====================
This email newsletter comes to you free and is supported by
the
following advertisers, which offer products and services in
which
you might be interested. Please take a moment to visit these
advertisers' Web sites and show your support for Security
UPDATE.
Sherpa
http:/
/list.windowsitpro.com/t?ctl=3094A:4FB69
Thawte
http:/
/list.windowsitpro.com/t?ctl=3094C:4FB69
Symantec
http:/
/list.windowsitpro.com/t?ctl=30947:4FB69
====================
1. In Focus: Nmap Hackers Pick Top 100 Security Tools
2. Security News and Features
- Recent Security Vulnerabilities
- Windows Genuine Advantage Now at a Disadvantage
- Microsoft Response to Exploit Riles Metasploit
Developer
- SharePoint Antivirus Solutions
3. Security Toolkit
- Security Matters Blog
- FAQ
- Security Forum Featured Thread
- Share Your Security Tips
4. New and Improved
- Encryption for SOHO
====================
==== Sponsor: Sherpa ====
How will compliance regulations affect your IT
infrastructure? Help design your retention and retrieval,
privacy and security policies to make sure that your
organization is compliant.
http:/
/list.windowsitpro.com/t?ctl=3094A:4FB69
====================
==== 1. In Focus: Nmap Hackers Pick Top 100 Security Tools
====
by Mark Joseph Edwards, News Editor, mark at ntsecurity /
net
You've most likely heard of Nmap, the network-mapping tool
developed by
"Fyodor." Nmap is widely used and is a standard
tool in countless
security administrators' toolkits. Fyodor operates a
mailing list,
nmap-hackers, for general announcements, patches, and light
discussion
regarding Nmap.
In 2000 and 2003, Fyodor surveyed the members of the mailing
list to
find out which security tools were their favorites. The 2000
survey
resulted in a list of the top 50 most popular security
tools. The 2003
survey resulted in an expanded list of the top 75 most
popular security
tools. Both lists have been great resources, and many people
have
discovered new tools that they weren't previously aware of.
It's been three years since the last survey, and in that
time lots of
new security tools have come into existence, while other
security tools
have been updated (in some cases several times) with new
features and
functionality. This year, Fyodor conducted a new survey, and
3243
people responded. This latest survey resulted in an even
longer list:
the top 100 most popular security tools.
Although the list contains tools for several platforms,
including
Windows, Linux, BSD, Solaris, and Mac OS X, it's easy to
figure out
which tools work on which platforms because each tool
description
includes platform-specific icons. There are also icons that
let you
know whether a tool is free, whether it has a command-line
interface or
GUI, and whether source code is available.
Another feature of the list shows you whether the tool has
risen or
dropped in popularity compared with the 2003 survey results.
Surprisingly, the top four tools on the current list remain
unchanged
in their popularity rank. Those top four tools are Nessus,
Wireshark
(formerly Ethereal), Snort, and Netcat. Metasploit Framework
(released
after the 2003 survey) is new to the list and is ranked the
fifth most
popular tool. Incidentally, you can read a semi-related news
story,
"Microsoft Response to Exploit Riles Metasploit
Developer," on our Web
site at the URL below.
http:/
/list.windowsitpro.com/t?ctl=30956:4FB69
An interesting trend revealed by 2006 survey results is that
wireless
security is far more important to security administrators
than it was
three years ago, evidenced by the fact that the wireless
sniffer Kismet
rose from the 17th most popular tool in 2003 to 7th most
popular tool
in 2006. Aircrack, originally released in mid-2004, now
ranks as the
21st most popular security tool in the list. Aircrack helps
crack Wired
Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA)
encryption,
which, as you probably know, are typically used to help
secure
communication on WiFi networks.
Another interesting trend is that two great
password-cracking tools,
John the Ripper and Cain and Abel, broke into the top 10 as
the 9th and
10th most popular tools respectively. John the Ripper was
previously
ranked #11 in 2003 and Cain and Abel was ranked #23, so the
latter made
quite a jump in popularity.
So that's a brief rundown of a few of the tools and trends
from the
list. You can of course glean even more information about
security tool
trends by reviewing the complete list, and you can learn
about more
tools that are new to the list, such as BackTrack, P0f,
WebScarab,
WebInspect, Core Impact, Canvas, and others. Check out the
full survey
results at http:/
/list.windowsitpro.com/t?ctl=3095B:4FB69 .
====================
==== Sponsor: Thawte ====
Secure Your Online Data Transfer with SSL
Increase your customers' confidence and your business by
securely
collecting sensitive information online. In this free white
paper
you'll learn about the various applications of SSL
certificates and
their appropriate deployment, along with details of how to
test SSL on
your web server.
http:/
/list.windowsitpro.com/t?ctl=3094C:4FB69
====================
==== 2. Security News and Features ====
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive
Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http:/
/list.windowsitpro.com/t?ctl=3094D:4FB69
Windows Genuine Advantage Now at a Disadvantage
Microsoft's anti-piracy tool, Windows Genuine Advantage
(WGA), was
recently found to be regularly contacting Microsoft without
informing
the user that such contact was taking place. Microsoft
recently
modified the latest version of WGA to contact the company's
servers only once every two weeks. Nevertheless, a third
party has stepped
in to prevent WGA from regularly contacting Microsoft's
servers.
http:/
/list.windowsitpro.com/t?ctl=30952:4FB69
Microsoft Response to Exploit Riles Metasploit Developer
A recently released exploit that takes advantage of
problems in RRAS
has drawn the relative ire of Microsoft and the obligatory
rebuttal of
a well-known security researcher.
http:/
/list.windowsitpro.com/t?ctl=30956:4FB69
SharePoint Antivirus Solutions
Interest in SharePoint is heating up. Online SharePoint
discussion
groups such as those at Windows IT Pro's sister site
MSD2D.com are
flourishing, evidence that more and more IT pros are either
working
with Windows SharePoint Services or Microsoft Office
Share-Point Portal
Server 2003 or are investigating them. The downside of a
collaboration
technology like SharePoint is that it exposes an
organization to
security threats such as viruses. Fortunately,
SharePoint-specific
antivirus solutions are available and our buyer's guide can
help you
choose the best solution for you needs.
http:/
/list.windowsitpro.com/t?ctl=30954:4FB69
====================
==== Resources and Events ====
Learn how to gather evidence of compliance across multiple
systems and
link the data to regulatory and framework control
objectives. View
this on-demand Web seminar today!
http:/
/list.windowsitpro.com/t?ctl=30944:4FB69
Take an up-to-date look at secure, remote access to
corporate
applications and stay ahead of the curve when making
decisions about
near- and long-term IT infrastructure. On-demand Web
seminar.
http:/
/list.windowsitpro.com/t?ctl=30949:4FB69
Find out what policies help or hurt in protecting your
company's assets
and data. View this on-demand seminar today!
http:/
/list.windowsitpro.com/t?ctl=30948:4FB69
Gain control of your messaging data--and make your job
easier--with
these step-by-step instructions for complying with the law
and ensuring
your systems are working properly.
http:/
/list.windowsitpro.com/t?ctl=3094B:4FB69
Are you protected company-wide against spyware, keyloggers,
adware, and
backdoor Trojans? Test the state of the art scanning engine
that uses
threat signatures from multiple sources to track down the
culprits that
antivirus solutions alone can't protect you against.
Download your
free 30 day trial of CounterSpy Enterprise today!
http:/
/list.windowsitpro.com/t?ctl=30946:4FB69
====================
==== Featured White Paper ====
Achieve compliance in today's complex regulatory
environment while
managing threats to the inward- and outward-bound
communications vital
to your business. Adopt a best-practices approach, such as
the one
outlined in the international information security standard
ISO/IEC
17799:2005. Download the white paper today and secure the
confidentiality, availability and integrity of your
corporate
information!
http:/
/list.windowsitpro.com/t?ctl=30945:4FB69
====================
==== Hot Spot ====
Learn the commonalities across multiple compliance
regulations and standards to optimize your environment and
save time and money.
http:/
/list.windowsitpro.com/t?ctl=30947:4FB69
====================
==== 3. Security Toolkit ====
Security Matters Blog: Voylent Encrypts Cell Phone Calls
by Mark Joseph Edwards, http:/
/list.windowsitpro.com/t?ctl=30958:4FB69
The recently released Zfone beta encrypts voice-over-IP
calls. Now
you can encrypt cell phone calls too with the Voylent beta.
http:/
/list.windowsitpro.com/t?ctl=30955:4FB69
FAQ
(by John Savill, http:/
/list.windowsitpro.com/t?ctl=3095C:4FB69
Q: Is there a tool I can use to delete user profiles?
Find the answer at
http:/
/list.windowsitpro.com/t?ctl=30953:4FB69
Security Forum Featured Thread
Security and Permission consideration
(One message in this thread)
A forum participant writes that he has a group of people
(other than
the Server Administrator) who are responsible for
applications on
various servers. Those people have been given the local
administrator
passwords for various servers so they can log on remotely to
perform
certain tasks. However, those people sometimes take actions
on a server
that go beyond their assigned tasks. Therefore he doesn't
want those
people to have full administrator privileges on the servers
and wonders
whether creating local accounts in the Power Users group
would give
them enough rights to perform their administrative tasks?
Join the discussion at
http:/
/list.windowsitpro.com/t?ctl=30943:4FB69
Share Your Security Tips and Get $100
Share your security-related tips, comments, or problems
and
solutions in the Windows IT Security print newsletter's
Reader to
Reader column. Email your contributions (500 words or less)
to
r2rwinitsec windowsitpro.com. If we print your submission,
you'll
get $100. We edit submissions for style, grammar, and
length.
====================
==== Announcements ====
(from Windows IT Pro and its partners)
Discounted Offer for the Windows IT Pro Master CD
Save 50% off the Windows IT Pro Master CD! Order now and
get
portable, high-speed access to the entire Windows IT Pro
article
database on CD--a searchable library that includes every
issue ever
published. The newest issue also includes BONUS Windows IT
Tips. Order
now and save 50%:
http:/
/list.windowsitpro.com/t?ctl=3094E:4FB69
Save $80 off the Exchange & Outlook Administrator
newsletter
Get endless solutions to help you migrate, optimize,
administer,
back up, recover, and secure your messaging environment.
Subscribe to
the Exchange & Outlook Administrator newsletter today
and save $80:
http:/
/list.windowsitpro.com/t?ctl=30950:4FB69
====================
==== 4. New and Improved ====
by Renee Munshi, productswindowsitpro.com
Encryption for SOHO
WinMagic offers MySecureDoc, a line of full-disk
encryption
solutions priced for the small office/home office (SOHO)
user.
MySecureDoc Personal Edition ($29.95) works with Windows
XP/2000 and
protects all data on desktops and laptops by encrypting the
entire hard
drive before the logon screen appears so that intruders
can't bypass
the encryption level. MySecureDoc Media Edition ($19.95)
protects all
data on removable storage devices such as USB sticks. It
encrypts the
entire device, not just the files and folders in use, and
asks for
authentication before granting access to the device.
MySecureDoc
Personal Edition Plus ($49.95) combines Personal Edition and
Media
Edition. For more information, go to
http:/
/list.windowsitpro.com/t?ctl=3095A:4FB69
Tell Us About a Hot Product and Get a Best Buy Gift Card!
Have you used a product that changed your IT experience
by saving
you time or easing your daily burden? Tell us about the
product, and
we'll send you a Best Buy Gift Card if we write about the
product in a
Windows IT Pro What's Hot column. Send your product
suggestion with
information about how the product has helped you to
whatshotwindowsitpro.com.
====================
==== Contact Us ====
About the newsletter -- letterswindowsitpro.com
About technical questions -- http:/
/list.windowsitpro.com/t?ctl=30959:4FB69
About product news -- productswindowsitpro.com
About your subscription -- windowsitproupdatewindowsitpro.com
About sponsoring Security UPDATE -- salesoppswindowsitpro.com
====================
This email newsletter is brought to you by Windows IT
Security,
the leading publication for IT professionals securing the
Windows
enterprise from external intruders and controlling access
for
internal users. Subscribe today.
http:/
/list.windowsitpro.com/t?ctl=30951:4FB69
View the Windows IT Pro privacy policy at
http://www.windowsitpro.com/AboutUs/Index.cfm?action
=privacy
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2006, Penton Media, Inc. All rights reserved.
_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com
|