 9,000 helpful Windows IT articles. This is a limited-time offer, so order now: https://store.pentontech.com/index.cfm?s=1&promocode=eu2069uw

===========================================================

Security UDPATE is brought to you by the Windows IT Pro Web site's Security page (first URL below) and the Windows IT Security newsletter (subscribe at the second URL below).

http://www.windowsitpro.com/windowssecurity

https://store.pentontech.com/index.cfm?s=1&promocode=eu255xsb

Subscribe to Security UPDATE at

http://www.windowsitpro.com/Email/Index.cfm?action=archive

Unsubscribe by clicking

http://list.windowsitpro.com/u?id=%%SUBSCRIBER_ID_TAG%%

Be sure to add [email protected] to your antispam software's list of allowed senders.

To contact us: About Security UPDATE content -- [email protected]

About technical questions -- http://www.windowsitpro.com/forums

About your product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]

View the Windows IT Pro privacy policy at

http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy

Windows IT Pro, a division of Penton Media, Inc.

221 East 29th Street, Loveland, CO 80538

Attention: Customer Service Department

Copyright 2006, Penton Media, Inc. All rights reserved.